It used to be possible to customize 'url-privacy-level' so that the
user's email address was sent along in HTTP requests. Since
'url-privacy-level' is also a blocklist, rather than an allowlist,
this meant that a mere misconfiguration of Emacs risked exposing the
user's email address. This is a serious privacy risk, and it is thus
better if we remove this dangerous feature altogether.
* lisp/url/url-http.el (url-http-create-request): Never send the
user email address.
* lisp/url/url-vars.el (url-personal-mail-address): Make obsolete.
* lisp/url/url-privacy.el (url-setup-privacy-info): Don't set
above obsolete variable.
* doc/misc/url.texi (Customization):
* lisp/url/url-vars.el (url-privacy-level): Update documentation
to reflect the above changes.
* doc/misc/url.texi: Mention version 4a in SOCKS portion of "Gateways
in general" node.
* etc/NEWS: Mention version 4a support in new `socks' section.
* lisp/net/socks.el (socks-server): Add new Custom choice `4a' for
version field. This change does not further overload the field in
terms of expected type because `socks-send-command' and `socks-filter'
already accommodate the symbol `http'.
(socks--errors-4): Add new constant containing error messages for
version 4. The semantics are faithful to the de facto spec, but the
exact wording is slightly adapted.
(socks-filter): Allow for a null "type" field on error with version 5.
Previously, certain errors would not propagate because a wrong-type
signal would get in the way.
(socks-send-command): Massage existing version 4 protocol parsing to
accommodate 4a, and add error handling for version 4. Use variable
`socks-username' for v4 variable-length ID field instead of calling
`user-full-name', which has potential privacy implications.
* test/lisp/net/socks-tests.el (socks-tests-v4-basic): Don't mock
`user-full-name' because `socks-send-command' no longer calls it to
determine the ID.
(socks-tests-v4a-basic, socks-tests-v4a-error): Add a couple tests for
SOCKS version 4a. (Bug#53941)
* lisp/url/url-util.el (url-hexify-string): Accept a list of allowed
chars.
* doc/misc/url.texi (URI Encoding): Update url-hexify-string doc and
index improvements (bug#24694).
This mostly changes http: to https: in URLs. It also updates
some URLs that have moved, removes some URLs that no longer
work, recommends against using procmail (procmail.org no
longer works), and removes some mentions of the
no-longer-existing Gmane, LPF and VTW.
It doesn't update all URLs, just the ones I had time for.
* GNUmakefile (help):
* admin/admin.el (manual-doctype-string):
* admin/charsets/Makefile.in (${charsetdir}/ALTERNATIVNYJ.map):
* admin/charsets/mapconv:
* lisp/net/soap-client.el (soap-create-envelope):
* lisp/org/org.el (org-doi-server-url):
* lisp/textmodes/bibtex.el (bibtex-generate-url-list):
Prefer https: to http: un URLs.
Fit in better with the XDG conventions.
Something like this was suggested in 2008 (Bug#583)
and the XDG conventions seem to have settled down by now.
* doc/emacs/custom.texi (Init File, Init Syntax, Find Init):
* doc/lispref/files.texi (Standard File Names):
* doc/lispref/os.texi (Init File):
* doc/misc/url.texi (Customization):
* etc/NEWS:
Adjust accordingly.
* lisp/startup.el (startup--load-user-init-file):
If init-file-name is nil, do not load from it; instead
just use the alt-file.
(find-init-path): Remove; no longer used.
(command-line): Don't check twice for XDG.
Look at XDG_CONFIG_HOME instead of assuming it's ~/.config.
Prefer XDG configuration if it exists; the user can disable
this by setting XDG_CONFIG_HOME to some other place.
* lisp/subr.el (user-emacs-directory):
Prefer XDG configuration if it exists.
* doc/misc/url.texi (file/ftp): Remove mention of the
url-directory-index-file variable, which is no longer consulted.
* lisp/url/url-file.el (url-file-build-filename): Remove the DWIM
code from the file: handler (bug#30195): It would look for
index.html in a directory if we asked it to fetch the directory.
Determining what to do in a directory should be left up to the
programs that use this low-level library. If the library decides
to load a different file than we specified, then things start
falling apart, as demonstrated by this bug report.
* doc/misc/url.texi (Customization): Describe the new user
option url-lastloc-privacy-level.
* lisp/net/eww.el (eww-render): Set url-current-lastloc to the
url we are rendering, to get the referer header right on
subsequent requests.
* lisp/url/url-http.el (url-http--get-referer): New function
to determine which referer to send, if any, considering the
users privacy settings and the target url we are visiting.
(url-http-referer): New variable keeping track of the referer
computed by url-http--get-referer
(url-http-create-request): Use url-http-referer instead of the
optional argument to set up the referer header. Leave
checking of privacy settings to url-http--get-referer.
(url-http): Set up url-http-referer by using
url-http--get-referer.
* lisp/url/url-queue.el (url-queue): New struct member
context-buffer for keeping track of the context a queued job
started from.
(url-queue-retrieve): Store the current buffer in the queue
object.
(url-queue-start-retrieve): Make sure url-retrieve is called
in the context of the original buffer, if available.
* lisp/url/url-util.el (url-domain): New function to determine
the domain of a given URL.
* lisp/url/url-vars.el (url-current-lastloc): New variable to
keep track of the desired "last location" (referer header).
(url-lastloc-privacy-level): New custom setting for more
fine-grained control over how lastloc (referer) is sent to
servers (Bug#27012).
Most of this change is to boilerplate commentary such as license URLs.
This change was prompted by ftp://ftp.gnu.org's going-away party,
planned for November. Change these FTP URLs to https://ftp.gnu.org
instead. Make similar changes for URLs to other organizations moving
away from FTP. Also, change HTTP to HTTPS for URLs to gnu.org and
fsf.org when this works, as this will further help defend against
man-in-the-middle attacks (for this part I omitted the MS-DOS and
MS-Windows sources and the test tarballs to keep the workload down).
HTTPS is not fully working to lists.gnu.org so I left those URLs alone
for now.
Do the same for "permit", "enable", "prevent", and (where appropriate)
"require".
doc/misc/reftex.texi:
doc/misc/url.texi:
lib/get-permissions.c:
lib/strftime.c:
lisp/org/org-element.el:
lisp/org/org-mobile.el:
lisp/textmodes/reftex-vars.el:
src/bidi.c:
src/emacs.c:
src/xdisp.c:
test/etags/c-src/emacs/src/lisp.h:
Expunge the likes of "This allows to do something" from the above files.
* lisp/url/url-http.el (url-user-agent): Move from here...
* lisp/url/url-vars.el (url-user-agent): ...to here. This is to
keep all the URL defcustoms in one place, and also have it defined
whenever the URL library is loaded.
* doc/misc/url.texi (Customization): Document 'url-user-agent'.
* lisp/mail/mailclient.el (mailclient-encode-string-as-url):
Use RFC 6068’s list of unreserved characters.
(mailclient-send-it): When encoding the body as a URL,
first decode it as per Content-Type: and Content-Transfer-Encoding:,
as URLs must use percent-encoded UTF-8 (Bug#21471).
* doc/misc/url.texi (mailto): Update RFC number.
The PDF versions of the GNU manuals used curved single quotes to
represent grave accent and apostrophe, which made it a pain to cut
and paste code examples from them. Fix the PDF versions to use
grave accent and apostrophe for Lisp source code, keystrokes, etc.
This change does not affect the info files, nor does it affect
ordinary uses of curved single quotes in PDF.
* doc/emacs/docstyle.texi: New file, which specifies treatment for
grave accent and apostrophe, as well as the document encoding.
* doc/emacs/emacs-xtra.texi, doc/emacs/emacs.texi:
* doc/lispintro/emacs-lisp-intro.texi:
* doc/lispref/back.texi, doc/lispref/book-spine.texi:
* doc/lispref/elisp.texi, doc/lispref/lay-flat.texi:
* doc/misc/ada-mode.texi, doc/misc/auth.texi:
* doc/misc/autotype.texi, doc/misc/bovine.texi, doc/misc/calc.texi:
* doc/misc/cc-mode.texi, doc/misc/cl.texi, doc/misc/dbus.texi:
* doc/misc/dired-x.texi, doc/misc/ebrowse.texi, doc/misc/ede.texi:
* doc/misc/ediff.texi, doc/misc/edt.texi, doc/misc/efaq-w32.texi:
* doc/misc/efaq.texi, doc/misc/eieio.texi, doc/misc/emacs-gnutls.texi:
* doc/misc/emacs-mime.texi, doc/misc/epa.texi, doc/misc/erc.texi:
* doc/misc/ert.texi, doc/misc/eshell.texi, doc/misc/eudc.texi:
* doc/misc/eww.texi, doc/misc/flymake.texi, doc/misc/forms.texi:
* doc/misc/gnus-coding.texi, doc/misc/gnus-faq.texi:
* doc/misc/gnus.texi, doc/misc/htmlfontify.texi:
* doc/misc/idlwave.texi, doc/misc/ido.texi, doc/misc/info.texi:
* doc/misc/mairix-el.texi, doc/misc/message.texi, doc/misc/mh-e.texi:
* doc/misc/newsticker.texi, doc/misc/nxml-mode.texi:
* doc/misc/octave-mode.texi, doc/misc/org.texi, doc/misc/pcl-cvs.texi:
* doc/misc/pgg.texi, doc/misc/rcirc.texi, doc/misc/reftex.texi:
* doc/misc/remember.texi, doc/misc/sasl.texi, doc/misc/sc.texi:
* doc/misc/semantic.texi, doc/misc/ses.texi, doc/misc/sieve.texi:
* doc/misc/smtpmail.texi, doc/misc/speedbar.texi:
* doc/misc/srecode.texi, doc/misc/todo-mode.texi, doc/misc/tramp.texi:
* doc/misc/url.texi, doc/misc/vhdl-mode.texi, doc/misc/vip.texi:
* doc/misc/viper.texi, doc/misc/widget.texi, doc/misc/wisent.texi:
* doc/misc/woman.texi:
Use it instead of '@documentencoding UTF-8', to lessen the need for
global changes like this in the future.
* doc/emacs/Makefile.in (EMACS_XTRA):
* doc/lispintro/Makefile.in (srcs):
* doc/lispref/Makefile.in (srcs):
Add dependency on docstyle.texi.
* doc/misc/Makefile.in (style): New macro.
(${buildinfodir}/%.info, %.dvi, %.pdf, %.html)
(${buildinfodir}/ccmode.info, ${buildinfodir}/efaq%.info, gnus_deps):
Use it.
Fix some minor quoting and spacing issues. Distinguish more
clearly among grave accent and apostrophe (which are ASCII) and
single quote (which is not). Prefer the standard terms
"apostrophe" and "grave accent" to alternative names that can be
confusing. Use apostrophes to single-quote ASCII text.
* doc/misc/remember.texi: Spell the mystic's pseudonym in UTF-8
rather than approximating it in ASCII with grave accent.
These are dates that admin/update-copyright did not update, or
updated incorrectly. Also, back out the copyright-date change to
doc/misc/texinfo.tex, as upstream hasn't updated that date yet.
