emacs/lib-src, branch features/user-directory

New emacsclient option to either create or reuse an existing frame.

2021-11-04T23:14:30+00:00

* doc/emacs/misc.texi (emacsclient Options): Document the new option.

* doc/man/emacsclient.1: Mention the new option (bug#51374).
* etc/NEWS: Mention the new option.

* lib-src/emacsclient.c (reuse_frame): New variable.
(longopts): New option.
(decode_options): Decode the new option.
(print_help_and_exit): Document the new option.
(main): Use the new option.

Fix compilation errors with MinGW64 GCC 11

2021-10-24T17:45:56+00:00

* lib-src/ntlib.c (IS_DIRECTORY_SEP): Remove redundant macro.

* lib-src/ntlib.c (DEFER_MS_W32_H):
* nt/addpm.c (DEFER_MS_W32_H):
* nt/cmdproxy.c (DEFER_MS_W32_H):
* nt/ddeclient.c (DEFER_MS_W32_H):
* nt/preprep.c (DEFER_MS_W32_H):
* nt/runemacs.c (DEFER_MS_W32_H): Fix a typo.
* nt/Makefile.in (BASE_CFLAGS): Add -I switches to pick up
config.h and lib/attribute.h.

Include first in MS-Windows source

2021-10-24T17:22:17+00:00

Fix Seccomp filter for newer GNU/Linux systems (Bug#51073).

2021-10-09T17:39:31+00:00

On some systems, process startup calls prctl(PR_CAPBSET_READ) via
'cap_get_bound'.  We can just return EINVAL.

* lib-src/seccomp-filter.c (main): Add a rule for
prctl(PR_CAPBSET_READ, ...).

Simplify socket symlink-attack checking

2021-10-03T18:42:20+00:00

This is a minor bugfix cleanup (Bug#33847#161).
* lib-src/emacsclient.c: Move "#include " to inside
"#ifdef SOCKETS_IN_FILE_SYSTEM", which is more accurate
and simpler than having a separate "#ifndef WINDOWSNT".
(O_PATH): Likewise.

; Fix typos

2021-09-03T11:05:32+00:00

Improve compatibility with musl-libc (Bug#48789)

2021-08-29T18:51:39+00:00

* lib-src/seccomp-filter.c (export_filter): Remove use of
nonstandard macro TEMP_FAILURE_RETRY.

Fix libexec installation on NS (bug#50250)

2021-08-29T12:09:21+00:00

* lib-src/Makefile.in (ns_applibexecdir): New variable.

Avoid using %n in emacsclient

2021-08-22T14:23:54+00:00

* lib-src/emacsclient.c (local_sockname): Avoid using %n (bug#50155).

Redo emacsclient socket symlink-attack checking

2021-07-23T11:33:37+00:00

* admin/merge-gnulib (GNULIB_MODULES): Add file-has-acl.
* lib/file-has-acl.c: New file, copied from Gnulib.
* lib/gnulib.mk.in, m4/gnulib-comp.m4: Regenerate.
* lib-src/emacsclient.c: Include acl.h, for file_has_acl.
(O_PATH): Default to O_SEARCH, which is good enough here.
(union local_sockaddr): New type.
(socket_status): Remove, replacing with ...
(connect_socket): New function.  All callers changed.
This function checks for ownership and permissions issues with the
parent directory of the socket file, instead of checking the
owner of the socket (which does not help security).
(socknamesize): Move to file scope.
(local_sockname): New arg S.  No need to pass socknamesize.
UID arg is now uid_t.  All callers changed.  Get file descriptor
of parent directory of socket, to foil some symlink attacks.
Do not follow symlinks to that directory.
(set_local_socket): Create the socket here instead of on
each attempt to connect it.  Fall back from XDG_RUNTIME_DIR
to /tmp only if the former fails due to ENOENT.  Adjust
permission-failure diagnostic to match changed behavior.

This addresses Bug#33847, which complained about emacsclient in a
safer XDG environment not connecting to an Emacs server running in
a less-safe enviroment outside XDG.  The patch fixes a
longstanding issue with emacsclient permission checking.
It’s ineffective to look at the permission of the socket file
itself; on some platforms, these permissions are ignored anyway.
What matters are the permissions on the parent directory of the
socket file, as these are what make symlink attacks possible.
Change the permissions check accordingly, and also refuse to
follow symlinks to that parent directory.  These changes make it
OK for emacsclient to fall back from XDG_RUNTIME_DIR to the
traditionally less-safe /tmp/emacsNNNN directories, since /tmp is
universally sticky nowadays.