GitLab

* lisp/net/nsm.el (nsm-parse-subject, nsm-certificate-part):
Restore functions for parsing subjects.
(nsm-format-certificate): Use them to display more user-friendly
data.  Also change the display to have fewer lines again so that
the data of interest isn't pushed off the screen.

* lisp/net/nsm.el (nsm-network-same-subnet): New function.  Checks
if an ip address is in the same subnet as another one.
(nsm-should-check): Use nsm-network-same-subnet to see if we're
connecting to a local subnet machine.  Remove checks for RFC1918 addresses.

* test/lisp/net/nsm-tests.el: New file.  Test nsm-should-check functionality.

* src/process.c (network_lookup_address_info_1): Only check multibyte
hostnames for pure-ASCII.

* test/src/process-tests.el (unibyte-domain-name): Test unibyte domain
names with network-lookup-address-info.

* doc/lispref/processes.texi (Misc Network): Document
  network-lookup-address-info.

* test/src/process-tests.el (lookup-family-specification): Test
network-lookup-address-info api.
(lookup-unicode-domains): Test that unicode domains fail.
(lookup-google): Test that normal lookups succeed.
(non-existent-lookup-failure): Check that known non-existent
domains fail.

* src/process.c:
(network_lookup_address_info_1): New function, does most of the
work to call getaddrinfo.  Now checks hostname for pure-ASCII.
(Fmake_network_process): Use it.
(Fnetwork_lookup_address_info): Likewise.  Error check family
argument.

* src/process.c (conv_sockaddr_to_lisp): Add include_port
argument.  Don't put a port in the result if this is false.
(conv_addrinfo_to_lisp, Fprocess_datagram_address)
(connect_network_socket, network_interface_list)
(network_interface_info, server_accept_connection)
(init_process_emacs): Update callers.
(Fnetwork_lookup_address_info): New function.  Performs hostname to
ip address lookups.

* src/w32.c (network_interface_get_info): Update callers of
  conv_sockaddr_to_lisp

* etc/NEWS : mention addition of 'network-lookup-address-info'

CAs like Let's Encrypt do not put O and OU into the Subject's DN.
Similarly, O and OU are often used to indicate Domain Validated or
Organization Validation as opposed to the actual OU.

Issuer CN often contains the issuer's server or as an indication of
Extended Validation certificate as opposed to the actual issuer
organization.

The Hostname part as extracted from the Subject is also confusing, as
in the case of a hostname mismatch, the Subject's CN, which
`nsm-format-certificate' naively calls the Hostname, will not actually
match the hostname in the problem preamble.

* lisp/net/nsm.el (nsm-format-certificate): Show full DN of Issuer and
  Subject.  Remove Hostname.
  (nsm-certificate-part, nsm-parse-subject): Removed.

* lisp/net/nsm.el (nsm-check-tls-connection): Fix issue with plural
  problems in message.  Prefix every problem with a bullet.
  (nsm-query-user): Add new view the full certificate chain by
  pressing d.
  (nsm-format-certificate): Improve basic certificate and session info
  formatting.

* src/gnutls.c (emacs_gnutls_certificate_export_pem): New function.
  (gnutls_certificate_details): Rename to
  emacs_gnutls_certificate_details.  Add :pem to result list.
  (Fgnutls_format_certificate):  New function for formatting a PEM to
  human-readable text.

* lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6,
  ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from
  DNS.

* lisp/net/nsm.el (nsm-trust-local-network, nsm-should-check,
  nsm-check-tls-connection, nsm-check-plain-connection): New defcustom
  `nsm-trust-local-network' lets users customize whether NSM should
  check for TLS problems when connecting to the hosts on their local
  networks.  `nsm-should-check' determines whether
  `nsm-check-tls-connection' and `nsm-check-plain-connection' should
  perform checks.  localhost is implicitly trusted, thus checks are
  never performed there.

* lisp/net/nsm.el (network-security-level, nsm-level,
  nsm-new-fingerprint-ok-p): Remove `paranoid' level and related code.

* lisp/net/nsm.el (nsm-tls-checks, nsm-tls-check-version,
    nsm-tls-check-compression, nsm-tls-check-renegotiation-info-ext,
    nsm-tls-check-verify-cert, nsm-tls-check-same-cert,
    nsm-tls-check-null-suite, nsm-tls-check-export-kx,
    nsm-tls-check-anon-kx, nsm-tls-check-md5-sig,
    nsm-tls-check-rc4-cipher, nsm-tls-check-dhe-prime-kx,
    nsm-tls-check-sha1-sig, nsm-tls-check-ecdsa-cbc-cipher
    nsm-tls-check-dhe-kx, nsm-tls-check-rsa-kx,
    nsm-tls-check-3des-cipher, nsm-tls-check-cbc-cipher,
    nsm-save-fingerprint-maybe, nsm-tls-post-check-functions): New
    options and functions for checking TLS handshake problems.

* lisp/net/nsm.el (nsm-check-certificate,
  network-security-protocol-checks,
  nsm-protocol-check--diffie-hellman-prime-bits,
  nsm-protocol-check--3des, nsm-protocol-check--rc4,
  nsm-protocol-check--signature-sha1,
  nsm-protocol-check--intermediate-sha1, nsm-protocol-check--ssl,
  nsm-check-protocol): Remove in favor of `nsm-tls-checks' and
  `nsm-tls-check-*' functions.

* lisp/net/nsm.el (nsm-verify-connection): Ensure connection is
  checked even when `network-security-level' is `low'.

* lisp/net/nsm.el (nsm-check-tls-connection): Batch all problems found
  before querying the user.

* lisp/net/nsm.el (nsm--encryption): Renamed to `nsm-cipher-suite'.

* lisp/net/nsm.el (nsm-fingerprint-ok-p): No longer prompt when
  certificate fingerprints mismatch.  Returns a boolean instead when
  the fingerprint of the certificate received matches the saved
  fingerprints.

* lisp/net/nsm.el (nsm-query): Change signature.  Accepts a list of
  problems and a preformatted message instead of just a message format
  and the arguments for the message.

* lisp/net/nsm.el (nsm-query-user): Change signature.  Accepts a
  preformatted message and the peer status of the handshake instead of
  a message format, its arguments and the certificate for the host.

* lisp/net/nsm.el (nsm-save-host): Change signature.  Accepts a list of
  problems after the WHAT parameter.  Saves multiple fingerprints for
  the same host in case the host load balances a TLS server with more
  than one certificates signed with different keys.  Makes sure
  conditions are not removed when updating a fingerprint.

* lisp/net/nsm.el (nsm-format-certificate): Display the TLS handshake's
  renegotiation info extension, compression level, encrypt-then-MAC
  extension, and key exchange prime bit length.

* src/gnutls.c (gnutls-peer-status-warning-describe,
  gnutls-peer-status): Check for certificate verification problems
  introduced since GnuTLS 3.1.

* src/gnutls.c (gnutls-peer-status): `:compression', `:encrypt-then-mac'
  and `:safe-renegotiation' are now contained in the peer status
  result return value.

* lisp/net/gnutls.el (gnutls-min-prime-bits): Set standard value to
  nil in order to let GnuTLS manage the minimum DH prime bits
  accepted.

* lisp/net/gnutls.el (gnutls-boot-parameters): Return
  `gnutls-crlfiles' in `:crlfiles'.
  (gnutls-crlfiles): New defcustom.
  (gnutls--get-files): New defun.
  (gnutls-trustfiles, gnutls-crlfiles): Delegate to
  `gnutls--get-files' to return a list of filenames, accepts glob pattern.

* lisp/register.el (jump-to-register):
* doc/emacs/regs.texi (Position Registers): Document that
jumping to a register can push the mark.

* xdisp.c (safe_set_text_properties): New function.
(display_mode_element): Call Fset_text_properties through
internal_condition_case_n, using safe_set_text_properties as a
wrapper.  (Bug#32038)

(diff--font-lock-prettify): New function.
(diff-font-lock-keywords): Use it.

17ebb6e5 (origin/emacs-26) Use consistent function names in thread-tes...
1c862297 Fix format error in Faccept_process_output
b38b91a8 Lessen stack consumption in recursive read1
3eb4603b Match w32 paths in grep sans --null hits (Bug#32051)
5cc7c4b4 Fix previous make-network-process change
d6a1b69c Another documentation improvement in flyspell.el
9b49a8ed Improve documentation of Flyspell
3744fda5 Provide feature 'threads
ef9025f5 Save the server alias on reconnect (Bug#29657)
db3874b1 Refer to "proper lists" instead of "true lists"
35e0305d Avoid turning on the global-minor-mode recursively
51bf4e46 Fix Bug#32085

* lisp/emacs-lisp/subr-x.el (string-join): #'-quote function symbol.
(string-trim-left, string-trim-right):
Make better use of substring for minor speedup.
* test/lisp/emacs-lisp/subr-x-tests.el
(subr-x-test-string-trim-left, subr-x-test-string-trim-right)
(subr-x-test-string-remove-prefix)
(subr-x-test-string-remove-suffix): New tests.

* lisp/cus-theme.el (custom-new-theme-mode, customize-themes)
(custom-theme-choose-mode): Use setq-local.
(customize-create-theme): Ditto.  Use delete-all-overlays.
(describe-theme-1, custom-theme-summary): Simplify logic.

* lisp/custom.el (custom-quote): Duplicate macroexp-quote.
(custom-load-symbol, customize-mark-to-save, customize-mark-as-set)
(custom-theme-name-valid-p, enable-theme, custom-enabled-themes)
(disable-theme): Simplify logic.

Remove duplicate 'Custom Themes' comment heading.
(deftheme, custom-declare-theme): Fix advertised calling convention.
(custom-enabled-themes): Fix message grammar.

For discussion, see thread starting at
https://lists.gnu.org/archive/html/emacs-devel/2018-05/msg00222.html.
* lisp/custom.el: (custom-available-themes): Use directory-files
instead of performing arbitrary wildcard expansion in file names.
(custom-theme--load-path): Document return value.
* test/lisp/custom-tests.el: New file.
(custom-theme--load-path): New test.

* etc/themes/adwaita-theme.el:
* etc/themes/deeper-blue-theme.el:
* etc/themes/dichromacy-theme.el:
* etc/themes/leuven-theme.el:
* etc/themes/light-blue-theme.el:
* etc/themes/manoj-dark-theme.el:
* etc/themes/misterioso-theme.el:
* etc/themes/tango-dark-theme.el:
* etc/themes/tango-theme.el:
* etc/themes/tsdh-dark-theme.el:
* etc/themes/tsdh-light-theme.el:
* etc/themes/wheatgrass-theme.el:
* etc/themes/whiteboard-theme.el:
* etc/themes/wombat-theme.el: Disable no-byte-compile.

https://lists.gnu.org/archive/html/emacs-devel/2018-01/msg00614.html
https://lists.gnu.org/archive/html/emacs-devel/2018-02/msg00060.html

* lisp/custom.el (load-theme):
Load byte-compiled file of safe themes when available.

https://lists.gnu.org/archive/html/emacs-devel/2018-01/msg00614.html
https://lists.gnu.org/archive/html/emacs-devel/2018-02/msg00060.html

* test/src/thread-tests.el (threads-call-error, threads-custom)
(threads-errors, threads-sticky-point, threads-signal-early):
Rename, using naming convention to prefix with "threads-".

* src/process.c (Faccept_process_output): Do not use format spec
"%p", it isn't valid for error().

* src/lread.c (read1): Shrink local buffer size from
MAX_ALLOCA to 128 (Bug#31995).

* lisp/progmodes/grep.el (grep-regexp-alist): Add an optional part to
match paths starting with C: (other drive letters).
* test/lisp/progmodes/compile-tests.el
(compile-tests--grep-regexp-testcases)
(compile-tests--grep-regexp-tricky-testcases)
(compile-test-grep-regexps): New tests.
(compile--test-error-line): Return `compilation-message'.

* lisp/vc/smerge-mode.el (smerge-refine-regions): Bind
write-region-inhibit-fsync to t.  This was reported in
https://github.com/magit/magit/pull/2834 to give a noticable speedup.

* test/lisp/epg-tests.el (epg-tests--config-program-alist): New
constant, which allows gpg2 version 2.0+.
(epg-tests-find-usable-gpg-configuration): Pass it to
epg-find-configuration.

* src/process.c (Fmake_network_process): On 2018-07-09 "Explicitly
reject :server and :nowait (Bug#31903)", the sense of the SERVER check
was accidentally reversed so that we ended up looking for the wrong
ADDRESS.  Reported by T.V Raman in
<https://lists.gnu.org/archive/html/emacs-devel/2018-07/msg00437.html>.

* lisp/textmodes/flyspell.el (flyspell-persistent-highlight): Doc
fix.

For the background, see
http://lists.gnu.org/archive/html/help-gnu-emacs/2018-07/msg00099.html.

* doc/emacs/fixit.texi (Spelling): Add a couple of caveats.
* lisp/textmodes/flyspell.el: Update commentary.

Suggested by Robert Pluim <rpluim@gmail.com>.

* lisp/emacs-lisp/byte-run.el (defun-declarations-alist): Avoid cadr/cddr.
* lisp/subr.el (zerop): Un-revert 2018-07-10T23:08:58-07:00!contovob@tcd.ie.

* src/thread.c (syms_of_threads): Provide feature "threads".

* test/src/thread-tests.el (top): Declare the functions.
(all): Use (featurep 'threads) check.

* lisp/subr.el (zerop): Add commentary explaining why moving the
function's location within the file broke bootstrap in
2018-07-10T23:08:58-07:00!contovob@tcd.ie.

* lisp/subr.el (zerop): Revert previous change, which caused
bootstrap to fail with void function cadr.