[CFT] SSP Package Repository available
bryn1u85 .
m.bryn1u at gmail.com
Wed Aug 20 17:24:21 UTC 2014
For older versions of Freebsd add to /etc/make.conf
SSP_CFLAGS=-fstack-protector-all
SSP_CXXFLAGS=-fstack-protector-all
Should works.
2014-08-20 18:34 GMT+02:00 Bryan Drewery <bdrewery at freebsd.org>:
> On 9/21/2013 5:49 AM, Bryan Drewery wrote:
> > Ports now support enabling Stack Protector [1] support on FreeBSD 10
> > i386 and amd64, and older releases on amd64 only currently.
> >
> > Support may be added for earlier i386 releases once all ports properly
> > respect LDFLAGS.
> >
> > To enable, just add WITH_SSP=yes to your make.conf and rebuild all ports.
> >
> > The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all
> > may optionally be set instead.
> >
> > Please help test this on your system. We would like to eventually enable
> > this by default, but need to identify any major ports that have run-time
> > issues due to it.
> >
> > [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection
> >
>
> We have not had any feedback on this yet and want to get it enabled by
> default for ports and packages.
>
> We now have a repository that you can use rather than the default to
> help test. We need your help to identify any issues before switching the
> default.
>
> This repository is available for:
>
> head
> 10.0
> 9.1,9.2,9.3
>
> It is not available for 8.4. If someone is willing to test on 8.4 I will
> build a repository for it.
>
> Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf:
>
> FreeBSD: { enabled: no }
> FreeBSD_ssp: {
> url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp",
> mirror_type: "srv",
> signature_type: "fingerprints",
> fingerprints: "/usr/share/keys/pkg",
> enabled: yes
> }
>
> Once that is done you should force reinstall packages from this repository:
>
> pkg update
> pkg upgrade -f
>
> Thanks for your help!
> Bryan Drewery
> On behalf of portmgr.
>
>
More information about the freebsd-ports
mailing list