From owner-freebsd-ports@FreeBSD.ORG Sun Aug 31 11:35:07 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 010AA58C for ; Sun, 31 Aug 2014 11:35:06 +0000 (UTC) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 900501BB3 for ; Sun, 31 Aug 2014 11:35:06 +0000 (UTC) Received: from [192.168.1.239] ([212.98.32.54]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0LrvWY-1YQdeJ3ooY-013cqx for ; Sun, 31 Aug 2014 13:34:58 +0200 Message-ID: <540308BE.3070009@gmx.net> Date: Sun, 31 Aug 2014 13:36:30 +0200 From: Simon Wright User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: freebsd-ports@freebsd.org Subject: Re: [CFT] SSP Package Repository available References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> In-Reply-To: <53F4CE0E.8040106@FreeBSD.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:9N60DcocqxCY6lAdIJE+u6amRd/CGqoVabc6NBGfOrZgQ0gzAj3 b7PHNY83HGBJRUJg0xP67wtojVHJem27z235VJWePx/RXXNAV1oHEI6DcjLCQBvWPJ/z5DK R4ernkdIy5g1Pg4rECD0SYdTkMw41EYxynEsn5XpBNoB92Q92cG3xv6fsDv51kYMSBSoZCb 9ntlS6P56thd+7b4GQ9MQ== X-UI-Out-Filterresults: notjunk:1; X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Aug 2014 11:35:07 -0000 On 20/08/2014 18:34, Bryan Drewery wrote: > On 9/21/2013 5:49 AM, Bryan Drewery wrote: >> Ports now support enabling Stack Protector [1] support on FreeBSD 10 >> i386 and amd64, and older releases on amd64 only currently. >> >> Support may be added for earlier i386 releases once all ports properly >> respect LDFLAGS. >> >> To enable, just add WITH_SSP=yes to your make.conf and rebuild all ports. >> >> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all >> may optionally be set instead. >> >> Please help test this on your system. We would like to eventually enable >> this by default, but need to identify any major ports that have run-time >> issues due to it. >> >> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection >> > > We have not had any feedback on this yet and want to get it enabled by > default for ports and packages. > > We now have a repository that you can use rather than the default to > help test. We need your help to identify any issues before switching the > default. Another data point: I've been using WITH_SSP_PORTS=yes for building from ports since late 2013. No issues noticed on 9.2 and 9.3 amd64 systems. I have also been building a selection of packages locally with poudriere using the same make.conf setting for about two months and have seen no issues there either. I have just updated my pkg configuration to use the new repository and have reinstalled all official packages. Regards, Simon Wright.