Fixes: bug#40573
The new mode can be used stand-alone or inherited from by modes
intended to edit programs. The existing emacs-lisp-mode and lisp-mode
are examples.
Thanks to Juri Linkov and Basil L. Contovounesios for researching some
data files in Emacs that can be automatically set to use the new mode.
* lisp/files.el (auto-mode-alist): Add entry for ".dir-locals" and
".dir-locals-2"
* lisp/emacs-lisp/lisp-mode.el: (lisp-data-mode): New major mode.
(lisp-mode): Inherit from lisp-data-mode. Set special lisp-mode
stuff here.
* lisp/progmodes/elisp-mode.el (emacs-lisp-mode): Inherit from
lisp-data-mode.
* lisp/bookmark.el (bookmark-insert-file-format-version-stamp):
Use lisp-data-mode.
* lisp/saveplace.el (save-place-alist-to-file): Use
lisp-data-mode.
* lisp/net/eww.el (eww-write-bookmarks): Use lisp-data-mode.
* lisp/net/nsm.el (nsm-write-settings): Use lisp-data-mode.
* lisp/net/tramp-cache.el (tramp-dump-connection-properties): Use
lisp-data-mode.
* etc/NEWS: Mention lisp-data-mode.
* doc/lispref/modes.texi (Example Major Modes): Update example.
Revert 2020-01-04T19:17:12Z!eggert@cs.ucla.edu
which recently I installed into the emacs-27 branch by mistake.
These patches are now on master instead (via merging).
Do not merge to master.
Problem reported by Mattias Engdegård in:
https://lists.gnu.org/r/emacs-devel/2020-01/msg00088.html
* lisp/cedet/ede/cpp-root.el (ede-create-lots-of-projects-under-dir):
Remove this quick hack, which didn’t do anything anyway.
* lisp/cedet/ede/pconf.el (ede-proj-configure-test-required-file):
* lisp/emacs-lisp/tabulated-list.el (tabulated-list-print-col):
* lisp/net/nsm.el (nsm-check-tls-connection):
Use ‘when’ rather than bypassing it. This doesn’t affect behavior
and is better style.
* lisp/cedet/srecode/semantic.el (srecode-semantic-handle-:tag):
Fix typo that suppressed an error.
* lisp/filesets.el (filesets-run-cmd): Fix typo that mishandled spacing.
* lisp/gnus/gnus-cloud.el (gnus-cloud-update-newsrc-data):
Fix typo that caused “GROUP has older different info in the cloud
as of DATE, update it here?” prompt result to always be treated as
“yes”.
* lisp/gnus/mml-smime.el (mml-smime-openssl-encrypt): Simplify,
since smime-encrypt-buffer signals error on failure.
* lisp/international/titdic-cnv.el (tsang-quick-converter): Simplify.
The conversion of this file to utf-8-emacs in
2019-01-08T02:18:40Z!monnier@iro.umontreal.ca removed the
distinction between Big5 and CNS fulltitles in the generated docstring.
* lisp/org/org-agenda.el (org-agenda-show-and-scroll-up):
* lisp/textmodes/table.el (table--generate-source-cell-contents):
Simplify by removing useless code.
* lisp/org/ox-odt.el (org-odt--format-timestamp): Fix typo that
always output time-of-day even when the timestamp lacked it.
Bug#38218
* src/process.c (Fnetwork_interface_list): Extend argument list to
allow requesting full network info and/or IPv4/IPv6 info.
(network_interface_list) [HAVE_GETIFADDRS]: Use getifaddrs to retrieve
interface IP addresses.
* src/process.h: Update prototype of network_interface_list.
* src/w32.c (g_b_init_get_adapters_addresses): New init flag.
(globals_of_w32): Initialize it.
(GetAdaptersAddresses_Proc): New function typedef.
(get_adapters_addresses): New wrapper function.
(init_winsock): Load htonl and ntohl.
(sys_htonl, sys_ntohl): New wrapper functions.
(network_interface_list): Implement in terms of
get_adapters_addresses.
* nt/inc/sys/socket.h: Add sys_htonl and sys_ntohl prototypes.
* etc/NEWS: Announce IPv4/IPv6 changes in network-interface-list.
* doc/lispref/processes.texi (Misc Network): Document updated arglist
and return values for network-interface-list.
* lisp/net/nsm.el (nsm-network-same-subnet): Compare lengths of
local-ip and ip; different lengths can never match.
(nsm-should-check): Chop port off end of address.
When connecting using a cleartext connection, nsm was erroring out and
tearing down the connection because it was trying to display
nonexistent certificate information.
* lisp/net/nsm.el (nsm-query-user): Only format certificate status
when it is valid. (Bug#37221)
* src/gnutls.c (Fgnutls_peer_status): Report :compression and
:encrypt-then-mac only if the underlying GnuTLS library has
the corresponding features. This give the Elisp caller a bit
more information about the peer status.
* lisp/net/nsm.el (nsm-protocol-check--compression):
Don’t worry about compression in newer GnuTLS versions
that do not support compression.
* doc/emacs/misc.texi (Network Security): Start working on
updating the NSM bits, but it's unclear how much of the new stuff
to document.
* lisp/net/nsm.el: Rename all nsm-tls-check-* functions to
nsm-protocol-check--* to bring them back into line with the
documentation.
(network-security-protocol-checks): Renamed back again from
`nsm-tls-checks', as this variable is documented and can't just go
away.
* lisp/net/nsm.el (network-security-level, nsm-tls-checks): Make
`low' a "check nothing" setting again, and move all the `low'
checks back to `medium'. This makes the test suite work again.
* lisp/net/nsm.el (nsm-parse-subject, nsm-certificate-part):
Restore functions for parsing subjects.
(nsm-format-certificate): Use them to display more user-friendly
data. Also change the display to have fewer lines again so that
the data of interest isn't pushed off the screen.
* lisp/net/nsm.el (nsm-network-same-subnet): New function. Checks
if an ip address is in the same subnet as another one.
(nsm-should-check): Use nsm-network-same-subnet to see if we're
connecting to a local subnet machine. Remove checks for RFC1918 addresses.
* test/lisp/net/nsm-tests.el: New file. Test nsm-should-check functionality.
* lisp/net/nsm.el (nsm-check-certificate): `nsm-fingerprint-ok-p'
will save the fingerprint in the correct temporary/permanent
storage, so saving it once more (in the permanent storage) if the
security level is high or greater is a mistake (bug#27823).
d28d54c (origin/emacs-26) More accurate docs for 'text-char-description'
b3baf99 Document synchronous behavior of eshell/make (Bug#32513)
98544ea Fix bs-show with wide characters (Bug#17822)
85af51b Improve Custom menu labels for 2 options
72a2a36 Improve wording of last change in dired-x.texi
d4fa83b Fix GnuTLS test suite with GnuTLS versions 3.4.x
b5bee6b Fix build with gnutls versions 3.0 to 3.2 (Bug#32446)
67eb80e ; * etc/enriched.txt (hanging-indents): Remove extra indent.
c71cfb7 Fix the Bubbles game on TTY frames
3bbf21b Add choice to reshow certificate information (Bug#31877)
6f2c471 * src/alloc.c (Fbool_vector, Flist, Fvector): Doc tweak.
39eecb3 * src/alloc.c (vector): Fix grammatical error in doc string: ...
In various situations, the window displaying the certificate
information can be hidden (such as if the user accidentally presses ?,
which causes the read-multiple-choice help window to replace it).
Instead of leaving the user to make a choice blindly, add a choice to
reshow the certification information.
* lisp/net/nsm.el (nsm-query-user): Add reshow choice.
CAs like Let's Encrypt do not put O and OU into the Subject's DN.
Similarly, O and OU are often used to indicate Domain Validated or
Organization Validation as opposed to the actual OU.
Issuer CN often contains the issuer's server or as an indication of
Extended Validation certificate as opposed to the actual issuer
organization.
The Hostname part as extracted from the Subject is also confusing, as
in the case of a hostname mismatch, the Subject's CN, which
`nsm-format-certificate' naively calls the Hostname, will not actually
match the hostname in the problem preamble.
* lisp/net/nsm.el (nsm-format-certificate): Show full DN of Issuer and
Subject. Remove Hostname.
(nsm-certificate-part, nsm-parse-subject): Removed.
* lisp/net/nsm.el (nsm-check-tls-connection): Fix issue with plural
problems in message. Prefix every problem with a bullet.
(nsm-query-user): Add new view the full certificate chain by
pressing d.
(nsm-format-certificate): Improve basic certificate and session info
formatting.
* src/gnutls.c (emacs_gnutls_certificate_export_pem): New function.
(gnutls_certificate_details): Rename to
emacs_gnutls_certificate_details. Add :pem to result list.
(Fgnutls_format_certificate): New function for formatting a PEM to
human-readable text.
* lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6,
ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from
DNS.
* lisp/net/nsm.el (nsm-trust-local-network, nsm-should-check,
nsm-check-tls-connection, nsm-check-plain-connection): New defcustom
`nsm-trust-local-network' lets users customize whether NSM should
check for TLS problems when connecting to the hosts on their local
networks. `nsm-should-check' determines whether
`nsm-check-tls-connection' and `nsm-check-plain-connection' should
perform checks. localhost is implicitly trusted, thus checks are
never performed there.
* lisp/net/nsm.el (network-security-level, nsm-level,
nsm-new-fingerprint-ok-p): Remove `paranoid' level and related code.
* lisp/net/nsm.el (nsm-tls-checks, nsm-tls-check-version,
nsm-tls-check-compression, nsm-tls-check-renegotiation-info-ext,
nsm-tls-check-verify-cert, nsm-tls-check-same-cert,
nsm-tls-check-null-suite, nsm-tls-check-export-kx,
nsm-tls-check-anon-kx, nsm-tls-check-md5-sig,
nsm-tls-check-rc4-cipher, nsm-tls-check-dhe-prime-kx,
nsm-tls-check-sha1-sig, nsm-tls-check-ecdsa-cbc-cipher
nsm-tls-check-dhe-kx, nsm-tls-check-rsa-kx,
nsm-tls-check-3des-cipher, nsm-tls-check-cbc-cipher,
nsm-save-fingerprint-maybe, nsm-tls-post-check-functions): New
options and functions for checking TLS handshake problems.
* lisp/net/nsm.el (nsm-check-certificate,
network-security-protocol-checks,
nsm-protocol-check--diffie-hellman-prime-bits,
nsm-protocol-check--3des, nsm-protocol-check--rc4,
nsm-protocol-check--signature-sha1,
nsm-protocol-check--intermediate-sha1, nsm-protocol-check--ssl,
nsm-check-protocol): Remove in favor of `nsm-tls-checks' and
`nsm-tls-check-*' functions.
* lisp/net/nsm.el (nsm-verify-connection): Ensure connection is
checked even when `network-security-level' is `low'.
* lisp/net/nsm.el (nsm-check-tls-connection): Batch all problems found
before querying the user.
* lisp/net/nsm.el (nsm--encryption): Renamed to `nsm-cipher-suite'.
* lisp/net/nsm.el (nsm-fingerprint-ok-p): No longer prompt when
certificate fingerprints mismatch. Returns a boolean instead when
the fingerprint of the certificate received matches the saved
fingerprints.
* lisp/net/nsm.el (nsm-query): Change signature. Accepts a list of
problems and a preformatted message instead of just a message format
and the arguments for the message.
* lisp/net/nsm.el (nsm-query-user): Change signature. Accepts a
preformatted message and the peer status of the handshake instead of
a message format, its arguments and the certificate for the host.
* lisp/net/nsm.el (nsm-save-host): Change signature. Accepts a list of
problems after the WHAT parameter. Saves multiple fingerprints for
the same host in case the host load balances a TLS server with more
than one certificates signed with different keys. Makes sure
conditions are not removed when updating a fingerprint.
* lisp/net/nsm.el (nsm-format-certificate): Display the TLS handshake's
renegotiation info extension, compression level, encrypt-then-MAC
extension, and key exchange prime bit length.
* src/gnutls.c (gnutls-peer-status-warning-describe,
gnutls-peer-status): Check for certificate verification problems
introduced since GnuTLS 3.1.
* src/gnutls.c (gnutls-peer-status): `:compression', `:encrypt-then-mac'
and `:safe-renegotiation' are now contained in the peer status
result return value.
* doc/emacs/misc.texi (Network Security): Update the doc to say
what's on the different levels.
* lisp/net/nsm.el (nsm-protocol-check--intermediary-sha1): Check
intermediary certificates for SHA1.
(nsm-protocol-check--3des): Check for 3DES ciphers.
(network-security-protocol-checks): Put most of the checks on
`medium'.
* doc/emacs/misc.texi (Network Security): Mention
network-security-protocol-checks.
* lisp/net/nsm.el (network-security-protocol-checks): New variable.
(nsm-check-protocol): Refactor the checks into separate functions
for greater flexibility.
(nsm-protocol-check--diffie-hellman-prime-bits)
(nsm-protocol-check--rc4, nsm-protocol-check--ssl)
(nsm-protocol-check--signature-sha1): Refactored out of the big
function.
Most of this change is to boilerplate commentary such as license URLs.
This change was prompted by ftp://ftp.gnu.org's going-away party,
planned for November. Change these FTP URLs to https://ftp.gnu.org
instead. Make similar changes for URLs to other organizations moving
away from FTP. Also, change HTTP to HTTPS for URLs to gnu.org and
fsf.org when this works, as this will further help defend against
man-in-the-middle attacks (for this part I omitted the MS-DOS and
MS-Windows sources and the test tarballs to keep the workload down).
HTTPS is not fully working to lists.gnu.org so I left those URLs alone
for now.
