* lisp/net/nsm.el (nsm-parse-subject, nsm-certificate-part):
Restore functions for parsing subjects.
(nsm-format-certificate): Use them to display more user-friendly
data. Also change the display to have fewer lines again so that
the data of interest isn't pushed off the screen.
* lisp/net/nsm.el (nsm-network-same-subnet): New function. Checks
if an ip address is in the same subnet as another one.
(nsm-should-check): Use nsm-network-same-subnet to see if we're
connecting to a local subnet machine. Remove checks for RFC1918 addresses.
* test/lisp/net/nsm-tests.el: New file. Test nsm-should-check functionality.
* src/process.c (network_lookup_address_info_1): Only check multibyte
hostnames for pure-ASCII.
* test/src/process-tests.el (unibyte-domain-name): Test unibyte domain
names with network-lookup-address-info.
* test/src/process-tests.el (lookup-family-specification): Test
network-lookup-address-info api.
(lookup-unicode-domains): Test that unicode domains fail.
(lookup-google): Test that normal lookups succeed.
(non-existent-lookup-failure): Check that known non-existent
domains fail.
* src/process.c:
(network_lookup_address_info_1): New function, does most of the
work to call getaddrinfo. Now checks hostname for pure-ASCII.
(Fmake_network_process): Use it.
(Fnetwork_lookup_address_info): Likewise. Error check family
argument.
* src/process.c (conv_sockaddr_to_lisp): Add include_port
argument. Don't put a port in the result if this is false.
(conv_addrinfo_to_lisp, Fprocess_datagram_address)
(connect_network_socket, network_interface_list)
(network_interface_info, server_accept_connection)
(init_process_emacs): Update callers.
(Fnetwork_lookup_address_info): New function. Performs hostname to
ip address lookups.
* src/w32.c (network_interface_get_info): Update callers of
conv_sockaddr_to_lisp
* etc/NEWS : mention addition of 'network-lookup-address-info'
CAs like Let's Encrypt do not put O and OU into the Subject's DN.
Similarly, O and OU are often used to indicate Domain Validated or
Organization Validation as opposed to the actual OU.
Issuer CN often contains the issuer's server or as an indication of
Extended Validation certificate as opposed to the actual issuer
organization.
The Hostname part as extracted from the Subject is also confusing, as
in the case of a hostname mismatch, the Subject's CN, which
`nsm-format-certificate' naively calls the Hostname, will not actually
match the hostname in the problem preamble.
* lisp/net/nsm.el (nsm-format-certificate): Show full DN of Issuer and
Subject. Remove Hostname.
(nsm-certificate-part, nsm-parse-subject): Removed.
* lisp/net/nsm.el (nsm-check-tls-connection): Fix issue with plural
problems in message. Prefix every problem with a bullet.
(nsm-query-user): Add new view the full certificate chain by
pressing d.
(nsm-format-certificate): Improve basic certificate and session info
formatting.
* src/gnutls.c (emacs_gnutls_certificate_export_pem): New function.
(gnutls_certificate_details): Rename to
emacs_gnutls_certificate_details. Add :pem to result list.
(Fgnutls_format_certificate): New function for formatting a PEM to
human-readable text.
* lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6,
ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from
DNS.
* lisp/net/nsm.el (nsm-trust-local-network, nsm-should-check,
nsm-check-tls-connection, nsm-check-plain-connection): New defcustom
`nsm-trust-local-network' lets users customize whether NSM should
check for TLS problems when connecting to the hosts on their local
networks. `nsm-should-check' determines whether
`nsm-check-tls-connection' and `nsm-check-plain-connection' should
perform checks. localhost is implicitly trusted, thus checks are
never performed there.
* lisp/net/nsm.el (network-security-level, nsm-level,
nsm-new-fingerprint-ok-p): Remove `paranoid' level and related code.
* lisp/net/nsm.el (nsm-tls-checks, nsm-tls-check-version,
nsm-tls-check-compression, nsm-tls-check-renegotiation-info-ext,
nsm-tls-check-verify-cert, nsm-tls-check-same-cert,
nsm-tls-check-null-suite, nsm-tls-check-export-kx,
nsm-tls-check-anon-kx, nsm-tls-check-md5-sig,
nsm-tls-check-rc4-cipher, nsm-tls-check-dhe-prime-kx,
nsm-tls-check-sha1-sig, nsm-tls-check-ecdsa-cbc-cipher
nsm-tls-check-dhe-kx, nsm-tls-check-rsa-kx,
nsm-tls-check-3des-cipher, nsm-tls-check-cbc-cipher,
nsm-save-fingerprint-maybe, nsm-tls-post-check-functions): New
options and functions for checking TLS handshake problems.
* lisp/net/nsm.el (nsm-check-certificate,
network-security-protocol-checks,
nsm-protocol-check--diffie-hellman-prime-bits,
nsm-protocol-check--3des, nsm-protocol-check--rc4,
nsm-protocol-check--signature-sha1,
nsm-protocol-check--intermediate-sha1, nsm-protocol-check--ssl,
nsm-check-protocol): Remove in favor of `nsm-tls-checks' and
`nsm-tls-check-*' functions.
* lisp/net/nsm.el (nsm-verify-connection): Ensure connection is
checked even when `network-security-level' is `low'.
* lisp/net/nsm.el (nsm-check-tls-connection): Batch all problems found
before querying the user.
* lisp/net/nsm.el (nsm--encryption): Renamed to `nsm-cipher-suite'.
* lisp/net/nsm.el (nsm-fingerprint-ok-p): No longer prompt when
certificate fingerprints mismatch. Returns a boolean instead when
the fingerprint of the certificate received matches the saved
fingerprints.
* lisp/net/nsm.el (nsm-query): Change signature. Accepts a list of
problems and a preformatted message instead of just a message format
and the arguments for the message.
* lisp/net/nsm.el (nsm-query-user): Change signature. Accepts a
preformatted message and the peer status of the handshake instead of
a message format, its arguments and the certificate for the host.
* lisp/net/nsm.el (nsm-save-host): Change signature. Accepts a list of
problems after the WHAT parameter. Saves multiple fingerprints for
the same host in case the host load balances a TLS server with more
than one certificates signed with different keys. Makes sure
conditions are not removed when updating a fingerprint.
* lisp/net/nsm.el (nsm-format-certificate): Display the TLS handshake's
renegotiation info extension, compression level, encrypt-then-MAC
extension, and key exchange prime bit length.
* src/gnutls.c (gnutls-peer-status-warning-describe,
gnutls-peer-status): Check for certificate verification problems
introduced since GnuTLS 3.1.
* src/gnutls.c (gnutls-peer-status): `:compression', `:encrypt-then-mac'
and `:safe-renegotiation' are now contained in the peer status
result return value.
* lisp/net/gnutls.el (gnutls-boot-parameters): Return
`gnutls-crlfiles' in `:crlfiles'.
(gnutls-crlfiles): New defcustom.
(gnutls--get-files): New defun.
(gnutls-trustfiles, gnutls-crlfiles): Delegate to
`gnutls--get-files' to return a list of filenames, accepts glob pattern.
* xdisp.c (safe_set_text_properties): New function.
(display_mode_element): Call Fset_text_properties through
internal_condition_case_n, using safe_set_text_properties as a
wrapper. (Bug#32038)
17ebb6e (origin/emacs-26) Use consistent function names in thread-tes...
1c86229 Fix format error in Faccept_process_output
b38b91a Lessen stack consumption in recursive read1
3eb4603 Match w32 paths in grep sans --null hits (Bug#32051)
5cc7c4b Fix previous make-network-process change
d6a1b69 Another documentation improvement in flyspell.el
9b49a8e Improve documentation of Flyspell
3744fda Provide feature 'threads
ef9025f Save the server alias on reconnect (Bug#29657)
db3874b Refer to "proper lists" instead of "true lists"
35e0305 Avoid turning on the global-minor-mode recursively
51bf4e4 Fix Bug#32085
* lisp/emacs-lisp/subr-x.el (string-join): #'-quote function symbol.
(string-trim-left, string-trim-right):
Make better use of substring for minor speedup.
* test/lisp/emacs-lisp/subr-x-tests.el
(subr-x-test-string-trim-left, subr-x-test-string-trim-right)
(subr-x-test-string-remove-prefix)
(subr-x-test-string-remove-suffix): New tests.
For discussion, see thread starting at
https://lists.gnu.org/archive/html/emacs-devel/2018-05/msg00222.html.
* lisp/custom.el: (custom-available-themes): Use directory-files
instead of performing arbitrary wildcard expansion in file names.
(custom-theme--load-path): Document return value.
* test/lisp/custom-tests.el: New file.
(custom-theme--load-path): New test.
* test/src/thread-tests.el (threads-call-error, threads-custom)
(threads-errors, threads-sticky-point, threads-signal-early):
Rename, using naming convention to prefix with "threads-".
* lisp/progmodes/grep.el (grep-regexp-alist): Add an optional part to
match paths starting with C: (other drive letters).
* test/lisp/progmodes/compile-tests.el
(compile-tests--grep-regexp-testcases)
(compile-tests--grep-regexp-tricky-testcases)
(compile-test-grep-regexps): New tests.
(compile--test-error-line): Return `compilation-message'.
* lisp/vc/smerge-mode.el (smerge-refine-regions): Bind
write-region-inhibit-fsync to t. This was reported in
https://github.com/magit/magit/pull/2834 to give a noticable speedup.
* test/lisp/epg-tests.el (epg-tests--config-program-alist): New
constant, which allows gpg2 version 2.0+.
(epg-tests-find-usable-gpg-configuration): Pass it to
epg-find-configuration.
* src/process.c (Fmake_network_process): On 2018-07-09 "Explicitly
reject :server and :nowait (Bug#31903)", the sense of the SERVER check
was accidentally reversed so that we ended up looking for the wrong
ADDRESS. Reported by T.V Raman in
<https://lists.gnu.org/archive/html/emacs-devel/2018-07/msg00437.html>.
* lisp/subr.el (zerop): Add commentary explaining why moving the
function's location within the file broke bootstrap in
2018-07-10T23:08:58-07:00!contovob@tcd.ie.
rcirc does not retain the server alias on reconnect. As a result, rcirc
fails to re-use server and channel buffers when an alias is used. Further
problems may ensue when aliases are used to differentiate multiple
connections to the same host, for example when using a single IRC bouncer
or proxy to connect to multiple IRC networks.
Save the server alias when connecting to a server so that reconnect will
retain the alias.
* lisp/net/rcirc.el (rcirc-connect): Include server-alias when setting
rcirc-connection-info.
Copyright-paperwork-exempt: yes
Remove redundant :group arguments.
(diff-font-lock-refine): New var.
(diff--refine-hunk): New function, extracted from diff-refine-hunk.
(diff-refine-hunk): Use it.
(diff--font-lock-refine--refresh): New function.
(diff--font-lock-refined): New function.
(diff-font-lock-keywords): Use it.
* lisp/eshell/esh-mode.el (eshell/clear): Bind
eshell-input-filter-functions to nil to prevent entries like
eshell-smart-display-setup from causing infinite recursion.
* lisp/emacs-lisp/easy-mmode.el (define-globalized-minor-mode): Clear
the buffer-list inside MODE-enable-in-buffers to avoid enabling the
mode recursively. (Bug#31793)
