[CFT] SSP Package Repository available

Simon Wright simon.wright at gmx.net
Sun Aug 31 11:35:07 UTC 2014


On 20/08/2014 18:34, Bryan Drewery wrote:
> On 9/21/2013 5:49 AM, Bryan Drewery wrote:
>> Ports now support enabling Stack Protector [1] support on FreeBSD 10
>> i386 and amd64, and older releases on amd64 only currently.
>>
>> Support may be added for earlier i386 releases once all ports properly
>> respect LDFLAGS.
>>
>> To enable, just add WITH_SSP=yes to your make.conf and rebuild all ports.
>>
>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all
>> may optionally be set instead.
>>
>> Please help test this on your system. We would like to eventually enable
>> this by default, but need to identify any major ports that have run-time
>> issues due to it.
>>
>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection
>>
>
> We have not had any feedback on this yet and want to get it enabled by
> default for ports and packages.
>
> We now have a repository that you can use rather than the default to
> help test. We need your help to identify any issues before switching the
> default.

Another data point:

I've been using WITH_SSP_PORTS=yes for building from ports since 
late 2013. No issues noticed on 9.2 and 9.3 amd64 systems. I have 
also been building a selection of packages locally with poudriere 
using the same make.conf setting for about two months and have seen 
no issues there either. I have just updated my pkg configuration to 
use the new repository and have reinstalled all official packages.

Regards,

Simon Wright.


More information about the freebsd-ports mailing list