| #
e9ac4169 |
| 15-Jul-2024 |
Warner Losh <imp@FreeBSD.org> |
Remove residual blank line at start of Makefile
This is a residual of the $FreeBSD$ removal.
MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix
|
|
Revision tags: release/14.1.0, release/13.3.0 |
|
| #
3091cdb1 |
| 12-Jan-2024 |
Cy Schubert <cy@FreeBSD.org> |
Revert "kerberos: Fix numerous segfaults when using weak crypto"
This revision breaks Linux and MacOS cross builds because
TARGET_ENDIANNESS is not define during bootstrapping on these
platforms.
I
Revert "kerberos: Fix numerous segfaults when using weak crypto"
This revision breaks Linux and MacOS cross builds because
TARGET_ENDIANNESS is not define during bootstrapping on these
platforms.
I think the correct approach would be to separate the new
fbsd_ossl_provider_load() and unload functions into their own
library (instead of libroken). This avoids the less desirable
option of including bsd.cpu.mk in secure/lib/Makefile.common,
which does build but could complicate future work.
Reported by: jrtc27
This reverts commit cb350ba7bf7ca7c4cb97ed2c20ab45af60382cfb.
show more ...
|
| #
cb350ba7 |
| 06-Dec-2023 |
Cy Schubert <cy@FreeBSD.org> |
kerberos: Fix numerous segfaults when using weak crypto
Weak crypto is provided by the openssl legacy provider which is
not load by default. Load the legacy providers as needed.
When the legacy pro
kerberos: Fix numerous segfaults when using weak crypto
Weak crypto is provided by the openssl legacy provider which is
not load by default. Load the legacy providers as needed.
When the legacy provider is loaded into the default context the default
provider will no longer be automatically loaded. Without the default
provider the various kerberos applicaions and functions will abort().
PR: 272835
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D43009
Tested by: netchild, Joerg Pulz <Joerg.Pulz@frm2.tum.de>
show more ...
|
|
Revision tags: release/14.0.0 |
|
| #
d0b2dbfa |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0 |
|
| #
a30235a4 |
| 02-Sep-2021 |
Emmanuel Vadot <manu@FreeBSD.org> |
pkgbase: Create a FreeBSD-kerberos package
This allows users to install or not kerberos related utilities
and libs.
Differential Revision: https://reviews.freebsd.org/D31801
|
|
Revision tags: release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0 |
|
| #
40343be5 |
| 14-Jan-2019 |
Yoshihiro Takahashi <nyan@FreeBSD.org> |
Use ${SRCTOP}/contrib/com_err/com_err.h instead of the installed com_err.h.
This fixes build when com_err.h is not installed.
PR: 234691
MFC after: 1 week
|
|
Revision tags: release/12.0.0, release/11.2.0, release/10.4.0, release/11.1.0, release/11.0.1, release/11.0.0, release/10.3.0 |
|
| #
11d38a57 |
| 28-Oct-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Merge from head
Sponsored by: Gandi.net
|
| #
becbad1f |
| 13-Oct-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Merge from head
|
| #
b5ff185e |
| 12-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Merge from head
|
| #
00176600 |
| 09-Sep-2015 |
Navdeep Parhar <np@FreeBSD.org> |
Merge r286744-r287584 from head.
|
| #
d9442b10 |
| 05-Sep-2015 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r286858 through r287489.
|
| #
7525abf8 |
| 27-Aug-2015 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
Move setting of LDFLAGS to the modules which require it actually, as
other kerberos5 modules do so.
|
|
Revision tags: release/10.2.0 |
|
| #
98e0ffae |
| 27-May-2015 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge sync of head
|
| #
d899be7d |
| 19-Jan-2015 |
Glen Barber <gjb@FreeBSD.org> |
Reintegrate head: r274132-r277384
Sponsored by: The FreeBSD Foundation
|
| #
8f0ea33f |
| 13-Jan-2015 |
Glen Barber <gjb@FreeBSD.org> |
Reintegrate head revisions r273096-r277147
Sponsored by: The FreeBSD Foundation
|
| #
840e7092 |
| 29-Nov-2014 |
Enji Cooper <ngie@FreeBSD.org> |
MFHead @ r275232
|
| #
2c97f721 |
| 25-Nov-2014 |
Dimitry Andric <dim@FreeBSD.org> |
r274961 through r275075
|
| #
d65af1e7 |
| 25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Convert kerberos to LIBADD and reduce overlinking of the kerberos binaries and
libraries
|
| #
9268022b |
| 19-Nov-2014 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge from head@274682
|
|
Revision tags: release/10.1.0 |
|
| #
4e27d36d |
| 17-Sep-2014 |
Neel Natu <neel@FreeBSD.org> |
IFC @r271694
|
| #
246e7a2b |
| 02-Sep-2014 |
Neel Natu <neel@FreeBSD.org> |
IFC @r269962
Submitted by: Anish Gupta (akgupt3@gmail.com)
|
| #
832fd780 |
| 23-Aug-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Sync to HEAD@r270409.
|
| #
5608fd23 |
| 19-Aug-2014 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generati
Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
show more ...
|
| #
ee7b0571 |
| 19-Aug-2014 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge head from 7/28
|
|
Revision tags: release/9.3.0 |
|
| #
864c53ea |
| 08-Jun-2014 |
Bryan Drewery <bdrewery@FreeBSD.org> |
In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be ena
In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
show more ...
|