From 0fe76a1980dfcbfe176573ec5ab1d6b360f75b17 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Mon, 4 Mar 2019 19:42:04 -0700 Subject: notmuch-slurp-debbug: avoid invoking superfluous shells Reported-by: Paul Wise Signed-off-by: Sean Whitton --- debian/changelog | 8 ++++++++ mailscripts.el | 2 +- notmuch-slurp-debbug | 12 +++++++----- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/debian/changelog b/debian/changelog index 4d66144..f6df532 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +mailscripts (0.5-1) UNRELEASED; urgency=medium + + * notmuch-slurp-debbug: Avoid invoking entirely superfluous shells when + calling other tools. + Thanks to Paul Wise for reporting that the code was doing that. + + -- Sean Whitton Mon, 04 Mar 2019 19:40:38 -0700 + mailscripts (0.4-1) unstable; urgency=medium * Do not import messages without a Message-Id header (Closes: #909835). diff --git a/mailscripts.el b/mailscripts.el index 249cb42..2d88500 100644 --- a/mailscripts.el +++ b/mailscripts.el @@ -1,7 +1,7 @@ ;;; mailscripts.el --- functions to access tools in the mailscripts package ;; Author: Sean Whitton -;; Version: 0.4 +;; Version: 0.5 ;; Package-Requires: (notmuch) ;; Copyright (C) 2018 Sean Whitton diff --git a/notmuch-slurp-debbug b/notmuch-slurp-debbug index d289e31..e855853 100755 --- a/notmuch-slurp-debbug +++ b/notmuch-slurp-debbug @@ -64,10 +64,12 @@ die "notmuch-slurp-debbug: $maildir does not look to be a maildir" my $bts_server_arg = defined $bts_server ? "--bts-server $bts_server" - : ""; + : undef; # see #904182 (try using this script ;)) -system("bts $bts_server_arg --mbox --mailreader 'true %s' show $bug") == 0 +system(grep defined, "bts", $bts_server_arg, + qw(--mbox --mailreader), "true %s", + "show", $bug) == 0 or die "notmuch-slurp-debbug: bts failed"; my $dir = File::Temp->newdir(); @@ -83,7 +85,7 @@ my $mbox = catfile $devscripts_cache, "$bug.mbox"; # note that mb2md won't work; it thinks Debian BTS mboxes contain just # a single message -system("mbox2maildir $mbox $dir") == 0 +system("mbox2maildir", $mbox, $dir) == 0 or die "notmuch-slurp-debbug: mbox2maildir failed"; foreach my $message (glob "$dir/*/*") { @@ -95,7 +97,7 @@ foreach my $message (glob "$dir/*/*") { $mid =~ s/(<|>)//g; my $match = `notmuch search id:$mid`; my $match_lines = $match =~ tr/\n//; - system "mdmv $message $maildir" if ($match_lines == 0); + system("mdmv", $message, $maildir) if ($match_lines == 0); } -system "notmuch new"; +system(qw(notmuch new)); -- cgit v1.2.3 From 4413b6ea5f89cdfe1a3819672a69bb400a35628d Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Mon, 4 Mar 2019 19:44:03 -0700 Subject: bump some copyright years Signed-off-by: Sean Whitton --- debian/copyright | 2 +- notmuch-slurp-debbug | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/copyright b/debian/copyright index 83c2ca9..b3d860e 100644 --- a/debian/copyright +++ b/debian/copyright @@ -2,7 +2,7 @@ mailscripts Collection of scripts for manipulating e-mail on Debian Copyright (C)2017 Aurelien Aptel -Copyright (C)2017-2018 Sean Whitton +Copyright (C)2017-2019 Sean Whitton These programs are free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as diff --git a/notmuch-slurp-debbug b/notmuch-slurp-debbug index e855853..f555329 100755 --- a/notmuch-slurp-debbug +++ b/notmuch-slurp-debbug @@ -2,7 +2,7 @@ # notmuch-slurp-debbug -- add messages from a Debian bug to notmuch -# Copyright (C) 2018 Sean Whitton +# Copyright (C) 2018-2019 Sean Whitton # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -- cgit v1.2.3 From e4f43030be65dfcb3e579da54804793a0f09ee96 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Mon, 4 Mar 2019 19:57:22 -0700 Subject: set urgency=high Signed-off-by: Sean Whitton --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index f6df532..bc53b68 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,7 @@ -mailscripts (0.5-1) UNRELEASED; urgency=medium +mailscripts (0.5-1) UNRELEASED; urgency=high * notmuch-slurp-debbug: Avoid invoking entirely superfluous shells when - calling other tools. + calling other tools. This is a security risk. Thanks to Paul Wise for reporting that the code was doing that. -- Sean Whitton Mon, 04 Mar 2019 19:40:38 -0700 -- cgit v1.2.3 From a8e20002c52a70176fba2741b6fbf58ac7ede767 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Tue, 5 Mar 2019 09:39:15 -0700 Subject: release 0.5 (0.5-1 to Debian unstable) Signed-off-by: Sean Whitton --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index bc53b68..7580b82 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,10 @@ -mailscripts (0.5-1) UNRELEASED; urgency=high +mailscripts (0.5-1) unstable; urgency=high * notmuch-slurp-debbug: Avoid invoking entirely superfluous shells when calling other tools. This is a security risk. Thanks to Paul Wise for reporting that the code was doing that. - -- Sean Whitton Mon, 04 Mar 2019 19:40:38 -0700 + -- Sean Whitton Tue, 05 Mar 2019 09:38:56 -0700 mailscripts (0.4-1) unstable; urgency=medium -- cgit v1.2.3 From b0ecd18115bb4fa1887da6c590353f9f5a76434f Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Wed, 6 Mar 2019 11:10:34 -0700 Subject: notmuch-slurp-debbug: use IPC::System::Simple Signed-off-by: Sean Whitton --- debian/changelog | 9 +++++++++ debian/control | 1 + mailscripts.el | 2 +- notmuch-slurp-debbug | 11 ++++++----- 4 files changed, 17 insertions(+), 6 deletions(-) diff --git a/debian/changelog b/debian/changelog index 7580b82..bbf528e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +mailscripts (0.6-1) UNRELEASED; urgency=high + + * notmuch-slurp-debbug: Further ensure that superfluous shells are not + invoked by switching from system() and backticks to functions from + IPC::System::Simple. + - d/control: add runtime dependency on libipc-system-simple-perl. + + -- Sean Whitton Wed, 06 Mar 2019 11:08:44 -0700 + mailscripts (0.5-1) unstable; urgency=high * notmuch-slurp-debbug: Avoid invoking entirely superfluous shells when diff --git a/debian/control b/debian/control index 8e7b8de..8bfe006 100644 --- a/debian/control +++ b/debian/control @@ -30,6 +30,7 @@ Package: mailscripts Depends: libconfig-tiny-perl, libfile-which-perl, + libipc-system-simple-perl, libmime-tools-perl, python3, ${misc:Depends}, diff --git a/mailscripts.el b/mailscripts.el index 2d88500..148b996 100644 --- a/mailscripts.el +++ b/mailscripts.el @@ -1,7 +1,7 @@ ;;; mailscripts.el --- functions to access tools in the mailscripts package ;; Author: Sean Whitton -;; Version: 0.5 +;; Version: 0.6 ;; Package-Requires: (notmuch) ;; Copyright (C) 2018 Sean Whitton diff --git a/notmuch-slurp-debbug b/notmuch-slurp-debbug index f555329..09d05c1 100755 --- a/notmuch-slurp-debbug +++ b/notmuch-slurp-debbug @@ -25,6 +25,7 @@ use File::Spec::Functions 'catfile'; use File::Which; use File::Temp; use Getopt::Long; +use IPC::System::Simple qw(systemx capturex); use MIME::Head; my $Config = Config::Tiny->new; @@ -67,7 +68,7 @@ my $bts_server_arg = defined $bts_server : undef; # see #904182 (try using this script ;)) -system(grep defined, "bts", $bts_server_arg, +systemx(grep defined, "bts", $bts_server_arg, qw(--mbox --mailreader), "true %s", "show", $bug) == 0 or die "notmuch-slurp-debbug: bts failed"; @@ -85,7 +86,7 @@ my $mbox = catfile $devscripts_cache, "$bug.mbox"; # note that mb2md won't work; it thinks Debian BTS mboxes contain just # a single message -system("mbox2maildir", $mbox, $dir) == 0 +systemx("mbox2maildir", $mbox, $dir) == 0 or die "notmuch-slurp-debbug: mbox2maildir failed"; foreach my $message (glob "$dir/*/*") { @@ -95,9 +96,9 @@ foreach my $message (glob "$dir/*/*") { # that is asking for trouble next unless defined $mid; $mid =~ s/(<|>)//g; - my $match = `notmuch search id:$mid`; + my $match = capturex(qw(notmuch search), "id:$mid"); my $match_lines = $match =~ tr/\n//; - system("mdmv", $message, $maildir) if ($match_lines == 0); + systemx("mdmv", $message, $maildir) if ($match_lines == 0); } -system(qw(notmuch new)); +systemx(qw(notmuch new)); -- cgit v1.2.3 From e9de621024d66d9fdd3a37b1b4cacdea31bf2195 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Wed, 6 Mar 2019 11:11:09 -0700 Subject: normalise an import Signed-off-by: Sean Whitton --- notmuch-slurp-debbug | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notmuch-slurp-debbug b/notmuch-slurp-debbug index 09d05c1..689b6f6 100755 --- a/notmuch-slurp-debbug +++ b/notmuch-slurp-debbug @@ -21,7 +21,7 @@ use strict; use warnings; use Config::Tiny; -use File::Spec::Functions 'catfile'; +use File::Spec::Functions qw(catfile); use File::Which; use File::Temp; use Getopt::Long; -- cgit v1.2.3 From 09996ed7175e649b9de45d64c168d0b2a105ccd4 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Wed, 6 Mar 2019 11:14:40 -0700 Subject: release 0.6 (0.6-1 to Debian unstable) Signed-off-by: Sean Whitton --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index bbf528e..754d973 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,11 +1,11 @@ -mailscripts (0.6-1) UNRELEASED; urgency=high +mailscripts (0.6-1) unstable; urgency=high * notmuch-slurp-debbug: Further ensure that superfluous shells are not invoked by switching from system() and backticks to functions from IPC::System::Simple. - d/control: add runtime dependency on libipc-system-simple-perl. - -- Sean Whitton Wed, 06 Mar 2019 11:08:44 -0700 + -- Sean Whitton Wed, 06 Mar 2019 11:14:30 -0700 mailscripts (0.5-1) unstable; urgency=high -- cgit v1.2.3 From 518569be9a8a1b17e8c1bd2f65d01191fabda6a8 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Wed, 6 Mar 2019 11:24:15 -0700 Subject: drop a joke in a comment Signed-off-by: Sean Whitton --- notmuch-slurp-debbug | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notmuch-slurp-debbug b/notmuch-slurp-debbug index 689b6f6..458f7a1 100755 --- a/notmuch-slurp-debbug +++ b/notmuch-slurp-debbug @@ -67,7 +67,7 @@ my $bts_server_arg = defined $bts_server ? "--bts-server $bts_server" : undef; -# see #904182 (try using this script ;)) +# see #904182 for why we have to do it like this systemx(grep defined, "bts", $bts_server_arg, qw(--mbox --mailreader), "true %s", "show", $bug) == 0 -- cgit v1.2.3 From a565b2a000d7af91b305cff521f185f6deedd4ba Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Wed, 6 Mar 2019 11:33:28 -0700 Subject: notmuch-slurp-debbug: Fix the --bts-server argument Signed-off-by: Sean Whitton --- debian/changelog | 7 +++++++ mailscripts.el | 2 +- notmuch-slurp-debbug | 14 ++++++-------- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/debian/changelog b/debian/changelog index 754d973..f5a08e5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +mailscripts (0.7-1) UNRELEASED; urgency=high + + * notmuch-slurp-debbug: Fix the --bts-server argument. + The 0.6 release broke use of this argument. + + -- Sean Whitton Wed, 06 Mar 2019 11:32:39 -0700 + mailscripts (0.6-1) unstable; urgency=high * notmuch-slurp-debbug: Further ensure that superfluous shells are not diff --git a/mailscripts.el b/mailscripts.el index 148b996..c68f7a9 100644 --- a/mailscripts.el +++ b/mailscripts.el @@ -1,7 +1,7 @@ ;;; mailscripts.el --- functions to access tools in the mailscripts package ;; Author: Sean Whitton -;; Version: 0.6 +;; Version: 0.7 ;; Package-Requires: (notmuch) ;; Copyright (C) 2018 Sean Whitton diff --git a/notmuch-slurp-debbug b/notmuch-slurp-debbug index 458f7a1..d424236 100755 --- a/notmuch-slurp-debbug +++ b/notmuch-slurp-debbug @@ -63,15 +63,14 @@ die "notmuch-slurp-debbug: $maildir does not look to be a maildir" && -d catfile($maildir, "new") && -d catfile($maildir, "tmp")); -my $bts_server_arg = defined $bts_server - ? "--bts-server $bts_server" +my @bts_server_args = defined $bts_server + ? ("--bts-server", $bts_server) : undef; # see #904182 for why we have to do it like this -systemx(grep defined, "bts", $bts_server_arg, - qw(--mbox --mailreader), "true %s", - "show", $bug) == 0 - or die "notmuch-slurp-debbug: bts failed"; +my @bts_args = grep defined, @bts_server_args, + qw(--mbox --mailreader), "true %s", "show", $bug; +systemx("bts", @bts_args); my $dir = File::Temp->newdir(); mkdir catfile($dir, "cur"); @@ -86,8 +85,7 @@ my $mbox = catfile $devscripts_cache, "$bug.mbox"; # note that mb2md won't work; it thinks Debian BTS mboxes contain just # a single message -systemx("mbox2maildir", $mbox, $dir) == 0 - or die "notmuch-slurp-debbug: mbox2maildir failed"; +systemx("mbox2maildir", $mbox, $dir); foreach my $message (glob "$dir/*/*") { my $message_head = MIME::Head->from_file($message); -- cgit v1.2.3 From eb46ea661857465629e06e4ca3527a38de3aeea7 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Wed, 6 Mar 2019 11:38:02 -0700 Subject: release 0.7 (0.7-1 to Debian unstable) Signed-off-by: Sean Whitton --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index f5a08e5..41d4180 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,9 @@ -mailscripts (0.7-1) UNRELEASED; urgency=high +mailscripts (0.7-1) unstable; urgency=high * notmuch-slurp-debbug: Fix the --bts-server argument. The 0.6 release broke use of this argument. - -- Sean Whitton Wed, 06 Mar 2019 11:32:39 -0700 + -- Sean Whitton Wed, 06 Mar 2019 11:37:42 -0700 mailscripts (0.6-1) unstable; urgency=high -- cgit v1.2.3