Merge remote-tracking branch 'original/incoming' into incoming

Author: 14427

AUTHORS.txt

@@ -9,9 +9,11 @@ Aleksander Balicki <[email protected]>
 Alex Rønne Petersen <[email protected]>
 Alexander Stavonin <[email protected]>
 Andreas Gal <[email protected]>
+Andrew Paseltiner <[email protected]>
 Arkaitz Jimenez <[email protected]>
 Armin Ronacher <[email protected]>
 Austin Seipp <[email protected]>
+auREAX <[email protected]>
 Ben Blum <[email protected]>
 Ben Striegel <[email protected]>
 Benjamin Herr <[email protected]>
@@ -41,6 +43,7 @@ Evan McClanahan <[email protected]>
 Francisco Souza <[email protected]>
 Gareth Daniel Smith <[email protected]>
 Glenn Willen <[email protected]>
+Gonçalo Cabrita <[email protected]>
 Graham Fawcett <[email protected]>
 Grahame Bowland <[email protected]>
 Haitao Li <[email protected]>
@@ -103,4 +106,5 @@ Tomoki Aonuma <[email protected]>
 Tycho Sci <[email protected]>
 Vincent Belliard <[email protected]>
 Wade Mealing <[email protected]>
+Yasuhiro Fujii <[email protected]>
 Zack Corr <[email protected]>

configure

@@ -295,6 +295,7 @@ opt manage-submodules 1 "let the build manage the git submodules"
 opt mingw-cross 0 "cross-compile for win32 using mingw"
 opt clang 0 "prefer clang to gcc for building the runtime"
 opt local-rust 0 "use an installed rustc rather than downloading a snapshot"
+opt pax-flags 0 "apply PaX flags to rustc binaries (required for GRSecurity/PaX-patched kernels)"
 valopt prefix "/usr/local" "set installation prefix"
 valopt local-rust-root "/usr/local" "set prefix for local rust binary"
 valopt llvm-root "" "set LLVM root"
@@ -343,6 +344,11 @@ probe CFG_PDFLATEX         pdflatex
 probe CFG_XETEX            xetex
 probe CFG_LUATEX           luatex
 probe CFG_NODE             nodejs node
+if [ "$CFG_OSTYPE" = "unknown-linux-gnu" ]
+then
+    probe CFG_PAXCTL           paxctl /sbin/paxctl
+    probe CFG_ZCAT             zcat
+fi
 
 if [ ! -z "$CFG_PANDOC" ]
 then
@@ -354,6 +360,51 @@ then
     fi
 fi
 
+if [ "$CFG_OSTYPE" = "unknown-linux-gnu" ]
+then
+    if [ ! -z "$CFG_ENABLE_PAX_FLAGS" -a -z "$CFG_PAXCTL" ]
+    then
+        err "enabled PaX markings but no paxctl binary found"
+    fi
+
+    if [ -z "$CFG_DISABLE_PAX_FLAGS" ]
+    then
+        # GRSecurity/PaX detection. This can be very flaky.
+        GRSEC_DETECTED=
+
+        # /dev/grsec only exists if CONFIG_GRKERNSEC_NO_RBAC is not set.
+        # /proc/sys/kernel/grsecurity is not available if ÇONFIG_GRKERNSEC_SYSCTL is not set.
+        if [ -e /dev/grsec -o -d /proc/sys/kernel/grsecurity ]
+        then
+            GRSEC_DETECTED=1
+        # /proc/config.gz is normally only available to root, and only if CONFIG_IKCONFIG_PROC has been set.
+        elif [ -r /proc/config.gz -a ! -z "$CFG_ZCAT" ]
+        then
+            if "$CFG_ZCAT" /proc/config.gz | grep --quiet "CONFIG_GRKERNSEC=y"
+            then
+                GRSEC_DETECTED=1
+            fi
+        # Flaky.
+        elif grep --quiet grsec /proc/version
+        then
+            GRSEC_DETECTED=1
+        fi
+
+        if [ ! -z "$GRSEC_DETECTED" ]
+        then
+            step_msg "GRSecurity: yes"
+            if [ ! -z "$CFG_PAXCTL" ]
+            then
+                CFG_ENABLE_PAX_FLAGS=1
+            else
+                warn "GRSecurity kernel detected but no paxctl binary found: not setting CFG_ENABLE_PAX_FLAGS"
+            fi
+        else
+            step_msg "GRSecurity: no"
+        fi
+    fi
+fi
+
 if [ ! -z "$CFG_ENABLE_LOCAL_RUST" ]
 then
     if [ ! -f ${CFG_LOCAL_RUST_ROOT}/bin/rustc ]
@@ -523,15 +574,23 @@ then
     msg "git: submodule sync"
     "${CFG_GIT}" submodule --quiet sync
 
+    msg "git: submodule update"
+    "${CFG_GIT}" submodule --quiet update --init
+    need_ok "git failed"
+
+    msg "git: submodule foreach sync"
+    "${CFG_GIT}" submodule --quiet foreach --recursive git submodule sync
+    need_ok "git failed"
+
+    msg "git: submodule foreach update"
+    "${CFG_GIT}" submodule --quiet update --init --recursive
+    need_ok "git failed"
+
     # NB: this is just for the sake of getting the submodule SHA1 values
     # and status written into the build log.
     msg "git: submodule status"
     "${CFG_GIT}" submodule status --recursive
 
-    msg "git: submodule update"
-    "${CFG_GIT}" submodule --quiet update --init --recursive
-    need_ok "git failed"
-
     msg "git: submodule clobber"
     "${CFG_GIT}" submodule --quiet foreach --recursive git clean -dxf
     need_ok "git failed"
@@ -699,6 +758,12 @@ putvar CFG_C_COMPILER
 putvar CFG_LIBDIR
 putvar CFG_DISABLE_MANAGE_SUBMODULES
 
+if [ ! -z "$CFG_ENABLE_PAX_FLAGS" ]
+then
+    putvar CFG_ENABLE_PAX_FLAGS
+    putvar CFG_PAXCTL
+fi
+
 if [ ! -z $BAD_PANDOC ]
 then
     CFG_PANDOC=

doc/prep.js

@@ -60,9 +60,10 @@ while ((line = lines[cur++]) != null) {
       var html = '<pre class="cm-s-default">', curstr = "", curstyle = null;
       function add(str, style) {
         if (style != curstyle) {
-          if (curstyle) html += '<span class="cm-' + curstyle + '">' + curstr
-            + "</span>";
-          else if (curstr) html += curstr;
+          if (curstyle) html +=
+            '<span class="cm-' + CodeMirror.htmlEscape(curstyle) + '">' +
+            CodeMirror.htmlEscape(curstr) + "</span>";
+          else if (curstr) html += CodeMirror.htmlEscape(curstr);
           curstr = str; curstyle = style;
         } else curstr += str;
       }