Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-08-20 | Backport support for i386/amd64 'rdtscp' instruction from binutils-2.17 | Philip Guenther | |
Request and testing by krw@ | |||
2014-08-14 | Backport from binutils-2.17: | Philip Guenther | |
2005-08-17 Alan Modra <amodra@bigpond.net.au> * elfxx-mips.c (_bfd_mips_elf_hide_symbol): Cope with being called without any got section. ok miod@ | |||
2014-08-10 | Format time_t with %lld after casting to long long | Philip Guenther | |
2014-08-09 | Use time_t for storing times | Philip Guenther | |
2014-08-09 | Parse times with strtoll() instead of strtol() | Philip Guenther | |
2014-08-09 | Regenerate to pick up time_t changes | Philip Guenther | |
2014-08-09 | bfd-in2.h is generated from this; merge back a change that was made there | Philip Guenther | |
2014-08-09 | Store timestamps in time_t | Philip Guenther | |
2014-08-09 | bfd-in2.h is generated from this; merge back a change that was made there | Philip Guenther | |
2014-08-09 | Fix readelf --debug-dump=frames-interp output: once a register is given | Philip Guenther | |
a column, it needs to included in all rows, even after the register is restored. ok jsg@ | |||
2014-08-09 | Backport from 2.17: mark the _GLOBAL_OFFSET_TABLE_, _DYNAMIC, and | Philip Guenther | |
_PROCEDURE_LINKAGE_TABLE_ symbols as (at least) hidden. | |||
2014-08-09 | Backport from binutils-2.17 the correct i386/amd64 register->int assignments | Philip Guenther | |
for CFI. This changes the unwind information generated on amd64. | |||
2014-08-09 | We don't use the __openbsd_randomdata_{start,end} symbols, but rather | Philip Guenther | |
get that info via the PT_OPENBSD_RANDOM segment info, so kill the symbols While here, delete the commented out lines for __DYNAMIC as the question they ask is answered 'no' ok matthew@ back in May | |||
2014-08-09 | Match format width of symbol visibility to the column header | Philip Guenther | |
This corrects the alignment of the columns of hidden symbols | |||
2014-07-24 | Revert ssp-strong on arm. This has been exposing one or more bugs in GCC that | Pascal Stumpf | |
kill large portions of the ports tree. Most notably, it broke devel/gperf at runtime. ok martynas@, "make a decision" deraadt@ | |||
2014-07-23 | delinked from tree, now it goes to the bit bucket | Theo de Raadt | |
2014-07-21 | printf(9) and friends don't support the <number>$ flags, so gcc's | Philip Guenther | |
kprintf attribute shouldn't accept them. ok martynas@ | |||
2014-07-16 | lynx has left the tree, and let's be honest noone will find these html | Theo de Raadt | |
files in their installed system. this extended documentation experience is available better on the net using a browser installed with pkg_add. (also note that two of the subsystems involved in this issue are heading to the bit bucket sometime soon) | |||
2014-07-16 | lynx will go to ports. there are too many reasons for it to go there, | Theo de Raadt | |
and not enough for it to stay. lengthy discussions. | |||
2014-07-14 | international currency locale rules as per POSIX.1-2008 | Martin Pelikan | |
required for libc++ ok guenther afresh1 | |||
2014-07-14 | Fix an off-by-one error that's already been accepted upstream | Philip Guenther | |
2013-03-25 | import perl 5.16.3 from CPAN - worked on by Andrew Fresh and myself | Stuart Henderson | |
2002-10-27 | stock perl 5.8.0 from CPAN | Todd C. Miller | |
2014-07-11 | use CC when running configure | Jonathan Gray | |
matches the behaviour of the other Makefile.bsd-wrapper files ok miod@ | |||
2014-07-11 | start reducing the attack surface of lynx. | Daniel Dickman | |
leave gopher, news, and dired in place for now. but we will soon catch up to the security level of internet explorer 7 by removing these too. ok's for the version of this diff that removes even more protocols from deraadt@, tedu@. general support from other devs. | |||
2014-07-11 | make the __cxa_call_terminate() proto match the definition | Jonathan Gray | |
From dt71 at gmx.com via FreeBSD Required to build with recent versions of clang. | |||
2014-07-10 | Backport support for -Wframe-larger-than=N to base GCC | Matthew Dempsky | |
This is the flag name that modern GCC and Clang have de facto standardized on for the functionality that we locally named -Wstack-larger-than-N. ok brad, miod | |||
2014-07-09 | update to lynx 2.8.8rel2, keeping local changes. primarily to get these | Daniel Dickman | |
changes from 2.8.8dev.16: * fix most issues found by clang 3.2 analyze * fix most issues found by Coverity scan tested on i386, sparc64, and macppc by myself. tested on vax by miod@ (including https) helpful discussion with avsm@, sthen@ ok deraadt@ | |||
2014-06-25 | delete some leftovers. | Daniel Dickman | |
ok deraadt@, sthen@ | |||
2014-06-23 | gcc4: emit warning when ignoring alignment constraints | Matthew Dempsky | |
Currently, GCC 4.2 silently ignores the "aligned" attribute for objects allocated on the stack if the specified minimum alignment exceeds the platform's natural stack alignment. This has bitten us in the past, so we shouldn't allow this to continue. Fixing the "ignores" problem seems hard, so this commit settles for tackling the "silently" problem instead. ok miod, and possibly guenther and deraadt | |||
2014-06-05 | Fix sendmail improper close-on-exec flag handling (CVE-2014-3956) | Jasper Lievisse Adriaanse | |
From FreeBSD SA-14:11 ok millert@ | |||
2014-06-01 | Correct version for disabling getserbyname_r to reduce diff with upstream | Andrew Fresh | |
OK sthen@ miod@ | |||
2014-05-31 | Remove now unnecessary local patch to disable usemallocwrap on m68k | Andrew Fresh | |
Sure miod@ | |||
2014-05-31 | Remove unneeded patch, upstream fixed this differently in 2008 | Andrew Fresh | |
ok sthen@ | |||
2014-05-29 | We now use arc4random() so PERL_RANDOM_DEVICE is no longer needed. | Philip Guenther | |
ok afresh@ | |||
2014-05-29 | To get a random seed, just call arc4random() instead of reading a | Philip Guenther | |
word from the (deprecated) /dev/arandom. This also makes it work in chroot environments. ok deraadt@ afresh@ | |||
2014-05-28 | finally enable writing per-commit commitid tokens to rcs ,v files | joshua stein | |
ok deraadt@ millert@ | |||
2014-05-27 | Enable strong stack protector by default for GCC 3 architectures. | Martynas Venckus | |
Miod says all architectures work with it now (thanks to his fix for the pf.c bug). | |||
2014-05-08 | Recognize `t' as a valid format modifier for kprintf-style format strings. | Miod Vallat | |
2014-05-07 | Match search_string_def() prototype change, forgotten in previous protector.[ch] | Miod Vallat | |
commit. | |||
2014-05-06 | When the stack protector heuristics doesn't cover a function, leave | Martynas Venckus | |
a little pointer-sized gap before the return value. This protects from common off-by-one type of bugs and costs nothing: the attacker won't be able to overwrite return pointer. Developed at m2k14, thanks for the hackathon! | |||
2014-05-06 | Introduce -fstack-shuffle, which randomizes local stack variables. | Martynas Venckus | |
This will make the environment more hostile and help detect bugs that depend on overrunning one variable into another, with almost no performance cost. Discussed with Theo at m2k14 hackathon. "oh god yes" tedu@, "oh nice" djm@ | |||
2014-05-06 | Remove the ``addressable'' argument to search_string_def(). Turned out to be | Miod Vallat | |
a bad idea, for it causes false positives, which then can cause ICE trying to protect narrower-than-int incoming arguments, if building with -fstack-protector-all. From etoh@'s gcc 3.4 tree, unbreaks -fstack-protector-all on m88k (well, maybe not completely, but it makes it compile more files, such as pf.c which contains functions receiving uint16_t arguments pushed on the stack due to the exhaustion of caller-saved registers). | |||
2014-05-01 | Revert 1.49 (bad merge with free dejavu) | Miod Vallat | |
2014-05-01 | x86-64 ABI requires arrays greater than 16 bytes to be aligned to | Martynas Venckus | |
16byte boundary. However, GCC 16-byte aligns arrays of >=16 BITS, not BYTES. This diff improves bug detectability for code which has local arrays of [16 .. 127] bits: in those cases SSP will now detect even 1-byte overflows. OK kettenis@. Tested in snaps for a week. | |||
2014-04-22 | Remove KERBEROS5 from the Makefiles (except ssh for now, where it is | Reyk Floeter | |
already manually disabled). ok deraadt@ | |||
2014-04-15 | Remove workarounds for ld reaching MAXDSIZ on vax, now that MAXDSIZ is | Miod Vallat | |
more comfortable. Reminded by brad@ | |||
2014-04-13 | Clean up last bits of TCP_WRAPPERS and ELF_TOOLCHAIN. | Brad Smith | |
ok miod@ | |||
2014-04-12 | Bring back the fix in r1.16 of the gcc 2.95 version of protector.c - the code | Miod Vallat | |
was present, but commented. This fixes code generation of usr.sbin/dhcpd/memory.c!new_address_range() on vax. | |||
2014-04-10 | Revive the fix for Perl RT bug 116441 (null dereference affecting | Matthias Kilian | |
mod_perl). ok sthen@ millert@ |