Your message dated Wed, 1 Mar 2017 03:36:38 +0100 with message-id <20170301023638.GH5630@mraw.org> and subject line Re: Bug#856129: pre-approval: notmuch/0.23.6-1 has caused the Debian Bug report #856129, regarding pre-approval: notmuch/0.23.6-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 856129: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856129 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: pre-approval: notmuch/0.23.6-1
- From: David Bremner <bremner@debian.org>
- Date: Sat, 25 Feb 2017 09:10:01 -0400
- Message-id: <148802820165.10814.17269280092897381379.reportbug@zancas.localnet>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock I'm planning to upload a new uptream point release of notmuch to unstable. This fixes two bugs that have not yet been reported to Debian. The first bug is that if the path of the build directory gets long enough, the package will FTBFS due to problems with gnupg sockets. I don't know how stable the paths on the buildds are, but it seems a bit fragile to rely on them not changing for the whole stretch release cycle. The second bug is a memory management bug (read after free). I'm not aware of any actual user-visible symptoms of the second bug; it was found during an unrelated check with valgrind. OTOH, it's the kind of nasty C programming bug that so often escalates... I've appended a diff from upstream git, this also includes any debian changes except finalizing the date and distribution in the changelog(s). diff --git a/NEWS b/NEWS index c023c03e..3ac46355 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,20 @@ +Notmuch 0.23.6 (UNRELEASED) +=========================== + +Command Line Interface +---------------------- + +Fix read-after-free bug in `notmuch new`. + +Test Suite +---------- + +Use gpgconf --create-socketdir if available. + + GnuPG has a facility to use sockets in /run or /var/run to avoid + problems with long socket paths, but this is not enabled by default + for GNUPGHOME other than $HOME/.gnupg. Enable it, if possible. + Notmuch 0.23.5 (2017-01-09) =========================== diff --git a/bindings/python/notmuch/version.py b/bindings/python/notmuch/version.py index 1397fefd..8d700260 100644 --- a/bindings/python/notmuch/version.py +++ b/bindings/python/notmuch/version.py @@ -1,3 +1,3 @@ # this file should be kept in sync with ../../../version -__VERSION__ = '0.23.5' +__VERSION__ = '0.23.6' SOVERSION = '4' diff --git a/configure b/configure index f1773044..46063b5d 100755 --- a/configure +++ b/configure @@ -602,6 +602,19 @@ if [ $WITH_DOCS = "1" ] ; then fi fi +have_gpgconf_socketdir=0 +printf "Checking for gpgconf --{create,remove}-socketdir... " +if gpgconf --dump-options > /dev/null ; then + if gpgconf --dump-options | grep -q create-socketdir ; then + printf "Yes.\n" + have_gpgconf_socketdir=1 + else + printf "No.\n" + fi +else + printf "No. (missing or broken gpgconf?)\n" +fi + libdir_in_ldconfig=0 printf "Checking which platform we are on... " @@ -1179,6 +1192,9 @@ NOTMUCH_PYTHON=${python} # Are the ruby development files (and ruby) available? If not skip # building/testing ruby bindings. NOTMUCH_HAVE_RUBY_DEV=${have_ruby_dev} + +# Recent enough gnupg to support gpgconf --create-socketdir? +NOTMUCH_HAVE_GPGCONF_SOCKETDIR=${have_gpgconf_socketdir} EOF # Finally, after everything configured, inform the user how to continue. diff --git a/debian/changelog b/debian/changelog index 513ddebe..2ff6d5de 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +notmuch (0.23.6-1) UNRELEASED; urgency=medium + + * Use gpgconf --create-socketdir to create gpg-agent sockets for + test suite. + * Fix read-after-free bug in `notmuch new`. + + -- David Bremner <bremner@debian.org> Tue, 21 Feb 2017 07:51:08 -0400 + notmuch (0.23.5-1) unstable; urgency=medium * Remove RUNPATH from /usr/bin/notmuch diff --git a/lib/database.cc b/lib/database.cc index f0bfe566..eddb780c 100644 --- a/lib/database.cc +++ b/lib/database.cc @@ -652,7 +652,7 @@ parse_references (void *ctx, ref = _parse_message_id (ctx, refs, &refs); if (ref && strcmp (ref, message_id)) { - g_hash_table_insert (hash, ref, NULL); + g_hash_table_add (hash, ref); last_ref = ref; } } @@ -661,7 +661,7 @@ parse_references (void *ctx, * reference to the database. We should avoid making a message * its own parent, thus the above check. */ - return last_ref; + return talloc_strdup(ctx, last_ref); } notmuch_status_t diff --git a/test/test-lib.sh b/test/test-lib.sh index 86e792a8..ba1580cd 100644 --- a/test/test-lib.sh +++ b/test/test-lib.sh @@ -229,10 +229,19 @@ test_fixed=0 test_broken=0 test_success=0 + +_shutdown_gpg_agent () { + if [ ${NOTMUCH_HAVE_GPGCONF_SOCKETDIR} = 1 ]; then + gpgconf --kill gpg-agent + gpgconf --remove-socketdir + fi +} + _exit_common () { code=$? trap - EXIT set +ex + _shutdown_gpg_agent rm -rf "$TEST_TMPDIR" } @@ -1276,6 +1285,11 @@ test_init_ () { . ./test-lib-common.sh || exit 1 +# we need the setting of GNUPGHOME in test-lib-common.sh +if [ ${NOTMUCH_HAVE_GPGCONF_SOCKETDIR} = 1 ]; then + gpgconf --create-socketdir +fi + emacs_generate_script diff --git a/version b/version index f6de0017..df47809d 100644 --- a/version +++ b/version @@ -1 +1 @@ -0.23.5 +0.23.6 unblock notmuch/0.23.6-1 -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
- To: David Bremner <bremner@debian.org>, 856129-done@bugs.debian.org
- Subject: Re: Bug#856129: pre-approval: notmuch/0.23.6-1
- From: Cyril Brulebois <kibi@debian.org>
- Date: Wed, 1 Mar 2017 03:36:38 +0100
- Message-id: <20170301023638.GH5630@mraw.org>
- In-reply-to: <[🔎] 87zih5vl5t.fsf@tethera.net>
- References: <148802820165.10814.17269280092897381379.reportbug@zancas.localnet> <20170226182850.2ibxgmghp7lsjvlw@powdarrmonkey.net> <[🔎] 87zih5vl5t.fsf@tethera.net>
David Bremner <bremner@debian.org> (2017-02-28): > Here's an updated debdiff. > > I turned out my initial idea was flawed. Or gnupg is flawed. Or > something. In anycase the new debdiff is actually smaller (not > counting upstream changelog). Look good to me, unblocked. KiBi.Attachment: signature.asc
Description: Digital signature
--- End Message ---