Commit Graph

196 Commits

Author SHA1 Message Date
mrg
aa20739e7d fixes for GCC 6.4:
mail's execute() needs a volatile for setjmp().

telnet has a missing {} issue.

isdnd's print_config() has a missing/wrong {} issue, and
its p_q931bc() has inconsistent indentation (but not any
actual problem.)

map-mbone's accept_neighbors2() compares a vs. a instead
of a vs. b.

sysinst's pm_cgd_check() has missing {} issue.

timed's main() has missing {} issue.
2018-02-04 09:01:12 +00:00
wiz
01869ca4d2 Remove workaround for ancient HTML generation code. 2017-07-03 21:28:48 +00:00
riastradh
ef315f7931 Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export.  The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.

In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated.  I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.

The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.

My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.

As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:

https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html

P.S.  Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet...  That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
2017-05-21 15:28:36 +00:00
christos
ce31bd9da4 add sqlite3 2017-01-28 23:42:36 +00:00
joerg
5937818688 GC header left from earlier diagnostic test. 2016-10-04 14:36:11 +00:00
joerg
2f2a5be7f3 Remove source routing support. 2016-10-04 14:35:38 +00:00
sevan
39bbc68a3b Drop main() prototype. 2016-09-05 00:40:28 +00:00
joerg
9edf9a0457 Remove many HAVE_GCC || HAVE_PCC conditionals as the options also apply
to Clang. Add a few cases of HAVE_LLVM for -fno-strict-aliasing.
2012-08-10 12:10:27 +00:00
wiz
1ac719d147 Remove unnecessary Bk/Ek pairs from SYNOPSIS.
No effective change except where I used the opportunity to sort options
and/or option descriptions.
2012-04-08 22:00:37 +00:00
wiz
3957bea1ef Fix whitespace nits. Suggested by Bug Hunting. 2012-03-22 07:58:16 +00:00
matt
d34c2845b8 Use C89 function definitions 2012-03-20 20:34:57 +00:00
joerg
4c70cdf100 Use __dead 2012-01-10 23:39:11 +00:00
christos
06c8e120ad fix signed/unsigned comparison. 2012-01-10 13:49:32 +00:00
christos
fcdbba429b PR/45805: Borodin Oleg: telnet/telnetd with -DAUTHENTICATION -DENCRYPTION
(rfc2941)
- Minimal diffs to separate MKCRYPTO from USE_KERBEROS
2012-01-09 16:08:55 +00:00
drochner
8fd6dadaf8 include <netipsec/ipsec.h> rather than <netinet6/ipsec.h> from userland
where possible, for consistency and compatibility to FreeBSD
(exception: KAME specific statistics gathering in netstat(1) and systat(1))
2012-01-04 16:09:40 +00:00
christos
1dcb02d8c7 remove casts 2011-10-07 16:30:17 +00:00
joerg
26c79d78b3 Simplify 2011-10-07 10:14:22 +00:00
roy
47e1ece0c2 Use terminfo and the non-standard ttytype rather than termcap. 2011-10-05 10:48:54 +00:00
mrg
75e42fa7da remove most of the remaining HAVE_GCC tests that are always true in
the modern world.
2011-06-20 07:43:56 +00:00
joerg
a216da57a6 Default to -Wno-sign-compare -Wno-pointer-sign for clang.
Push -Wno-array-bounds down to the cases that depend on it.
Selectively disable warnings for 3rd party software or non-trivial
issues to be reviewed later to get clang -Werror to build most of the
tree.
2011-05-26 12:56:24 +00:00
elric
07b0c75a48 We no longer need -I/usr/include/krb5. 2011-04-24 21:42:06 +00:00
roy
98eb889579 Userland now builds and uses terminfo instead of termcap.
OK: core@, jdc@
2010-02-03 15:34:37 +00:00
lukem
c1ceae17f0 Enable WARNS=4 by default for usr.bin, except for:
awk  bdes  checknr  compile_et  error  gss  hxtool  kgetcred  kinit
	klist  ldd  less  lex  locale  login  m4  man  menuc  mk_cmds
	mklocale  msgc  openssl  rpcgen  rpcinfo  sdiff  spell  ssh
	string2key  telnet  tn3270  verify_krb5_conf  xlint
2009-04-14 22:15:16 +00:00
joerg
8929e0dce4 Don't workaround ancient macro argument limit with .Xo/.Xc. 2009-03-11 13:58:29 +00:00
gmcgarry
3c9a95916d Wrap compiler-specific flags with HAVE_GCC and HAVE_PCC as necessary. Add a few flags for PCC. 2008-08-29 00:02:21 +00:00
lukem
98e5374ccb Remove the \n and tabs from the __COPYRIGHT() strings.
Tweak to use a consistent format.
2008-07-21 14:19:20 +00:00
tls
4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos
019209fdbc volatile fixes from Anon Ymous 2006-12-18 14:18:40 +00:00
elad
1232ea27c4 PR/18906: roskens at elfin dot net: misc. select() to poll() updates.
Adapted to -current by myself, thanks for the patch!
2006-10-07 17:27:57 +00:00
mrg
aadd7d4847 sprinkle some -fno-strict-aliasing and -Wno-pointer-sign with GCC4. 2006-05-11 23:16:28 +00:00
mrg
4bc6feceb6 end the argument list to exec*(3) with a NULL instead of a bare '0', as
the latter isn't a pointer context in these varargs functions.
2006-05-11 00:22:52 +00:00
rpaulo
de8db47547 Add support for RFC 3542 Adv. Socket API for IPv6 (which obsoletes 2292).
* RFC 3542 isn't binary compatible with RFC 2292.
* RFC 2292 support is on by default but can be disabled.
* update ping6, telnet and traceroute6 to the new API.

From the KAME project (www.kame.net).
Reviewed by core.
2006-05-05 00:03:21 +00:00
christos
48cf428279 Turn if/then/elif into a switch 2006-04-04 21:35:20 +00:00
christos
85e611dd01 Goodbye KerberosIV 2006-03-20 04:03:10 +00:00
he
9dfcf4d44d Rename debug to telnet_debug, to allow static linking with libssh.a. 2006-02-02 19:33:12 +00:00
christos
3ac7a40466 fix compilation after changes to telopts. I will revisit this and constify
it later.
2006-01-25 04:20:54 +00:00
atatat
bfff2fd626 charaters -> characters 2005-04-03 02:43:57 +00:00
drochner
6ff7079afd plug buffer overflows, see
http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
(CAN 2005-0468 and 2005-0469)

Patch taken from MIT/Kerberos (MITKRB5-SA-2005-001-telnet.txt)
2005-03-29 12:18:28 +00:00
he
5152518685 Add -lcrypt to link lines for applications using -lkrb5, so that they
link successfully when MKPIC=no, as is always the case for our ports
which do not support shared libraries.

Discussed with thorpej and christos.
2005-03-04 20:44:55 +00:00
he
8e8728c45c Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications.  The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.

Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.

Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.

Discussed with thorpej and christos.
2005-03-04 20:41:08 +00:00
christos
66e1a2c606 Make this compile if pam is present. XXX: this sucks, because we don't
really use PAM here, but libtelnet needs it.
2005-02-19 23:28:41 +00:00
dsl
e77d2c6bcd Change first arg of printsub() for 'char' to 'int' so that it builds again.
This matches the binary interface from before if was de-__Peed (or at least
that of K&R C).
In any case having arguments (and return values) of char and short isn't
especially sensible.
2005-02-06 20:39:35 +00:00
tron
de397c1aee Fix build errors caused by de-__P()--ing "libtelnet". 2005-02-06 17:51:40 +00:00
lukem
7157011597 Only compile in IPv6 support if ${USE_INET6} != "no"
MKINET6 is for providing IPv6 infrastructure.
USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
2005-01-10 02:58:58 +00:00
lha
a0dab7aa39 Move linking with libdes to the common kerberos section since
libtelnet depends on the old des functions.

From Jukka Salmi in NetBSD pr misc/28727
2004-12-22 01:25:05 +00:00
itojun
b95181fc9b NI_WITHSCOPEID was not picked up by IETF standardization process. 2004-11-16 05:59:32 +00:00
christos
51beb09565 Kill remnant function decl. 2004-11-10 20:26:43 +00:00
dsl
88d913ebbe Add (unsigned char) cast to ctype functions 2004-11-04 07:22:47 +00:00
heas
209ebbab46 - deal with a dead tty in ttyflush() by cleaning-up and exiting instead of
returning a failure code and processing that all the way up the stack.
- deal with a dead peer similarly and do it without setjmp/longjmp() (at
  christos' request).

These fix bin/20304 and my own observations when the remote abruptly closes
the connection.
2004-03-20 23:26:05 +00:00
heas
d5561e39ff remove duplicate description of DEFAULT keyword (introduced by me). 2004-03-20 23:10:01 +00:00