On 2014-08-20 12:34, Bryan Drewery wrote:
On 9/21/2013 5:49 AM, Bryan Drewery wrote:
Ports now support enabling Stack Protector [1] support on FreeBSD 10
i386 and amd64, and older releases on amd64 only currently.
Support may be added for earlier i386 releases once all ports properly
respect LDFLAGS.
To enable, just add WITH_SSP=yes to your make.conf and rebuild all
ports.
The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all
may optionally be set instead.
Please help test this on your system. We would like to eventually
enable
this by default, but need to identify any major ports that have
run-time
issues due to it.
[1] https://en.wikipedia.org/wiki/Buffer_overflow_protection
We have not had any feedback on this yet and want to get it enabled by
default for ports and packages.
We now have a repository that you can use rather than the default to
help test. We need your help to identify any issues before switching
the
default.
This repository is available for:
head
10.0
9.1,9.2,9.3
It is not available for 8.4. If someone is willing to test on 8.4 I
will
build a repository for it.
Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf:
FreeBSD: { enabled: no }
FreeBSD_ssp: {
url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp";,
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkg",
enabled: yes
}
Once that is done you should force reinstall packages from this
repository:
pkg update
pkg upgrade -f
Thanks for your help!
Bryan Drewery
On behalf of portmgr.
I have been building (poudriere) and running some 1100+ ports
WITH_SSP_PORT=yes under 10-STABLE and CURRENT without issue. This is
using both our local repository and the ssp repository listed above.
--mikej
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
