Commit Graph

43 Commits

Author SHA1 Message Date
Warner Losh
01b0122954 Remove all the RELEASE_CRUNCH instances that partially disable IPSEC
We remove IPSEC only in parts of the tree, and not others. RELEASE_CRUNCH to
disable it has not kept up with all its uses. Remove it. Should there be a real
need to disable IPSEC, one that hasn't shown up in the base system to date,
it can be re-added behind a WITHOUT_IPSEC build option.
2019-07-15 14:19:39 +00:00
Warner Losh
a35f04fba2 Adopt SRCTOP in usr.bin
Prefer ${SRCTOP}/foo over ${.CURDIR}/../../foo and ${SRCTOP}/usr.bin/foo
over ${.CURDIR}/../foo for paths in Makefiles.

Differential Revision:	https://reviews.freebsd.org/D9932
Sponsored by:		Netflix
Silence on:		arch@ (twice)
2017-03-12 18:58:44 +00:00
Baptiste Daroussin
3e11bd9e2a Convert to usr.bin/ to LIBADD
Reduce overlinking
2014-11-25 14:29:10 +00:00
Bryan Drewery
5608fd23c2 Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
   build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
   where it never would work anyhow, such as csu or loader. This suggests
   there may be better ways of adding support to the tree. Many of these
   cases can be fixed such that -fPIE will work but there is really no
   reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
   really building libraries but have been using bsd.prog.mk because the code
   is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
   been needed.

We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.

Reported by:	kib
2014-08-19 15:04:32 +00:00
Brooks Davis
80189b3b09 Replace all uses of libncurses and libtermcap with their wide character
variants.  This allows usable file system images (i.e. those with both a
shell and an editor) to be created with only one copy of the curses library.

Exp-run:	antoine
PR:		189842
Discussed with:	bapt
Sponsored by:	DARPA, AFRL
2014-07-17 18:24:34 +00:00
Bryan Drewery
864c53ead8 In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.

Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]

Mark known build failures as NO_PIE for now.

The only known runtime failure was rtld.

[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by:		Shawn Webb <lattera@gmail.com>
Discussed between:	des@ and Shawn Webb [2]
2014-06-08 17:29:31 +00:00
Warner Losh
04efeffe99 When building picobsd, define WITHOUT_OPENSSL and WITHOUT_KERBEROS and
remove the now-redundant checks for RELEASE_CRUNCH. This originally
was defined for building smaller sysinstall images, but was later also
used by picobsd builds for a similar purpose. Now that we've moved
away from sysinstall, picobsd is the only remaining consumer of this
interface. Adding these two options reduces the RELEASE_CRUNCH
special cases in the tree by half.
2014-06-06 04:09:07 +00:00
Warner Losh
c6063d0da8 Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
Ed Schouten
b7946da96b Build usr.bin/ with WARNS=6 by default.
Also add some missing $FreeBSD$ to keep svn happy.
2010-01-02 10:27:05 +00:00
Doug Rabson
33f1219925 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
Bjoern A. Zeeb
53bf725ae1 Remove the -DFAST_IPSEC from Makefiles again.
This was needed during the IPSEC->FAST_IPSEC->IPSEC transition
period to not break the build after picking up netipsec header
files. Now that the FAST_IPSEC kernel option is gone and the
default is IPSEC again those defines are superfluous.

Approved by:	re (rwatson)
2007-07-05 08:56:46 +00:00
George V. Neville-Neil
8409aedfa6 Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
Yaroslav Tykhiy
594a130b8a Stop enforcing dependencies between MK_* options at Makefile level.
All the dependencies are satisfied now in <bsd.own.mk>.
2006-07-31 13:29:36 +00:00
Yaroslav Tykhiy
d1773e839f Respect MK_INET6_SUPPORT.
Move INET6 out of the RELEASE_CRUNCH conditional block
because it saves as little as 2% of the binary size and
IPv6 is rather popular today.  (Some other binaries, e.g.,
telnetd, include INET6 for RELEASE_CRUNCH already.)
2006-07-27 14:19:30 +00:00
Ruslan Ermilov
e1fe3dba5c Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
Dag-Erling Smørgrav
ee66677a7a Remove kludges intended to support src trees with partial obj trees.
Discussed with:	ru
2005-06-10 06:12:53 +00:00
Ruslan Ermilov
a216173556 NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
Colin Percival
d37df47d31 Join the 21st century: Cryptography is no longer an optional component
of releases.  The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by:	re (scottl), markm
Discussed on:	freebsd-current, in late April 2004
2004-08-06 07:27:08 +00:00
Mark Murray
482d5f1f6a Make sure that a "make release" (more accurately the bit that makes
the crunched binary) get a non-cryptographic telnet. This is overkill
in that it covers stuff that is not normally used in a crunched binary.
2003-07-24 17:19:15 +00:00
Mark Murray
3665b7c29b Ensure that for the cryptographic instances of *telnet*, the "crypto"
distribution is used. This only affects release-building.
2003-07-24 07:19:55 +00:00
Mark Murray
acce0bcdb3 Test correct macro for "without crypto" option(s). 2003-07-20 23:29:46 +00:00
Mark Murray
4afa371832 Very big makeover in the way telnet, telnetd and libtelnet are built.
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".

As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).

Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
2003-07-16 20:59:15 +00:00
Mark Murray
131f7ce586 Remove WARNS?=2 and -Wall. WARNS?=2 is going to be the default. 2001-12-12 00:06:52 +00:00
Mark Murray
b3c1c587b6 Diff-reduce WRT src/secure/*telnet*/Makefile.
Also, add an "unifdef:" target, so that the telnet sources can
be remade from the crypto sources in src/crypto/telnet.
2001-11-30 21:34:51 +00:00
Mark Murray
012b940383 Code merge and diff reduction between this and crypto telnet.
Also remove useless AUTHENTICATION code. We have never compiled this
here, and it is doubtful that it even works without crypto.
2001-08-20 12:21:31 +00:00
Ruslan Ermilov
63d2b1e9f0 libtelnet.a is gone; add a special hack for `make release' fixit floppy. 2001-03-31 17:04:49 +00:00
Ruslan Ermilov
4ecbb30346 Bye-bye /usr/lib/libtelnet.a. This should fix ``make release'' brokeness.
Approved by:	markm
2001-03-28 12:08:22 +00:00
Luigi Rizzo
60846af2e6 Do not compile INET6 support if RELEASE_CRUNCH is defined
(used by install floppy/picobsd)
2001-02-18 07:28:31 +00:00
Bruce Evans
15d237484a Fixed misspelling of DPADD as DPADDA.
Fixed some misformattings.
2000-03-27 16:37:32 +00:00
Mark Murray
0ed9356caf Use libcrypto in place of libdes. 2000-02-24 21:06:22 +00:00
Yoshinobu Inoue
23111c4144 fix breakage of make release.
Confirmed by: German Tischler <tanis@gaspode.franken.de>
2000-01-29 13:45:44 +00:00
Yoshinobu Inoue
4dd8b5ab79 another tcp apps IPv6 updates.(should be make world safe)
ftp, telnet, ftpd, faithd
  also telnet related sync with crypto, secure, kerberosIV

Obtained from: KAME project
2000-01-27 09:28:38 +00:00
Peter Wemm
7d39118a94 Nearly missed this one. Turn off -DTERMCAP otherwise it defines a bunch
of conflicting symbols with ncurses.
1999-08-30 10:03:27 +00:00
Andrey A. Chernov
914860e874 Use -DSKEY instead of wrong -DPATH_SKEY 1997-01-10 00:27:50 +00:00
Paul Traina
b833b30221 Import a few relatively minor fixes from current Borman telnet.
Add some buffer overrun fixes from OpenBSD and myself.
Add skey calculator kludge from OpenBSD.

TODO: do a real merge of dab's sources... probably just make telnet and
	telnetd contrib software.

Obtained from: OpenBSD, dab@bsdi.com
1997-01-07 19:47:58 +00:00
Bruce Evans
5b963fa12e Fixed DPADD. 1996-09-05 17:16:10 +00:00
Paul Traina
abe67e41f6 Remove obsolete SOCKSv4 support 1996-05-30 03:09:18 +00:00
Paul Traina
33bb8564be Add support for socks 1996-04-23 05:18:43 +00:00
Jordan K. Hubbard
0031ae7a17 Oh foo. I should a) learn to read. b) learn to think. :-)
Telnet has nothing to do with this, it's telnetd and telnetd
doesn't use KLUDGELINEMODE so that theory is washed up.  Anyway,
back out previous commit and slink away with red face.
1995-08-28 17:52:39 +00:00
Jordan K. Hubbard
58cba44370 Remove -DKLUDGELINEMODE again; it's breaking things and Paul T. says
it's a bug anyway.
1995-08-28 17:47:39 +00:00
Geoff Rehmet
c59d31f62f Fix big f*ckup by doing "make nocrypt"
(Don't think I don't realize what a big f*ckup this was.)
Submitted by:	geoff.
1994-08-27 15:46:29 +00:00
Garrett Wollman
b89a408258 Don't do Kerberos yet, we aren't ready for it. 1994-08-05 20:47:28 +00:00
Rodney W. Grimes
9b50d90275 BSD 4.4 Lite Usr.bin Sources 1994-05-27 12:33:43 +00:00