| Age | Commit message (Collapse) | Author |
|---|
|
|
|
could in principle be called at any point during runtime.
Instead of adding "dpath" to the relevant pledges, disable the
code path itself. Now instead of hitting a brutal abort(3), you
will just get an error message.
autoconf handholding + ok jca@
|
|
from Ricardo Signes
ok deraadt@
|
|
https://rt.perl.org/Ticket/Display.html?id=126862
|
|
|
|
ok deraadt@
|
|
Similar to changes made in FreeBSD.
ok kettenis@
|
|
Help with testing and ok kettenis@
|
|
|
|
Required for building gcc 4.9
ok jsg@
|
|
okay espie@ "we should be wary" deraadt@
|
|
doesn't grok DT_RUNPATH yet.
|
|
Inspired by https://sourceware.org/ml/binutils/2010-08/msg00333.html, but
expressed differently so there are no GPLv3 issues.
|
|
requested by and OK jmc@
|
|
architectures when yy_size_t becomes size_t instead of unsigned int.
ok millert@, tedu@
|
|
|
|
ok sthen@ semarie@
|
|
Just delete the tcflow(3) calls, the use case for tcflow(3) here is
a bit far-fetched.
looks good to deraadt@, ok espie@
|
|
|
|
The initial pledge(2) call is broad, we can refine later when we know
whether we run in server, pserver client mode or regular client mode.
pserver server mode is likely broken, it will either be fixed or
removed.
With and ok semarie@, "let's proceed." deraadt@
|
|
But don't restore ownership/setuid/etc bits. ok deraadt@
|
|
But don't try to chown or set special bits. This fixes several ports.
ok deraadt@
|
|
- only the binutils package (no gdb here)
- don't import libiberty and texinfo, they are elsewhere
- remove all .info* generated files
|
|
ar/ranlib and objcopy/strip can pledge "stdio rpath wpath cpath fattr"
ok guenther
|
|
of files. In two cases however they were not being masked. These are build
tools -- therefore they should not encourage further propogation of such
unsafe bits.
ok guenther
|
|
setuid-preserving code in the so-called smart_rename() function. I
don't want my tools (ar, ranlib, objcopy, strip) going through the
effort to preserve setuid bits on ``build-directory'' files when they
sense a symbolic link, thank you very much. The modern way is to build
code, then set such modes at install-time.
Our kernel goes through the effort to clear setuid flags, and this was
neutering that attempt. Also has atrocious error handling.
(Identified as an issue of concern while doing the audit for pledge)
ok guenther
|
|
infokey - stdio rpath wpath cpath tty
makeinfo - stdio rpath wpath cpath getpw
install-info - stdio rpath wpath cpath proc exec
texindex - stdio rpath wpath cpath tmppath
ok schwarze
|
|
the ports build cycle to find out for sure.
|
|
features that new FSF programs will need (e.g., gcc snapshots).
looked at by fgs@, thanks.
|
|
ok semarie
|
|
ok kettenis@
|
|
kettenis ok'd me poking around in here; ingo ok'd the diff
|
|
|
|
ok deraadt@ kettenis@
|
|
be able to use the virtualization instructions.
ok'ed a long time ago, I forgot who, but deraadt@ ok'ed it again anyway.
|
|
of registering an explicit dependency upon libstdc++.so when linking a shared
library with c++.
The explicit dependency had been reverted a long time ago when most of our
platforms were still usinc gcc 2.95, in order to have the same behaviour between
g++ 2.95 and g++ 3.3, for the sake of ports. However, when we started using
gcc 4, the default behaviour was not modified, and nowadays, it's g++ 3 which
differs from g++ 4. By reverting to the original behaviour, g++ 3 is on par
with g++ 4 again.
|
|
Fixes a crash in pserver mode when CVSROOT/passwd contains an old
DES password.
|
|
"stdio rpath", while objdump(1) also needs "tmppath" for objdump -i.
ok deraadt@, comments sthen@ kettenis@
|
|
ok pascal@
|
|
This will make the segment containing those sections read-only for binaries
that use the OpenBSD W^X layout, preventing W^X violations on architectures
that need an executable GOT (basically BSS-PLT powerpc).
ok miod@
|
|
are only two loadable segments. With W^X on OpenBSD, we will typically
create more than two. Most shared libraries and binaries end up with
five of them. One of them is the GOT itself so we don't need to take that
one into account. So raise the number of spare local GOT entries from 5 to 7.
This fixes building liblto_plugin.so in the gcc 4.9 port.
ok miod@, jasper@, pascal@
|
|
a reasonable 64-bit ABI for 64-bit ELF files instead of a 32-bit ABI.
|
|
ok visa@, deraadt@
|
|
This fix first appeared in FSF binutils after the switch to GPLv3.
However Daniel Jacobowitz, who wrote the fix, confirms he worked for
CodeSourcery at the time (as suggested by the ChangeLog entry), and
CodeSourcery included this fix in the 4.1-176 version of their
toolchain that was distributed under GPLv2.
ok guenther@, ok deraadt@
|
|
Jumbo merges are NOT WELCOME. They have to be seperated out and tested.
|
|
|
|
post-binutils 2.17 but pre-GPLv3 commits.
miod@ says now is the time to get this in.
|
|
This makes the -msecure-plt option work, which is necessary to generate
Secure-PLT ABI code.
|
|
remaining commented out variable settings. We'll continue to use the
same layout for both BSS-PLT and Secure-PLT since supporting the more
relro friendly layout that Linux uses isn't compatible with our way of
making the PLT and GOT read-only.
|
|
This smells like a workaround but it allows audio/mpd to
build and the resulting binary runs well enough to make
landry@ happy. In any case, having a broken binary is not
much worse than not having a binary because ld(1) crashed.
ok miod@, deraadt@
|
