compiled with stack protector.
Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC
generates local calls to this function which result in absolute
relocations put into position-independent code segment, making dynamic
loader do extra work every time given shared library is being relocated
and making affected text pages non-shareable.
Reviewed by: kib
Approved by: re (kib)
Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC generates
local calls to this function which result in absolute relocations put into
position-independent code segment, making dynamic loader do extra work everys
time given shared library is being relocated and making affected text pages
non-shareable.
Reviewed by: kib
Approved by: re (kensmith)
to possible breakages in the catalog handling code. Since then, that
code has been replaced by the secure code from NetBSD but NLS in libc
remained turned off. Tests have shown that the feature is stable and
working so we can now turn it on again.
- Add several new catalog files:
- ca_ES.ISO8859-1
- de_DE.ISO8859-1
- el_GR.ISO8859-7 (by manolis@ and keramida@)
- es_ES.ISO8859-1 (kern/123179, by carvay@)
- fi_FI.ISO8859-1
- fr_FR.ISO8859-1 (kern/78756, by thierry@)
- hu_HU.ISO8859-2 (by gabor@)
- it_IT.ISO8859-15
- nl_NL.ISO8859-1 (corrections by rene@)
- no_NO.ISO8859-1
- mn_MN.UTF-8 (by ganbold@)
- sk_SK.ISO8859-2
- sv_SE.ISO8859-1
(The catalogs without explicit source has been obtained from NetBSD.)
Approved by: attilio
installing with -DWITHOUT_INFO, otherwise one can experience a
failure trying to installworld on a system that is built with
-DWITHOUT_INFO (i.e., without /usr/bin/install-info).
Reported by: bland
MFC after: 3 days
you can build the cross development tools and install them as
$XDEV-freebsd-xxx for each tool. This allows one to use autoconf to
find the tools for cross building scenarios.
make KERNFAST=blah buildkernel
is now a short cut for
make KERNCONF=blah -DKERNFAST buildkernel
This change works for all kernel config files not named "1". I did
that to make sure that
make -DKERNFAST buildkernel
remains the same as
make -DKERNFAST KERNCONF=GENERIC buildkernel
rather than trying to build and configure "1". I've never seen a
kernel config file named "1," so I think this is a good compromise.
and clean steps. KERNFAST was selected to complement KERNCONF which
is typically used in these scenarios (especially with cross building).
Reviewed by: arch@
32-bit compat libs on amd64 since -march=k8 may generate instructions
that are not implemented on Intel EM64T processors. Instead, use
a simpler set of default flags that should work on all amd64-capable
CPUs.
PR: amd64/113111
Submitted by: NIIMI Satoshi sa2c of sa2c.net
MFC after: 1 week
Specifically, build a 32-bit /usr/bin/ldd32 on amd64 which handles 32-bit
objects. Since it is a 32-bit binary, it can fork a child process which
can dlopen() a 32-bit shared library. The current 32-bit support in ldd
can't do this because it does the dlopen() from a 64-bit process. In order
to preserve an intuitive interface for users, the ldd binary automatically
execs /usr/bin/ldd32 for 32-bit objects. The end result is that ldd on
amd64 now transparently handles 32-bit shared libraries in addition to
32-bit binaries.
Submitted by: ps (indirectly)
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
source upgrades by falling back to GNU ar(1) as necessary. Option
WITH_BSDAR is gone. Option _WITH_GNUAR to aid in upgrades is *not*
supposed to be set by the user.
Stop bootstrapping BSD ar(1) on the next __FreeBSD_version bump, as
there are no known bugs in it. Bump __FreeBSD_version to anticipate
this and to flag the switch to BSD ar(1), should it be needed for
something.
Input from: obrien, des, kaiw
and usr.bin/truss/ioctl.c. This is the correct way to address the problem
that arises when doing an incremental build after a header used by kdump
has been removed (cf. i4b disconnect a while ago)
Explained by: ru
MFC after: 2 weeks
through scanning its output as ldd(1) returns a non-zero status only
for really abnormal conditions such as an improper file format.
Now cp(1) won't get bogus "not" and "found" arguments if a lib
is missing. [1]
- Don't guess if an element of a complex pipeline is assigned to the main
shell or a sub-shell. Namely use stdio, not vars, to pass lists out from
loops. If using vars, there's the risk that a loop will run in a sub-shell
and the list won't make it to the main shell. It appears that braces and
parens give only limited control over the issue while stdio always works
as intended. Apply this solution to both $progs and $libs for consistency,
although I've failed to go without it only in the $libs part.
Requested by: emaste [1]
I.e., not only copy them to a scratch dir, but also make them use saved
copies of libraries and locale files. That gives us several benefits:
1) ABI breakages should no longer affect installworld over the live system.
2) It becomes safe to run installworld while still running the old kernel.
However, it can be reasonable to save the old /rescue before that to be
able to run the old reboot(8), as the new binaries are rather likely to
fail with the old kernel. Anyhow, it's now possible to upgrade a system
in a single reboot _reliably_.
3) With a bit of hackery around rtld(8), it becomes possible to do destructive
cross-installs, e.g., i386->amd64 over the live system.
The only shared item left between the old and new systems is rtld(8),
which cannot be run from a saved copy easily because its full
pathname is stored in the respective field of each ELF executable.
(In theory, that field could be overridden, e.g., from the environment,
but this can lead to security issues.) That's why a destructive
cross-install isn't possible w/o hackery yet.
Fruitful ideas by: ru
Reviewed by: ru
Tested with: audit(4)
the threading libraries is built. This simplifies the
logic in makefiles that need to check if the pthreads
support is present. It also fixes a bug where we would
build a threading library that we shouldn't have built:
for example, building with WITHOUT_LIBTHR and the default
value of DEFAULT_THREADING_LIB (libthr) would mistakenly
build the libthr library, but not install it.
Approved by: re (kensmith)
their dependency on libc and its versioned symbols. For that to work,
libc needs to be built before any other shared library that might depend
on it. Add necessary glue to make that happen.
Warning, after symbol versioning is enabled, going back is not easy
(use WITHOUT_SYMVER at your own risk).
Change the default thread library to libthr.
There most likely still needs to be a version bump for at least the
thread libraries. If necessary, this will happen later.
lib32 build somewhat. Specifically, instead of spamming
${CC} et al with -I${LIB32TMP}/usr/include which can be
harmful (as has been demonstrated by the ncursesw WIP),
use slightly different approach to achieve the same goal.
This also simplifies things a bit.
Prodded by: rafan
- Remove libnetgraph from the list of prebuilt libraries as
no other library depends on it (snmp_netgraph.so does not
count as we don't build it in the "libraries" target).
- Restore libssh dependencies when compiling with Kerberos
support.
I found one bug. Pass our idea of TARGET_ARCH and TARGET down to
XMAKE, the cross-tools make. Previously it worked because usually
TARGET_ARCH was specified on the initial make's command line.
This should also allow us to simplify the "universe" target, which
I'm currently testing.
TARGET_ARCH correctly. Now it does, even for pc98. We should suggest
TARGET=foo in preference to TARGET_ARCH because the former is
unambiguous and the latter isn't, so update the docs.
This means that a long standing gripe I've had with this comes to a
close. I can build pc98 w/o specify both things. make TARGET=arm
works (rather than trying to build a arm:amd64 image and dying badly
in the attempt).
If you specify only TARGET_ARCH, then you get the old behavior.
# we can likely simplify the UNIVERSE target now to use this, but I'm not
# up for breaking that tonight :-).
# We should consider adding some kind of sanity check for TARGET_ARCH
# and TARGET.
environment for cross building (the same one you'd get interactively
in make buildenv). This cannot be a simple
make -f Makefile.inc1 -V WMAKEENV
because in PATH is not set correctly unless one takes a trip through
the Makefile/Makefile.inc1 indirection, the logic of which is too
large to reproduce outside of Makefiles.
to post January 26 systems where gensnmptree(1) code was already fixed,
there was a timeframe between February 14 and February 27 when
usr.sbin/bsnmpd/ including gensnmptree was disconnected from build, so
if you upgraded in this timeframe, you ended up with the 700014 system
but still with a buggy gensnmptree binary. This also means not being
able to buildworld now.
Reported by: jhb
Attention: harti, keramida
- <netipx> headers [1]
- IPX library (libipx)
- IPX support in ifconfig(8)
- IPXrouted(8)
- new MK_NCP option
New MK_NCP build option controls:
- <netncp> and <fs/nwfs> headers
- NCP library (libncp)
- ncplist(1) and ncplogin(1)
- mount_nwfs(8)
- ncp and nwfs kernel modules
User knobs: WITHOUT_IPX, WITHOUT_IPX_SUPPORT, WITHOUT_NCP.
[1] <netsmb/netbios.h> unconditionally uses <netipx> headers
so they are still installed. This needs to be dealt with.
gensnmptree utility is required at "make depend" time, because it
is used to generate `oid.h' for bsnmpd.
This means that all versions of HEAD before 2004/01/23 16:22:49 need
gensnmptree as a bootstrap util when it's not already installed as
part of the base system. The first __FreeBSD_version that we can
assume this can work is 700014 which happened after the gensnmptree
change (in -r 1.263 of `src/sys/sys/param.h', at 2006/02/17 14:14:15).
For __FreeBSD_version values before 700014 add gensnmptree to the
bootstrap tools, to allow upgrades from versions of FreeBSD before
that date.
Approved by: ru, harti
in the delete-old and check-old targets.
We don't install a lib (libXY.so.Z) as a link, but an user may have created
something like this. This is dangerous if this link points to a different
version of the lib. So check for a link also in the *-lib targets (an
annoyed user which absolutely wants this redirection of a lib should use
libmap.conf instead of a link).
A directory can also be a link, but in this case just echo a message to
remove it by hand.
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
