#
1.33 |
|
03-Jun-2023 |
lukem |
bsd.own.mk: rename GCC_NO_* to CC_WNO_*
Rename compiler-warning-disable variables from GCC_NO_warning to CC_WNO_warning where warning is the full warning name as used by the compiler.
GCC_NO_IMPLICIT_FALLTHRU is CC_WNO_IMPLICIT_FALLTHROUGH
Using the convention CC_compilerflag, where compilerflag is based on the full compiler flag name.
|
#
1.32 |
|
09-May-2023 |
christos |
Handle OpenSSL-3.x
|
Revision tags: netbsd-10-base cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
#
1.31 |
|
07-Mar-2021 |
christos |
Add blocklist support to libwrap which enables all programs using libwrap to block access from hosts we deny. (libwrap support from Greg A. Woods)
|
Revision tags: phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 phil-wifi-20191119
|
#
1.30 |
|
13-Oct-2019 |
mrg |
introduce some common variables for use in GCC warning disables:
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8) GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8) GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8) GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many of these are false positives, most of the real bugs are already commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the "-Wno-error=" form, which still displays the warnings but does not make it an error, and all of the above will be re-considered as either being "fix me" (warning still displayed) or "warning is wrong."
|
#
1.29 |
|
29-Sep-2019 |
mrg |
convert HAVE_GCC == 7 to HAVE_GCC >= 7.
|
Revision tags: netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base phil-wifi-20190609
|
#
1.28 |
|
04-Feb-2019 |
mrg |
use -Wno-error=format-truncation for code that seems particularly annoying or unlikely to actually fail. some of the syslogd ones are not too hard to fix, but most remain.
|
Revision tags: pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.27 |
|
09-Feb-2018 |
christos |
branches: 1.27.4; only set api compat for 1.0
|
#
1.26 |
|
08-Feb-2018 |
jakllsch |
define OPENSSL_API_COMPAT
(doesn't entirely unbreak build yet)
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base
|
#
1.25 |
|
21-May-2017 |
riastradh |
Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States classified cryptography as a munition and restricted its export. The export controls were substantially relaxed fifteen years ago, and are essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after its motivation -- the US export restriction -- was eliminated. I'm not aware of any other operating system that has a similar option; I expect it is mainly out of apathy for churn that we still have it. Today, cryptography is an essential part of modern computing -- you can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no representation that MKCRYPTO=no satisfies any country's cryptography regulations.
My personal position is that the availability of cryptography is a basic human right; that any local laws restricting it to a privileged few are fundamentally immoral; and that it is wrong for developers to spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of *bad* crypto that was conditional on it, e.g. DES in telnet... That should probably be removed too, but on the grounds that it is bad, not on the grounds that it is (nominally) crypto.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 tls-maxphys-base
|
#
1.24 |
|
06-Jun-2012 |
christos |
WARNS=4
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.23 |
|
09-Jun-2010 |
riz |
branches: 1.23.6; Allow syslogd to compile when MKCRYPTO=no. No promises as to whether it works or not, as this has been broken since late 2008, when the "encrypted connections" support was added to syslogd.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.22 |
|
22-Apr-2009 |
lukem |
Enable WARNS=4 by default, except for: cpuctl dumplfs hprop ipf iprop-log kadmin kcm kdc kdigest kimpersonate kstash ktutil makefs ndbootd ntp pppd quot racoon racoonctl rtadvd sntp sup tcpdchk tcpdmatch tcpdump traceroute traceroute6 user veriexecgen wsmoused zic (Mostly third-party applications)
|
#
1.21 |
|
31-Oct-2008 |
christos |
branches: 1.21.2; Import syslogd SoC project by Martin Schuette: - new syslog protocol api syslogp(3) that supports structured data and draft-rfc timestamps - reliable tcp connections with queueing - encrypted connections
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 mjf-devfs2-base wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base keiichi-mipv6-nbase keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.20 |
|
28-May-2007 |
tls |
Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to various string and memory copy and set functions (as well as a few system calls and other miscellany) where known at function entry. RedHat has evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in any code which includes the libc internals, because it overrides certain libc functions with macros. Some effort has been made to make USE_FORT=yes work correctly for a full-system build by having the bsd.sys.mk logic disable the feature where it should not be used (libc, libssp iteself, the kernel) but no attempt has been made to build the entire system with USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid, directly handle network data (including serial comm data), perform authentication, or appear likely to have (or have a history of having) data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default, with the exception of libc, which cannot use USE_FORT and thus uses only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no per-directory or in a system build will disable if desired.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-4-base netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.19 |
|
10-Jan-2005 |
lukem |
Only compile in IPv6 support if ${USE_INET6} != "no"
MKINET6 is for providing IPv6 infrastructure. USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE thorpej-syslogd-hack-base netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base fvdl_fs64_base
|
#
1.18 |
|
18-Sep-2002 |
lukem |
use NETBSDSRCDIR as appropriate
|
#
1.17 |
|
02-Aug-2002 |
christos |
add utmpx support;
|
#
1.16 |
|
09-Jun-2002 |
itojun |
no need for KAME_SCOPEID any longer
|
Revision tags: netbsd-1-6-PATCH002-RELEASE netbsd-1-6-PATCH002 netbsd-1-6-PATCH002-RC4 netbsd-1-6-PATCH002-RC3 netbsd-1-6-PATCH002-RC2 netbsd-1-6-PATCH002-RC1 netbsd-1-6-PATCH001 netbsd-1-6-PATCH001-RELEASE netbsd-1-6-PATCH001-RC3 netbsd-1-6-PATCH001-RC2 netbsd-1-6-PATCH001-RC1 netbsd-1-6-RELEASE netbsd-1-6-RC3 netbsd-1-6-RC2 netbsd-1-6-RC1 netbsd-1-6-base
|
#
1.15 |
|
01-Jul-2001 |
itojun |
-DLIBWRAP will enable libwrap-based filtering on UDP socket messages. PR 13348
|
Revision tags: netbsd-1-5-PATCH003 netbsd-1-5-PATCH002 netbsd-1-5-PATCH001 netbsd-1-5-RELEASE netbsd-1-5-BETA2 netbsd-1-5-BETA netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.14 |
|
02-Dec-1999 |
itojun |
IPv6 support in syslogd. actually we need library update as well. NetBSD PR #8934 from Feico Dillema <dillema@acm.org> (with memory leak fix).
|
Revision tags: netbsd-1-4-PATCH003 netbsd-1-4-PATCH002 comdex-fall-1999-base netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.13 |
|
19-Mar-1999 |
perry |
branches: 1.13.6; symlink /var/run/log to /dev/log for transition period.
|
#
1.12 |
|
10-Feb-1998 |
mrg |
nit: order rcsid/sccsids
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.11 |
|
18-Oct-1997 |
lukem |
enable WARNS=1 by default, but disable in unclean 3rd party code
|
#
1.10 |
|
01-Jul-1997 |
christos |
Add WARNS=1
|
#
1.9 |
|
29-Jun-1997 |
christos |
- Fix warnings - Use ttymsg from libutil.
|
#
1.8 |
|
08-May-1997 |
gwr |
Back out the .PATH.c changes. The .depend problem (and others) will be fixed using the new .NOPATH make feature instead.
|
#
1.7 |
|
06-May-1997 |
gwr |
Use .PATH.c: ...
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.6 |
|
02-Jan-1996 |
perry |
Merge/sync with 4.4lite2 -- just a change in version numbers and RCS id strings.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.5 |
|
22-Dec-1994 |
cgd |
specify man pages the new way.
|
Revision tags: netbsd-1-0-PATCH06 netbsd-1-0-PATCH05 netbsd-1-0-PATCH04 netbsd-1-0-PATCH03 netbsd-1-0-PATCH02 netbsd-1-0-PATCH1 netbsd-1-0-PATCH0 netbsd-1-0-RELEASE netbsd-1-0-base
|
#
1.4 |
|
28-Jan-1994 |
cgd |
don't need -lutil
|
#
1.3 |
|
30-Jul-1993 |
mycroft |
Add RCS identifiers.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base
|
#
1.2 |
|
15-Jun-1993 |
mycroft |
And a few more...
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.31 |
|
07-Mar-2021 |
christos |
Add blocklist support to libwrap which enables all programs using libwrap to block access from hosts we deny. (libwrap support from Greg A. Woods)
|
Revision tags: phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 phil-wifi-20191119
|
#
1.30 |
|
13-Oct-2019 |
mrg |
introduce some common variables for use in GCC warning disables:
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8) GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8) GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8) GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many of these are false positives, most of the real bugs are already commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the "-Wno-error=" form, which still displays the warnings but does not make it an error, and all of the above will be re-considered as either being "fix me" (warning still displayed) or "warning is wrong."
|
#
1.29 |
|
29-Sep-2019 |
mrg |
convert HAVE_GCC == 7 to HAVE_GCC >= 7.
|
Revision tags: netbsd-9-1-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base phil-wifi-20190609
|
#
1.28 |
|
04-Feb-2019 |
mrg |
use -Wno-error=format-truncation for code that seems particularly annoying or unlikely to actually fail. some of the syslogd ones are not too hard to fix, but most remain.
|
Revision tags: pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.27 |
|
09-Feb-2018 |
christos |
branches: 1.27.4; only set api compat for 1.0
|
#
1.26 |
|
08-Feb-2018 |
jakllsch |
define OPENSSL_API_COMPAT
(doesn't entirely unbreak build yet)
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base
|
#
1.25 |
|
21-May-2017 |
riastradh |
Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States classified cryptography as a munition and restricted its export. The export controls were substantially relaxed fifteen years ago, and are essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after its motivation -- the US export restriction -- was eliminated. I'm not aware of any other operating system that has a similar option; I expect it is mainly out of apathy for churn that we still have it. Today, cryptography is an essential part of modern computing -- you can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no representation that MKCRYPTO=no satisfies any country's cryptography regulations.
My personal position is that the availability of cryptography is a basic human right; that any local laws restricting it to a privileged few are fundamentally immoral; and that it is wrong for developers to spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of *bad* crypto that was conditional on it, e.g. DES in telnet... That should probably be removed too, but on the grounds that it is bad, not on the grounds that it is (nominally) crypto.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 tls-maxphys-base
|
#
1.24 |
|
06-Jun-2012 |
christos |
WARNS=4
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.23 |
|
09-Jun-2010 |
riz |
branches: 1.23.6; Allow syslogd to compile when MKCRYPTO=no. No promises as to whether it works or not, as this has been broken since late 2008, when the "encrypted connections" support was added to syslogd.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.22 |
|
22-Apr-2009 |
lukem |
Enable WARNS=4 by default, except for: cpuctl dumplfs hprop ipf iprop-log kadmin kcm kdc kdigest kimpersonate kstash ktutil makefs ndbootd ntp pppd quot racoon racoonctl rtadvd sntp sup tcpdchk tcpdmatch tcpdump traceroute traceroute6 user veriexecgen wsmoused zic (Mostly third-party applications)
|
#
1.21 |
|
31-Oct-2008 |
christos |
branches: 1.21.2; Import syslogd SoC project by Martin Schuette: - new syslog protocol api syslogp(3) that supports structured data and draft-rfc timestamps - reliable tcp connections with queueing - encrypted connections
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 mjf-devfs2-base wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base keiichi-mipv6-nbase keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.20 |
|
28-May-2007 |
tls |
Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to various string and memory copy and set functions (as well as a few system calls and other miscellany) where known at function entry. RedHat has evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in any code which includes the libc internals, because it overrides certain libc functions with macros. Some effort has been made to make USE_FORT=yes work correctly for a full-system build by having the bsd.sys.mk logic disable the feature where it should not be used (libc, libssp iteself, the kernel) but no attempt has been made to build the entire system with USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid, directly handle network data (including serial comm data), perform authentication, or appear likely to have (or have a history of having) data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default, with the exception of libc, which cannot use USE_FORT and thus uses only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no per-directory or in a system build will disable if desired.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-4-base netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.19 |
|
10-Jan-2005 |
lukem |
Only compile in IPv6 support if ${USE_INET6} != "no"
MKINET6 is for providing IPv6 infrastructure. USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE thorpej-syslogd-hack-base netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base fvdl_fs64_base
|
#
1.18 |
|
18-Sep-2002 |
lukem |
use NETBSDSRCDIR as appropriate
|
#
1.17 |
|
02-Aug-2002 |
christos |
add utmpx support;
|
#
1.16 |
|
09-Jun-2002 |
itojun |
no need for KAME_SCOPEID any longer
|
Revision tags: netbsd-1-6-PATCH002-RELEASE netbsd-1-6-PATCH002 netbsd-1-6-PATCH002-RC4 netbsd-1-6-PATCH002-RC3 netbsd-1-6-PATCH002-RC2 netbsd-1-6-PATCH002-RC1 netbsd-1-6-PATCH001 netbsd-1-6-PATCH001-RELEASE netbsd-1-6-PATCH001-RC3 netbsd-1-6-PATCH001-RC2 netbsd-1-6-PATCH001-RC1 netbsd-1-6-RELEASE netbsd-1-6-RC3 netbsd-1-6-RC2 netbsd-1-6-RC1 netbsd-1-6-base
|
#
1.15 |
|
01-Jul-2001 |
itojun |
-DLIBWRAP will enable libwrap-based filtering on UDP socket messages. PR 13348
|
Revision tags: netbsd-1-5-PATCH003 netbsd-1-5-PATCH002 netbsd-1-5-PATCH001 netbsd-1-5-RELEASE netbsd-1-5-BETA2 netbsd-1-5-BETA netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.14 |
|
02-Dec-1999 |
itojun |
IPv6 support in syslogd. actually we need library update as well. NetBSD PR #8934 from Feico Dillema <dillema@acm.org> (with memory leak fix).
|
Revision tags: netbsd-1-4-PATCH003 netbsd-1-4-PATCH002 comdex-fall-1999-base netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.13 |
|
19-Mar-1999 |
perry |
branches: 1.13.6; symlink /var/run/log to /dev/log for transition period.
|
#
1.12 |
|
10-Feb-1998 |
mrg |
nit: order rcsid/sccsids
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.11 |
|
18-Oct-1997 |
lukem |
enable WARNS=1 by default, but disable in unclean 3rd party code
|
#
1.10 |
|
01-Jul-1997 |
christos |
Add WARNS=1
|
#
1.9 |
|
29-Jun-1997 |
christos |
- Fix warnings - Use ttymsg from libutil.
|
#
1.8 |
|
08-May-1997 |
gwr |
Back out the .PATH.c changes. The .depend problem (and others) will be fixed using the new .NOPATH make feature instead.
|
#
1.7 |
|
06-May-1997 |
gwr |
Use .PATH.c: ...
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.6 |
|
02-Jan-1996 |
perry |
Merge/sync with 4.4lite2 -- just a change in version numbers and RCS id strings.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.5 |
|
22-Dec-1994 |
cgd |
specify man pages the new way.
|
Revision tags: netbsd-1-0-PATCH06 netbsd-1-0-PATCH05 netbsd-1-0-PATCH04 netbsd-1-0-PATCH03 netbsd-1-0-PATCH02 netbsd-1-0-PATCH1 netbsd-1-0-PATCH0 netbsd-1-0-RELEASE netbsd-1-0-base
|
#
1.4 |
|
28-Jan-1994 |
cgd |
don't need -lutil
|
#
1.3 |
|
30-Jul-1993 |
mycroft |
Add RCS identifiers.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base
|
#
1.2 |
|
15-Jun-1993 |
mycroft |
And a few more...
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.30 |
|
13-Oct-2019 |
mrg |
introduce some common variables for use in GCC warning disables:
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8) GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8) GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8) GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many of these are false positives, most of the real bugs are already commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the "-Wno-error=" form, which still displays the warnings but does not make it an error, and all of the above will be re-considered as either being "fix me" (warning still displayed) or "warning is wrong."
|
#
1.29 |
|
29-Sep-2019 |
mrg |
convert HAVE_GCC == 7 to HAVE_GCC >= 7.
|
Revision tags: netbsd-9-base phil-wifi-20190609
|
#
1.28 |
|
04-Feb-2019 |
mrg |
use -Wno-error=format-truncation for code that seems particularly annoying or unlikely to actually fail. some of the syslogd ones are not too hard to fix, but most remain.
|
Revision tags: pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.27 |
|
09-Feb-2018 |
christos |
branches: 1.27.4; only set api compat for 1.0
|
#
1.26 |
|
08-Feb-2018 |
jakllsch |
define OPENSSL_API_COMPAT
(doesn't entirely unbreak build yet)
|
Revision tags: netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base
|
#
1.25 |
|
21-May-2017 |
riastradh |
Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States classified cryptography as a munition and restricted its export. The export controls were substantially relaxed fifteen years ago, and are essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after its motivation -- the US export restriction -- was eliminated. I'm not aware of any other operating system that has a similar option; I expect it is mainly out of apathy for churn that we still have it. Today, cryptography is an essential part of modern computing -- you can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no representation that MKCRYPTO=no satisfies any country's cryptography regulations.
My personal position is that the availability of cryptography is a basic human right; that any local laws restricting it to a privileged few are fundamentally immoral; and that it is wrong for developers to spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of *bad* crypto that was conditional on it, e.g. DES in telnet... That should probably be removed too, but on the grounds that it is bad, not on the grounds that it is (nominally) crypto.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 tls-maxphys-base
|
#
1.24 |
|
06-Jun-2012 |
christos |
WARNS=4
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.23 |
|
09-Jun-2010 |
riz |
branches: 1.23.6; Allow syslogd to compile when MKCRYPTO=no. No promises as to whether it works or not, as this has been broken since late 2008, when the "encrypted connections" support was added to syslogd.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.22 |
|
22-Apr-2009 |
lukem |
Enable WARNS=4 by default, except for: cpuctl dumplfs hprop ipf iprop-log kadmin kcm kdc kdigest kimpersonate kstash ktutil makefs ndbootd ntp pppd quot racoon racoonctl rtadvd sntp sup tcpdchk tcpdmatch tcpdump traceroute traceroute6 user veriexecgen wsmoused zic (Mostly third-party applications)
|
#
1.21 |
|
31-Oct-2008 |
christos |
branches: 1.21.2; Import syslogd SoC project by Martin Schuette: - new syslog protocol api syslogp(3) that supports structured data and draft-rfc timestamps - reliable tcp connections with queueing - encrypted connections
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 mjf-devfs2-base wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base keiichi-mipv6-nbase keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.20 |
|
28-May-2007 |
tls |
Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to various string and memory copy and set functions (as well as a few system calls and other miscellany) where known at function entry. RedHat has evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in any code which includes the libc internals, because it overrides certain libc functions with macros. Some effort has been made to make USE_FORT=yes work correctly for a full-system build by having the bsd.sys.mk logic disable the feature where it should not be used (libc, libssp iteself, the kernel) but no attempt has been made to build the entire system with USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid, directly handle network data (including serial comm data), perform authentication, or appear likely to have (or have a history of having) data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default, with the exception of libc, which cannot use USE_FORT and thus uses only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no per-directory or in a system build will disable if desired.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-4-base netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.19 |
|
10-Jan-2005 |
lukem |
Only compile in IPv6 support if ${USE_INET6} != "no"
MKINET6 is for providing IPv6 infrastructure. USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE thorpej-syslogd-hack-base netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base fvdl_fs64_base
|
#
1.18 |
|
18-Sep-2002 |
lukem |
use NETBSDSRCDIR as appropriate
|
#
1.17 |
|
02-Aug-2002 |
christos |
add utmpx support;
|
#
1.16 |
|
09-Jun-2002 |
itojun |
no need for KAME_SCOPEID any longer
|
Revision tags: netbsd-1-6-PATCH002-RELEASE netbsd-1-6-PATCH002 netbsd-1-6-PATCH002-RC4 netbsd-1-6-PATCH002-RC3 netbsd-1-6-PATCH002-RC2 netbsd-1-6-PATCH002-RC1 netbsd-1-6-PATCH001 netbsd-1-6-PATCH001-RELEASE netbsd-1-6-PATCH001-RC3 netbsd-1-6-PATCH001-RC2 netbsd-1-6-PATCH001-RC1 netbsd-1-6-RELEASE netbsd-1-6-RC3 netbsd-1-6-RC2 netbsd-1-6-RC1 netbsd-1-6-base
|
#
1.15 |
|
01-Jul-2001 |
itojun |
-DLIBWRAP will enable libwrap-based filtering on UDP socket messages. PR 13348
|
Revision tags: netbsd-1-5-PATCH003 netbsd-1-5-PATCH002 netbsd-1-5-PATCH001 netbsd-1-5-RELEASE netbsd-1-5-BETA2 netbsd-1-5-BETA netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.14 |
|
02-Dec-1999 |
itojun |
IPv6 support in syslogd. actually we need library update as well. NetBSD PR #8934 from Feico Dillema <dillema@acm.org> (with memory leak fix).
|
Revision tags: netbsd-1-4-PATCH003 netbsd-1-4-PATCH002 comdex-fall-1999-base netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.13 |
|
19-Mar-1999 |
perry |
branches: 1.13.6; symlink /var/run/log to /dev/log for transition period.
|
#
1.12 |
|
10-Feb-1998 |
mrg |
nit: order rcsid/sccsids
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.11 |
|
18-Oct-1997 |
lukem |
enable WARNS=1 by default, but disable in unclean 3rd party code
|
#
1.10 |
|
01-Jul-1997 |
christos |
Add WARNS=1
|
#
1.9 |
|
29-Jun-1997 |
christos |
- Fix warnings - Use ttymsg from libutil.
|
#
1.8 |
|
08-May-1997 |
gwr |
Back out the .PATH.c changes. The .depend problem (and others) will be fixed using the new .NOPATH make feature instead.
|
#
1.7 |
|
06-May-1997 |
gwr |
Use .PATH.c: ...
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.6 |
|
02-Jan-1996 |
perry |
Merge/sync with 4.4lite2 -- just a change in version numbers and RCS id strings.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.5 |
|
22-Dec-1994 |
cgd |
specify man pages the new way.
|
Revision tags: netbsd-1-0-PATCH06 netbsd-1-0-PATCH05 netbsd-1-0-PATCH04 netbsd-1-0-PATCH03 netbsd-1-0-PATCH02 netbsd-1-0-PATCH1 netbsd-1-0-PATCH0 netbsd-1-0-RELEASE netbsd-1-0-base
|
#
1.4 |
|
28-Jan-1994 |
cgd |
don't need -lutil
|
#
1.3 |
|
30-Jul-1993 |
mycroft |
Add RCS identifiers.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base
|
#
1.2 |
|
15-Jun-1993 |
mycroft |
And a few more...
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.29 |
|
29-Sep-2019 |
mrg |
convert HAVE_GCC == 7 to HAVE_GCC >= 7.
|
Revision tags: netbsd-9-base phil-wifi-20190609
|
#
1.28 |
|
04-Feb-2019 |
mrg |
use -Wno-error=format-truncation for code that seems particularly annoying or unlikely to actually fail. some of the syslogd ones are not too hard to fix, but most remain.
|
Revision tags: pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.27 |
|
09-Feb-2018 |
christos |
branches: 1.27.4; only set api compat for 1.0
|
#
1.26 |
|
08-Feb-2018 |
jakllsch |
define OPENSSL_API_COMPAT
(doesn't entirely unbreak build yet)
|
Revision tags: netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base
|
#
1.25 |
|
21-May-2017 |
riastradh |
Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States classified cryptography as a munition and restricted its export. The export controls were substantially relaxed fifteen years ago, and are essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after its motivation -- the US export restriction -- was eliminated. I'm not aware of any other operating system that has a similar option; I expect it is mainly out of apathy for churn that we still have it. Today, cryptography is an essential part of modern computing -- you can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no representation that MKCRYPTO=no satisfies any country's cryptography regulations.
My personal position is that the availability of cryptography is a basic human right; that any local laws restricting it to a privileged few are fundamentally immoral; and that it is wrong for developers to spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of *bad* crypto that was conditional on it, e.g. DES in telnet... That should probably be removed too, but on the grounds that it is bad, not on the grounds that it is (nominally) crypto.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 tls-maxphys-base
|
#
1.24 |
|
06-Jun-2012 |
christos |
WARNS=4
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.23 |
|
09-Jun-2010 |
riz |
branches: 1.23.6; Allow syslogd to compile when MKCRYPTO=no. No promises as to whether it works or not, as this has been broken since late 2008, when the "encrypted connections" support was added to syslogd.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.22 |
|
22-Apr-2009 |
lukem |
Enable WARNS=4 by default, except for: cpuctl dumplfs hprop ipf iprop-log kadmin kcm kdc kdigest kimpersonate kstash ktutil makefs ndbootd ntp pppd quot racoon racoonctl rtadvd sntp sup tcpdchk tcpdmatch tcpdump traceroute traceroute6 user veriexecgen wsmoused zic (Mostly third-party applications)
|
#
1.21 |
|
31-Oct-2008 |
christos |
branches: 1.21.2; Import syslogd SoC project by Martin Schuette: - new syslog protocol api syslogp(3) that supports structured data and draft-rfc timestamps - reliable tcp connections with queueing - encrypted connections
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 mjf-devfs2-base wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base keiichi-mipv6-nbase keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.20 |
|
28-May-2007 |
tls |
Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to various string and memory copy and set functions (as well as a few system calls and other miscellany) where known at function entry. RedHat has evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in any code which includes the libc internals, because it overrides certain libc functions with macros. Some effort has been made to make USE_FORT=yes work correctly for a full-system build by having the bsd.sys.mk logic disable the feature where it should not be used (libc, libssp iteself, the kernel) but no attempt has been made to build the entire system with USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid, directly handle network data (including serial comm data), perform authentication, or appear likely to have (or have a history of having) data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default, with the exception of libc, which cannot use USE_FORT and thus uses only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no per-directory or in a system build will disable if desired.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-4-base netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.19 |
|
10-Jan-2005 |
lukem |
Only compile in IPv6 support if ${USE_INET6} != "no"
MKINET6 is for providing IPv6 infrastructure. USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE thorpej-syslogd-hack-base netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base fvdl_fs64_base
|
#
1.18 |
|
18-Sep-2002 |
lukem |
use NETBSDSRCDIR as appropriate
|
#
1.17 |
|
02-Aug-2002 |
christos |
add utmpx support;
|
#
1.16 |
|
09-Jun-2002 |
itojun |
no need for KAME_SCOPEID any longer
|
Revision tags: netbsd-1-6-PATCH002-RELEASE netbsd-1-6-PATCH002 netbsd-1-6-PATCH002-RC4 netbsd-1-6-PATCH002-RC3 netbsd-1-6-PATCH002-RC2 netbsd-1-6-PATCH002-RC1 netbsd-1-6-PATCH001 netbsd-1-6-PATCH001-RELEASE netbsd-1-6-PATCH001-RC3 netbsd-1-6-PATCH001-RC2 netbsd-1-6-PATCH001-RC1 netbsd-1-6-RELEASE netbsd-1-6-RC3 netbsd-1-6-RC2 netbsd-1-6-RC1 netbsd-1-6-base
|
#
1.15 |
|
01-Jul-2001 |
itojun |
-DLIBWRAP will enable libwrap-based filtering on UDP socket messages. PR 13348
|
Revision tags: netbsd-1-5-PATCH003 netbsd-1-5-PATCH002 netbsd-1-5-PATCH001 netbsd-1-5-RELEASE netbsd-1-5-BETA2 netbsd-1-5-BETA netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.14 |
|
02-Dec-1999 |
itojun |
IPv6 support in syslogd. actually we need library update as well. NetBSD PR #8934 from Feico Dillema <dillema@acm.org> (with memory leak fix).
|
Revision tags: netbsd-1-4-PATCH003 netbsd-1-4-PATCH002 comdex-fall-1999-base netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.13 |
|
19-Mar-1999 |
perry |
branches: 1.13.6; symlink /var/run/log to /dev/log for transition period.
|
#
1.12 |
|
10-Feb-1998 |
mrg |
nit: order rcsid/sccsids
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.11 |
|
18-Oct-1997 |
lukem |
enable WARNS=1 by default, but disable in unclean 3rd party code
|
#
1.10 |
|
01-Jul-1997 |
christos |
Add WARNS=1
|
#
1.9 |
|
29-Jun-1997 |
christos |
- Fix warnings - Use ttymsg from libutil.
|
#
1.8 |
|
08-May-1997 |
gwr |
Back out the .PATH.c changes. The .depend problem (and others) will be fixed using the new .NOPATH make feature instead.
|
#
1.7 |
|
06-May-1997 |
gwr |
Use .PATH.c: ...
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.6 |
|
02-Jan-1996 |
perry |
Merge/sync with 4.4lite2 -- just a change in version numbers and RCS id strings.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.5 |
|
22-Dec-1994 |
cgd |
specify man pages the new way.
|
Revision tags: netbsd-1-0-PATCH06 netbsd-1-0-PATCH05 netbsd-1-0-PATCH04 netbsd-1-0-PATCH03 netbsd-1-0-PATCH02 netbsd-1-0-PATCH1 netbsd-1-0-PATCH0 netbsd-1-0-RELEASE netbsd-1-0-base
|
#
1.4 |
|
28-Jan-1994 |
cgd |
don't need -lutil
|
#
1.3 |
|
30-Jul-1993 |
mycroft |
Add RCS identifiers.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base
|
#
1.2 |
|
15-Jun-1993 |
mycroft |
And a few more...
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.28 |
|
04-Feb-2019 |
mrg |
use -Wno-error=format-truncation for code that seems particularly annoying or unlikely to actually fail. some of the syslogd ones are not too hard to fix, but most remain.
|
Revision tags: pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.27 |
|
09-Feb-2018 |
christos |
only set api compat for 1.0
|
#
1.26 |
|
08-Feb-2018 |
jakllsch |
define OPENSSL_API_COMPAT
(doesn't entirely unbreak build yet)
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base
|
#
1.25 |
|
21-May-2017 |
riastradh |
Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States classified cryptography as a munition and restricted its export. The export controls were substantially relaxed fifteen years ago, and are essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after its motivation -- the US export restriction -- was eliminated. I'm not aware of any other operating system that has a similar option; I expect it is mainly out of apathy for churn that we still have it. Today, cryptography is an essential part of modern computing -- you can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no representation that MKCRYPTO=no satisfies any country's cryptography regulations.
My personal position is that the availability of cryptography is a basic human right; that any local laws restricting it to a privileged few are fundamentally immoral; and that it is wrong for developers to spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of *bad* crypto that was conditional on it, e.g. DES in telnet... That should probably be removed too, but on the grounds that it is bad, not on the grounds that it is (nominally) crypto.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 tls-maxphys-base
|
#
1.24 |
|
06-Jun-2012 |
christos |
WARNS=4
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.23 |
|
09-Jun-2010 |
riz |
branches: 1.23.6; Allow syslogd to compile when MKCRYPTO=no. No promises as to whether it works or not, as this has been broken since late 2008, when the "encrypted connections" support was added to syslogd.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.22 |
|
22-Apr-2009 |
lukem |
Enable WARNS=4 by default, except for: cpuctl dumplfs hprop ipf iprop-log kadmin kcm kdc kdigest kimpersonate kstash ktutil makefs ndbootd ntp pppd quot racoon racoonctl rtadvd sntp sup tcpdchk tcpdmatch tcpdump traceroute traceroute6 user veriexecgen wsmoused zic (Mostly third-party applications)
|
#
1.21 |
|
31-Oct-2008 |
christos |
branches: 1.21.2; Import syslogd SoC project by Martin Schuette: - new syslog protocol api syslogp(3) that supports structured data and draft-rfc timestamps - reliable tcp connections with queueing - encrypted connections
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 mjf-devfs2-base wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base keiichi-mipv6-nbase keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.20 |
|
28-May-2007 |
tls |
Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to various string and memory copy and set functions (as well as a few system calls and other miscellany) where known at function entry. RedHat has evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in any code which includes the libc internals, because it overrides certain libc functions with macros. Some effort has been made to make USE_FORT=yes work correctly for a full-system build by having the bsd.sys.mk logic disable the feature where it should not be used (libc, libssp iteself, the kernel) but no attempt has been made to build the entire system with USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid, directly handle network data (including serial comm data), perform authentication, or appear likely to have (or have a history of having) data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default, with the exception of libc, which cannot use USE_FORT and thus uses only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no per-directory or in a system build will disable if desired.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-4-base netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.19 |
|
10-Jan-2005 |
lukem |
Only compile in IPv6 support if ${USE_INET6} != "no"
MKINET6 is for providing IPv6 infrastructure. USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE thorpej-syslogd-hack-base netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base fvdl_fs64_base
|
#
1.18 |
|
18-Sep-2002 |
lukem |
use NETBSDSRCDIR as appropriate
|
#
1.17 |
|
02-Aug-2002 |
christos |
add utmpx support;
|
#
1.16 |
|
09-Jun-2002 |
itojun |
no need for KAME_SCOPEID any longer
|
Revision tags: netbsd-1-6-PATCH002-RELEASE netbsd-1-6-PATCH002 netbsd-1-6-PATCH002-RC4 netbsd-1-6-PATCH002-RC3 netbsd-1-6-PATCH002-RC2 netbsd-1-6-PATCH002-RC1 netbsd-1-6-PATCH001 netbsd-1-6-PATCH001-RELEASE netbsd-1-6-PATCH001-RC3 netbsd-1-6-PATCH001-RC2 netbsd-1-6-PATCH001-RC1 netbsd-1-6-RELEASE netbsd-1-6-RC3 netbsd-1-6-RC2 netbsd-1-6-RC1 netbsd-1-6-base
|
#
1.15 |
|
01-Jul-2001 |
itojun |
-DLIBWRAP will enable libwrap-based filtering on UDP socket messages. PR 13348
|
Revision tags: netbsd-1-5-PATCH003 netbsd-1-5-PATCH002 netbsd-1-5-PATCH001 netbsd-1-5-RELEASE netbsd-1-5-BETA2 netbsd-1-5-BETA netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.14 |
|
02-Dec-1999 |
itojun |
IPv6 support in syslogd. actually we need library update as well. NetBSD PR #8934 from Feico Dillema <dillema@acm.org> (with memory leak fix).
|
Revision tags: netbsd-1-4-PATCH003 netbsd-1-4-PATCH002 comdex-fall-1999-base netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.13 |
|
19-Mar-1999 |
perry |
branches: 1.13.6; symlink /var/run/log to /dev/log for transition period.
|
#
1.12 |
|
10-Feb-1998 |
mrg |
nit: order rcsid/sccsids
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.11 |
|
18-Oct-1997 |
lukem |
enable WARNS=1 by default, but disable in unclean 3rd party code
|
#
1.10 |
|
01-Jul-1997 |
christos |
Add WARNS=1
|
#
1.9 |
|
29-Jun-1997 |
christos |
- Fix warnings - Use ttymsg from libutil.
|
#
1.8 |
|
08-May-1997 |
gwr |
Back out the .PATH.c changes. The .depend problem (and others) will be fixed using the new .NOPATH make feature instead.
|
#
1.7 |
|
06-May-1997 |
gwr |
Use .PATH.c: ...
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.6 |
|
02-Jan-1996 |
perry |
Merge/sync with 4.4lite2 -- just a change in version numbers and RCS id strings.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.5 |
|
22-Dec-1994 |
cgd |
specify man pages the new way.
|
Revision tags: netbsd-1-0-PATCH06 netbsd-1-0-PATCH05 netbsd-1-0-PATCH04 netbsd-1-0-PATCH03 netbsd-1-0-PATCH02 netbsd-1-0-PATCH1 netbsd-1-0-PATCH0 netbsd-1-0-RELEASE netbsd-1-0-base
|
#
1.4 |
|
28-Jan-1994 |
cgd |
don't need -lutil
|
#
1.3 |
|
30-Jul-1993 |
mycroft |
Add RCS identifiers.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base
|
#
1.2 |
|
15-Jun-1993 |
mycroft |
And a few more...
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.27 |
|
09-Feb-2018 |
christos |
only set api compat for 1.0
|
#
1.26 |
|
08-Feb-2018 |
jakllsch |
define OPENSSL_API_COMPAT
(doesn't entirely unbreak build yet)
|
Revision tags: matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base
|
#
1.25 |
|
21-May-2017 |
riastradh |
Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States classified cryptography as a munition and restricted its export. The export controls were substantially relaxed fifteen years ago, and are essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after its motivation -- the US export restriction -- was eliminated. I'm not aware of any other operating system that has a similar option; I expect it is mainly out of apathy for churn that we still have it. Today, cryptography is an essential part of modern computing -- you can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no representation that MKCRYPTO=no satisfies any country's cryptography regulations.
My personal position is that the availability of cryptography is a basic human right; that any local laws restricting it to a privileged few are fundamentally immoral; and that it is wrong for developers to spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of *bad* crypto that was conditional on it, e.g. DES in telnet... That should probably be removed too, but on the grounds that it is bad, not on the grounds that it is (nominally) crypto.
|
Revision tags: netbsd-7-1-1-RELEASE prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 tls-maxphys-base
|
#
1.24 |
|
06-Jun-2012 |
christos |
WARNS=4
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.23 |
|
09-Jun-2010 |
riz |
branches: 1.23.6; Allow syslogd to compile when MKCRYPTO=no. No promises as to whether it works or not, as this has been broken since late 2008, when the "encrypted connections" support was added to syslogd.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.22 |
|
22-Apr-2009 |
lukem |
Enable WARNS=4 by default, except for: cpuctl dumplfs hprop ipf iprop-log kadmin kcm kdc kdigest kimpersonate kstash ktutil makefs ndbootd ntp pppd quot racoon racoonctl rtadvd sntp sup tcpdchk tcpdmatch tcpdump traceroute traceroute6 user veriexecgen wsmoused zic (Mostly third-party applications)
|
#
1.21 |
|
31-Oct-2008 |
christos |
branches: 1.21.2; Import syslogd SoC project by Martin Schuette: - new syslog protocol api syslogp(3) that supports structured data and draft-rfc timestamps - reliable tcp connections with queueing - encrypted connections
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 mjf-devfs2-base wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base keiichi-mipv6-nbase keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.20 |
|
28-May-2007 |
tls |
Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to various string and memory copy and set functions (as well as a few system calls and other miscellany) where known at function entry. RedHat has evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in any code which includes the libc internals, because it overrides certain libc functions with macros. Some effort has been made to make USE_FORT=yes work correctly for a full-system build by having the bsd.sys.mk logic disable the feature where it should not be used (libc, libssp iteself, the kernel) but no attempt has been made to build the entire system with USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid, directly handle network data (including serial comm data), perform authentication, or appear likely to have (or have a history of having) data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default, with the exception of libc, which cannot use USE_FORT and thus uses only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no per-directory or in a system build will disable if desired.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-4-base netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.19 |
|
10-Jan-2005 |
lukem |
Only compile in IPv6 support if ${USE_INET6} != "no"
MKINET6 is for providing IPv6 infrastructure. USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE thorpej-syslogd-hack-base netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base fvdl_fs64_base
|
#
1.18 |
|
18-Sep-2002 |
lukem |
use NETBSDSRCDIR as appropriate
|
#
1.17 |
|
02-Aug-2002 |
christos |
add utmpx support;
|
#
1.16 |
|
09-Jun-2002 |
itojun |
no need for KAME_SCOPEID any longer
|
Revision tags: netbsd-1-6-PATCH002-RELEASE netbsd-1-6-PATCH002 netbsd-1-6-PATCH002-RC4 netbsd-1-6-PATCH002-RC3 netbsd-1-6-PATCH002-RC2 netbsd-1-6-PATCH002-RC1 netbsd-1-6-PATCH001 netbsd-1-6-PATCH001-RELEASE netbsd-1-6-PATCH001-RC3 netbsd-1-6-PATCH001-RC2 netbsd-1-6-PATCH001-RC1 netbsd-1-6-RELEASE netbsd-1-6-RC3 netbsd-1-6-RC2 netbsd-1-6-RC1 netbsd-1-6-base
|
#
1.15 |
|
01-Jul-2001 |
itojun |
-DLIBWRAP will enable libwrap-based filtering on UDP socket messages. PR 13348
|
Revision tags: netbsd-1-5-PATCH003 netbsd-1-5-PATCH002 netbsd-1-5-PATCH001 netbsd-1-5-RELEASE netbsd-1-5-BETA2 netbsd-1-5-BETA netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.14 |
|
02-Dec-1999 |
itojun |
IPv6 support in syslogd. actually we need library update as well. NetBSD PR #8934 from Feico Dillema <dillema@acm.org> (with memory leak fix).
|
Revision tags: netbsd-1-4-PATCH003 netbsd-1-4-PATCH002 comdex-fall-1999-base netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.13 |
|
19-Mar-1999 |
perry |
branches: 1.13.6; symlink /var/run/log to /dev/log for transition period.
|
#
1.12 |
|
10-Feb-1998 |
mrg |
nit: order rcsid/sccsids
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.11 |
|
18-Oct-1997 |
lukem |
enable WARNS=1 by default, but disable in unclean 3rd party code
|
#
1.10 |
|
01-Jul-1997 |
christos |
Add WARNS=1
|
#
1.9 |
|
29-Jun-1997 |
christos |
- Fix warnings - Use ttymsg from libutil.
|
#
1.8 |
|
08-May-1997 |
gwr |
Back out the .PATH.c changes. The .depend problem (and others) will be fixed using the new .NOPATH make feature instead.
|
#
1.7 |
|
06-May-1997 |
gwr |
Use .PATH.c: ...
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.6 |
|
02-Jan-1996 |
perry |
Merge/sync with 4.4lite2 -- just a change in version numbers and RCS id strings.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.5 |
|
22-Dec-1994 |
cgd |
specify man pages the new way.
|
Revision tags: netbsd-1-0-PATCH06 netbsd-1-0-PATCH05 netbsd-1-0-PATCH04 netbsd-1-0-PATCH03 netbsd-1-0-PATCH02 netbsd-1-0-PATCH1 netbsd-1-0-PATCH0 netbsd-1-0-RELEASE netbsd-1-0-base
|
#
1.4 |
|
28-Jan-1994 |
cgd |
don't need -lutil
|
#
1.3 |
|
30-Jul-1993 |
mycroft |
Add RCS identifiers.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base
|
#
1.2 |
|
15-Jun-1993 |
mycroft |
And a few more...
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|