Use tagged lists, mark up literals, be consistent about options
(global): vs parameters (of a TLS action), fold TLS authentication
description into the TLS options section.
Rename compiler-warning-disable variables from
GCC_NO_warning
to
CC_WNO_warning
where warning is the full warning name as used by the compiler.
GCC_NO_IMPLICIT_FALLTHRU is CC_WNO_IMPLICIT_FALLTHROUGH
Using the convention CC_compilerflag, where compilerflag
is based on the full compiler flag name.
Make it possible to specify the debug message categories with an
optional numeric argument. You'll have to read the fine source to
find out what they are. The number can be specified as the usual
decimal, hex (0x), or octal (0) literal with an optional ~negation.
Since syslogd uses getopt(3), not getopt_long(3), do a bit of
gymnastics so that both -d42 and -d 42 are accepted (I'm not inventing
long names for all the existing options just to support an optional
argument to -d).
-d without an argument still uses the old D_DEFAULT selection just in
case someone really relies on that. You can disable all debug
messages with -d0 but still get syslogd not daemonized.
Since 2021-01-31, lint no longer requires a CONSTCOND comment in a
do-while-0 statement since this is a common code pattern, especially in
statement-like macros.
sed -i -E 's,} while \(/\* ?CONSTCOND ?\*/ ?0\),} while (0),' */*.[ch]
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many
of these are false positives, most of the real bugs are already
commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."
This generally isn't a good thing, nothing should be discard silently.
However, for systems that don't want big syslogd buffers or are too slow
to log effectively this reporting can now be disabled.
An incoming remote message may not necessarily have a hostname
between the timestamp and the message. The the source of the remote
sender is already looked up so use that hostname/IP address rather
than the local hostname.
XXX: pullup-8
XXX: pullup-7
XXX: pullup-6
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.htmlhttps://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.htmlhttps://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
uwe