|
ef01eb71
|
2015-09-11T09:10:57
|
|
speed up builds without killing os x perhaps
|
|
|
b5090c58
|
2015-09-11T08:03:56
|
|
add cmake test support
|
|
|
1c2a3f25
|
2015-09-09T07:45:54
|
|
Remove cmake tests from travis builds for now.
This seemed like it should be easy, but apparently there are a lot of
gotchas that need to be ironed out in a branch first.
|
|
|
e04dfb2b
|
2015-09-09T07:34:37
|
|
fix a couple of travis build failures
|
|
|
46c9a8de
|
2015-09-09T07:13:05
|
|
revert some travis shell portability tweaks
|
|
|
f6999fbe
|
2015-09-09T07:01:05
|
|
try ninja on travis linux again
|
|
|
c0341ad1
|
2015-09-09T06:59:35
|
|
use newer cmake for travis linux builds, revise build script
|
|
|
2728a865
|
2015-09-09T06:40:05
|
|
travis' cmake does not support ninja, use make
|
|
|
5de4c4f0
|
2015-09-09T06:12:16
|
|
add travis-ci cmake tests
|
|
|
dd646a33
|
2015-03-18T19:12:42
|
|
enable libtls by default
The API/ABI for the LibreSSL 2.1.x series is now fixed, so we can safely
enable libtls it by default. This is useful for new OpenNTPD and
OpenSMTPD releases as well.
ok deraadt@ beck@ sthen@
|
|
|
a323f52a
|
2015-01-31T22:42:08
|
|
be even nicer to OS X's fork
|
|
|
fc7ba469
|
2015-01-31T22:35:52
|
|
be nicer to travis OS X machines, remove unneeded 'make clean'
|
|
|
100625e3
|
2015-01-31T22:24:31
|
|
only use the specific build matrix
use sudo to install mingw toolchains
|
|
dd7ed132
|
2015-01-31T22:13:19
|
|
update travis-ci build to check mingw32/64 targets
|
|
|
5be407a4
|
2015-01-02T07:42:15
|
|
move public domain to top, help automatic tools
|
|
813e7bda
|
2015-01-01T15:03:03
|
|
Change comments to remark on script not being needed for clang >= 5.1
|
|
|
c0a8ddc1
|
2014-12-23T21:47:03
|
|
configure.ac: use executable hardening where available
Where available, enable stack smashing protection, fortify source,
no-strict-overflow, and read only relocations.
Many Linux distributions automatically enable most of these options.
They are no brainers. The difference introduced here is in asking for a
few more aggressive options. An option to disable the more aggressive
options is provided (--disable-hardening). When set, configure will fall
back to the default CFLAGS on the system - in many cases that will still
be hardened. There is no point in going further than that.
Options enabled are:
-fstack-protector-strong is a relatively new GCC-4.9 feature that is
supposed to give a better balance between performance and protection.
-all is considered too aggressive, but was used in Chromium and other
security critical systems until -strong became available. Follow their
lead and use -strong when possible. clang 6.0 supports -all but not
-strong.
_FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with
more robust equivalents when the compiler can determine the length of
the buffers involved.
-fno-strict-overflow instructs GCC to not make optimizations based on
the assumption that signed arithmetic will wrap around on overflow (e.g.
(short)0x7FFF + 1 == 0). This prevents the optimizer from doing some
unexpected things. Further improvements should trap signed overflows and
reduce the use of signed to refer to naturally unsigned quantities.
I did not set -fPIE (position independent executables). The critical
function of Open/LibreSSL is as a library, not an executable.
Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check".
The code added to m4/ is GPLv3 but con
Signed-off-by: Jim Barlow <jim@purplerock.ca>
|