Commit Graph

20 Commits

Author SHA1 Message Date
lukem d877c4c3c0 Enable WARNS=4 by default, except for:
cpuctl  dumplfs  hprop  ipf  iprop-log  kadmin  kcm  kdc  kdigest
	kimpersonate  kstash  ktutil  makefs  ndbootd  ntp  pppd  quot
	racoon  racoonctl  rtadvd  sntp  sup  tcpdchk  tcpdmatch  tcpdump
	traceroute  traceroute6  user  veriexecgen  wsmoused  zic
(Mostly third-party applications)
2009-04-22 15:23:01 +00:00
tsutsui df870ff695 Add more libraries required by libkrb5 etc. in NOPIC case. 2008-04-10 15:42:06 +00:00
mlelstv b0f88a0388 Import Heimdal-1.1 2008-03-22 08:36:48 +00:00
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
lukem 1e281ed227 Only #define HAVE_IPV6 if ${USE_INET6} != "no". 2005-01-10 03:11:17 +00:00
itojun 1d2f66eb21 add DPADD 2002-10-23 01:11:09 +00:00
lukem 17d72c8a6b use NETBSDSRCDIR as appropriate 2002-09-18 03:54:26 +00:00
thorpej 6b3e0a100a Remove -I${DESTDIR}/usr/include and -I${DESTDIR}/usr/include/openssl
from CPPFLAGS.
2001-12-31 20:04:47 +00:00
lukem b0b0a32ad7 Set NOxxx= before <bsd.own.mk> is pulled in (even indirectly).
Otherwise the appropriate MKxxx=no won't be defined .
2001-12-12 12:24:19 +00:00
tv 8e6f7afb5b MKfoo=no -> NOfoo 2001-12-12 01:48:43 +00:00
assar 2a2aa85a8d update infrastructure for krb4 1.1 and heimdal 0.4e 2001-09-17 12:34:40 +00:00
assar 03d6b1489a update make infrastructure and shlib versions numbers for heimdal 0.3e 2001-02-11 18:02:04 +00:00
joda 31a9ada156 link against -lkadm5clnt instead of -lkadm5srv (this makes the `get'
command actually do something on non-kdc machines)
2001-02-07 10:38:02 +00:00
enami 30fc09dacc Use PRINTOBJDIR. 2001-01-11 13:15:06 +00:00
nathanw 95ecff2f0d Pull in ${DESTDIR}/usr/include before ${DESTDIR}/usr/include/openssl, so
that we get the system's err.h, not openssl's.
2000-12-19 21:18:32 +00:00
garbled 9c6cafac02 Change direct calls to make to ${MAKE} 2000-10-26 06:00:48 +00:00
assar fc90224f06 link against the not-installed libvers 2000-08-03 22:47:37 +00:00
assar d6e38c7f36 update build infrastructure for heimdal 0.3a 2000-08-03 04:13:22 +00:00
thorpej fa7f67b26e Fixup Heimdal Kerberos usr.sbin bits. 2000-06-17 00:04:36 +00:00
thorpej 4863d0af58 Import Heimdal Kerberos 5 usr.sbin bits, from cryptosrc-intl. 2000-06-16 23:59:32 +00:00