Stop linking iked -static: It was inherited from isakmpd that is

-static for NFS-over-IPsec that might mount the libraries after /usr.
The benefit of linking iked dynamic outweighs the historic reason, eg.
to get full address space randomization and to benefit from libcrypto
updates, so we turn it into a dynamic binary.

OK deraadt@ naddy@

diff --git a/sbin/iked/Makefile b/sbin/iked/Makefile
index 2194a95..77a79a9 100644 (file)
--- a/sbin/iked/Makefile
+++ b/sbin/iked/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.13 2015/10/19 11:25:35 reyk Exp $
+# $OpenBSD: Makefile,v 1.14 2015/10/22 15:14:27 reyk Exp $
 
 PROG=          iked
 SRCS=          ca.c chap_ms.c config.c control.c crypto.c dh.c \
@@ -10,6 +10,9 @@ SRCS+=                parse.y
 MAN=           iked.conf.5 iked.8
 #NOMAN=                yes
 
+# Don't compile iked as static binary by default
+LDSTATIC=
+
 LDADD=         -lutil -levent -lcrypto
 DPADD=         ${LIBUTIL} ${LIBEVENT} ${LIBCRYPTO}
 CFLAGS+=       -Wall -I${.CURDIR}