From nobody Wed Jun 22 16:21:46 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 6003885A209; Wed, 22 Jun 2022 16:21:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LSpYQ2Fvbz4jFQ; Wed, 22 Jun 2022 16:21:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1655914906; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qTpNF/3B88PXBdH4+5Wb1lyoyOE35cp0ZtOaYmrt+B8=; b=UnepxbQpVu4Ool0yzTIYODUq8tuR2FANbUDQe/oVqoXZUwJw93J6iBeyhzNkicONapvD5d uYxaBRyip8k+XnjcuAvxwIUlNqfdKofRNhBSljVMfyohMH+vFKJKLPnNUurMkMrutxvSGo kHSX9rUttOiu/oTlxN+s17utDFYsh7scxFf9a7+cJRRlARyIm+gdyxr/AcPqvipIM6f5S+ Z4iTpRx2HQQWOt2eZa9L4eLrzbV/+EHjTCObeytrdd5uiHoDepwO3knOwGn9JXHjKZZCGo vUyBEDJWU5Snnxr+JI9v8c967WVzixhhsJ/QzkYn1FTbs2o1qFPGndBgyRVXvg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2E06118B2; Wed, 22 Jun 2022 16:21:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 25MGLkqL007711; Wed, 22 Jun 2022 16:21:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 25MGLkeo007710; Wed, 22 Jun 2022 16:21:46 GMT (envelope-from git) Date: Wed, 22 Jun 2022 16:21:46 GMT Message-Id: <202206221621.25MGLkeo007710@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ed Maste Subject: git: a8af3aee4b45 - main - src.conf.5: regen after RELRO knob addition List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a8af3aee4b45c619f4638789af518d068d5de682 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1655914906; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qTpNF/3B88PXBdH4+5Wb1lyoyOE35cp0ZtOaYmrt+B8=; b=DSrfeKGybw65baL8BDcbfK9NzIouY4DXBU8w3REy9y2b/Hn5EzGGqzSe4y1qh2ayUN+x6e g0hl6+SF5NrZnYJT1iajPlI88u104qhrtkiluGVP1OICNxAxwQQklU8Ja/FYKMKijz3hZe Lrjt9E+dBZHwe6aMYpG6cT75ArO/D8u9ELCw1KdKUxlx21z8raRrCDyOS7cMGvq1ow15p5 Ub6IjOI1N5DOMb1ynP8XdlRSYuVgMZeBR1lu1J8NLSG+m8ri5Dr3xtPGbHrwPKdRhDQpwB p/ypSY7Qhe4UZXuLqGUJPgYN11BXgOm/N5Jq0QTXLAAdPfemLEuW7rJo0+aqDw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1655914906; a=rsa-sha256; cv=none; b=VGhGE0MmWapN3b0JFx2bwF+6pWkXNH1PxuMmGw9ghB3Ie5NnKQ0CY9/axjHA1U8nHfh/7K OLW11+p7mEO3BWvzw97NCvce+Y5mwbnwbL4zWWNWtmZXnGHPpgiC62PGnMGnf8TS2/ImQq ra0nYIPkLVo7J4kF/HkNABWnhyPwerQUKAFKmMzp7Yb3r20/2DA62Bte7/dg0ZtjoOj5Kd cybVoKRIcuhK4QZrWza05mQxqGQQuaNzb0xTdLEWGz+jOCeesRx1Mq6h8nMDyi4d9w9jxw BJmapyx1O/WO1CkIAED4oAWmh7SiJXvh46WarPfFzGf/ZYeXUvE0UPJeTnZBFw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=a8af3aee4b45c619f4638789af518d068d5de682 commit a8af3aee4b45c619f4638789af518d068d5de682 Author: Ed Maste AuthorDate: 2022-06-22 16:21:31 +0000 Commit: Ed Maste CommitDate: 2022-06-22 16:21:31 +0000 src.conf.5: regen after RELRO knob addition --- share/man/man5/src.conf.5 | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/share/man/man5/src.conf.5 b/share/man/man5/src.conf.5 index fec3a7ab6069..f1ca36e5597d 100644 --- a/share/man/man5/src.conf.5 +++ b/share/man/man5/src.conf.5 @@ -1,6 +1,6 @@ .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. .\" $FreeBSD$ -.Dd June 8, 2022 +.Dd June 22, 2022 .Dt SRC.CONF 5 .Os .Sh NAME @@ -196,6 +196,13 @@ Build all binaries with the .Dv DF_BIND_NOW flag set to indicate that the run-time loader should perform all relocation processing at process startup rather than on demand. +The combination of the +.Va BIND_NOW +and +.Va RELRO +options provide "full" Relocation Read-Only (RELRO) support. +With full RELRO the entire GOT is made read-only after performing relocation at +startup, avoiding GOT overwrite attacks. .It Va WITHOUT_BLACKLIST Set this if you do not want to build .Xr blacklistd 8 @@ -651,8 +658,8 @@ Avoid installing examples to Include experimental features in the build. .It Va WITH_EXTRA_TCP_STACKS Build extra TCP stack modules. -.It Va WITHOUT_FDT -Do not build Flattened Device Tree support as part of the base system. +.It Va WITH_FDT +Build Flattened Device Tree support as part of the base system. This includes the device tree compiler (dtc) and libfdt support library. .It Va WITHOUT_FILE Do not build @@ -1416,6 +1423,11 @@ by proxy. .It Va WITHOUT_RBOOTD Do not build or install .Xr rbootd 8 . +.It Va WITHOUT_RELRO +Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation. +See also the +.Va BIND_NOW +option. .It Va WITH_REPRODUCIBLE_BUILD Exclude build metadata (such as the build time, user, or host) from the kernel, boot loaders, and uname output, so that builds produce