#
303975 |
|
11-Aug-2016 |
gjb |
Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, and rename it to RC1.
Update __FreeBSD_version.
Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and the dvd1.iso packages population.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
302408 |
|
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
275042 |
|
25-Nov-2014 |
bapt |
Convert to usr.bin/ to LIBADD Reduce overlinking
|
#
270168 |
|
19-Aug-2014 |
bdrewery |
Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other build-only utility libraries. 2. Another 40% is fixed by generating _pic.a variants of various libraries. 3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR) where it never would work anyhow, such as csu or loader. This suggests there may be better ways of adding support to the tree. Many of these cases can be fixed such that -fPIE will work but there is really no reason to have it in those cases. 4. Some of the uses are working around hacks done to some Makefiles that are really building libraries but have been using bsd.prog.mk because the code is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers (such as ports). For in-tree though we probably want to only enable PIE (opt-in) for common attack targets such as remote service daemons and setuid utilities. This is also a great performance compromise since ASLR is expected to reduce performance. As such it does not make sense to enable it in all utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
|
#
267233 |
|
08-Jun-2014 |
bdrewery |
In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html Submitted by: Shawn Webb <lattera@gmail.com> Discussed between: des@ and Shawn Webb [2]
|
#
233294 |
|
22-Mar-2012 |
stas |
- Update FreeBSD Heimdal distribution to version 1.5.1. This also brings several new kerberos related libraries and applications to FreeBSD: o kgetcred(1) allows one to manually get a ticket for a particular service. o kf(1) securily forwards ticket to another host through an authenticated and encrypted stream. o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1) and other user kerberos operations. klist and kswitch are just symlinks to kcc(1) now. o kswitch(1) allows you to easily switch between kerberos credentials if you're running KCM. o hxtool(1) is a certificate management tool to use with PKINIT. o string2key(1) maps a password into key. o kdigest(8) is a userland tool to access the KDC's digest interface. o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings disabled due to the function they use (krb5_get_err_text(3)) being deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version and install it as libheimsqlite. If some other FreeBSD components will require it in the future we can rename it to libbsdsqlite and use for these components as well.
- This is not a latest Heimdal version, the new one was released while I was working on the update. I will update it to 1.5.2 soon, as it fixes some important bugs and security issues.
|
#
201386 |
|
02-Jan-2010 |
ed |
Build usr.bin/ with WARNS=6 by default.
Also add some missing $FreeBSD$ to keep svn happy.
|
#
151328 |
|
14-Oct-2005 |
ru |
Style: move .PATH to where it belongs.
|
#
50881 |
|
04-Sep-1999 |
markm |
Build this from contrib/ now.
|
#
50477 |
|
28-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
35701 |
|
04-May-1998 |
bde |
Simplified using new yacc rules and by not generating y.tab.h. The lex source is still handled bogusly.
|
#
34708 |
|
20-Mar-1998 |
bde |
Don't use beforedepend to break things. The usual fix of putting generated sources in SRCS breaks because compile_et uses an evil include of one .c file in another. Use a worse fix. Perhaps DPSRCS is useful after all.
Don't put *.y in SRCS. Put the generated file in SRCS instead. This fixes incomplete dependencies (mkdep can't work on *.y).
Don't override the default .l.c rule. Just use LFLAGS.
Fixed some style bugs.
|
#
23012 |
|
22-Feb-1997 |
peter |
Revert $FreeBSD$ to $Id$
|
#
21673 |
|
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
#
6255 |
|
09-Feb-1995 |
jkh |
Add y.tab.h to CLEANFILES.
|
#
5625 |
|
14-Jan-1995 |
wollman |
Fix include directive bobble.
|
#
5624 |
|
14-Jan-1995 |
wollman |
Upgrade to latest released SIPB version I can find. (Unfortunately, the original releases were not numbered.)
|
#
5617 |
|
14-Jan-1995 |
wollman |
Slight makefile cleanup.
|
#
3238 |
|
30-Sep-1994 |
csgr |
This commit was generated by cvs2svn to compensate for changes in r3237, which included commits to RCS files with non-trunk default branches.
|
#
3237 |
|
30-Sep-1994 |
csgr |
Initial import of eBones. (Including all changes for FreeBSD - importing the original eBones distribution would be too complex at this stage, since I don't have access to Piero's CVS.) (If you want to include eBones in your system, don't forget to include MAKE_EBONES in /etc/make.conf.) (This stuff is now also suppable from braae.ru.ac.za.)
Bones originally from MIT SIPB. Original port to FreeBSD 1.x by Piero Serini. Moved to FreeBSD 2.0 by Doug Rabson and Geoff Rehmet. Nice bug fixes from Doug Rabson.
|