src - OpenBSD base system

Age	Commit message (Collapse)	Author
2014-07-11	use CC when running configure	Jonathan Gray
	matches the behaviour of the other Makefile.bsd-wrapper files ok miod@
2014-07-11	start reducing the attack surface of lynx.	Daniel Dickman
	leave gopher, news, and dired in place for now. but we will soon catch up to the security level of internet explorer 7 by removing these too. ok's for the version of this diff that removes even more protocols from deraadt@, tedu@. general support from other devs.
2014-07-11	make the __cxa_call_terminate() proto match the definition	Jonathan Gray
	From dt71 at gmx.com via FreeBSD Required to build with recent versions of clang.
2014-07-10	Backport support for -Wframe-larger-than=N to base GCC	Matthew Dempsky
	This is the flag name that modern GCC and Clang have de facto standardized on for the functionality that we locally named -Wstack-larger-than-N. ok brad, miod
2014-07-09	update to lynx 2.8.8rel2, keeping local changes. primarily to get these	Daniel Dickman
	changes from 2.8.8dev.16: * fix most issues found by clang 3.2 analyze * fix most issues found by Coverity scan tested on i386, sparc64, and macppc by myself. tested on vax by miod@ (including https) helpful discussion with avsm@, sthen@ ok deraadt@
2014-06-25	delete some leftovers.	Daniel Dickman
	ok deraadt@, sthen@
2014-06-23	gcc4: emit warning when ignoring alignment constraints	Matthew Dempsky
	Currently, GCC 4.2 silently ignores the "aligned" attribute for objects allocated on the stack if the specified minimum alignment exceeds the platform's natural stack alignment. This has bitten us in the past, so we shouldn't allow this to continue. Fixing the "ignores" problem seems hard, so this commit settles for tackling the "silently" problem instead. ok miod, and possibly guenther and deraadt
2014-06-05	Fix sendmail improper close-on-exec flag handling (CVE-2014-3956)	Jasper Lievisse Adriaanse
	From FreeBSD SA-14:11 ok millert@
2014-06-01	Correct version for disabling getserbyname_r to reduce diff with upstream	Andrew Fresh
	OK sthen@ miod@
2014-05-31	Remove now unnecessary local patch to disable usemallocwrap on m68k	Andrew Fresh
	Sure miod@
2014-05-31	Remove unneeded patch, upstream fixed this differently in 2008	Andrew Fresh
	ok sthen@
2014-05-29	We now use arc4random() so PERL_RANDOM_DEVICE is no longer needed.	Philip Guenther
	ok afresh@
2014-05-29	To get a random seed, just call arc4random() instead of reading a	Philip Guenther
	word from the (deprecated) /dev/arandom. This also makes it work in chroot environments. ok deraadt@ afresh@
2014-05-28	finally enable writing per-commit commitid tokens to rcs ,v files	joshua stein
	ok deraadt@ millert@
2014-05-27	Enable strong stack protector by default for GCC 3 architectures.	Martynas Venckus
	Miod says all architectures work with it now (thanks to his fix for the pf.c bug).
2014-05-08	Recognize `t' as a valid format modifier for kprintf-style format strings.	Miod Vallat

2014-05-07	Match search_string_def() prototype change, forgotten in previous protector.[ch]	Miod Vallat
	commit.
2014-05-06	When the stack protector heuristics doesn't cover a function, leave	Martynas Venckus
	a little pointer-sized gap before the return value. This protects from common off-by-one type of bugs and costs nothing: the attacker won't be able to overwrite return pointer. Developed at m2k14, thanks for the hackathon!
2014-05-06	Introduce -fstack-shuffle, which randomizes local stack variables.	Martynas Venckus
	This will make the environment more hostile and help detect bugs that depend on overrunning one variable into another, with almost no performance cost. Discussed with Theo at m2k14 hackathon. "oh god yes" tedu@, "oh nice" djm@
2014-05-06	Remove the ``addressable'' argument to search_string_def(). Turned out to be	Miod Vallat
	a bad idea, for it causes false positives, which then can cause ICE trying to protect narrower-than-int incoming arguments, if building with -fstack-protector-all. From etoh@'s gcc 3.4 tree, unbreaks -fstack-protector-all on m88k (well, maybe not completely, but it makes it compile more files, such as pf.c which contains functions receiving uint16_t arguments pushed on the stack due to the exhaustion of caller-saved registers).
2014-05-01	Revert 1.49 (bad merge with free dejavu)	Miod Vallat

2014-05-01	x86-64 ABI requires arrays greater than 16 bytes to be aligned to	Martynas Venckus
	16byte boundary. However, GCC 16-byte aligns arrays of >=16 BITS, not BYTES. This diff improves bug detectability for code which has local arrays of [16 .. 127] bits: in those cases SSP will now detect even 1-byte overflows. OK kettenis@. Tested in snaps for a week.
2014-04-22	Remove KERBEROS5 from the Makefiles (except ssh for now, where it is	Reyk Floeter
	already manually disabled). ok deraadt@
2014-04-15	Remove workarounds for ld reaching MAXDSIZ on vax, now that MAXDSIZ is	Miod Vallat
	more comfortable. Reminded by brad@
2014-04-13	Clean up last bits of TCP_WRAPPERS and ELF_TOOLCHAIN.	Brad Smith
	ok miod@
2014-04-12	Bring back the fix in r1.16 of the gcc 2.95 version of protector.c - the code	Miod Vallat
	was present, but commented. This fixes code generation of usr.sbin/dhcpd/memory.c!new_address_range() on vax.
2014-04-10	Revive the fix for Perl RT bug 116441 (null dereference affecting	Matthias Kilian
	mod_perl). ok sthen@ millert@
2014-04-08	Build libgcc without SSP. With the new SSP-strong heuristics,	Martynas Venckus
	_moddi3.o gets protected and landisk bootblocks got broken. Fundamentally this causes a link dependency on libc that we'll not always be able to satisfy. Spotted by deraadt@. OK matthew@, kettenis@, guenther@.
2014-04-06	Add the missing addressing modes for the fucomip instruction. Surprisingly,	Miod Vallat
	fucompi was correct. Unbreaks www/webkit on i386. ok sthen@
2014-04-03	Put back 1.11, lost during the last update; unbreaks NOPIC builds.	Miod Vallat
	ok deraadt@
2014-03-30	Change the heuristics of -fstack-protector to select to protect	Martynas Venckus
	additional functions --- those that have local array definitions, or have references to local frame addresses. Note that upstream uses -fstack-protector-strong and misleads people: -fstack-protector, -fstack-protector-all, -fstack-protector-strong can you tell which one is safe? Luckily, OpenBSD has its own compiler and is able to do the right thing for security: this is enabled by default, and called -fstack-protector. OK deraadt@, miod@. Tested for 3 months.
2014-03-27	remove gets reference. ok espie	Ted Unangst

2014-03-26	Make perl build in a non-writable src tree	afresh1
	OK millert@ deraadt@
2014-03-24	Merge perl-5.18.2 plus local patches, remove old files	afresh1
	OK espie@ sthen@ deraadt@
2014-03-24	Import perl-5.18.2	afresh1
	OK espie@ sthen@ deraadt@
2010-09-24	Perl 5.12.2 from CPAN	Todd C. Miller

2006-03-28	perl 5.8.8 import	Todd C. Miller

2003-12-03	perl 5.8.2 from CPAN	Todd C. Miller

2002-10-27	stock perl 5.8.0 from CPAN	Todd C. Miller

2001-05-24	stock perl 5.6.1	Todd C. Miller

2000-04-06	virgin perl 5.6.0	Todd C. Miller

2000-04-06	virgin perl 5.6.0	Todd C. Miller

1999-04-29	perl5.005_03	Todd C. Miller

1999-04-29	perl5.005_03	Todd C. Miller

1999-04-29	perl5.005_03	Todd C. Miller

1996-08-19	Import of Perl 5.003 into the tree. Makefile.bsd-wrapper and	Jason Downs
	config.sh.OpenBSD are the only local changes.
2014-03-19	use smtpd man pages by default. ok deraadt jmc	Ted Unangst
	sendmail.8 note by jmc
2014-03-13	Add a few more instruction patterns that are apparently needed by gcc 4.8.	Mark Kettenis
	Taken from binutils 2.17. ok guenther@
2014-03-12	no more rmail in base; ok millert	Jason McIntyre

2014-02-17	Having CpuSMAP and Cpu64 overlap isn't a terribly good idea.	Mark Kettenis
	Makes it possible to build an i386 kernel with binutils-2.17 again. ok miod@