Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
252,978 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

616 Commits

Author SHA1 Message Date
wiz 01869ca4d2 Remove workaround for ancient HTML generation code. 2017-07-03 21:28:48 +00:00
riastradh ef315f7931 Remove MKCRYPTO option. 
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export.  The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.

In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated.  I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.

The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.

My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.

As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:

https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html

P.S.  Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet...  That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
 2017-05-21 15:28:36 +00:00
nonaka 165ef89073 ftp(1): split the auth processing function. 2017-02-15 11:52:11 +00:00
christos 10c59ee542 Use the first name we requested the http/https URL for, not any name we ended 
up with after random redirects.
 2017-01-31 21:05:35 +00:00
nonaka a69e0947f2 handle proxy authentication correctly. 2016-12-15 04:49:15 +00:00
christos 8481accb85 PR/51558: ast@: ftp dumps core after usage message when IPv6 URL lacks a slash. 
Initialize variable so that we don't get random behavior on cleanup.
 2016-10-17 00:52:53 +00:00
joerg 740128222b When using data outside the signed char range, it is better to 
consistently use an unsigned char buffer.
 2016-10-04 15:06:31 +00:00
maya 519ca6e803 Do globbing for FTP URLs of the form ftp://... too 
ok christos
 2016-08-03 12:33:56 +00:00
christos b1bf748a07 PR/51043: Yorick Hardy: ftp(1) should use the port number for CONNECT 2016-04-04 23:59:41 +00:00
christos f3a6400cd0 sprinkle more volatile (distribution build with gcc-5.3) 2016-03-18 18:42:25 +00:00
christos 64f5cd70a3 CID 1354295: Array overrun. 2016-02-27 16:31:31 +00:00
christos 54835745af use sizeof() and array notation. 2016-02-06 21:23:09 +00:00
nonaka a3255ab05b Initialize the token match pointer. 2016-02-05 03:41:05 +00:00
wiz 30e99be8f8 Fix downloads of local files using file:// URLs 
Previously it would error out in copyurlinfo() when copying a NULL port.
 2016-01-05 11:41:00 +00:00
christos 1f7a09da7b mark function as only needed with ssl. 2015-12-17 20:36:36 +00:00
christos 01e355354c Split the position/size parsing into a separate function. 2015-12-17 17:26:45 +00:00
christos 33fd699b86 Simplify and factor out connect message 2015-12-17 17:08:45 +00:00
nonaka ac27abcc55 - Fix to connect https via proxy. 
- Fix ttyout message.
 2015-12-17 04:36:56 +00:00
christos 7a83389f23 make DPRINTF/DWARN always statements. 2015-12-16 23:00:39 +00:00
christos 17562cefd2 PR/50438: NONAKA Kimihiro: ftp(1): CONNECT method support 
Please test!
 2015-12-16 21:11:47 +00:00
christos 941a869c25 more refactoring: 
- introduce authinfo and urlinfo structures
	- split negotiation code out.
 2015-12-16 19:17:16 +00:00
nonaka f6c8c6eefb Fix compile failure without WITH_SSL. 
>    /tmp/bracket/build/2015.12.15.21.01.27-i386/src/usr.bin/ftp/fetch.c: In function 'fetch_url':
>    /tmp/bracket/build/2015.12.15.21.01.27-i386/src/usr.bin/ftp/fetch.c:823:18: error: 'HTTPS_URL_T' undeclared (first use in this function)
>           urltype == HTTPS_URL_T ? &ssl : NULL);
 2015-12-16 01:20:05 +00:00
christos 82dbb89087 Factor the proxy handling code out. 2015-12-15 21:45:21 +00:00
christos 605492b2a8 Separate no_proxy handling. 2015-12-15 21:01:27 +00:00
christos 9444a4268c Try to factor out some code, this is completely out of control. 2015-12-15 20:49:49 +00:00
tron ce945c29d6 (Hopefully) fix build without IPv6 support 2015-12-13 14:06:13 +00:00
tron 0d7f9f570d Use the proper format "[IPv6 address]:port" when reporting connection 
attempts to IPv6 endpoints.
 2015-12-11 08:37:31 +00:00
joerg f66e764c57 Workaround const issues of SSL_set_tlsext_host_name. 2015-09-16 15:32:53 +00:00
wiz c39756ad10 servername cannot be NULL here. 
Noted by joerg@.
 2015-09-12 20:23:27 +00:00
wiz 7a5da4c401 Bump version for SNI support. 2015-09-12 20:18:52 +00:00
wiz f9b7d2341e Add Server Name Indication (SNI) support for https. 
Needed for e.g. some github URLs.
 2015-09-12 19:38:42 +00:00
lukem ee0aef00c4 Add -x xferbufsize to set xferbuf size. 
Implement  -x xferbufsize  set the socket send and receive buffer size,
as per 'xferbuf' in interactive mode.

Patch from Nicholas Mills (via private mail), with minor adjustment by me.
 2015-04-23 23:31:23 +00:00
christos eea786b46d Increase the buffer limit; otherwise files in: 
http://www.taxdetective.ca/Samples/sampledatafiles.html

fail.
 2015-01-12 14:17:08 +00:00
lukem b315b2bb36 Version 20141026 
Ignore special characters unless they're from the command line.
Fixes CVE-2014-8517
 2014-10-31 03:27:18 +00:00
christos d138fe3e34 don't pay attention to special characters if they don't come from the command 
line (from jmcneill)
 2014-10-26 16:21:59 +00:00
joerg d9c7ee5b63 Annotate functions using format strings. 2014-01-07 02:07:08 +00:00
christos 71c18b90bc more volatile for m68k 2013-11-07 02:06:51 +00:00
christos b4ab7d1288 let progressmeter deal with the timeout once we've started transferring. 2013-11-03 14:45:50 +00:00
christos 422740a7f1 PR/34796: Hauke Fath: ftp does not timeout on http fetches. 2013-11-02 19:55:47 +00:00
lukem fc12eae8b6 Version 20130220: restart fix, SYST response parsing improvement 2013-05-05 10:40:19 +00:00
christos 964e4f5784 fix restart from anon ymous 2013-02-23 13:47:36 +00:00
dsl 41b0a909cc When using the response to SYST to decide whether to default to 'binary' 
be a lot less specific.
Kyocera printers report "230 Linux" but really don't want text transfers
of pdf files!
 2013-02-19 23:29:15 +00:00
christos ed82bc80db merry belated x-mas. 2013-02-06 16:37:20 +00:00
christos ccdf6b9113 backwards compatible with netbsd-6. 2012-12-24 22:12:28 +00:00
christos e7e7a9f768 compile without SSL 2012-12-22 16:58:51 +00:00
christos 057b4f79a5 document https support, mentioning certificates are not validated, and obey 
https_proxy.
 2012-12-22 16:57:09 +00:00
christos f9336fd862 PR/47276: Add https support 2012-12-21 18:07:36 +00:00
is 706521afb9 As discussed on tech-net@: Don't display expected EHOSTUNREACH for all but 
the last connect attempts in terse mode.
 2012-07-04 06:09:37 +00:00
riastradh 9a313cc58d Clean up #includes in progress(1). 
Sort them, omit needless ones, and add omitted needful ones.

Omissions revealed by pilfering the code and trying to build it on
Mac OS X.  We ought to have a better way to reveal these omissions...
 2012-06-27 22:07:36 +00:00
wiz 1ac719d147 Remove unnecessary Bk/Ek pairs from SYNOPSIS. 
No effective change except where I used the opportunity to sort options
and/or option descriptions.
 2012-04-08 22:00:37 +00:00