1
0
mirror of https://git.savannah.gnu.org/git/emacs.git synced 2024-12-16 09:50:25 +00:00
Commit Graph

2651 Commits

Author SHA1 Message Date
Paul Eggert
007744dd04 Redo emacsclient socket symlink-attack checking
* admin/merge-gnulib (GNULIB_MODULES): Add file-has-acl.
* lib/file-has-acl.c: New file, copied from Gnulib.
* lib/gnulib.mk.in, m4/gnulib-comp.m4: Regenerate.
* lib-src/emacsclient.c: Include acl.h, for file_has_acl.
(O_PATH): Default to O_SEARCH, which is good enough here.
(union local_sockaddr): New type.
(socket_status): Remove, replacing with ...
(connect_socket): New function.  All callers changed.
This function checks for ownership and permissions issues with the
parent directory of the socket file, instead of checking the
owner of the socket (which does not help security).
(socknamesize): Move to file scope.
(local_sockname): New arg S.  No need to pass socknamesize.
UID arg is now uid_t.  All callers changed.  Get file descriptor
of parent directory of socket, to foil some symlink attacks.
Do not follow symlinks to that directory.
(set_local_socket): Create the socket here instead of on
each attempt to connect it.  Fall back from XDG_RUNTIME_DIR
to /tmp only if the former fails due to ENOENT.  Adjust
permission-failure diagnostic to match changed behavior.

This addresses Bug#33847, which complained about emacsclient in a
safer XDG environment not connecting to an Emacs server running in
a less-safe enviroment outside XDG.  The patch fixes a
longstanding issue with emacsclient permission checking.
It’s ineffective to look at the permission of the socket file
itself; on some platforms, these permissions are ignored anyway.
What matters are the permissions on the parent directory of the
socket file, as these are what make symlink attacks possible.
Change the permissions check accordingly, and also refuse to
follow symlinks to that parent directory.  These changes make it
OK for emacsclient to fall back from XDG_RUNTIME_DIR to the
traditionally less-safe /tmp/emacsNNNN directories, since /tmp is
universally sticky nowadays.
2021-07-23 13:33:37 +02:00
Paul Eggert
2337869fbf Pacify gcc 11.1.1 -Wanalyzer-null-argument
* lib-src/etags.c (regexp): Omit member force_explicit_name,
since it’s always true.  All uses removed.  This lets us
remove calls to strlen (name) where GCC isn’t smart enough
to deduce that name must be nonnull.
* lib-src/movemail.c (main): Fix bug that could cause
link (tempname, NULL) to be called.
* src/emacs.c (argmatch): Break check into two ‘if’s,
since GCC doesn’t seem to be smart enough to check the single ‘if’.
* src/gtkutil.c (xg_update_menu_item): Fix bug where strcmp
could be given a NULL arg.
* src/xfont.c (xfont_list_family): Use nonnull value for dummy
initial value.
2021-07-12 00:12:20 -07:00
Eli Zaretskii
6af9f1f3ef Improve and update the 'etags' test suite
* lib-src/etags.c (mercury_pr): Remove redundant comment.

* test/manual/etags/merc-src/accumulator.m: Add more complex
declarations.
* test/manual/etags/ETAGS.good_1:
* test/manual/etags/ETAGS.good_2:
* test/manual/etags/ETAGS.good_3:
* test/manual/etags/ETAGS.good_4:
* test/manual/etags/ETAGS.good_5:
* test/manual/etags/ETAGS.good_6:
* test/manual/etags/CTAGS.good: Adapt to latest changes in 'etags'
and the test suite.  (Bug#47408)
2021-06-18 14:28:16 +03:00
Fabrice Nicol
0ffcf7479c Fix Mercury support, notably qualified procedures.
Correct the previous fix (did not correctly handle qualified types).
    Also fix the following issues:
    - remove module name (+ dot) from tags, as prefixing module name is
      often inconsistent in code and may cause tags to be too specific.
    - now tag 0-arity predicates and functions (':- func foo_14.')
    - now tag one-word declarations (':- interface.')

    * lib-src/etags.c (mercury_pr): Pass the correct NAME and NAMELEN
    arguments to 'make_tag'.
    (mercury_decl): Return more information about the declaration or
    definition it finds.  This allows mercury_pr to be smarter.
    (Bug#47408)
2021-06-18 14:18:34 +03:00
Eli Zaretskii
af4cccb8d9 Support mercury in 'ctags' as well
The previous lack of support was due to incorrect calls to 'make_tag'
in 'mercury_pr', which caused 'pfnote' to refrain from adding Mercury
tags to the list of recorded tags.

* lib-src/etags.c (mercury_pr): Pass the correct NAME and NAMELEN
arguments to 'make_tag'.

* test/manual/etags/CTAGS.good: Adjust to the above change.
2021-06-10 16:57:03 +03:00
Eli Zaretskii
6ef5760b10 Minor fixes for last change
* test/manual/etags/ETAGS.good_1:
* test/manual/etags/ETAGS.good_2:
* test/manual/etags/ETAGS.good_3:
* test/manual/etags/ETAGS.good_4:
* test/manual/etags/ETAGS.good_5:
* test/manual/etags/ETAGS.good_6: Adapt to added Mercury support.

* lib-src/etags.c (find_entries, test_objc_is_mercury):
* etc/NEWS: Fix punctuation and typos in last change.
2021-06-06 12:44:49 +03:00
Fabrice Nicol
5a8a5a990a Add support for Mercury (https://mercurylang.org) in 'etags'
Tag declarations starting lines with ':-'.
By default, all declarations are tagged.  Optionally, first
predicate or functions in clauses can be tagged as in Prolog
support using '--declarations'.  (Bug#47408).
* lib-src/etags.c (test_objc_is_mercury, Mercury_functions)
(mercury_skip_comment,  mercury_decl, mercury_pr):
Implement Mercury support.  As Mercury and Objective-C have
the same file extension .m, a heuristic test tries to detect
the language.

* doc/man/etags.1: Document the change.  Add Mercury-specific
 behavior for '--declarations'.  This option tags first
predicates or functions in clauses in addition to declarations.
2021-06-06 12:29:29 +03:00
Pierre-Antoine Rouby
ec870f8986 Add support for Rust in etags
* lib-src/etags.c (Rust_functions): New function to make tags for rust
files.
(Rust_help, Rust_suffixes): New constant.
* doc/emacs/maintaining.texi (Tag Syntax): Add Rust item.
* doc/man/etags.1: Add Rust (bug#46055).
2021-05-17 17:24:04 +02:00
Glenn Morris
aa354dd55b * lib-src/Makefile.in (clean): Tidy up seccomp-filter files. 2021-05-09 18:46:11 -07:00
Glenn Morris
305e4807a4 Base the "extraclean" Make rule on "maintainer-clean"
* Makefile.in (FIND_DELETE): New, set by configure.
(extraclean_dirs): Remove.
(extraclean): Make it just a small variation on maintainer-clean.
* admin/charsets/Makefile.in (extraclean):
* admin/grammars/Makefile.in (extraclean):
* admin/unidata/Makefile.in (extraclean):
* leim/Makefile.in (extraclean):
* lib-src/Makefile.in (extraclean):
* lisp/Makefile.in (extraclean):
* lwlib/Makefile.in (extraclean):
* nt/Makefile.in (extraclean):
* src/Makefile.in (extraclean): Remove target.
* lib/Makefile.in (extraclean): Merge into maintainer-clean.
2021-05-09 18:14:12 -07:00
Philipp Stephani
aaf6b6bf80 Ensure that argument to 'verify' is a constant expression.
Casting NULL is not a constant expression (Bug#47951).

* lib-src/seccomp-filter.c (main): Turn check for null pointer
representation into a runtime assertion.
2021-04-22 16:11:10 +02:00
Philipp Stephani
27af0a3dc8 Seccomp filter: deal with arch_prctl(ARCH_CET_STATUS, ...).
The dynamic loader of GNU libc 2.28 uses this system call to
initialize CPU information, see
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/x86/cpu-features.c;hb=glibc-2.28#l28.
Simulating an older kernel by returning EINVAL should be the most
harmless rule here.

The ARCH_CET_STATUS symbol isn't yet exposed by the kernel headers;
see the FIXME at the top of
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/x86/include/asm/prctl.h;hb=glibc-2.28.

* lib-src/seccomp-filter.c (ARCH_CET_STATUS): Define if not
already present.  Inline the value because there doesn't seem to
be a header file exporting this constant yet.
(main): Make ARCH_CET_STATUS subfunction of arch_prctl return EINVAL.
2021-04-19 21:11:21 +02:00
Philipp Stephani
2822246b5d Fix Seccomp filter on CentOS 8.3 (Bug#47828).
* lib-src/seccomp-filter.c (main): mmap: Also allow MAP_SHARED.
2021-04-18 10:34:48 +02:00
Philipp Stephani
104c5e3d57 * lib-src/seccomp-filter.c: Add missing headers. 2021-04-12 09:20:51 +02:00
Philipp Stephani
17d20bb3cb Generate Seccomp filters only if we have the necessary constants.
If we're missing SECCOMP_SET_MODE_FILTER, the seccomp-filter build
fails.  Reuse the existing HAVE_SECCOMP configuration variable, which
checks for these macros.

* configure.ac (HAVE_SECCOMP): Substitute in Makefile.in.
* lib-src/Makefile.in (HAVE_SECCOMP): New variable.
(SECCOMP_FILTER): Define only if HAVE_SECCOMP.
2021-04-12 09:15:59 +02:00
Philipp Stephani
c8d542fd59 Add a variant of the Seccomp filter file that allows 'execve'.
This is useful when starting Emacs with a Seccomp filter enabled,
e.g. using 'bwrap'.

* lib-src/seccomp-filter.c (main): Generate new Seccomp files.

* lib-src/Makefile.in (all)
(seccomp-filter.bpf seccomp-filter.pfc seccomp-filter-exec.bpf
seccomp-filter-exec.pfc): Generate new Seccomp files.

* .gitignore: Ignore new Seccomp files.

* test/src/emacs-tests.el (emacs-tests/bwrap/allows-stdout): New unit
test.
2021-04-11 21:19:09 +02:00
Philipp Stephani
cf0701eff0 * lib-src/seccomp-filter.c (main): Also allow O_NOFOLLOW. 2021-04-11 21:14:41 +02:00
Philipp Stephani
9a57897ea1 Don't attempt to generate Seccomp filter file in Linux < 4.14.
Only Linux 4.14 and later contain the required support for
SECCOMP_RET_KILL_PROCESS.

* lib-src/Makefile.in (SECCOMP_FILTER): Define only if we run at least
Linux 4.14.
2021-04-11 20:46:59 +02:00
Philipp Stephani
ea5ea09244 Seccomp filter: allow reading the current time (Bug#47708).
* lib-src/seccomp-filter.c (main): Allow reading the current time.
2021-04-11 19:50:45 +02:00
Philipp Stephani
725fc96b70 Use pkg-config to check for libseccomp.
We need at list version 2.4.0 of libseccomp for seccomp-filter.c to
build cleanly.

* configure.ac: Use pkg-config to check for libseccomp.
* lib-src/Makefile.in (HAVE_LIBSECCOMP, LIBSECCOMP_LIBS)
(LIBSECCOMP_CFLAGS): New variables.
(SECCOMP_FILTER, seccomp-filter$(EXEEXT)): Use them.
2021-04-11 16:50:29 +02:00
Philipp Stephani
d06c54db1b Remove SCMP_FLTATR_CTL_LOG attribute from Seccomp filter.
Whether or not we log failing syscalls isn't security-critical, and we
shouldn't care.

* lib-src/seccomp-filter.c (main): Remove log attribute.
2021-04-11 16:41:44 +02:00
Philipp Stephani
9dc26d4a8a Only attempt to generate seccomp filter files on x86-64 systems.
The seccomp filters are always architecture-specific, and
seccomp-filter.c right now only supports x86-64.

* lib-src/Makefile.in (SECCOMP_FILTER): New variable.
(DONT_INSTALL, all, seccomp-filter$(EXEEXT)): Use it.
2021-04-11 16:25:09 +02:00
Philipp Stephani
5537836288 * lib-src/seccomp-filter.c: Print trailing newline. 2021-04-11 16:03:08 +02:00
Glenn Morris
81ffc43383 ; Fix copyright years 2021-04-10 12:24:09 -07:00
Philipp Stephani
1060289f51 Add a helper binary to create a basic Secure Computing filter.
The binary uses the 'seccomp' helper library.  The library isn't
needed to load the generated Secure Computing filter.

* configure.ac: Check for 'seccomp' header and library.

* lib-src/seccomp-filter.c: New helper binary to generate a generic
Secure Computing filter for GNU/Linux.

* lib-src/Makefile.in (DONT_INSTALL): Add 'seccomp-filter' helper
binary if possible.
(all): Add Secure Computing filter file if possible.
(seccomp-filter$(EXEEXT)): Compile helper binary.
(seccomp-filter.bpf seccomp-filter.pfc): Generate filter files.

* test/src/emacs-tests.el (emacs-tests/seccomp/allows-stdout)
(emacs-tests/seccomp/forbids-subprocess): New unit tests.

* test/Makefile.in (src/emacs-tests.log): Add dependency on the helper
binary.
2021-04-10 21:10:16 +02:00
Glenn Morris
d632622b5a Simplify silent-rules build machinery
* src/verbose.mk.in: New file.
* configure.ac (AM_V, AM_DEFAULT_V): Remove output variables.
(src/verbose.mk): New output file.
* Makefile.in, admin/charsets/Makefile.in:
* admin/grammars/Makefile.in, admin/unidata/Makefile.in:
* doc/emacs/Makefile.in, doc/lispintro/Makefile.in:
* doc/lispref/Makefile.in, doc/misc/Makefile.in, leim/Makefile.in:
* lib-src/Makefile.in, lib/Makefile.in, lisp/Makefile.in:
* lwlib/Makefile.in, nt/Makefile.in, oldXMenu/Makefile.in:
* src/Makefile.in, src/verbose.mk.in, test/Makefile.in:
Include src/verbose.mk rather than repeatedly defining AM_V_at etc.
2021-03-06 16:28:46 -08:00
Paul Eggert
9076a631fe Port to Solaris 10
* configure.ac: Instead of AC_CHECK_HEADER, use AC_COMPILE_IFELSE
with X11/Intrinsic.h when checking for X11/extensions/Xrender.h.
This suppresses a bogus "report a bug to bug-gnu-emacs" diagnostic
from 'configure' in Solaris 10.
(SETUP_SLAVE_PTY): Adjust to recent renaming of forkin to
std_in in callproc.c.  Needed on Solaris and Unixware.
* lib-src/Makefile.in (LIB_GETRANDOM, LIBS_ETAGS): New vars,
needed because on Solaris 10 the Gnulib tempname module now needs
the -lrt library for clock_gettime.  Throw in the LIB_GETRANDOM
stuff too while we’re at it; from getrandom.m4 it seems to be
needed for MingW.
(LIBS_MOVE, etags_libs): Use them.
* src/callproc.c [SETUP_SLAVE_PTY]: Include sys/stream.h
and sys/stropts.h, for SETUP_SLAVE_PTY’s definiens.
* src/process.c [NEED_BSDTTY]: Don’t include bsdtty.h; hasn’t been
needed in years.
[USG5_4]: Don’t include sys/stream.h or sys/stropts.h; these
directives havbe been moved to callproc.c because the only use of
SETUP_SLAVE_PTY is there now.
2021-01-01 12:58:17 -08:00
Paul Eggert
50f3949119 Merge from origin/emacs-27
33d159c36f Fix copyright years by hand
2021-01-01 01:28:16 -08:00
Paul Eggert
ba05d005e5 Update copyright year to 2021
Run "TZ=UTC0 admin/update-copyright".
2021-01-01 01:13:56 -08:00
Paul Eggert
33d159c36f Fix copyright years by hand
These are dates that admin/update-copyright did not update.
2021-01-01 00:33:28 -08:00
Paul Eggert
8c1fe1e5ef Update copyright year to 2021
Run "TZ=UTC0 admin/update-copyright $(git ls-files)".
2021-01-01 00:32:32 -08:00
Paul Eggert
ec8a17e938 Adjust to recent Gnulib changes
The latest Gnulib merge brought in free-posix, which causes 'free'
to preserve errno.  This lets us simplify some Emacs code that
calls 'free'.
* admin/merge-gnulib (GNULIB_MODULES): Add free-posix.
This module is pulled in by canonicalize-lgpl anyway,
so we might as well rely on it.
* lib-src/emacsclient.c (get_current_dir_name):
Sync better with src/sysdep.c.
* lib-src/etags.c (process_file_name, etags_mktmp):
* lib-src/update-game-score.c (unlock_file):
* src/fileio.c (file_accessible_directory_p):
* src/sysdep.c (get_current_dir_name_or_unreachable):
Simplify by assuming that 'free' preserves errno.
* src/alloc.c (malloc_unblock_input):
Preserve errno, so that xfree preserves errno.
* src/sysdep.c (get_current_dir_name_or_unreachable):
Simplify by using strdup instead of malloc+memcpy.
No need for realloc (and the old code leaked memory anyway on
failure); just use free+malloc.
2020-12-25 01:40:39 -08:00
Serge Tupchii
809b22d18d Fix crash (segfault) in etags on generating tags for Erlang files
* lib-src/etags.c: Set allocated and lastlen to zero, after
freeing last ptr in Erlang_functions to prevent dereferencing NULL
pointer (bug#45122).

Copyright-paperwork-exempt: yes

(cherry picked from commit 2d8f0364fc)
2020-12-09 17:06:33 +02:00
Serge Tupchii
2d8f0364fc Fix crash (segfault) in etags on generating tags for Erlang files
* lib-src/etags.c: Set allocated and lastlen to zero, after
freeing last ptr in Erlang_functions to prevent dereferencing NULL
pointer (bug#45122).
Copyright-paperwork-exempt: yes
2020-12-08 21:22:34 +01:00
Glenn Morris
4a8c1120f5 Merge from origin/emacs-27
75723ec212 (origin/emacs-27) ; * lisp/emacs-lisp/benchmark.el (benchm...
53e2a612ad ; * lib-src/make-fingerprint.c: Update commentary.
286c632772 Reformat argument commentary in etags.c
4ec740866a Make the invocation of combine-change-calls in comment-reg...
66bcec8838 * lisp/progmodes/cc-langs.el (c-<>-notable-chars-re): Fix ...
03eeab469e ; Update the expected result files in test/manual/etags.
d875a22bc6 Update the various INSTALL files

# Conflicts:
#	INSTALL
2020-11-16 09:05:31 -08:00
Glenn Morris
53e2a612ad ; * lib-src/make-fingerprint.c: Update commentary. 2020-11-15 15:09:17 -08:00
Eli Zaretskii
286c632772 Reformat argument commentary in etags.c
* lib-src/etags.c (pfnote, consider_token, C_entries): Resurrect
original format of comments to function arguments.
2020-11-15 19:26:38 +02:00
Philipp Klaus Krause
14e00d95c4 Mark the return value from strerror as a constant
* src/emacs.c (main): Mark the return from strerror as a constant,
since it shouldn't be changed (bug#43982).

* lib-src/movemail.c (pfatal_and_delete): Ditto.

Copyright-paperwork-exempt: yes
2020-10-14 06:19:33 +02:00
Stefan Kangas
ceae38b933 ; Fix trivial typos in ChangeLogs 2020-10-03 12:53:51 +02:00
Stefan Kangas
395f10cb98 ; Fix more trivial typos 2020-09-21 15:32:46 +02:00
Stefan Kangas
462dbc1cb2 ; Fix typos 2020-09-21 14:26:42 +02:00
Lars Ingebrigtsen
804a0e82f2 Don't output emacsclient warning if both -a and --quiet
* lib-src/emacsclient.c (set_local_socket): Don't output the
warning if both -a and --quiet are specified (bug#16117).
Inspired by a patch from Scott Turner <srt19170@gmail.com>.
2020-08-13 10:29:44 +02:00
Glenn Morris
dc78327e32 Merge from origin/emacs-27
e7a3ed8a6d Fix tab-bar-tab-name-ellipsis initialization
4737d0af75 Fix Elisp manual entry for format-spec
0195809bb6 Fix rare assertion violations in 'etags'
cddb0079ff ; * lisp/format-spec.el (format-spec): Fix typo.
2020-05-28 07:50:25 -07:00
Eli Zaretskii
0195809bb6 Fix rare assertion violations in 'etags'
* lib-src/etags.c (pfnote): Instead of raising an assertion when
we get an empty tag name, return immediately.  (Bug#41465)

* test/manual/etags/ETAGS.good_1:
* test/manual/etags/ETAGS.good_2:
* test/manual/etags/ETAGS.good_3:
* test/manual/etags/ETAGS.good_4:
* test/manual/etags/ETAGS.good_5:
* test/manual/etags/ETAGS.good_6: Adapt to latest changes in
etags.
2020-05-24 18:01:45 +03:00
Paul Eggert
e021c2dc22 Port etags FALLTHROUGH to C2X
Problem reported by Ashish SHUKLA in:
https://lists.gnu.org/r/emacs-devel/2020-05/msg03013.html
* lib-src/etags.c (C_entries): Move label so that FALLTHROUGH
precedes a case label, as draft C2X specifies.
2020-05-23 12:55:32 -07:00
Paul Eggert
02b06216b7 * lib-src/Makefile.in (LINK_CFLAGS): Remove; unused. 2020-04-04 16:57:43 -07:00
Paul Eggert
4f41188a6e Stop using newly-deprecated dosname Gnulib module
Code is supposed to use the filename module now.
* admin/merge-gnulib (GNULIB_MODULES): Replace dosname with filename.
* lib/dosname.h: Remove this forwarding stub.
* lib/gnulib.mk.in, m4/gnulib-comp.m4: Regenerate.
* lib-src/emacsclient.c, src/fileio.c:
Include filename.h instead of dosname.h.
2020-03-28 14:08:11 -07:00
Paul Eggert
dc3006cf14 Pacify GCC 9.2.1 20190927 -O3
Original problem report by N. Jackson in:
https://lists.gnu.org/r/emacs-devel/2020-03/msg00047.html
I found some other warnings when I used gcc, and fixed them
with this patch.
* lib-src/etags.c: Include verify.h.
(xnmalloc, xnrealloc): Tell the compiler that NITEMS is
nononnegative and ITEM_SIZE is positive.
* src/conf_post.h (__has_attribute_returns_nonnull)
(ATTRIBUTE_RETURNS_NONNULL): New macros.
* src/editfns.c (Fuser_full_name): Don’t assume Fuser_login_name
returns non-nil.
* src/intervals.c (rotate_right, rotate_left, update_interval):
* src/intervals.h (LENGTH, LEFT_TOTAL_LENGTH, RIGHT_TOTAL_LENGTH):
Use TOTAL_LENGTH0 or equivalent on intervals that might be null.
* src/intervals.h (TOTAL_LENGTH): Assume arg is nonnull.
(TOTAL_LENGTH0): New macro, with the old TOTAL_LENGTH meaning.
(make_interval, split_interval_right): Add ATTRIBUTE_RETURNS_NONNULL.
* src/pdumper.c (dump_check_dump_off): Now returns void, since
no caller uses the return value.  Redo assert to pacify GCC.
(decode_emacs_reloc): Add a seemingly-random eassume to pacify GCC.
Ugly, and I suspect due to a bug in GCC.
2020-03-04 13:48:58 -08:00
Robert Pluim
13995f31a2 Make emacs prefer an existing ~/.emacs.d to an existing XDG location
* doc/emacs/custom.texi (Find Init): Update description of how Emacs
finds its init file directory and the interaction with
$XDG_CONFIG_HOME
(Early Init File): Correct XDG location of early-init.el

* etc/NEWS: Update description to make it clear the ~/.emacs.d is
preferred, even if the XDG location exists.

* lisp/startup.el: Prefer ~/.emacs.d even if the XDG location exists.

* lib-src/emacsclient.c (open_config): Prefer home directory the XDG
location.
2020-01-16 16:05:45 +01:00
Paul Eggert
4cd143aded Fix copyright years by hand
These are dates that admin/update-copyright did not update.
2020-01-01 01:01:53 +00:00