From nobody Thu Mar 2 16:07:47 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PSGGX1FYqz3vyR8; Thu, 2 Mar 2023 16:07:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PSGGX0gYyz4Rk0; Thu, 2 Mar 2023 16:07:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677773268; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lolsnNfZ4Vbj2AOdQdCSiMGRBk7Q3+dTpzDyJPJ5DjI=; b=bQdnNC1s4C1LvsLh/KCvymVcBYBlpbIFky1LGnQlMh3WL2ktlu7+NPjgSNLtIXymEi3hVh byUCyZX0dkZNmmDblG4MuwcUN2caEQKedNnD6QBo1ZN9cX19fkpq1J7VF8yN9YMSYHM/EP 9Tx+MetvuRnwZTEYm2KD4w5PeO8kbGCnVxx6vg/l0QUzwWTRNkrJEz/7z2UFDDz4KA9l/Y iv4NAOLW7TXrnHQ77CoMSfntb0jLwbxl8kIHWUCu1pY2Hc4tQfzbYisrHY1ZHv/helePbf CZCIzl8BGNPZ8HyPp4Xin0A4jU3MBVLBQgXuY2WEVbRvEd3pa2H17OL5Juw5Kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677773268; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lolsnNfZ4Vbj2AOdQdCSiMGRBk7Q3+dTpzDyJPJ5DjI=; b=XyoHMzCLavPKgtkB0gGVG8+2JB7yydhinBRjPtaQENYrx1de5IHnyQTPIWwZc3LdSKKSSb q+WKlQBifzP62MrFCfPoAZh8YEtMhvWDrEKYRg7wGtBsd0XX2VSKtcPYxo9ZVzbSBRLU4N V5UPF42K15KnJ1Kn65QyT3Z55rGyTKoxjXBL8l41o505XTyYsUEGNY4Ta/ptUM08uCbkkr 3iQ1PXSetumSrx21VMJywADX/opYRZHdx1oO8lZ6J2h7HAk3rs6yP8hBkwbNxYyLs+1zcb 0DKUcpDKFJmTf1O8eCBM/qwOnxcVHJnbaLCHpdtLY9b9mHQpHF57CNqQehGGWQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1677773268; a=rsa-sha256; cv=none; b=M/HCPhzPHME5+9p3jV7NvRhSIyqUngPTXR+0L6EHr4Zg5CW6RlJVfBMAHC/jSZRAaIxkS2 HcJNPUSW9c1h/A1sI1o337zuDDU24s0gA19nYGjUPJG2JhZS7AqZDGznFP/KS9rrqDESar 6RamNdzTGQqSndHoSOnE3wiWoN7RJRAciEm4wsgCkSTdN1SCMqBan30p0SYe8kBrKQvYr3 YV1uqNXpGl2sqDxMppABt9ueJhnpTqnmusPien6WHeyweEzd3f54efOALhtFfczrsxgKN/ bqbHR/xui5jNitzX2Llzii8tBbsse9R4qsI/MZ+74dFGpj/bVxvah69CCEk8zA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PSGGW6tKRzN2C; Thu, 2 Mar 2023 16:07:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 322G7lDv021298; Thu, 2 Mar 2023 16:07:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 322G7lZe021297; Thu, 2 Mar 2023 16:07:47 GMT (envelope-from git) Date: Thu, 2 Mar 2023 16:07:47 GMT Message-Id: <202303021607.322G7lZe021297@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 65d7644bdb16 - stable/13 - src.conf: regen man page after RELRO change List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 65d7644bdb167b549aa0d1480424cc4e186649f2 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=65d7644bdb167b549aa0d1480424cc4e186649f2 commit 65d7644bdb167b549aa0d1480424cc4e186649f2 Author: Ed Maste AuthorDate: 2023-03-02 14:34:43 +0000 Commit: Ed Maste CommitDate: 2023-03-02 14:35:23 +0000 src.conf: regen man page after RELRO change --- share/man/man5/src.conf.5 | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/share/man/man5/src.conf.5 b/share/man/man5/src.conf.5 index d7bb2f063fcc..62439ee77a41 100644 --- a/share/man/man5/src.conf.5 +++ b/share/man/man5/src.conf.5 @@ -1,6 +1,6 @@ .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. .\" $FreeBSD$ -.Dd February 28, 2023 +.Dd March 2, 2023 .Dt SRC.CONF 5 .Os .Sh NAME @@ -183,6 +183,13 @@ Build all binaries with the .Dv DF_BIND_NOW flag set to indicate that the run-time loader should perform all relocation processing at process startup rather than on demand. +The combination of the +.Va BIND_NOW +and +.Va RELRO +options provide "full" Relocation Read-Only (RELRO) support. +With full RELRO the entire GOT is made read-only after performing relocation at +startup, avoiding GOT overwrite attacks. .It Va WITHOUT_BLACKLIST Set this if you do not want to build .Xr blacklistd 8 @@ -1425,6 +1432,11 @@ by proxy. .It Va WITHOUT_RBOOTD Do not build or install .Xr rbootd 8 . +.It Va WITHOUT_RELRO +Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation. +See also the +.Va BIND_NOW +option. .It Va WITH_REPRODUCIBLE_BUILD Exclude build metadata (such as the build time, user, or host) from the kernel, boot loaders, and uname output, so that builds produce