From: Lars Ingebrigtsen Date: Fri, 23 Aug 2019 02:49:52 +0000 (+0200) Subject: Merge remote-tracking branch 'origin/netsec' X-Git-Tag: emacs-27.0.90~1328^2~123 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=53cb3d3e0ddb666dc5b7774957ca863c668213cb;p=emacs.git Merge remote-tracking branch 'origin/netsec' --- 53cb3d3e0ddb666dc5b7774957ca863c668213cb diff --cc etc/NEWS index da3c29b1ac5,28ce6403c2f..a4a11cc787a --- a/etc/NEWS +++ b/etc/NEWS @@@ -182,42 -84,14 +182,45 @@@ loads files during completion of 'C-h f * Changes in Emacs 27.1 +** emacsclient + +*** emacsclient no longer passes '--eval' arguments to an alternate editor. +Previously, '--eval' arguments were passed as file names to any +alternate editor started by '--alternate-editor'. + ++++ +*** emacsclient now supports an 'EMACS_SOCKET_NAME' environment variable. +The command-line argument '--socket-name' overrides it. +(The same behavior as for the pre-existing 'EMACS_SERVER_FILE' variable.) + ++++ +*** Emacs and emacsclient now default to "$XDG_RUNTIME_DIR/emacs" +as the directory for client/server sockets, if Emacs is running +under an X Window System desktop that sets the 'XDG_RUNTIME_DIR' +environment variable to indicate where session sockets should go. +To get the old, less-secure behavior, you can set the +'EMACS_SOCKET_NAME' environment variable to an appropriate value. + +--- +*** When run by root, emacsclient no longer connects to non-root sockets. +(Instead you can use Tramp methods to run root commands in a non-root Emacs.) + + ** New function 'network-lookup-address-info'. + This does IPv4 and/or IPv6 address lookups on hostnames. + --- -** New variable 'xft-ignore-color-fonts'. -Default t means don't try to load color fonts when using Xft, as they -often cause crashes. Set it to nil if you really need those fonts. -(Bug#30874) +** Control of the threshold for using the 'distant-foreground' color. +The threshold for color distance below which the 'distant-foreground' +color of the face will be used instead of the foreground color can now +be controlled via the new variable 'face-near-same-color-threshold'. +The default value is 30000, as the previously hard-coded threshold. + ++++ +** The function 'read-passwd' uses "*" as default character to hide passwords. + +** Lexical binding is now used when evaluating interactive Elisp forms. +More specifically, lexical-binding is now used for 'M-:', '--eval', as +well as in the "*scratch*" and "*ielm*" buffers. --- ** The new option 'tooltip-resize-echo-area' avoids truncating tooltip text diff --cc lisp/net/gnutls.el index 61480f35877,e9d48026d34..da7665089ec --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el @@@ -138,10 -133,23 +136,23 @@@ network security is handled at a highe `open-network-stream' and the Network Security Manager. See Info node `(emacs) Network Security'." :type '(choice (const :tag "Use default value" nil) - (integer :tag "Number of bits" 512)) + (integer :tag "Number of bits" 2048)) :group 'gnutls) + (defcustom gnutls-crlfiles + '( + "/etc/grid-security/certificates/*.crl.pem" + ) + "List of CRL file paths or a function returning said list. + If a file path contains glob wildcards, they will be expanded. + The files may be in PEM or DER format, as per the GnuTLS documentation. + The files may not exist, in which case they will be ignored." + :group 'gnutls + :type '(choice (function :tag "Function to produce list of CRL filenames") + (repeat (file :tag "CRL filename"))) + :version "27.1") + -(defun open-gnutls-stream (name buffer host service &optional nowait) +(defun open-gnutls-stream (name buffer host service &optional parameters) "Open a SSL/TLS connection for a service to a host. Returns a subprocess-object to represent the connection. Input and output work as for subprocesses; `delete-process' closes it. diff --cc src/gnutls.c index 267ba9aba35,117278df35b..ce977d901c6 --- a/src/gnutls.c +++ b/src/gnutls.c @@@ -31,19 -30,20 +31,23 @@@ along with GNU Emacs. If not, see = 0x030501 -# define HAVE_GNUTLS_AEAD +#if GNUTLS_VERSION_NUMBER >= 0x030200 +# define HAVE_GNUTLS_CIPHER_GET_IV_SIZE +#endif + +#if GNUTLS_VERSION_NUMBER >= 0x030202 +# define HAVE_GNUTLS_CIPHER_GET_TAG_SIZE +# define HAVE_GNUTLS_DIGEST_LIST /* also gnutls_digest_get_name */ +#endif + +#if GNUTLS_VERSION_NUMBER >= 0x030205 +# define HAVE_GNUTLS_EXT__DUMBFW #endif + #if GNUTLS_VERSION_NUMBER >= 0x030400 + # define HAVE_GNUTLS_ETM_STATUS + #endif + /* gnutls_mac_get_nonce_size was added in GnuTLS 3.2.0, but was exported only since 3.3.0. */ #if GNUTLS_VERSION_NUMBER >= 0x030300 diff --cc test/src/process-tests.el index 7745fccaf9d,ff7404f92bd..724da1c3e72 --- a/test/src/process-tests.el +++ b/test/src/process-tests.el @@@ -244,83 -216,33 +245,111 @@@ (string-to-list "stdout\n") (string-to-list "stderr\n")))))) +(ert-deftest make-process-w32-debug-spawn-error () + "Check that debugger runs on `make-process' failure (Bug#33016)." + (skip-unless (eq system-type 'windows-nt)) + (let* ((debug-on-error t) + (have-called-debugger nil) + (debugger (lambda (&rest _) + (setq have-called-debugger t) + ;; Allow entering the debugger later in the same + ;; test run, before going back to the command + ;; loop. + (setq internal-when-entered-debugger -1)))) + (should (eq :got-error ;; NOTE: `should-error' would inhibit debugger. + (condition-case-unless-debug () + ;; Emacs doesn't search for absolute filenames, so + ;; the error will be hit in the w32 process spawn + ;; code. + (make-process :name "test" :command '("c:/No-Such-Command")) + (error :got-error)))) + (should have-called-debugger))) + +(ert-deftest make-process/file-handler/found () + "Check that the ‘:file-handler’ argument of ‘make-process’ +works as expected if a file name handler is found." + (let ((file-handler-calls 0)) + (cl-flet ((file-handler + (&rest args) + (should (equal default-directory "test-handler:/dir/")) + (should (equal args '(make-process :name "name" + :command ("/some/binary") + :file-handler t))) + (cl-incf file-handler-calls) + 'fake-process)) + (let ((file-name-handler-alist (list (cons (rx bos "test-handler:") + #'file-handler))) + (default-directory "test-handler:/dir/")) + (should (eq (make-process :name "name" + :command '("/some/binary") + :file-handler t) + 'fake-process)) + (should (= file-handler-calls 1)))))) + +(ert-deftest make-process/file-handler/not-found () + "Check that the ‘:file-handler’ argument of ‘make-process’ +works as expected if no file name handler is found." + (let ((file-name-handler-alist ()) + (default-directory invocation-directory) + (program (expand-file-name invocation-name invocation-directory))) + (should (processp (make-process :name "name" + :command (list program "--version") + :file-handler t))))) + +(ert-deftest make-process/file-handler/disable () + "Check ‘make-process’ works as expected if it shouldn’t use the +file name handler." + (let ((file-name-handler-alist (list (cons (rx bos "test-handler:") + #'process-tests--file-handler))) + (default-directory "test-handler:/dir/") + (program (expand-file-name invocation-name invocation-directory))) + (should (processp (make-process :name "name" + :command (list program "--version")))))) + +(defun process-tests--file-handler (operation &rest _args) + (cl-ecase operation + (unhandled-file-name-directory "/") + (make-process (ert-fail "file name handler called unexpectedly")))) + +(put #'process-tests--file-handler 'operations + '(unhandled-file-name-directory make-process)) + +(ert-deftest make-process/stop () + "Check that `make-process' doesn't accept a `:stop' key. +See Bug#30460." + (should-error + (make-process :name "test" + :command (list (expand-file-name invocation-name + invocation-directory)) + :stop t))) + + (ert-deftest lookup-family-specification () + "network-lookup-address-info should only accept valid family symbols." + (should-error (network-lookup-address-info "google.com" 'both)) + (should (network-lookup-address-info "google.com" 'ipv4)) + (should (network-lookup-address-info "google.com" 'ipv6))) + + (ert-deftest lookup-unicode-domains () + "Unicode domains should fail" + (should-error (network-lookup-address-info "faß.de")) + (should (length (network-lookup-address-info (puny-encode-domain "faß.de"))))) + + (ert-deftest unibyte-domain-name () + "Unibyte domain names should work" + (should (length (network-lookup-address-info (string-to-unibyte "google.com"))))) + + (ert-deftest lookup-google () + "Check that we can look up google IP addresses" + (let ((addresses-both (network-lookup-address-info "google.com")) + (addresses-v4 (network-lookup-address-info "google.com" 'ipv4)) + (addresses-v6 (network-lookup-address-info "google.com" 'ipv6))) + (should (length addresses-both)) + (should (length addresses-v4)) + (should (length addresses-v6)))) + + (ert-deftest non-existent-lookup-failure () + "Check that looking up non-existent domain returns nil" + (should (eq nil (network-lookup-address-info "emacs.invalid")))) + (provide 'process-tests) ;; process-tests.el ends here.