summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/misc/texinfo.tex203
-rw-r--r--lib/secure_getenv.c29
-rw-r--r--lib/verify.h2
-rw-r--r--m4/secure_getenv.m41
4 files changed, 136 insertions, 99 deletions
diff --git a/doc/misc/texinfo.tex b/doc/misc/texinfo.tex
index d7e6b1f6b8..85846f4da4 100644
--- a/doc/misc/texinfo.tex
+++ b/doc/misc/texinfo.tex
@@ -3,7 +3,7 @@
% Load plain if necessary, i.e., if running under initex.
\expandafter\ifx\csname fmtname\endcsname\relax\input plain\fi
%
-\def\texinfoversion{2016-05-26.20}
+\def\texinfoversion{2016-05-28.16}
%
% Copyright 1985, 1986, 1988, 1990, 1991, 1992, 1993, 1994, 1995,
% 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
@@ -4609,11 +4609,23 @@ end
% Like \expandablevalue, but completely expandable (the \message in the
% definition above operates at the execution level of TeX). Used when
% writing to auxiliary files, due to the expansion that \write does.
+% If flag is undefined, pass through an unexpanded @value command: maybe it
+% will be set by the time it is read back in.
%
% NB flag names containing - or _ may not work here.
\def\dummyvalue#1{%
\expandafter\ifx\csname SET#1\endcsname\relax
- [No value for ``#1'']%
+ \noexpand\value{#1}%
+ \else
+ \csname SET#1\endcsname
+ \fi
+}
+
+% Used for @value's in index entries to form the sort key: expand the @value
+% if possible, otherwise sort late.
+\def\indexnofontsvalue#1{%
+ \expandafter\ifx\csname SET#1\endcsname\relax
+ ZZZZZZZ
\else
\csname SET#1\endcsname
\fi
@@ -4760,7 +4772,7 @@ end
% Define \doindex, the driver for all index macros.
% Argument #1 is generated by the calling \fooindex macro,
-% and it the two-letter name of the index.
+% and it is the two-letter name of the index.
\def\doindex#1{\edef\indexname{#1}\parsearg\doindexxxx}
\def\doindexxxx #1{\doind{\indexname}{#1}}
@@ -4769,6 +4781,7 @@ end
\def\docodeindex#1{\edef\indexname{#1}\parsearg\docodeindexxxx}
\def\docodeindexxxx #1{\doind{\indexname}{\code{#1}}}
+
% Used when writing an index entry out to an index file to prevent
% expansion of Texinfo commands that can appear in an index entry.
%
@@ -4787,9 +4800,11 @@ end
\def\}{{\tt\char125}}%
%
% Do the redefinitions.
- \commondummies
+ \definedummies
}
+% Used for the aux and toc files, where @ is the escape character.
+%
% For the aux and toc files, @ is the escape character. So we want to
% redefine everything using @ as the escape character (instead of
% \realbackslash, still used for index files). When everything uses @,
@@ -4802,30 +4817,35 @@ end
\let\} = \rbraceatcmd
%
% Do the redefinitions.
- \commondummies
+ \definedummies
\otherbackslash
}
-% Called from \indexdummies and \atdummies.
+% \definedummyword defines \#1 as \string\#1\space, thus effectively
+% preventing its expansion. This is used only for control words,
+% not control letters, because the \space would be incorrect for
+% control characters, but is needed to separate the control word
+% from whatever follows.
%
-\def\commondummies{%
- % \definedummyword defines \#1 as \string\#1\space, thus effectively
- % preventing its expansion. This is used only for control words,
- % not control letters, because the \space would be incorrect for
- % control characters, but is needed to separate the control word
- % from whatever follows.
- %
- % For control letters, we have \definedummyletter, which omits the
- % space.
- %
- % These can be used both for control words that take an argument and
- % those that do not. If it is followed by {arg} in the input, then
- % that will dutifully get written to the index (or wherever).
- %
- \def\definedummyword ##1{\def##1{\string##1\space}}%
- \def\definedummyletter##1{\def##1{\string##1}}%
- \let\definedummyaccent\definedummyletter
+% These can be used both for control words that take an argument and
+% those that do not. If it is followed by {arg} in the input, then
+% that will dutifully get written to the index (or wherever).
+%
+% For control letters, we have \definedummyletter, which omits the
+% space.
+%
+\def\definedummyword #1{\def#1{\string#1\space}}%
+\def\definedummyletter#1{\def#1{\string#1}}%
+\let\definedummyaccent\definedummyletter
+
+% Called from \indexdummies and \atdummies, to effectively prevent
+% the expansion of commands.
+%
+\def\definedummies{%
%
+ \let\commondummyword\definedummyword
+ \let\commondummyletter\definedummyletter
+ \let\commondummyaccent\definedummyaccent
\commondummiesnofonts
%
\definedummyletter\_%
@@ -4910,77 +4930,77 @@ end
\normalturnoffactive
}
-% \commondummiesnofonts: common to \commondummies and \indexnofonts.
-% Define \definedumyletter, \definedummyaccent and \definedummyword before
-% using.
+% \commondummiesnofonts: common to \definedummies and \indexnofonts.
+% Define \commondummyletter, \commondummyaccent and \commondummyword before
+% using. Used for accents, font commands, and various control letters.
%
\def\commondummiesnofonts{%
% Control letters and accents.
- \definedummyletter\!%
- \definedummyaccent\"%
- \definedummyaccent\'%
- \definedummyletter\*%
- \definedummyaccent\,%
- \definedummyletter\.%
- \definedummyletter\/%
- \definedummyletter\:%
- \definedummyaccent\=%
- \definedummyletter\?%
- \definedummyaccent\^%
- \definedummyaccent\`%
- \definedummyaccent\~%
- \definedummyword\u
- \definedummyword\v
- \definedummyword\H
- \definedummyword\dotaccent
- \definedummyword\ogonek
- \definedummyword\ringaccent
- \definedummyword\tieaccent
- \definedummyword\ubaraccent
- \definedummyword\udotaccent
- \definedummyword\dotless
+ \commondummyletter\!%
+ \commondummyaccent\"%
+ \commondummyaccent\'%
+ \commondummyletter\*%
+ \commondummyaccent\,%
+ \commondummyletter\.%
+ \commondummyletter\/%
+ \commondummyletter\:%
+ \commondummyaccent\=%
+ \commondummyletter\?%
+ \commondummyaccent\^%
+ \commondummyaccent\`%
+ \commondummyaccent\~%
+ \commondummyword\u
+ \commondummyword\v
+ \commondummyword\H
+ \commondummyword\dotaccent
+ \commondummyword\ogonek
+ \commondummyword\ringaccent
+ \commondummyword\tieaccent
+ \commondummyword\ubaraccent
+ \commondummyword\udotaccent
+ \commondummyword\dotless
%
% Texinfo font commands.
- \definedummyword\b
- \definedummyword\i
- \definedummyword\r
- \definedummyword\sansserif
- \definedummyword\sc
- \definedummyword\slanted
- \definedummyword\t
+ \commondummyword\b
+ \commondummyword\i
+ \commondummyword\r
+ \commondummyword\sansserif
+ \commondummyword\sc
+ \commondummyword\slanted
+ \commondummyword\t
%
% Commands that take arguments.
- \definedummyword\abbr
- \definedummyword\acronym
- \definedummyword\anchor
- \definedummyword\cite
- \definedummyword\code
- \definedummyword\command
- \definedummyword\dfn
- \definedummyword\dmn
- \definedummyword\email
- \definedummyword\emph
- \definedummyword\env
- \definedummyword\file
- \definedummyword\image
- \definedummyword\indicateurl
- \definedummyword\inforef
- \definedummyword\kbd
- \definedummyword\key
- \definedummyword\math
- \definedummyword\option
- \definedummyword\pxref
- \definedummyword\ref
- \definedummyword\samp
- \definedummyword\strong
- \definedummyword\tie
- \definedummyword\U
- \definedummyword\uref
- \definedummyword\url
- \definedummyword\var
- \definedummyword\verb
- \definedummyword\w
- \definedummyword\xref
+ \commondummyword\abbr
+ \commondummyword\acronym
+ \commondummyword\anchor
+ \commondummyword\cite
+ \commondummyword\code
+ \commondummyword\command
+ \commondummyword\dfn
+ \commondummyword\dmn
+ \commondummyword\email
+ \commondummyword\emph
+ \commondummyword\env
+ \commondummyword\file
+ \commondummyword\image
+ \commondummyword\indicateurl
+ \commondummyword\inforef
+ \commondummyword\kbd
+ \commondummyword\key
+ \commondummyword\math
+ \commondummyword\option
+ \commondummyword\pxref
+ \commondummyword\ref
+ \commondummyword\samp
+ \commondummyword\strong
+ \commondummyword\tie
+ \commondummyword\U
+ \commondummyword\uref
+ \commondummyword\url
+ \commondummyword\var
+ \commondummyword\verb
+ \commondummyword\w
+ \commondummyword\xref
}
% For testing: output @{ and @} in index sort strings as \{ and \}.
@@ -5036,11 +5056,11 @@ end
%
\def\indexnofonts{%
% Accent commands should become @asis.
- \def\definedummyaccent##1{\let##1\asis}%
+ \def\commondummyaccent##1{\let##1\asis}%
% We can just ignore other control letters.
- \def\definedummyletter##1{\let##1\empty}%
+ \def\commondummyletter##1{\let##1\empty}%
% All control words become @asis by default; overrides below.
- \let\definedummyword\definedummyaccent
+ \let\commondummyword\commondummyaccent
\commondummiesnofonts
%
% Don't no-op \tt, since it isn't a user-level command
@@ -5125,8 +5145,11 @@ end
% goes to end-of-line is not handled.
%
\macrolist
+ \let\value\indexnofontsvalue
}
+
+
\let\SETmarginindex=\relax % put index entries in margin (undocumented)?
diff --git a/lib/secure_getenv.c b/lib/secure_getenv.c
index f359ab2173..88a60dc33c 100644
--- a/lib/secure_getenv.c
+++ b/lib/secure_getenv.c
@@ -1,4 +1,4 @@
-/* Look up an environment variable more securely.
+/* Look up an environment variable, returning NULL in insecure situations.
Copyright 2013-2016 Free Software Foundation, Inc.
@@ -20,22 +20,35 @@
#include <stdlib.h>
#if !HAVE___SECURE_GETENV
-# if HAVE_ISSETUGID
+# if HAVE_ISSETUGID || (HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID)
# include <unistd.h>
-# else
-# undef issetugid
-# define issetugid() 1
# endif
#endif
char *
secure_getenv (char const *name)
{
-#if HAVE___SECURE_GETENV
+#if HAVE___SECURE_GETENV /* glibc */
return __secure_getenv (name);
-#else
+#elif HAVE_ISSETUGID /* OS X, FreeBSD, NetBSD, OpenBSD */
if (issetugid ())
- return 0;
+ return NULL;
+ return getenv (name);
+#elif HAVE_GETUID && HAVE_GETEUID && HAVE_GETGID && HAVE_GETEGID /* other Unix */
+ if (geteuid () != getuid () || getegid () != getgid ())
+ return NULL;
return getenv (name);
+#elif (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ /* native Windows */
+ /* On native Windows, there is no such concept as setuid or setgid binaries.
+ - Programs launched as system services have high privileges, but they don't
+ inherit environment variables from a user.
+ - Programs launched by a user with "Run as Administrator" have high
+ privileges and use the environment variables, but the user has been asked
+ whether he agrees.
+ - Programs launched by a user without "Run as Administrator" cannot gain
+ high privileges, therefore there is no risk. */
+ return getenv (name);
+#else
+ return NULL;
#endif
}
diff --git a/lib/verify.h b/lib/verify.h
index 2f4383743b..5c8381d290 100644
--- a/lib/verify.h
+++ b/lib/verify.h
@@ -263,7 +263,7 @@ template <int w>
# define assume(R) ((R) ? (void) 0 : __builtin_unreachable ())
#elif 1200 <= _MSC_VER
# define assume(R) __assume (R)
-#elif (defined lint \
+#elif ((defined GCC_LINT || defined lint) \
&& (__has_builtin (__builtin_trap) \
|| 3 < __GNUC__ + (3 < __GNUC_MINOR__ + (4 <= __GNUC_PATCHLEVEL__))))
/* Doing it this way helps various packages when configured with
diff --git a/m4/secure_getenv.m4 b/m4/secure_getenv.m4
index 00194c8497..3983173603 100644
--- a/m4/secure_getenv.m4
+++ b/m4/secure_getenv.m4
@@ -22,4 +22,5 @@ AC_DEFUN([gl_PREREQ_SECURE_GETENV], [
if test $ac_cv_func___secure_getenv = no; then
AC_CHECK_FUNCS([issetugid])
fi
+ AC_CHECK_FUNCS_ONCE([getuid geteuid getgid getegid])
])