As noted in https://github.com/jstedfast/gmime/issues/68, GMime converts the unsigned longs returned from GPGME into time_t objects. On architectures with a signed 32-bit time_t (like GNU/Linux x86_64), this means that we're limited to 31 bits of data, which means the clock wraps around in 2038. Until GMime fixes this properly, we can regain 1 bit of space by casting back from time_t to an unsigned long. This gives us a window of up until early 2106. The example S/MIME SignedData message is signed by a certificate whose expiration date is Fri Sep 27 06:54:18 UTC 2052 (2611032858 seconds since the epoch). GPGME reports the value faithfully as the expiration date of the signature on this message, but GMime wraps it back around to the negative. Once GMime fixes #68, we should transition to their upstream fix instead of maintaining this workaround forever. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> --- notmuch-show.c | 4 ++-- test/T355-smime.sh | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/notmuch-show.c b/notmuch-show.c index c809f8e9..84839180 100644 --- a/notmuch-show.c +++ b/notmuch-show.c @@ -447,12 +447,12 @@ format_part_sigstatus_sprinter (sprinter_t *sp, GMimeSignatureList *siglist) time_t created = g_mime_signature_get_created (signature); if (created != -1) { sp->map_key (sp, "created"); - sp->integer (sp, created); + sp->ulong (sp, (unsigned long) created); } time_t expires = g_mime_signature_get_expires (signature); if (expires > 0) { sp->map_key (sp, "expires"); - sp->integer (sp, expires); + sp->ulong (sp, (unsigned long) expires); } if (certificate) { const char *uid = g_mime_certificate_get_valid_userid (certificate); diff --git a/test/T355-smime.sh b/test/T355-smime.sh index ddc91a56..dedf5ab1 100755 --- a/test/T355-smime.sh +++ b/test/T355-smime.sh @@ -158,7 +158,6 @@ output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.ex test_valid_json "$output" test_begin_subtest "Verify signature on PKCS#7 SignedData message" -test_subtest_known_broken output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.example) test_json_nodes <<<"$output" \ 'crypto:[0][0][0]["crypto"]["signed"]["status"][0]={ -- 2.24.0 _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch