Revision tags: netbsd-8-1-RC1 pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base
|
#
1.37 |
|
21-May-2017 |
riastradh |
Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States classified cryptography as a munition and restricted its export. The export controls were substantially relaxed fifteen years ago, and are essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after its motivation -- the US export restriction -- was eliminated. I'm not aware of any other operating system that has a similar option; I expect it is mainly out of apathy for churn that we still have it. Today, cryptography is an essential part of modern computing -- you can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no representation that MKCRYPTO=no satisfies any country's cryptography regulations.
My personal position is that the availability of cryptography is a basic human right; that any local laws restricting it to a privileged few are fundamentally immoral; and that it is wrong for developers to spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of *bad* crypto that was conditional on it, e.g. DES in telnet... That should probably be removed too, but on the grounds that it is bad, not on the grounds that it is (nominally) crypto.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 tls-maxphys-base
|
#
1.36 |
|
10-Aug-2012 |
joerg |
Don't depend on HAVE_GCC being always defined.
|
Revision tags: yamt-pagecache-base5 yamt-pagecache-base4
|
#
1.35 |
|
21-Mar-2012 |
matt |
These directories default to WARNS?=5
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 netbsd-6-base
|
#
1.34 |
|
09-Jan-2012 |
christos |
PR/45805: Borodin Oleg: telnet/telnetd with -DAUTHENTICATION -DENCRYPTION (rfc2941) - minimal fixes to compile with WARNS=4 - separate kerberos (USE_KERBEROS) from encryption (MKCRYPTO)
|
Revision tags: yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.33 |
|
20-Jun-2011 |
mrg |
branches: 1.33.2; remove most of the remaining HAVE_GCC tests that are always true in the modern world.
|
Revision tags: cherry-xenmp-base
|
#
1.32 |
|
24-Apr-2011 |
elric |
branches: 1.32.2; We no longer need to -I/usr/include/krb5.
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231 matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2
|
#
1.31 |
|
29-Aug-2008 |
gmcgarry |
Wrap compiler-specific flags with HAVE_GCC and HAVE_PCC as necessary. Add a few flags for PCC.
|
#
1.30 |
|
12-Jul-2008 |
gmcgarry |
Add test for HAVE_PCC with HAVE_GCC which turn off compiler warning flags.
|
Revision tags: wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 wrstuden-revivesa-base
|
#
1.29 |
|
03-May-2008 |
lukem |
branches: 1.29.2; Rename MKPRIVATELIB to LIBISPRIVATE, to make it clearer that this is a variable that is used by in-tree Makefiles to control behaviour. (MKsomevar variables are generally intended to be controlled by the end-user)
|
Revision tags: yamt-pf42-baseX yamt-pf42-base keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.28 |
|
28-May-2007 |
tls |
branches: 1.28.10; Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to various string and memory copy and set functions (as well as a few system calls and other miscellany) where known at function entry. RedHat has evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in any code which includes the libc internals, because it overrides certain libc functions with macros. Some effort has been made to make USE_FORT=yes work correctly for a full-system build by having the bsd.sys.mk logic disable the feature where it should not be used (libc, libssp iteself, the kernel) but no attempt has been made to build the entire system with USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid, directly handle network data (including serial comm data), perform authentication, or appear likely to have (or have a history of having) data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default, with the exception of libc, which cannot use USE_FORT and thus uses only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no per-directory or in a system build will disable if desired.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-4-base
|
#
1.27 |
|
25-Jun-2006 |
mrg |
make MKCRYPTO=no work again.
|
#
1.26 |
|
11-May-2006 |
mrg |
sprinkle some -fno-strict-aliasing and -Wno-pointer-sign with GCC4.
|
#
1.25 |
|
20-Mar-2006 |
christos |
Goodbye KerberosIV
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.24 |
|
19-Feb-2005 |
christos |
Fix pk to use BN_ instead of libmp.
|
#
1.23 |
|
19-Feb-2005 |
christos |
PAM support from FreeBSD.
|
#
1.22 |
|
23-May-2004 |
lukem |
Use MKPRIVATELIB=yes instead of providing an empty libinstall:: target and setting NOLINT, NOPIC, NOPROFILE (etc)
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.21 |
|
11-Dec-2003 |
dyoung |
Fix the checkflist for builds without Kerberos 4 (MKKERBEROS4=no) and without Kerberos 4 & 5 (MKKERBEROS=no). Previously checkflist complained of missing files.
* move kerberos- and kerberos 4-only files into new flists, distrib/sets/lists/*/krb.*
* make the flist generators grok MKKERBEROS{,4} variables
* fix Makefiles which treat MKKERBEROS=no as MKKERBEROS5=no. 9 out of 10 experts agree that it is ludicrous to build w/ KERBEROS4 and w/o KERBEROS5.
* fix header files, also, which treat MKKERBEROS=no as MKKERBEROS5=no.
* omit some Kerberos-only subdirectories from the build as MKKERBEROS{,4} indicate
(I acknowledge the sentiment that flists are the wrong way to go, and that the makefiles should produce the metalog directly. That sounds to me like the right way to go, but I am not prepared to do revamp all the makefiles. While my approach is expedient, it fits painlessly within the current build architecture until we are delivered from flist purgatory, and it does not postpone our delivery. Fair enough?)
|
#
1.20 |
|
23-Jul-2003 |
itojun |
no longer need to -I/usr/include first (yes, it's still confusing, i admit)
|
#
1.19 |
|
23-Jul-2003 |
tron |
Fix build problem caused by recent "Makefile" changes.
|
#
1.18 |
|
23-Jul-2003 |
itojun |
split MKKERBEROS4 from MKKERBEROS. based on work by lha at stacken.kth.se (build confirmed with both MKKERBEROS4=yes and MKKERBEROS4=no)
|
#
1.17 |
|
16-Jul-2003 |
itojun |
do not build/install shlib
|
#
1.16 |
|
28-Mar-2003 |
thorpej |
Remove GCC 3.3 hack; the libtelnet code has been changed to avoid the warning.
|
Revision tags: netbsd-1-6-PATCH002-RELEASE netbsd-1-6-PATCH002 netbsd-1-6-PATCH002-RC4 netbsd-1-6-PATCH002-RC3 netbsd-1-6-PATCH002-RC2 netbsd-1-6-PATCH002-RC1 netbsd-1-6-PATCH001 netbsd-1-6-PATCH001-RELEASE netbsd-1-6-PATCH001-RC3 netbsd-1-6-PATCH001-RC2 netbsd-1-6-PATCH001-RC1 fvdl_fs64_base netbsd-1-6-RELEASE netbsd-1-6-RC3 netbsd-1-6-RC2 netbsd-1-6-RC1 netbsd-1-6-base
|
#
1.15 |
|
22-Mar-2002 |
thorpej |
Split the notion of building Hesiod, Kerberos, S/key, and YP infrastructure and using that infrastructure in programs.
* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building of the infratsructure (libraries, support programs, etc.)
* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control building of support for using the corresponding API in various libraries/programs that can use it.
As discussed on tech-toolchain.
|
#
1.14 |
|
29-Jan-2002 |
thorpej |
Hack around GCC PR optmization/5230 if HAVE_GCC3 is set. (GCC 3.x issues spurious warning when compiling a Duff's device with optimization.)
|
#
1.13 |
|
05-Nov-2001 |
lukem |
explicitly set to WARNS?=1
|
#
1.12 |
|
23-Jun-2000 |
thorpej |
Add MK... variables to enable/disable various aspects of building crypto support into the system. See share/mk/bsd.README for more a full description.
|
#
1.11 |
|
22-Jun-2000 |
thorpej |
Bring the telnet situation back into better shape. Specifically, pull in just about all of the differences from the crypto-us telnet suite (which includes Kerberos 4 and connection encryption support). Also bring in the Kerberos 5 support from the Heimdal telnet, and frob a little so that it can work with the non-Heimdal telnet suite.
There is still some work left to do, specifically: - Add Heimdal's ticket forwarding support to the Berkeley Kerberos 4 module. - Add connection encryption support to the Heimdal Kerberos 5 module. Hints on this can be taken from the MIT Kerberos 5 module which still exists in crypto-us.
However, even with the shortcomings listed above, this is a better situation than using the stock Heimdal telnet suite, which does not understand the IPSec policy stuff, and is also based on much older code which contains bugs that we have already fixed in the NetBSD sources.
|
Revision tags: netbsd-1-5-base
|
#
1.10 |
|
20-Jun-2000 |
thorpej |
branches: 1.10.2; Merge a bunch of things from crypto-us and crypto-intl into basesrc, adding support for Heimdal/KTH Kerberos where easy to do so. Eliminate bsd.crypto.mk.
There is still a bunch more work to do, but crypto is now more-or-less fully merged into the base NetBSD distribution.
|
Revision tags: minoura-xpg4dl-base wrstuden-devbsize-19991221 wrstuden-devbsize-base comdex-fall-1999-base
|
#
1.9 |
|
20-Jul-1999 |
mrg |
branches: 1.9.6; optionally include CRYPTOPATH Makefile.frag files.
|
#
1.8 |
|
12-Jul-1999 |
thorpej |
Use bsd.crypto.mk.
|
Revision tags: netbsd-1-4-PATCH003 netbsd-1-4-PATCH002 netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.7 |
|
23-Oct-1997 |
lukem |
use CPPFLAGS instead of CFLAGS
|
Revision tags: netbsd-1-3-base netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.6 |
|
24-Feb-1996 |
jtk |
branches: 1.6.2; update libtelnet with changes through 95.10.23 version
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base netbsd-1-0-PATCH06 netbsd-1-0-PATCH05 netbsd-1-0-PATCH04 netbsd-1-0-PATCH03 netbsd-1-0-PATCH02 netbsd-1-0-PATCH1 netbsd-1-0-PATCH0 netbsd-1-0-RELEASE netbsd-1-0-base
|
#
1.5 |
|
25-Feb-1994 |
cgd |
we have cgetent()
|
#
1.4 |
|
25-Feb-1994 |
cgd |
new libtelnet from ftp.cray.com. Encryption support ripped out, pending figuring out what to do about it...
|
#
1.3 |
|
01-Aug-1993 |
mycroft |
Add RCS identifiers.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base
|
#
1.2 |
|
16-Jul-1993 |
brezak |
Be able to build telnet without enc_des.c
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|