Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
251,437 Commits 606 Branches 0 Tags 3.1 GiB
65fe324251
Commit Graph

191 Commits

Author SHA1 Message Date
riastradh
ef315f7931 Remove MKCRYPTO option. 
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export.  The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.

In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated.  I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.

The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.

My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.

As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:

https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html

P.S.  Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet...  That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
 2017-05-21 15:28:36 +00:00
christos
6b9cab4173 Bump version 2017-05-06 19:52:25 +00:00
christos
f804baf730 Adapt to the new API. 2015-04-04 02:51:10 +00:00
joerg
bc885fd55c When building with clang, make warnings about NULL checks of parameters 
with attribute nonnull non-fatal.
 2014-10-25 00:57:59 +00:00
christos
71012c8f3e pam library has moved and new files 2014-10-24 18:27:41 +00:00
riastradh
6cb10275d0 Merge riastradh-drm2 to HEAD. 2014-03-18 18:20:35 +00:00
joerg
0d337fe4e9 Remove tautological check. 2014-02-27 18:09:38 +00:00
joerg
a97560b644 Annotate logit to provide transitive format string checks. 2014-01-07 02:07:43 +00:00
christos
9778b180e3 Fix incorrect types 2013-12-29 22:54:58 +00:00
christos
e49015f507 warns 6 2013-12-28 18:04:18 +00:00
christos
8cf33d7f2e avoid using freed pointers and non-format strings 2013-12-28 18:04:03 +00:00
christos
c9a970f03f updates for new version 2013-12-27 20:11:50 +00:00
mrg
5ff07852c5 remove useless variable 2013-10-19 22:57:46 +00:00
wiz
a09cadcf91 Whitespace and markup improvements. 
Bump date for previous.
 2013-08-20 22:44:37 +00:00
perseant
3b0849f66f Add Edgar Fuss's patch to pam_deny, to allow users to be able to change their 
LDAP password with "passwd".
 2013-08-20 22:07:44 +00:00
wiz
a5684d07dd Use Mt for email addresses. 2013-07-20 21:39:55 +00:00
dholland
0980ff6f74 add missing word 2013-06-23 01:44:22 +00:00
christos
fd65ca0108 use login_getpwclass() everywhere for consistency. 2013-06-20 20:54:52 +00:00
christos
7244ad5836 adjust for new openpam 2013-04-06 02:20:49 +00:00
christos
e9da35f00c remove unneeded change 2012-01-28 21:54:26 +00:00
christos
f83bdef67a Use -X so that the link-set symbols are not stripped. 2012-01-28 21:34:22 +00:00
jnemeth
01f3bfcec8 PR/45877 - Geoff C. Wing -- openpam modules need to be owned by root 2012-01-27 08:45:10 +00:00
drochner
2a0c9a37dc pull in from FreeBSD rev.1.41: Narrow the use of user credentials. 
(call pam_get_authtok() with caller's rights rather than user's)
 2012-01-06 14:04:02 +00:00
christos
1b695acdbf avoid using %m in format. 2012-01-03 19:02:54 +00:00
christos
0c2a9fc481 - reverse the order of printf formatting to make it easier for compilers to 
check printf arguments
- add compiler checking for printf formats and fix broken ones.
From joerg@
 2011-12-28 14:52:56 +00:00
christos
97c77932e4 undo the pam bump. 2011-12-27 16:53:24 +00:00
christos
f5389e0d8c Move to the new version. 2011-12-25 23:18:25 +00:00
drochner
cb4d5f3dcb support ECDSA keys used by recent ssh 2011-12-16 17:37:14 +00:00
drochner
2462eb040a disallow empty passphrases per default, and implement the "nullok" 
option to allow it if the administator wishes, from FreeBSD
 2011-12-16 17:35:09 +00:00
drochner
705315cdf8 -remove remainders of the misguided changes in revs 1.5-1.9 
-iron out more unnecessary differences to FreeBSD
 2011-12-16 17:30:12 +00:00
cheusov
ebc317e1c8 Minor grammar fix 2011-08-19 11:56:01 +00:00
christos
8ca0e6b1a2 remove gcc-4.5 hacks 2011-08-17 09:56:03 +00:00
mrg
0a0dd75b65 add some XXX'd -Wno-foo if HAVE_GCC >= 45. 
XXX: someone should look at these.
 2011-06-21 02:32:55 +00:00
joerg
a216da57a6 Default to -Wno-sign-compare -Wno-pointer-sign for clang. 
Push -Wno-array-bounds down to the cases that depend on it.
Selectively disable warnings for 3rd party software or non-trivial
issues to be reviewed later to get clang -Werror to build most of the
tree.
 2011-05-26 12:56:24 +00:00
drochner
69de8de8f1 remove excess newlines in debug output 2011-05-06 17:22:09 +00:00
christos
736e11067f - make log_krb5 varyadic 
- centralize error handling to one function
- check for NULL context
 2011-04-25 22:22:25 +00:00
christos
def46fd94a fix pasto (of no consequence) 2011-04-25 22:03:20 +00:00
christos
4a04b195ef - make log_krb5 varyadic and merge the last error message. 
- check for NULL context.
- print a more meaningful error when things go south
 2011-04-25 22:01:04 +00:00
elric
0fce8776fa Stop using functions that are marked as deprecated in Heimdal. 2011-04-24 18:53:55 +00:00
elric
a9c7955034 Remove use of functions marked as deprecated in Heimdal. 2011-04-24 18:48:04 +00:00
elric
98fbe74f8c Upgrade Heimdal to 1.5pre1 by switching the build from crypto/dist/heimdal 
to crypto/external/bsd/heimdal.  The latter was just imported as the head
of the Heimdal tree as of a few days ago.
 2011-04-15 18:05:42 +00:00
mbalmer
8ac2ff5d25 Fix misplaced parenthesis, from henning.petersen@t-online.de, thanks. 2011-04-02 10:22:09 +00:00
mlelstv
c619be51ca Don't try to clean/build or install a library here, there are only 
subdirectories.

Also, bsd.lib.mk requires a defined LIB, otherwise it will generate
unwanted commands during clean. It even failed on netbsd-4 where
'rm -f' needs at least one parameter which is missing due to recent
corrections in make/vars.c.
 2011-03-08 09:49:42 +00:00
christos
d7b3467511 PR/44505: Mark Davies: pam_exec fails to realloc enough space, while 
there add a volatile variable (From FreeBSD)
 2011-02-03 02:05:59 +00:00
joerg
6ccee47911 Revert last as gcc(1) checks for -r to disable passing down --relax e.g. 
on Sparc.
 2010-12-10 20:06:17 +00:00
joerg
72183148bb Explicitly pass down -r as linker option. 2010-12-08 02:07:25 +00:00
wiz
80b39d395e Fix typo in comment. 2010-11-28 01:31:26 +00:00
christos
fabd9ea05b explain better what's going on here. 2010-11-28 00:50:16 +00:00
adam
d26d65ff82 Use ssh_add_identity_constrained() instead of ssh_add_identity() 2010-11-21 20:41:36 +00:00
joerg
9601c032f2 Mask %U 2010-05-13 23:07:46 +00:00