kmx git

Commit	Date	Message
7463f87c	2023-07-07T11:46:21	add compat getopt implementation, remove patches This adds a getopt implementation for compatibility where it is not available, removing a couple of regress patches. Note, this is a slightly modified copy from OpenBSD libc that doesn't expose getopt_long, which has dependency conflicts with Windows system headers and isn't needed anyway.
ef2d6c70	2022-07-12T22:29:39	Detect machine/endian.h for macOS
56bf8d4f	2022-02-27T06:05:41	update autotool macro deprecations fix latest round of autotool complaints
9a18f424	2022-01-17T19:04:23	Add libmd as platform specific libraries for Solaris
2f3066df	2021-11-23T13:27:17	Set IA-64 compiler flag only if it is HP-UX with IA-64 Compiler switch -mlp64 (GCC) or +DD64(HP CC) gives build failure with platform HP-UX other than IA-64. This avoids build break on HP-UX with PA-RISC platform. Suggested from Larkin Nickle (me <at> larbob org) by libressl ML.
f6906672	2021-11-09T22:34:58	Autoconf updates Move machine/endian.h to endian.h, use AC_HEADER_RESOLV over individual header checks, and include prerequisites for netinet/ip.h check.
fcf6c877	2021-10-03T13:33:16	Support operating systems without some non-POSIX headers The arpa/nameser.h, netinet/ip.h, and resolv.h headers are not crucial to building LibreSSL. The netinet/ip.h header is used in nc(1) for optional IPTOS_ features that can be ifdef'd on systems without support. The endian.h header is the upcoming standard header and should be used whenever available and correct. The machine/endian.h header is non-standard and doesn't have to exist on POSIX systems. Fix the check for getpagesize(3) not forward declaring the function, such that CFLAGS with -Werror=implicit-function-declaration doesn't cause the check to fail.
e07b5feb	2021-05-30T04:52:23	Remove -D_FORTIFY_SOURCE=2 and -lssp with mingw build
420723ee	2021-05-29T02:06:59	Fix mingw build on ubuntu 20.04 - Link libssp to resolve undefined reference __memcpy_chk - Disable dtlstest since mingw does not have poll
921c0675	2021-04-05T02:32:35	Add '--enable-libtls-only' build option
df3d4bb5	2020-11-11T05:39:56	Add -lbcrypt to Windows builds for CNG in getentropy
2c49c28d	2020-08-20T03:46:59	need ax_check_compile_flag too for older autotools
56202472	2020-08-20T02:18:39	Add a compile-time check for FORTIFY_SOURCE support This is broken on some platforms, so pull in the conditional macro from the latest version of autoconf-archive to test for working support.
b80c4bf2	2019-10-20T20:22:22	initial support for midipix
30e91bc6	2019-07-14T18:37:59	Enable speed on win32 - Use thread and sleep instead of signal and alarm, on win32 - Disable -multi option on win32 since fork is hard to implement
38c884f2	2019-04-23T01:54:33	include -ldl for SHA512 operations
53524626	2019-02-09T09:03:13	add __dead__ annotation support
a6d7ea95	2019-01-31T09:45:56	update autoconf for latest compat functions
87308034	2019-01-20T19:59:46	enable asm for mingw64
91d26602	2019-01-18T18:04:31	check for more pthread functions that might not be in libc
3f189a24	2019-01-01T22:59:47	check if we need to link pthread dynamically On Linux, bionic and musl for instance do not need libpthread. With bionic, there is not even a stub library for compatibility.
c1a44d22	2019-01-06T15:49:28	we don't need to pass this to automake
7af3ba34	2019-01-06T13:20:29	add configure-time check for timespecsub
158281bd	2018-03-22T21:32:25	AC_CHECK_FUNC does not set the define, prefer AC_CHECK_FUNCS
987aa6a0	2018-03-22T20:50:24	add clock_gettime for macos 10.11 and earlier
3fb9e63b	2018-03-14T07:29:04	bump base requirement to Windows Vista, use builtin inet_ntop/pton
0ed61809	2018-03-13T23:13:39	Add libpthread for libtls build
9e06be3f	2018-01-11T23:46:22	Remove 64bit build designation on Solaris - Revert commit https://github.com/libressl-portable/portable/pull/327/commits/c18852f650a3cb258e10222695a31ed5c929ab23 - Remove -m64 from CMakeLists.txt by commit https://github.com/libressl-portable/portable/commit/08089a1b20a1818538670d641242266ed3185814 - Suggested by @andy-js in conversation https://github.com/libressl-portable/portable/pull/327
aff3a43f	2017-11-23T15:28:25	Fixed getpagesize detection on Android
5afc4e3c	2017-07-16T23:39:42	add prototype definitions of asprintf and vasprintf for CYGWIN build - define _GNU_SOURCE in case of cygwin As compilation warning report by @Dravion
70ee57c6	2017-07-09T05:12:21	Land #328, generate the crypto export symbol list at build time
9b88fa46	2017-07-08T17:46:16	generate the crypto export symbol list at build time we currently do it at configure time, which makes this a generated source, but generated sources should be cleaned up, which breaks 'make clean; make'
c18852f6	2017-07-08T01:43:07	Set Solaris build default to 64 bit
b49242fc	2017-06-09T13:33:14	Remove misleading CFLAGS / LDFLAGS. These variables were being ignored because libtool doesn't pass -static-libgcc to GCC. If you want to link libgcc statically, currently the only way to achieve this is to manually add -static-libgcc to CC variable. See: http://www.mingw.org/wiki/HOWTO_Sneak_GCC_Switches_Past_Libtool
7ba18350	2017-04-29T18:37:18	include amd64 in the mix
1f13e795	2017-04-29T18:24:35	only include ia32 syms on i?86/x86_64 targets
048625cf	2017-04-22T23:08:17	Add freezero support
922cd9c9	2017-04-10T09:30:29	move crypto_portable.sym to builddir
d5b247cc	2017-03-16T19:23:36	Land #297, Add recallocarray
c61c9821	2017-03-15T21:02:22	Add support for getpagesize
8877e9bc	2017-03-09T22:49:04	Add recallocarray
5297e9d4	2017-02-20T10:28:49	Fix condition of arc4random* and getentropy for Cygwin build - Fix the condition of exporting getentropy - Modify the CMake condition of including arc4random_uniform as same as autoconf
7dd0650d	2017-01-26T13:58:27	Add inet_ntop and memmem for ocspcheck
91a8bd79	2017-01-25T19:37:29	Move strsep.c to crypto/compat/ and add ocspcheck build to CMake
f21bd20c	2017-01-16T09:56:20	add open(2) shim to handle O_BINARY and O_CLOEXEC
dfb6b11e	2017-01-15T04:30:41	include pipe2/socketpair compat for macOS
1d934cd2	2017-01-15T18:09:13	Fix to use -export-symbols for libcrypto - generating platform specific crypto/crypto_portable.sym from crypto.sym
a206997a	2016-12-10T20:58:04	Sync getentropy() checks with use-builtin-arc4random checks Without this, we actually fail to build a library that includes the bultin getentropy when compiling for 10.11 on 10.12.
6fa2d21b	2016-12-09T13:21:37	m4/check-libc.m4: improve getentropy check - according to man.openbsd.org getentropy() is in unistd.h - according to macOS sierra's man it's in sys/random.h - since sys/random.h is does not exist for iOS and for linux, do not attempt to include it, rather redeclare the prototype - make sure that `./configure`: - uses getentropy() on macOS sierra - does not use getentropy() if compiling for 10.11 - does not use getentropy() if compiling for ios armv7
f8a9c71e	2016-12-09T12:39:37	configure: fix getentropy() for sierra and ios This diff changes the logic by which configure detects getentropy() to ensure that we don't use the system wide getentropy - with macOS sierra if the deployment target is lower than sierra as found by tor developers here https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d - with iOS unconditionally because an app linking libressl compiled with system wide getentropy has been rejected by the App store as I have documented here https://github.com/measurement-kit/measurement-kit/pull/994 I think something similar could also affect clock_gettime judging from tor's patch, but this diff for now doesn't address that. I do not have macOS < sierra, so I could only verify that configure was not picking up system wide getentropy by compiling libressl using export CFLAGS="-mmacosx-version-min=10.11" As regards iOS, removing the check for getentropy and recompiling (thus using libressl builtin getentropy()) was enough to have another iteration of the app accepted. Otherwise testing should be possible with: export LDFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos` export CPPFLAGS=-arch armv7 -isysroot `xcrun --show-sdk-path --sdk iphoneos` export CFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos` Related ticket: https://github.com/libressl-portable/portable/issues/230
d2f5ab1e	2016-11-06T10:10:10	prefer builtin arc4random on OS X 10.12+ (using getentropy as the signal)
83e9741d	2016-08-09T15:04:45	Disable netcat if arpa/telnet.h is not available (iOS)
1b10e48a	2016-07-19T12:11:28	Fix typo in USE_BUILTIN_ARC4RANDOM check Solaris 11 recently introduced a builtin arc4random in libc which fails the tests in "make check". Found USE_BUILTIN_ARC4RANDOM, but could not get it to work. Apparently, there is a typo in the configure logic rendering USE_BUILTIN_ARC4RANDOM ineffective.
466e389d	2016-04-24T03:29:14	check linker flags before checking for functions
d4d040c1	2016-02-15T13:39:06	add things to minimize diffs with OpenNTPD-portable
35e669fd	2016-01-03T20:47:20	whitelist NetBSD 7.0 native arc4random(3) implementation. NetBSD 7 improves arc4random(3) over earlier versions by adding fork detection, stronger assertions on seed failure.
d0009039	2016-01-03T19:08:20	enable nc on AIX
53cd105d	2015-12-27T22:12:35	update check for b64_ntop typo spotted by Jonas 'Sortie' Termansen
4db1ad67	2015-12-07T08:24:41	installing nc(1) should imply building, even if not whitelisted
7a82b7c0	2015-11-23T02:07:23	build nc on solaris and cygwin
24b5a96a	2015-10-23T16:19:07	whitelist nc on other BSDs
a45e38e9	2015-10-17T22:57:59	disable some tests with 32-bit time_t systems Also disable use of _mkgmtime, it does not produce correct results.
4298ac93	2015-10-14T23:53:52	include timegm fallback
ff52e6f4	2015-10-12T15:34:03	check for pledge(2)
442cc6f1	2015-10-07T08:55:05	add tame(2) check
a7f031ba	2015-10-01T07:40:26	add b64_ntop checking and fallback for nc(1)
497a47c5	2015-09-30T08:00:49	remove incorrect comment We actually want to only start extending CFLAGS after calling AC_PROG_CC so we get the default autoconf value (usually just -O2).
8c90be2a	2015-09-13T11:56:41	allow nc to build on linux and os x
a787f964	2015-09-12T10:51:11	restrict nc to openbsd builds for now
9aa4e1d9	2015-08-04T19:08:42	disable strict aliasing on HP-UX C/aC++ compiler to disable strict aliasing on HP-UX C/aC++, `+Otype_safety=off` is right. `+Otype_safety=strong` forces ANSI aliasing.
5d8a1cf7	2014-07-10T22:06:10	add initial CMake and Visual Studio build support This moves the compatibility include files from include to include/compat so we can use the awful MS C compiler <../include/> trick to emulate the GNU #include_next extension. This also removes a few old compat files we do not need anymore.
b9291fac	2015-07-16T11:34:07	disable strict aliasing on AIX xlc and HP-UX aC++ compilers
c1a162d8	2015-07-15T20:24:05	disable strict aliasing by default, noticed by miod@
54545427	2015-06-29T22:51:40	add check for inet_pton, nudge minimum win32 compat to 0x0501
b091d236	2015-06-13T22:26:58	fix libtool 2.4.2 stack-protector flag handling Teach libtool 2.4.2 how to pass -fstack-protector* to the linker so libssp is properly linked in on some toolchains. See upstream patch: https://github.com/instantinfrastructure/poky-daisy/blob/master/meta/recipes-devtools/libtool/libtool/respect-fstack-protector.patch Thanks to kinichiro inoguchi
04a8eca5	2015-06-11T08:47:12	always check if ssp needs to be linked
edfc5690	2015-05-02T11:13:41	fix definition of DISABLE_AS_EXECUTABLE_STACK
d3771a41	2015-05-01T07:18:12	refactor configure into separate m4 macros this allows for some reusability with libtls
303b972d	2015-01-05T20:14:54	simplify hardening check logic, disable for mingw Rather than doing separate linker/compiler checks, just build a non-empty program with each so that the compiler will actually try to use the hardening features. Reduce redundancy in the macro calls by just setting the flag that was just tested. Also, disable hardening for mingw, since its trying to use a libssp-0.dll file that I can't find right now. The detected hardening flags break mingw builds currently.
a6c07234	2014-12-23T05:24:24	configure.ac: use executable hardening where available Where available, enable stack smashing protection, fortify source, no-strict-overflow, and read only relocations. Many Linux distributions automatically enable most of these options. They are no brainers. The difference introduced here is in asking for a few more aggressive options. An option to disable the more aggressive options is provided (--disable-hardening). When set, configure will fall back to the default CFLAGS on the system - in many cases that will still be hardened. There is no point in going further than that. Options enabled are: -fstack-protector-strong is a relatively new GCC-4.9 feature that is supposed to give a better balance between performance and protection. -all is considered too aggressive, but was used in Chromium and other security critical systems until -strong became available. Follow their lead and use -strong when possible. clang 6.0 supports -all but not -strong. _FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with more robust equivalents when the compiler can determine the length of the buffers involved. -fno-strict-overflow instructs GCC to not make optimizations based on the assumption that signed arithmetic will wrap around on overflow (e.g. (short)0x7FFF + 1 == 0). This prevents the optimizer from doing some unexpected things. Further improvements should trap signed overflows and reduce the use of signed to refer to naturally unsigned quantities. I did not set -fPIE (position independent executables). The critical function of Open/LibreSSL is as a library, not an executable. Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check". Signed-off-by: Jim Barlow <jim@purplerock.ca>

7463f87c

2023-07-07T11:46:21

add compat getopt implementation, remove patches This adds a getopt implementation for compatibility where it is not available, removing a couple of regress patches. Note, this is a slightly modified copy from OpenBSD libc that doesn't expose getopt_long, which has dependency conflicts with Windows system headers and isn't needed anyway.

ef2d6c70

2022-07-12T22:29:39

Detect machine/endian.h for macOS

56bf8d4f

2022-02-27T06:05:41

update autotool macro deprecations fix latest round of autotool complaints

9a18f424

2022-01-17T19:04:23

Add libmd as platform specific libraries for Solaris

2f3066df

2021-11-23T13:27:17

Set IA-64 compiler flag only if it is HP-UX with IA-64 Compiler switch -mlp64 (GCC) or +DD64(HP CC) gives build failure with platform HP-UX other than IA-64. This avoids build break on HP-UX with PA-RISC platform. Suggested from Larkin Nickle (me <at> larbob org) by libressl ML.

f6906672

2021-11-09T22:34:58

Autoconf updates Move machine/endian.h to endian.h, use AC_HEADER_RESOLV over individual header checks, and include prerequisites for netinet/ip.h check.

fcf6c877

2021-10-03T13:33:16

Support operating systems without some non-POSIX headers The arpa/nameser.h, netinet/ip.h, and resolv.h headers are not crucial to building LibreSSL. The netinet/ip.h header is used in nc(1) for optional IPTOS_ features that can be ifdef'd on systems without support. The endian.h header is the upcoming standard header and should be used whenever available and correct. The machine/endian.h header is non-standard and doesn't have to exist on POSIX systems. Fix the check for getpagesize(3) not forward declaring the function, such that CFLAGS with -Werror=implicit-function-declaration doesn't cause the check to fail.

e07b5feb

2021-05-30T04:52:23

Remove -D_FORTIFY_SOURCE=2 and -lssp with mingw build

420723ee

2021-05-29T02:06:59

Fix mingw build on ubuntu 20.04 - Link libssp to resolve undefined reference __memcpy_chk - Disable dtlstest since mingw does not have poll

921c0675

2021-04-05T02:32:35

Add '--enable-libtls-only' build option

df3d4bb5

2020-11-11T05:39:56

Add -lbcrypt to Windows builds for CNG in getentropy

2c49c28d

2020-08-20T03:46:59

need ax_check_compile_flag too for older autotools

56202472

2020-08-20T02:18:39

Add a compile-time check for FORTIFY_SOURCE support This is broken on some platforms, so pull in the conditional macro from the latest version of autoconf-archive to test for working support.

b80c4bf2

2019-10-20T20:22:22

initial support for midipix

30e91bc6

2019-07-14T18:37:59

Enable speed on win32 - Use thread and sleep instead of signal and alarm, on win32 - Disable -multi option on win32 since fork is hard to implement

38c884f2

2019-04-23T01:54:33

include -ldl for SHA512 operations

53524626

2019-02-09T09:03:13

add __dead__ annotation support

a6d7ea95

2019-01-31T09:45:56

update autoconf for latest compat functions

87308034

2019-01-20T19:59:46

enable asm for mingw64

91d26602

2019-01-18T18:04:31

check for more pthread functions that might not be in libc

3f189a24

2019-01-01T22:59:47

check if we need to link pthread dynamically On Linux, bionic and musl for instance do not need libpthread. With bionic, there is not even a stub library for compatibility.

c1a44d22

2019-01-06T15:49:28

we don't need to pass this to automake

7af3ba34

2019-01-06T13:20:29

add configure-time check for timespecsub

158281bd

2018-03-22T21:32:25

AC_CHECK_FUNC does not set the define, prefer AC_CHECK_FUNCS

987aa6a0

2018-03-22T20:50:24

add clock_gettime for macos 10.11 and earlier

3fb9e63b

2018-03-14T07:29:04

bump base requirement to Windows Vista, use builtin inet_ntop/pton

0ed61809

2018-03-13T23:13:39

Add libpthread for libtls build

9e06be3f

2018-01-11T23:46:22

Remove 64bit build designation on Solaris - Revert commit https://github.com/libressl-portable/portable/pull/327/commits/c18852f650a3cb258e10222695a31ed5c929ab23 - Remove -m64 from CMakeLists.txt by commit https://github.com/libressl-portable/portable/commit/08089a1b20a1818538670d641242266ed3185814 - Suggested by @andy-js in conversation https://github.com/libressl-portable/portable/pull/327

aff3a43f

2017-11-23T15:28:25

Fixed getpagesize detection on Android

5afc4e3c

2017-07-16T23:39:42

add prototype definitions of asprintf and vasprintf for CYGWIN build - define _GNU_SOURCE in case of cygwin As compilation warning report by @Dravion

70ee57c6

2017-07-09T05:12:21

Land #328, generate the crypto export symbol list at build time

9b88fa46

2017-07-08T17:46:16

generate the crypto export symbol list at build time we currently do it at configure time, which makes this a generated source, but generated sources should be cleaned up, which breaks 'make clean; make'

c18852f6

2017-07-08T01:43:07

Set Solaris build default to 64 bit

b49242fc

2017-06-09T13:33:14

Remove misleading CFLAGS / LDFLAGS. These variables were being ignored because libtool doesn't pass -static-libgcc to GCC. If you want to link libgcc statically, currently the only way to achieve this is to manually add -static-libgcc to CC variable. See: http://www.mingw.org/wiki/HOWTO_Sneak_GCC_Switches_Past_Libtool

7ba18350

2017-04-29T18:37:18

include amd64 in the mix

1f13e795

2017-04-29T18:24:35

only include ia32 syms on i?86/x86_64 targets

048625cf

2017-04-22T23:08:17

Add freezero support

922cd9c9

2017-04-10T09:30:29

move crypto_portable.sym to builddir

d5b247cc

2017-03-16T19:23:36

Land #297, Add recallocarray

c61c9821

2017-03-15T21:02:22

Add support for getpagesize

8877e9bc

2017-03-09T22:49:04

Add recallocarray

5297e9d4

2017-02-20T10:28:49

Fix condition of arc4random* and getentropy for Cygwin build - Fix the condition of exporting getentropy - Modify the CMake condition of including arc4random_uniform as same as autoconf

7dd0650d

2017-01-26T13:58:27

Add inet_ntop and memmem for ocspcheck

91a8bd79

2017-01-25T19:37:29

Move strsep.c to crypto/compat/ and add ocspcheck build to CMake

f21bd20c

2017-01-16T09:56:20

add open(2) shim to handle O_BINARY and O_CLOEXEC

dfb6b11e

2017-01-15T04:30:41

include pipe2/socketpair compat for macOS

1d934cd2

2017-01-15T18:09:13

Fix to use -export-symbols for libcrypto - generating platform specific crypto/crypto_portable.sym from crypto.sym

a206997a

2016-12-10T20:58:04

Sync getentropy() checks with use-builtin-arc4random checks Without this, we actually fail to build a library that includes the bultin getentropy when compiling for 10.11 on 10.12.

6fa2d21b

2016-12-09T13:21:37

m4/check-libc.m4: improve getentropy check - according to man.openbsd.org getentropy() is in unistd.h - according to macOS sierra's man it's in sys/random.h - since sys/random.h is does not exist for iOS and for linux, do not attempt to include it, rather redeclare the prototype - make sure that `./configure`: - uses getentropy() on macOS sierra - does not use getentropy() if compiling for 10.11 - does not use getentropy() if compiling for ios armv7

f8a9c71e

2016-12-09T12:39:37

configure: fix getentropy() for sierra and ios This diff changes the logic by which configure detects getentropy() to ensure that we don't use the system wide getentropy - with macOS sierra if the deployment target is lower than sierra as found by tor developers here https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d - with iOS unconditionally because an app linking libressl compiled with system wide getentropy has been rejected by the App store as I have documented here https://github.com/measurement-kit/measurement-kit/pull/994 I think something similar could also affect clock_gettime judging from tor's patch, but this diff for now doesn't address that. I do not have macOS < sierra, so I could only verify that configure was not picking up system wide getentropy by compiling libressl using export CFLAGS="-mmacosx-version-min=10.11" As regards iOS, removing the check for getentropy and recompiling (thus using libressl builtin getentropy()) was enough to have another iteration of the app accepted. Otherwise testing should be possible with: export LDFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos` export CPPFLAGS=-arch armv7 -isysroot `xcrun --show-sdk-path --sdk iphoneos` export CFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos` Related ticket: https://github.com/libressl-portable/portable/issues/230

d2f5ab1e

2016-11-06T10:10:10

prefer builtin arc4random on OS X 10.12+ (using getentropy as the signal)

83e9741d

2016-08-09T15:04:45

Disable netcat if arpa/telnet.h is not available (iOS)

1b10e48a

2016-07-19T12:11:28

Fix typo in USE_BUILTIN_ARC4RANDOM check Solaris 11 recently introduced a builtin arc4random in libc which fails the tests in "make check". Found USE_BUILTIN_ARC4RANDOM, but could not get it to work. Apparently, there is a typo in the configure logic rendering USE_BUILTIN_ARC4RANDOM ineffective.

466e389d

2016-04-24T03:29:14

check linker flags before checking for functions

d4d040c1

2016-02-15T13:39:06

add things to minimize diffs with OpenNTPD-portable

35e669fd

2016-01-03T20:47:20

whitelist NetBSD 7.0 native arc4random(3) implementation. NetBSD 7 improves arc4random(3) over earlier versions by adding fork detection, stronger assertions on seed failure.

d0009039

2016-01-03T19:08:20

enable nc on AIX

53cd105d

2015-12-27T22:12:35

update check for b64_ntop typo spotted by Jonas 'Sortie' Termansen

4db1ad67

2015-12-07T08:24:41

installing nc(1) should imply building, even if not whitelisted

7a82b7c0

2015-11-23T02:07:23

build nc on solaris and cygwin

24b5a96a

2015-10-23T16:19:07

whitelist nc on other BSDs

a45e38e9

2015-10-17T22:57:59

disable some tests with 32-bit time_t systems Also disable use of _mkgmtime, it does not produce correct results.

4298ac93

2015-10-14T23:53:52

include timegm fallback

ff52e6f4

2015-10-12T15:34:03

check for pledge(2)

442cc6f1

2015-10-07T08:55:05

add tame(2) check

a7f031ba

2015-10-01T07:40:26

add b64_ntop checking and fallback for nc(1)

497a47c5

2015-09-30T08:00:49

remove incorrect comment We actually want to only start extending CFLAGS after calling AC_PROG_CC so we get the default autoconf value (usually just -O2).

8c90be2a

2015-09-13T11:56:41

allow nc to build on linux and os x

a787f964

2015-09-12T10:51:11

restrict nc to openbsd builds for now

9aa4e1d9

2015-08-04T19:08:42

disable strict aliasing on HP-UX C/aC++ compiler to disable strict aliasing on HP-UX C/aC++, `+Otype_safety=off` is right. `+Otype_safety=strong` forces ANSI aliasing.

5d8a1cf7

2014-07-10T22:06:10

add initial CMake and Visual Studio build support This moves the compatibility include files from include to include/compat so we can use the awful MS C compiler <../include/> trick to emulate the GNU #include_next extension. This also removes a few old compat files we do not need anymore.

b9291fac

2015-07-16T11:34:07

disable strict aliasing on AIX xlc and HP-UX aC++ compilers

c1a162d8

2015-07-15T20:24:05

disable strict aliasing by default, noticed by miod@

54545427

2015-06-29T22:51:40

add check for inet_pton, nudge minimum win32 compat to 0x0501

b091d236

2015-06-13T22:26:58

fix libtool 2.4.2 stack-protector flag handling Teach libtool 2.4.2 how to pass -fstack-protector* to the linker so libssp is properly linked in on some toolchains. See upstream patch: https://github.com/instantinfrastructure/poky-daisy/blob/master/meta/recipes-devtools/libtool/libtool/respect-fstack-protector.patch Thanks to kinichiro inoguchi

04a8eca5

2015-06-11T08:47:12

always check if ssp needs to be linked

edfc5690

2015-05-02T11:13:41

fix definition of DISABLE_AS_EXECUTABLE_STACK

d3771a41

2015-05-01T07:18:12

refactor configure into separate m4 macros this allows for some reusability with libtls

303b972d

2015-01-05T20:14:54

simplify hardening check logic, disable for mingw Rather than doing separate linker/compiler checks, just build a non-empty program with each so that the compiler will actually try to use the hardening features. Reduce redundancy in the macro calls by just setting the flag that was just tested. Also, disable hardening for mingw, since its trying to use a libssp-0.dll file that I can't find right now. The detected hardening flags break mingw builds currently.

a6c07234

2014-12-23T05:24:24

configure.ac: use executable hardening where available Where available, enable stack smashing protection, fortify source, no-strict-overflow, and read only relocations. Many Linux distributions automatically enable most of these options. They are no brainers. The difference introduced here is in asking for a few more aggressive options. An option to disable the more aggressive options is provided (--disable-hardening). When set, configure will fall back to the default CFLAGS on the system - in many cases that will still be hardened. There is no point in going further than that. Options enabled are: -fstack-protector-strong is a relatively new GCC-4.9 feature that is supposed to give a better balance between performance and protection. -all is considered too aggressive, but was used in Chromium and other security critical systems until -strong became available. Follow their lead and use -strong when possible. clang 6.0 supports -all but not -strong. _FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with more robust equivalents when the compiler can determine the length of the buffers involved. -fno-strict-overflow instructs GCC to not make optimizations based on the assumption that signed arithmetic will wrap around on overflow (e.g. (short)0x7FFF + 1 == 0). This prevents the optimizer from doing some unexpected things. Further improvements should trap signed overflows and reduce the use of signed to refer to naturally unsigned quantities. I did not set -fPIE (position independent executables). The critical function of Open/LibreSSL is as a library, not an executable. Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check". Signed-off-by: Jim Barlow <jim@purplerock.ca>

kc3-lang/libressl/m4

m4

Log