Re: Bug#934082: elpa-notmuch: Shows remote images even when requested not to

2019-08-06 Thread David Bremner 
Andreas Kloeckner  writes:

> Package: elpa-notmuch
> Version: 0.29.1-2
> Severity: normal
>
> Dear Maintainer,
>
> With the specified version of the package, and emacs of the following
> version:
>
> Versions of packages emacs25 depends on:
> ii  emacs-gtk  1:26.1+1-3.2
>
> when I view the message given in this file:
>
> https://ssl.tiker.net/nextcloud/index.php/s/QyBrSP6Etn8rmGn
>
> notmuch requests and shows remote images (in this case, the Facebook and
> Twitter icons) even despite the fact that I have the following
> 'customize' setting active:
>
> Hide Notmuch Show Text/Html Blocked Images: Value Menu Regexp: .*
> State : SAVED and set.
>Remote images that have URLs matching this regexp will be blocked.
>
> which I understand as "no remote images should ever be loaded".
>
> I'd be much obliged for any help. Thanks!
>
> Andreas
>

Your interpretation of that variable sounds about right (fwiw, '.'
should work as well as '.*'). On the other hand when I view that message
with the default settings I don't see any images. You can duplicate my
experiment with

1) emacs -q
2) M-x package-initialize
3) M-x notmuch

s subject:galerkin

I suspect the outcome depends on the setting of html viewer, but please
let us know what you discover.

All the best,

David

P.S. In case the URL is not durable, I'm attaching the message in question



raw-msg.txt:2,S
Description: Binary data
___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Re: [PATCH 5/7] util/repair: add _notmuch_repair_crypto_payload_skip_legacy_display

2019-08-06 Thread Daniel Kahn Gillmor 
Hi Bremner--

thanks for the review!

On Sat 2019-08-03 12:15:30 -0300, David Bremner wrote:
> Daniel Kahn Gillmor  writes:
>
>> +ret = true;
>> +for (int i = 0; i < g_mime_header_list_get_count 
>> (legacy_display_headers); i++) {
>> +GMimeHeader *dh = g_mime_header_list_get_header_at 
>> (legacy_display_headers, i);
>> +if (dh == NULL) {
>> +ret = false;
>> +break;
>> +}
>
> I can live with the use of break if you think it's superior, but I think
> the idiom of "goto DONE" is more common in the notmuch codebase. I
> personally always have think about the semantics of "break" and
> "continue" in C pretty carefully.

i thought i was the only one who got confused between "break" and
"continue"!  I will convert to goto DONE, i agree it's more readable.

>> +if (strcmp (g_mime_header_get_value (dh), g_mime_header_get_value 
>> (ph))) {
>> +ret = false;
>> +break;
>> +}
>
> It's not really clear to me what kind of "invalid" causes
> g_mime_header_get_value to return NULL. Maybe this strcmp should be
> guarded against that?

i think it's impossible in the current implementation for this to go
wrong, since we've already got a GMimeHeader object from an existing
block of headers, but i'll add some protection just in case GMime
changes its implementation or some fuzzer constructs a truly devious
not-quite-RFC-822 input.

 --dkg


signature.asc
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch