1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-17 10:26:15 +00:00
Commit Graph

160 Commits

Author SHA1 Message Date
Conrad Meyer
d83db3fb6a Drop ed(1) "crypto"
You should not be using DES.  You should not have been using DES for the
past 30 years.

The ed DES-CBC scheme lacked several desirable properties of a sealed
document system, even ignoring DES itself.  In particular, it did not
provide the "integrity" cryptographic property (detection of tampering), and
it treated ASCII passwords as 64-bit keys (instead of using a KDF like
scrypt or PBKDF2).

Some general approaches ed(1) users might consider to replace the removed
DES mode:

1. Full disk encryption with something like AES-XTS.  This is easy to
conceptualize, design, and implement, and it provides confidentiality for
data at rest.  Like CBC, it lacks tampering protection.  Examples include
GELI, LUKS, FileVault2.

2. Encrypted overlay ("stackable") filesystems (EncFS, PEFS?, CryptoFS,
others).

3. Native encryption at the filesystem layer.  Ext4/F2FS, ZFS, APFS, and
NTFS all have some flavor of this.

4. Storing your files unencrypted.  It's not like DES was doing you much
good.

If you have DES-CBC scrambled files produced by ed(1) prior to this change,
you may decrypt them with:

  openssl des-cbc -d -iv 0 -K <key in hex> -in <inputfile> -out <plaintext>

Reviewed by:	allanjude, bapt, emaste
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D17829
2018-11-04 17:56:16 +00:00
Pedro F. Giffuni
8a16b7a18f General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2017-11-20 19:49:47 +00:00
Bryan Drewery
ea825d0274 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
Pedro F. Giffuni
be9e8bfaea ed(1): Allow the omission of one address in (.,.) and (.;.) address ranges
With this patch, ",n" is an abbreviation for "1,n", ";n" abbreviates
".;n". The "n," and "n;" variants mean "n,n" and "n;n", respectively.
Also, piping to a shell command does not count as a save, so don't reset
the modified flag.

Obtained from:	OpenBSD (CVS Rev. 1.58, 1.59)
2017-07-03 15:54:44 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
Allan Jude
39f8282b48 Remove bdes(1)
The use of DES for anything is discouraged, especially with a static IV of 0

If you still need bdes(1) to decrypt Kirk's video lectures, see
security/bdes in ports.

This commit brought to you by the FOSDEM DevSummit and the
"remove unneeded dependancies on openssl in base" working group

Reviewed by:	bapt, brnrd
Relnotes:	yes
Sponsored by:	FOSDEM DevSummit
Differential Revision:	https://reviews.freebsd.org/D9424
2017-02-06 08:27:19 +00:00
Baptiste Daroussin
b4b4b5304b Revert crap accidentally committed 2017-01-28 16:31:23 +00:00
Baptiste Daroussin
814aaaa7da Revert r312923 a better approach will be taken later 2017-01-28 16:30:14 +00:00
Pedro F. Giffuni
f50fae318d ed(1): drop redundant parenthesis.
These were Left-over from the cleanup in r309936.
2016-12-14 21:14:43 +00:00
Pedro F. Giffuni
8bd856de21 ed(1): Simplify some checks.
The return type for both fread(3) and fwrite(3) cannot be negative, this
renders some checks invalid and variable 'ct' unnecessary.
Also bump 'len' to size_t to avoid signed/unsigned comparison warnings.
2016-12-12 20:25:59 +00:00
Pedro F. Giffuni
27150ef8bc ed(1): Prevent possible overflows during allocation.
Make sure the parameters used for malloc(3) can hold size_t sizes.
This should help ed(1) handle bigger data in the future.

MFC after:	2 weeks
2016-12-12 03:46:40 +00:00
Sevan Janiyan
bc799c51a3 Use .At macro instead of specifying AT&T UNIX literaly.
PR:		212034
Approved by:	bcr (mentor)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D8114
2016-10-02 14:22:09 +00:00
Don Lewis
92a58a9246 Close the input FILE * in read_file() and the output FILE * in write_file()
if read_stream() or write_stream() fails to avoid leaking the FILE.

Reported by:	Coverity
CID:		977702
Reviewed by:	pfg
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D6554
2016-05-25 18:38:30 +00:00
Pedro F. Giffuni
0745a9c965 ed(1): simplify by using arc4random_buf().
Suggested by:	ed
2016-05-21 00:45:42 +00:00
Pedro F. Giffuni
d972b6d256 ed(1): Cleanups for the DES mode.
- Use arc4random_uniform(3).
- Prevent a segmentation fault when ed receives a signal
  while being in getpass(). [1]

Obtained from:	OpenBSD [1] (CVS Rev. 1.15)
MFC after:	2 weeks
2016-05-20 19:10:29 +00:00
Pedro F. Giffuni
8123f597e9 ed(1): switch two statements so we check the index before dereferencing.
This is related to r270256 but was missed in that occasion.

MFC after:	3 days
2016-04-26 14:31:48 +00:00
Glen Barber
ac2875fa16 Explicitly add unmarked bin/ binaries to the runtime package.
Note: tcsh(1) has a MK_TCSH=no test, so this should be a separate
package, which requires pre-install/post-install scripts, to be
added later.

Sponsored by:	The FreeBSD Foundation
2016-02-09 16:58:50 +00:00
Pedro F. Giffuni
6e8ef9cbb0 ed(1): Prevent possible string overflows
Use strlcpy instead of strncpy to guarantee NULL termination.

Pointed out by:	imp
CID:		1007252
X-MFC with:	r292454
2015-12-18 23:05:36 +00:00
Pedro F. Giffuni
bebd99b272 ed(1): Prevent possible string overflows
CID:		1007252
MFC after:	2 weeks
2015-12-18 21:58:42 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Simon J. Gerraty
98e0ffaefb Merge sync of head 2015-05-27 01:19:58 +00:00
Baptiste Daroussin
1517e5649b mdoc: escape Re 2015-04-26 10:03:05 +00:00
Eitan Adler
7d00295b1b ed(1): Fix [-Werror=logical-not-parentheses]
/usr/src/bin/ed/glbl.c:64:36: error: logical not is only applied to
	theleft hand side of comparison [-Werror=logical-not-parentheses]

Obtained from:	Dragonfly (1fff89cbaeaa43af720a1f23d9c466b756dd8a58)
MFC After:	1 month
2015-04-20 02:07:57 +00:00
Eitan Adler
e6743d31d3 bin/ed: use correct type in multiplication
The result is line_t** so the multiplication should be size *
	sizeof(line_t*)

MFC After:	1 month
2015-04-18 23:56:04 +00:00
Baptiste Daroussin
12cd1730ee Convert bin/ to LIBADD, reduce overlinking allow to build all components as
static
2014-11-25 11:15:40 +00:00
Simon J. Gerraty
9268022b74 Merge from head@274682 2014-11-19 01:07:58 +00:00
Pedro F. Giffuni
0fa46a4231 Always check the limits of array index variables before using them.
Obtained from:	DragonFlyBSD
MFC after:	1 week
2014-08-21 02:40:33 +00:00
Simon J. Gerraty
ee7b0571c2 Merge head from 7/28 2014-08-19 06:50:54 +00:00
Warner Losh
04efeffe99 When building picobsd, define WITHOUT_OPENSSL and WITHOUT_KERBEROS and
remove the now-redundant checks for RELEASE_CRUNCH. This originally
was defined for building smaller sysinstall images, but was later also
used by picobsd builds for a similar purpose. Now that we've moved
away from sysinstall, picobsd is the only remaining consumer of this
interface. Adding these two options reduces the RELEASE_CRUNCH
special cases in the tree by half.
2014-06-06 04:09:07 +00:00
Simon J. Gerraty
fae50821ae Updated dependencies 2014-05-16 14:09:51 +00:00
Simon J. Gerraty
cc3f4b9965 Merge from head 2014-05-08 23:54:15 +00:00
Warner Losh
c6063d0da8 Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
Simon J. Gerraty
d1d0158641 Merge from head 2013-09-05 20:18:59 +00:00
Tim Kientzle
9d40e340ea Fix a -Wunsequenced warning.
Submitted by:	dt71@gmx.com
2013-06-29 15:49:26 +00:00
Joel Dahl
2710751bc3 mdoc sweep. 2013-05-12 22:22:12 +00:00
Simon J. Gerraty
69e6d7b75e sync from head 2013-04-12 20:48:55 +00:00
John-Mark Gurney
699d72c5fc Fix compiling ed w/ WITHOUT_ED_CRYPTO... These variables aren't
used..

Submitted by:   deeptech71 at gmail dot com
2013-03-23 19:04:57 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
Simon J. Gerraty
23090366f7 Sync from head 2012-11-04 02:52:03 +00:00
Ed Schouten
bf70becee6 More -Wmissing-variable-declarations fixes.
In addition to adding `static' where possible:

- bin/date: Move `retval' into extern.h to make it visible to date.c.
- bin/ed: Move globally used variables into ed.h.
- sbin/camcontrol: Move `verbose' into camcontrol.h and fix shadow warnings.
- usr.bin/calendar: Remove unneeded variables.
- usr.bin/chat: Make `line' local instead of global.
- usr.bin/elfdump: Comment out unneeded function.
- usr.bin/rlogin: Use _Noreturn instead of __dead2.
- usr.bin/tset: Pull `Ospeed' into extern.h.
- usr.sbin/mfiutil: Put global variables in mfiutil.h.
- usr.sbin/pkg: Remove unused `os_corres'.
- usr.sbin/quotaon, usr.sbin/repquota: Remove unused `qfname'.
2012-10-19 14:49:42 +00:00
Ed Schouten
ae824d80f2 Fix warnings found by -Wmising-variable-declarations.
This self-written compiler warning, which is hopefully going to be
committed into LLVM sources soon, warns about potentially missing
`static' keywords, similar to -Wmissing-prototypes.

- bin/pax: Move external declaration of chdname and s_mask into extern.h.
- bin/setfacl: Move setfacl.c-specific stuff out of setfacl.h.
- sbin/mount_fusefs: Remove char *progname; use getprogname().
- others: add `static' where possible.
2012-10-19 05:43:38 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Marcel Moolenaar
aa39c44746 Add build option MK_ED_CRYPTO to control whether ed(1) is to have the
ability to encrypt/decrypt files. Embedded systems can typically have
OpenSSL, but not for ed(1) to use it.

Obtained from:	Juniper Networks, Inc.
2012-05-19 17:55:49 +00:00
Dimitry Andric
4bfc2007ab Fix some obtuse fprintf tricks in bin/ed.
MFC after:	1 week
2011-12-16 21:12:23 +00:00
Christian Brueffer
ae568477e7 Fix memory leaks in error cases.
PR:		159011
Submitted by:	Henning Petersen <henning.petersen@t-online.de>
Approved by:	re (kib)
MFC after:	1 week
2011-08-27 15:28:57 +00:00
Ulrich Spörlein
bf2fe08eea Fix some typos under bin/
Found by:	codespell
2011-05-22 14:03:46 +00:00
Rebecca Cran
f68fbfedc1 Fix typos.
PR:	docs/131625
Submitted by:	Andrew Wright <andrew at qemg.org>
MFC after:	1 month
2011-02-12 20:28:15 +00:00
Ulrich Spörlein
55fa734d20 ed(1): make WARNS=6 clean
Although argc and argv are never read after the longjmp is complete,
gcc is not clever enough to see that and needlessly warns about it.
So add volatile to silence the compiler.

Approved by:	ed (the co-mentor, not ed(1))
2010-03-04 16:08:01 +00:00