[CFT] SSP Package Repository available
Bryan Drewery
bdrewery at FreeBSD.org
Thu Aug 21 15:55:49 UTC 2014
On 8/21/2014 6:56 AM, Ronald Klop wrote:
> On Wed, 20 Aug 2014 18:34:22 +0200, Bryan Drewery <bdrewery at freebsd.org>
> wrote:
>
>> On 9/21/2013 5:49 AM, Bryan Drewery wrote:
>>> Ports now support enabling Stack Protector [1] support on FreeBSD 10
>>> i386 and amd64, and older releases on amd64 only currently.
>>>
>>> Support may be added for earlier i386 releases once all ports properly
>>> respect LDFLAGS.
>>>
>>> To enable, just add WITH_SSP=yes to your make.conf and rebuild all
>>> ports.
>>>
>>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all
>>> may optionally be set instead.
>>>
>>> Please help test this on your system. We would like to eventually enable
>>> this by default, but need to identify any major ports that have run-time
>>> issues due to it.
>>>
>>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection
>>>
>>
>> We have not had any feedback on this yet and want to get it enabled by
>> default for ports and packages.
>>
>> We now have a repository that you can use rather than the default to
>> help test. We need your help to identify any issues before switching the
>> default.
>>
>> This repository is available for:
>>
>> head
>> 10.0
>> 9.1,9.2,9.3
>>
>> It is not available for 8.4. If someone is willing to test on 8.4 I will
>> build a repository for it.
>>
>> Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf:
>>
>> FreeBSD: { enabled: no }
>> FreeBSD_ssp: {
>> url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp",
>> mirror_type: "srv",
>> signature_type: "fingerprints",
>> fingerprints: "/usr/share/keys/pkg",
>> enabled: yes
>> }
>>
>> Once that is done you should force reinstall packages from this
>> repository:
>>
>> pkg update
>> pkg upgrade -f
>>
>> Thanks for your help!
>> Bryan Drewery
>> On behalf of portmgr.
>>
>
>
> Hi,
>
> Is it necessary to upgrade all packages at once or can I just enable
> WITH_SSP and upgrade ports as they are updated in the ports tree?
>
You can let them update on their own if you wish. Of course SSP won't be
in the binaries until they are rebuilt.
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20140821/b512cf08/attachment.sig>
More information about the freebsd-ports
mailing list