[CFT] SSP Package Repository available
Simon Wright
simon.wright at gmx.net
Sun Aug 31 11:35:07 UTC 2014
On 20/08/2014 18:34, Bryan Drewery wrote:
> On 9/21/2013 5:49 AM, Bryan Drewery wrote:
>> Ports now support enabling Stack Protector [1] support on FreeBSD 10
>> i386 and amd64, and older releases on amd64 only currently.
>>
>> Support may be added for earlier i386 releases once all ports properly
>> respect LDFLAGS.
>>
>> To enable, just add WITH_SSP=yes to your make.conf and rebuild all ports.
>>
>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all
>> may optionally be set instead.
>>
>> Please help test this on your system. We would like to eventually enable
>> this by default, but need to identify any major ports that have run-time
>> issues due to it.
>>
>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection
>>
>
> We have not had any feedback on this yet and want to get it enabled by
> default for ports and packages.
>
> We now have a repository that you can use rather than the default to
> help test. We need your help to identify any issues before switching the
> default.
Another data point:
I've been using WITH_SSP_PORTS=yes for building from ports since
late 2013. No issues noticed on 9.2 and 9.3 amd64 systems. I have
also been building a selection of packages locally with poudriere
using the same make.conf setting for about two months and have seen
no issues there either. I have just updated my pkg configuration to
use the new repository and have reinstalled all official packages.
Regards,
Simon Wright.
More information about the freebsd-ports
mailing list