Bug#856129: pre-approval: notmuch/0.23.6-1

Sat, 25 Feb 2017 05:13:06 -0800 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

I'm planning to upload a new uptream point release of notmuch to
unstable.  This fixes two bugs that have not yet been reported to
Debian.  The first bug is that if the path of the build directory gets
long enough, the package will FTBFS due to problems with gnupg
sockets. I don't know how stable the paths on the buildds are, but it
seems a bit fragile to rely on them not changing for the whole stretch
release cycle.  The second bug is a memory management bug (read after
free). I'm not aware of any actual user-visible symptoms of the second
bug; it was found during an unrelated check with valgrind. OTOH, it's
the kind of nasty C programming bug that so often escalates...

I've appended a diff from upstream git, this also includes any debian
changes except finalizing the date and distribution in the
changelog(s).

diff --git a/NEWS b/NEWS
index c023c03e..3ac46355 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,20 @@
+Notmuch 0.23.6 (UNRELEASED)
+===========================
+
+Command Line Interface
+----------------------
+
+Fix read-after-free bug in `notmuch new`.
+
+Test Suite
+----------
+
+Use gpgconf --create-socketdir if available.
+
+  GnuPG has a facility to use sockets in /run or /var/run to avoid
+  problems with long socket paths, but this is not enabled by default
+  for GNUPGHOME other than $HOME/.gnupg. Enable it, if possible.
+
 Notmuch 0.23.5 (2017-01-09)
 ===========================
 
diff --git a/bindings/python/notmuch/version.py 
b/bindings/python/notmuch/version.py
index 1397fefd..8d700260 100644
--- a/bindings/python/notmuch/version.py
+++ b/bindings/python/notmuch/version.py
@@ -1,3 +1,3 @@
 # this file should be kept in sync with ../../../version
-__VERSION__ = '0.23.5'
+__VERSION__ = '0.23.6'
 SOVERSION = '4'
diff --git a/configure b/configure
index f1773044..46063b5d 100755
--- a/configure
+++ b/configure
@@ -602,6 +602,19 @@ if [ $WITH_DOCS = "1" ] ; then
     fi
 fi
 
+have_gpgconf_socketdir=0
+printf "Checking for gpgconf --{create,remove}-socketdir... "
+if gpgconf --dump-options > /dev/null ; then
+    if gpgconf --dump-options | grep -q create-socketdir ; then
+       printf "Yes.\n"
+       have_gpgconf_socketdir=1
+    else
+       printf "No.\n"
+    fi
+else
+    printf "No. (missing or broken gpgconf?)\n"
+fi
+
 libdir_in_ldconfig=0
 
 printf "Checking which platform we are on... "
@@ -1179,6 +1192,9 @@ NOTMUCH_PYTHON=${python}
 # Are the ruby development files (and ruby) available? If not skip
 # building/testing ruby bindings.
 NOTMUCH_HAVE_RUBY_DEV=${have_ruby_dev}
+
+# Recent enough gnupg to support gpgconf --create-socketdir?
+NOTMUCH_HAVE_GPGCONF_SOCKETDIR=${have_gpgconf_socketdir}
 EOF
 
 # Finally, after everything configured, inform the user how to continue.
diff --git a/debian/changelog b/debian/changelog
index 513ddebe..2ff6d5de 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+notmuch (0.23.6-1) UNRELEASED; urgency=medium
+
+  * Use gpgconf --create-socketdir to create gpg-agent sockets for
+    test suite.
+  * Fix read-after-free bug in `notmuch new`.
+
+ -- David Bremner <brem...@debian.org>  Tue, 21 Feb 2017 07:51:08 -0400
+
 notmuch (0.23.5-1) unstable; urgency=medium
 
   * Remove RUNPATH from /usr/bin/notmuch
diff --git a/lib/database.cc b/lib/database.cc
index f0bfe566..eddb780c 100644
--- a/lib/database.cc
+++ b/lib/database.cc
@@ -652,7 +652,7 @@ parse_references (void *ctx,
        ref = _parse_message_id (ctx, refs, &refs);
 
        if (ref && strcmp (ref, message_id)) {
-           g_hash_table_insert (hash, ref, NULL);
+           g_hash_table_add (hash, ref);
            last_ref = ref;
        }
     }
@@ -661,7 +661,7 @@ parse_references (void *ctx,
      * reference to the database.  We should avoid making a message
      * its own parent, thus the above check.
      */
-    return last_ref;
+    return talloc_strdup(ctx, last_ref);
 }
 
 notmuch_status_t
diff --git a/test/test-lib.sh b/test/test-lib.sh
index 86e792a8..ba1580cd 100644
--- a/test/test-lib.sh
+++ b/test/test-lib.sh
@@ -229,10 +229,19 @@ test_fixed=0
 test_broken=0
 test_success=0
 
+
+_shutdown_gpg_agent () {
+    if [ ${NOTMUCH_HAVE_GPGCONF_SOCKETDIR} = 1 ]; then
+       gpgconf --kill gpg-agent
+       gpgconf --remove-socketdir
+    fi
+}
+
 _exit_common () {
        code=$?
        trap - EXIT
        set +ex
+       _shutdown_gpg_agent
        rm -rf "$TEST_TMPDIR"
 }
 
@@ -1276,6 +1285,11 @@ test_init_ () {
 
 . ./test-lib-common.sh || exit 1
 
+# we need the setting of GNUPGHOME in test-lib-common.sh
+if [ ${NOTMUCH_HAVE_GPGCONF_SOCKETDIR} = 1 ]; then
+    gpgconf --create-socketdir
+fi
+
 emacs_generate_script
 
 
diff --git a/version b/version
index f6de0017..df47809d 100644
--- a/version
+++ b/version
@@ -1 +1 @@
-0.23.5
+0.23.6


unblock notmuch/0.23.6-1

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply via email to