* lisp/emacs-lisp/rmc.el (read-multiple-choice--short-answers):
Run touch screen event translation on touch screen events
received, and respond to pinch, tap and scrolling gestures.
* lisp/net/nsm.el (nsm-query-user): Disable use-dialog-box in
the details window.
* lisp/touch-screen.el (touch-screen-translate-touch): Autoload.
The previous default was to warn when servers supported only 1024 bit
primes in Diffie-Hellman key exchanges. This highly conservative
number was based on the observation that, in November 2018, no less
than 12.7% of servers still only supported 1024 bit primes (less than
0.1% supported only 768 and 512 bits).
Five years later, in October 2023, only 3.7 % of servers remain with
only 1024 bit support. SSL Labs summarizes: "At this time, 2048 bits
is the minimum expected strength." Therefore, it is reasonable to
start warning users about this in Emacs 30.1, at which time even fewer
servers with such poor capabilities will remain.
Note that key exchanges based on 1024 bit prime number were considered
broken for security purposes already in 2015 (see Logjam below).
For more information:
https://www.ssllabs.com/ssl-pulse/https://en.wikipedia.org/wiki/Logjam_(computer_security)
* lisp/net/nsm.el (nsm-protocol-check--dhe-prime-kx): Bump expected
minimum number of prime bits to 2048.
* lisp/net/nsm.el (nsm-format-certificate): Show public key
digest (SHA-256 if available). Displaying the digest enables
users to verify the certificate with other tools like 'gnutls-cli'
which present much more detailed information.
* src/gnutls (emacs_gnutls_certificate_details): Export SHA-256
public key digest if supported by GnuTLS. (Bug#64043)
Fixes: bug#40573
The new mode can be used stand-alone or inherited from by modes
intended to edit programs. The existing emacs-lisp-mode and lisp-mode
are examples.
Thanks to Juri Linkov and Basil L. Contovounesios for researching some
data files in Emacs that can be automatically set to use the new mode.
* lisp/files.el (auto-mode-alist): Add entry for ".dir-locals" and
".dir-locals-2"
* lisp/emacs-lisp/lisp-mode.el: (lisp-data-mode): New major mode.
(lisp-mode): Inherit from lisp-data-mode. Set special lisp-mode
stuff here.
* lisp/progmodes/elisp-mode.el (emacs-lisp-mode): Inherit from
lisp-data-mode.
* lisp/bookmark.el (bookmark-insert-file-format-version-stamp):
Use lisp-data-mode.
* lisp/saveplace.el (save-place-alist-to-file): Use
lisp-data-mode.
* lisp/net/eww.el (eww-write-bookmarks): Use lisp-data-mode.
* lisp/net/nsm.el (nsm-write-settings): Use lisp-data-mode.
* lisp/net/tramp-cache.el (tramp-dump-connection-properties): Use
lisp-data-mode.
* etc/NEWS: Mention lisp-data-mode.
* doc/lispref/modes.texi (Example Major Modes): Update example.
Revert 2020-01-04T19:17:12Z!eggert@cs.ucla.edu
which recently I installed into the emacs-27 branch by mistake.
These patches are now on master instead (via merging).
Do not merge to master.
Problem reported by Mattias Engdegård in:
https://lists.gnu.org/r/emacs-devel/2020-01/msg00088.html
* lisp/cedet/ede/cpp-root.el (ede-create-lots-of-projects-under-dir):
Remove this quick hack, which didn’t do anything anyway.
* lisp/cedet/ede/pconf.el (ede-proj-configure-test-required-file):
* lisp/emacs-lisp/tabulated-list.el (tabulated-list-print-col):
* lisp/net/nsm.el (nsm-check-tls-connection):
Use ‘when’ rather than bypassing it. This doesn’t affect behavior
and is better style.
* lisp/cedet/srecode/semantic.el (srecode-semantic-handle-:tag):
Fix typo that suppressed an error.
* lisp/filesets.el (filesets-run-cmd): Fix typo that mishandled spacing.
* lisp/gnus/gnus-cloud.el (gnus-cloud-update-newsrc-data):
Fix typo that caused “GROUP has older different info in the cloud
as of DATE, update it here?” prompt result to always be treated as
“yes”.
* lisp/gnus/mml-smime.el (mml-smime-openssl-encrypt): Simplify,
since smime-encrypt-buffer signals error on failure.
* lisp/international/titdic-cnv.el (tsang-quick-converter): Simplify.
The conversion of this file to utf-8-emacs in
2019-01-08T02:18:40Z!monnier@iro.umontreal.ca removed the
distinction between Big5 and CNS fulltitles in the generated docstring.
* lisp/org/org-agenda.el (org-agenda-show-and-scroll-up):
* lisp/textmodes/table.el (table--generate-source-cell-contents):
Simplify by removing useless code.
* lisp/org/ox-odt.el (org-odt--format-timestamp): Fix typo that
always output time-of-day even when the timestamp lacked it.
Bug#38218
* src/process.c (Fnetwork_interface_list): Extend argument list to
allow requesting full network info and/or IPv4/IPv6 info.
(network_interface_list) [HAVE_GETIFADDRS]: Use getifaddrs to retrieve
interface IP addresses.
* src/process.h: Update prototype of network_interface_list.
* src/w32.c (g_b_init_get_adapters_addresses): New init flag.
(globals_of_w32): Initialize it.
(GetAdaptersAddresses_Proc): New function typedef.
(get_adapters_addresses): New wrapper function.
(init_winsock): Load htonl and ntohl.
(sys_htonl, sys_ntohl): New wrapper functions.
(network_interface_list): Implement in terms of
get_adapters_addresses.
* nt/inc/sys/socket.h: Add sys_htonl and sys_ntohl prototypes.
* etc/NEWS: Announce IPv4/IPv6 changes in network-interface-list.
* doc/lispref/processes.texi (Misc Network): Document updated arglist
and return values for network-interface-list.
* lisp/net/nsm.el (nsm-network-same-subnet): Compare lengths of
local-ip and ip; different lengths can never match.
(nsm-should-check): Chop port off end of address.
When connecting using a cleartext connection, nsm was erroring out and
tearing down the connection because it was trying to display
nonexistent certificate information.
* lisp/net/nsm.el (nsm-query-user): Only format certificate status
when it is valid. (Bug#37221)
* src/gnutls.c (Fgnutls_peer_status): Report :compression and
:encrypt-then-mac only if the underlying GnuTLS library has
the corresponding features. This give the Elisp caller a bit
more information about the peer status.
* lisp/net/nsm.el (nsm-protocol-check--compression):
Don’t worry about compression in newer GnuTLS versions
that do not support compression.
* doc/emacs/misc.texi (Network Security): Start working on
updating the NSM bits, but it's unclear how much of the new stuff
to document.
* lisp/net/nsm.el: Rename all nsm-tls-check-* functions to
nsm-protocol-check--* to bring them back into line with the
documentation.
(network-security-protocol-checks): Renamed back again from
`nsm-tls-checks', as this variable is documented and can't just go
away.
* lisp/net/nsm.el (network-security-level, nsm-tls-checks): Make
`low' a "check nothing" setting again, and move all the `low'
checks back to `medium'. This makes the test suite work again.
* lisp/net/nsm.el (nsm-parse-subject, nsm-certificate-part):
Restore functions for parsing subjects.
(nsm-format-certificate): Use them to display more user-friendly
data. Also change the display to have fewer lines again so that
the data of interest isn't pushed off the screen.
* lisp/net/nsm.el (nsm-network-same-subnet): New function. Checks
if an ip address is in the same subnet as another one.
(nsm-should-check): Use nsm-network-same-subnet to see if we're
connecting to a local subnet machine. Remove checks for RFC1918 addresses.
* test/lisp/net/nsm-tests.el: New file. Test nsm-should-check functionality.
* lisp/net/nsm.el (nsm-check-certificate): `nsm-fingerprint-ok-p'
will save the fingerprint in the correct temporary/permanent
storage, so saving it once more (in the permanent storage) if the
security level is high or greater is a mistake (bug#27823).
d28d54c (origin/emacs-26) More accurate docs for 'text-char-description'
b3baf99 Document synchronous behavior of eshell/make (Bug#32513)
98544ea Fix bs-show with wide characters (Bug#17822)
85af51b Improve Custom menu labels for 2 options
72a2a36 Improve wording of last change in dired-x.texi
d4fa83b Fix GnuTLS test suite with GnuTLS versions 3.4.x
b5bee6b Fix build with gnutls versions 3.0 to 3.2 (Bug#32446)
67eb80e ; * etc/enriched.txt (hanging-indents): Remove extra indent.
c71cfb7 Fix the Bubbles game on TTY frames
3bbf21b Add choice to reshow certificate information (Bug#31877)
6f2c471 * src/alloc.c (Fbool_vector, Flist, Fvector): Doc tweak.
39eecb3 * src/alloc.c (vector): Fix grammatical error in doc string: ...
In various situations, the window displaying the certificate
information can be hidden (such as if the user accidentally presses ?,
which causes the read-multiple-choice help window to replace it).
Instead of leaving the user to make a choice blindly, add a choice to
reshow the certification information.
* lisp/net/nsm.el (nsm-query-user): Add reshow choice.
CAs like Let's Encrypt do not put O and OU into the Subject's DN.
Similarly, O and OU are often used to indicate Domain Validated or
Organization Validation as opposed to the actual OU.
Issuer CN often contains the issuer's server or as an indication of
Extended Validation certificate as opposed to the actual issuer
organization.
The Hostname part as extracted from the Subject is also confusing, as
in the case of a hostname mismatch, the Subject's CN, which
`nsm-format-certificate' naively calls the Hostname, will not actually
match the hostname in the problem preamble.
* lisp/net/nsm.el (nsm-format-certificate): Show full DN of Issuer and
Subject. Remove Hostname.
(nsm-certificate-part, nsm-parse-subject): Removed.
* lisp/net/nsm.el (nsm-check-tls-connection): Fix issue with plural
problems in message. Prefix every problem with a bullet.
(nsm-query-user): Add new view the full certificate chain by
pressing d.
(nsm-format-certificate): Improve basic certificate and session info
formatting.
* src/gnutls.c (emacs_gnutls_certificate_export_pem): New function.
(gnutls_certificate_details): Rename to
emacs_gnutls_certificate_details. Add :pem to result list.
(Fgnutls_format_certificate): New function for formatting a PEM to
human-readable text.
