FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=master 2020-12-09T02:05:14Z 2020-12-09T02:05:14Z Jung-uk Kim jkim@FreeBSD.org 2020-12-09T02:05:14Z urn:sha1:c3c73b4f0a91d2806e1a632b75f769fb4fa89576 2020-10-27T11:29:11Z Stefan Eßer se@FreeBSD.org 2020-10-27T11:29:11Z urn:sha1:1f474190fc280d4a4ef0c214e4d7fff0d1237e22 Literal references to /usr/local exist in a large number of files in the FreeBSD base system. Many are in contributed software, in configuration files, or in the documentation, but 19 uses have been identified in C source files or headers outside the contrib and sys/contrib directories. This commit makes it possible to set _PATH_LOCALBASE in paths.h to use a different prefix for locally installed software. In order to avoid changes to openssh source files, LOCALBASE is passed to the build via Makefiles under src/secure. While _PATH_LOCALBASE could have been used here, there is precedent in the construction of the path used to a xauth program which depends on the LOCALBASE value passed on the compiler command line to select a non-default directory. This could be changed in a later commit to make the openssh build consistently use _PATH_LOCALBASE. It is considered out-of-scope for this commit. Reviewed by: imp MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D26942 2020-10-20T17:00:43Z John Baldwin jhb@FreeBSD.org 2020-10-20T17:00:43Z urn:sha1:bc3d5698008e9b3b19495e853cbc2598979ccf8a Sponsored by: Netflix 2020-09-22T16:18:31Z Jung-uk Kim jkim@FreeBSD.org 2020-09-22T16:18:31Z urn:sha1:58f351825a371d1a3dd693d6f64a1245ea851a51 2020-09-18T17:17:46Z Kyle Evans kevans@FreeBSD.org 2020-09-18T17:17:46Z urn:sha1:fe815331bb40604ba31312acf7e4619674631777 The current default is provided in various Makefile.inc in some top-level directories and covers a good portion of the tree, but doesn't cover parts of the build a little deeper (e.g. libcasper). Provide a default in src.sys.mk and set WARNS to it in bsd.sys.mk if that variable is defined. This lets us relatively cleanly provide a default WARNS no matter where you're building in the src tree without breaking things outside of the tree. Crunchgen has been updated as a bootstrap tool to work on this change because it needs r365605 at a minimum to succeed. The cleanup necessary to successfully walk over this change on WITHOUT_CLEAN builds has been added. There is a supplemental project to this to list all of the warnings that are encountered when the environment has WARNS=6 NO_WERROR=yes: https://warns.kevans.dev -- this project will hopefully eventually go away in favor of CI doing a much better job than it. Reviewed by: emaste, brooks, ngie (all earlier version) Reviewed by: emaste, arichardson (depend-cleanup.sh change) Differential Revision: https://reviews.freebsd.org/D26455 2020-08-26T16:56:44Z Jung-uk Kim jkim@FreeBSD.org 2020-08-26T16:56:44Z urn:sha1:3971092e119dd117e9e40f6b5955f54a2762dcf3 2020-08-13T20:28:35Z John Baldwin jhb@FreeBSD.org 2020-08-13T20:28:35Z urn:sha1:1e04d9ff3e2565a402e449eb59b30b826bb2894a In practice this isn't used in OpenSSL outside of some sparc-specific code. Reviewed by: delphij Differential Revision: https://reviews.freebsd.org/D26058 2020-07-01T00:59:28Z Conrad Meyer cem@FreeBSD.org 2020-07-01T00:59:28Z urn:sha1:80a315ffb6053e5e2b1a0d07d7571fad0e0a64bd SSLv3 has been deprecated since 2015 (and broken since 2014: "POODLE"); it should not have shipped in FreeBSD 11 (2016) or 12 (2018). No one should use it, and if they must, they can use some implementation outside of base. There are three symbols removed with OPENSSL_NO_SSL3_METHOD: SSLv3_client_method SSLv3_method SSLv3_server_method These symbols exist to request an explicit SSLv3 connection to a server. There is no good reason for an application to link or invoke these symbols instead of TLS_method(), et al (née SSLv23_method, et al). Applications that do so have broken cryptography. Define these symbols for some pedantic definition of ABI stability, but remove the functionality again (r361392) after r362620. Reviewed by: gordon, jhb (earlier-but-equivalent version both) Discussed with: bjk, kib Differential Revision: https://reviews.freebsd.org/D25493 2020-06-25T19:35:37Z Gordon Tetlow gordon@FreeBSD.org 2020-06-25T19:35:37Z urn:sha1:e3981394150dab0d36ccbd30b21aeb9732cb7f56 This define caused a couple of symbols to disappear. To keep ABI compatibility, we are going to keep the symbols exposed, but leave SSLv3 as not in the default config (this is what OPENSSL_NO_SSL3 achieves). The ramifications of this is an application can still use SSLv3 if it specifically calls the SSLv3_method family of APIs. Reported by: kib, others Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D25451 2020-06-01T18:58:09Z Tijl Coosemans tijl@FreeBSD.org 2020-06-01T18:58:09Z urn:sha1:82c3a6548f7a4b40a68c27faa55751af56e42b38 /usr/lib32 and let 32-bit libcrypto search that location instead of /usr/lib/engines. Reviewed by: jkim