[CFT] SSP Package Repository available

Bryan Drewery bdrewery at FreeBSD.org
Thu Aug 21 15:55:49 UTC 2014 

On 8/21/2014 6:56 AM, Ronald Klop wrote:
> On Wed, 20 Aug 2014 18:34:22 +0200, Bryan Drewery <bdrewery at freebsd.org>
> wrote:
> 
>> On 9/21/2013 5:49 AM, Bryan Drewery wrote:
>>> Ports now support enabling Stack Protector [1] support on FreeBSD 10
>>> i386 and amd64, and older releases on amd64 only currently.
>>>
>>> Support may be added for earlier i386 releases once all ports properly
>>> respect LDFLAGS.
>>>
>>> To enable, just add WITH_SSP=yes to your make.conf and rebuild all
>>> ports.
>>>
>>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all
>>> may optionally be set instead.
>>>
>>> Please help test this on your system. We would like to eventually enable
>>> this by default, but need to identify any major ports that have run-time
>>> issues due to it.
>>>
>>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection
>>>
>>
>> We have not had any feedback on this yet and want to get it enabled by
>> default for ports and packages.
>>
>> We now have a repository that you can use rather than the default to
>> help test. We need your help to identify any issues before switching the
>> default.
>>
>> This repository is available for:
>>
>> head
>> 10.0
>> 9.1,9.2,9.3
>>
>> It is not available for 8.4. If someone is willing to test on 8.4 I will
>> build a repository for it.
>>
>> Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf:
>>
>> FreeBSD: { enabled: no }
>> FreeBSD_ssp: {
>>   url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp",
>>   mirror_type: "srv",
>>   signature_type: "fingerprints",
>>   fingerprints: "/usr/share/keys/pkg",
>>   enabled: yes
>> }
>>
>> Once that is done you should force reinstall packages from this
>> repository:
>>
>>   pkg update
>>   pkg upgrade -f
>>
>> Thanks for your help!
>> Bryan Drewery
>> On behalf of portmgr.
>>
> 
> 
> Hi,
> 
> Is it necessary to upgrade all packages at once or can I just enable
> WITH_SSP and upgrade ports as they are updated in the ports tree?
> 

You can let them update on their own if you wish. Of course SSP won't be
in the binaries until they are rebuilt.

-- 
Regards,
Bryan Drewery

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20140821/b512cf08/attachment.sig>

More information about the freebsd-ports mailing list