If we're missing SECCOMP_SET_MODE_FILTER, the seccomp-filter build
fails. Reuse the existing HAVE_SECCOMP configuration variable, which
checks for these macros.
* configure.ac (HAVE_SECCOMP): Substitute in Makefile.in.
* lib-src/Makefile.in (HAVE_SECCOMP): New variable.
(SECCOMP_FILTER): Define only if HAVE_SECCOMP.
Also prefer #' to quote functions.
(message-send-rename-function, message-reply-to-function)
(message-wide-reply-to-function, message-followup-to-function):
Use a non-nil default value so it can be used with `add-function`.
(message-do-send-housekeeping): Tweak accordingly.
(message-get-reply-headers): Simplify by η-reduction.
This is useful when starting Emacs with a Seccomp filter enabled,
e.g. using 'bwrap'.
* lib-src/seccomp-filter.c (main): Generate new Seccomp files.
* lib-src/Makefile.in (all)
(seccomp-filter.bpf seccomp-filter.pfc seccomp-filter-exec.bpf
seccomp-filter-exec.pfc): Generate new Seccomp files.
* .gitignore: Ignore new Seccomp files.
* test/src/emacs-tests.el (emacs-tests/bwrap/allows-stdout): New unit
test.
Only Linux 4.14 and later contain the required support for
SECCOMP_RET_KILL_PROCESS.
* lib-src/Makefile.in (SECCOMP_FILTER): Define only if we run at least
Linux 4.14.
We need at list version 2.4.0 of libseccomp for seccomp-filter.c to
build cleanly.
* configure.ac: Use pkg-config to check for libseccomp.
* lib-src/Makefile.in (HAVE_LIBSECCOMP, LIBSECCOMP_LIBS)
(LIBSECCOMP_CFLAGS): New variables.
(SECCOMP_FILTER, seccomp-filter$(EXEEXT)): Use them.
The seccomp filters are always architecture-specific, and
seccomp-filter.c right now only supports x86-64.
* lib-src/Makefile.in (SECCOMP_FILTER): New variable.
(DONT_INSTALL, all, seccomp-filter$(EXEEXT)): Use it.
* lisp/calculator.el (calculator-string-to-number):
The last bugfix changed the code to just blindly replace ".e". This
has some minor problems like making "-." parse as 0.0 instead of -0.0,
and ".1.e1" is parsed as 1 instead of 0.1. Instead, replace the first
"." that is followed by a non-digit with ".0". Since this has had
several problems over the years, add some tests too. (Also, restore
the original if-indentation style.)
It looks like these are not available on some versions of GNU/Linux,
breaking the build.
* configure.ac: Also check for needed seccomp macros.
* src/emacs.c (SECCOMP_USABLE): New macro.
(usage_message, main, standard_args): Use it.
* src/xdisp.c (note_mouse_highlight): Don't attempt to highlight
tab-bar buttons.
(note_tab_bar_highlight): Function deleted: it had no effect on
display of tab-bar buttons.
(tab_bar_item_info): Mention all arguments in the commentary.
(get_tab_bar_item): Don't pay attention to mouse-highlight
information; instead, compare the button's index with the one
recorded in f->last_tab_bar_item.
(handle_tab_bar_click): Don't attempt to show tab-bar buttons in
pressed or released state: that isn't supported. Determine
whether to generate a tab-bar button click based on DOWN_P
argument, not on mouse-highlight, which has no effect on tab-bar
display. (Bug#47581)
lisp/progmodes/cc-align.el, lisp/progmodes/cc-awk.el,
lisp/progmodes/cc-bytecomp.el, lisp/progmodes/cc-cmds.el,
lisp/progmodes/cc-defs.el, lisp/progmodes/cc-engine.el,
lisp/progmodes/cc-fonts.el, lisp/progmodes/cc-guess.el,
lisp/progmodes/cc-langs.el, lisp/progmodes/cc-menus.el,
lisp/progmodes/cc-mode.el, lisp/progmodes/cc-styles.el,
lisp/progmodes/cc-subword.el, lisp/progmodes/cc-vars.el: Mark these files with
a `lexical-binding' setting in line 1.
lisp/progmodes/cc-align.el, lisp/progmodes/cc-engine.el,
lisp/progmodes/cc-vars.el (c-syntactic-context, c-syntactic-element): Declare
these as special variables.
lisp/progmodes/cc-bytecomp.el (cc-bytecomp-debug-msg): prefix the parameter
ARGS with a _, and remove an `ignore' call.
lisp/progmodes/cc-cmds.el (c-where-wrt-brace-construct): Remove `kluge-start',
an unused variable.
(c-while-widening-to-decl-block): Add an extra parameter, which suppresses
the generation of a setting of variable `where'.
(c-defun-name-and-limits): Remove variable `where' from the function and use
the new argument to the previous macro.
lisp/progmodes/cc-engine.el (c-cache-to-parse-ps-state): Remove two unneeded
variables, `last' and `intermediate'.
lisp/progmodes/cc-fonts.el (c-font-lock-c++-using): Remove unused variable.
lisp/progmodes/cc-langs.el (c-vsemi-status-unknown-p-fn): Replace the doc
string with the more precise one from stand-alone CC Mode.
lisp/progmodes/cc-styles.el (c-set-offset): Give the `ignored' parameter a
leading _.
The binary uses the 'seccomp' helper library. The library isn't
needed to load the generated Secure Computing filter.
* configure.ac: Check for 'seccomp' header and library.
* lib-src/seccomp-filter.c: New helper binary to generate a generic
Secure Computing filter for GNU/Linux.
* lib-src/Makefile.in (DONT_INSTALL): Add 'seccomp-filter' helper
binary if possible.
(all): Add Secure Computing filter file if possible.
(seccomp-filter$(EXEEXT)): Compile helper binary.
(seccomp-filter.bpf seccomp-filter.pfc): Generate filter files.
* test/src/emacs-tests.el (emacs-tests/seccomp/allows-stdout)
(emacs-tests/seccomp/forbids-subprocess): New unit tests.
* test/Makefile.in (src/emacs-tests.log): Add dependency on the helper
binary.
When passing this option on GNU/Linux, Emacs installs a Secure
Computing kernel system call filter. See Bug#45198.
* configure.ac: Check for seccomp header.
* src/emacs.c (usage_message): Document --seccomp option.
(emacs_seccomp): New wrapper for 'seccomp' syscall.
(load_seccomp, maybe_load_seccomp): New helper functions.
(main): Potentially load seccomp filters during startup.
(standard_args): Add --seccomp option.
* lisp/startup.el (command-line): Detect and ignore --seccomp option.
* test/src/emacs-tests.el (emacs-tests/seccomp/absent-file)
(emacs-tests/seccomp/empty-file)
(emacs-tests/seccomp/file-too-large)
(emacs-tests/seccomp/invalid-file-size): New unit tests.
(emacs-tests--with-temp-file): New helper macro.
* etc/NEWS: Document new --seccomp option.
Edebug doesn't deal well with backtracking out of definitions, see
Bug#41988. Rather than trying to support this rare situation (e.g. by
implementing a multipass parser), prevent it by adding an implicit
gate.
* lisp/emacs-lisp/edebug.el (edebug--match-&-spec-op): Disable
backtracking when hitting a &define keyword.
* test/lisp/emacs-lisp/edebug-tests.el
(edebug-tests-duplicate-&define): New unit test.
(edebug-tests--duplicate-&define): New helper macro.
* doc/lispref/edebug.texi (Backtracking): Mention &define in the list
of constructs that disable backtracking.
* etc/NEWS: Document new behavior.
