From deraadt@ upstream:
Remove all getenv() calls, especially those wrapped by issetugid().
getenv()'s wrapped by issetugid() are safe, but issetugid() is ...
difficult to impliment on many operating systems. By accident, a grand
experiment was run over the last year, where issetugid() returned 1 (the
safe value) on a few operating systems. Noone noticed & complained that
certain environment variables were not working.......
Previously, we semi-manually grabbed the MLINKS from the libressl
Makefiles. The better way is to extract this information from the mandoc
link database files directly, allowing for MLINKS to eventually go away
upstream.
Move define adjustments to CPPFLAGS.
Adjust user CFLAGS directly, do not override during configuration.
USER_CFLAGS is not necessary to build libcompat_noopt correctly.
There are so many test exceptions that need handling that it is easier
to simply edit it directly rather than doing autogeneration anymore.
This also puts biotest and pidwraptest behind a new --enable-extratests
option, so they are easy to run but are not enabled by default.
The API/ABI for the LibreSSL 2.1.x series is now fixed, so we can safely
enable libtls it by default. This is useful for new OpenNTPD and
OpenSMTPD releases as well.
ok deraadt@ beck@ sthen@
- Introduce the tests_disabled array, add biotest, explicit_bzero and
pidwraptest.
- Add preceeding comment to explain why every test is skipped
- Rearrange loops generating Makefile.am dependencies to look for tests
in tests_disabled first and skip them.
Signed-off-by: Corinna Vinschen <github@cygwin.de>
This puts the 32 and 64-bit binaries in the same zip file, adds debug
files that are compatible with Visual Studio/windbg, and updates for the
new configure options.
This enables DEP and ALSR capabilities. Stack protection is enabled
optionally, there are some extra linking steps required that make it
difficult to enable by default.
I will update my toolchain and try --high-entropy-va and
stack-protector-strong later. We will probably need to ship libssp-0.dll
as well. Thanks to jsg for hints.
