Date: Sun, 31 Aug 2014 13:36:30 +0200 From: Simon Wright <simon.wright@gmx.net> To: freebsd-ports@freebsd.org Subject: Re: [CFT] SSP Package Repository available Message-ID: <540308BE.3070009@gmx.net> In-Reply-To: <53F4CE0E.8040106@FreeBSD.org> References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20/08/2014 18:34, Bryan Drewery wrote: > On 9/21/2013 5:49 AM, Bryan Drewery wrote: >> Ports now support enabling Stack Protector [1] support on FreeBSD 10 >> i386 and amd64, and older releases on amd64 only currently. >> >> Support may be added for earlier i386 releases once all ports properly >> respect LDFLAGS. >> >> To enable, just add WITH_SSP=yes to your make.conf and rebuild all ports. >> >> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all >> may optionally be set instead. >> >> Please help test this on your system. We would like to eventually enable >> this by default, but need to identify any major ports that have run-time >> issues due to it. >> >> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection >> > > We have not had any feedback on this yet and want to get it enabled by > default for ports and packages. > > We now have a repository that you can use rather than the default to > help test. We need your help to identify any issues before switching the > default. Another data point: I've been using WITH_SSP_PORTS=yes for building from ports since late 2013. No issues noticed on 9.2 and 9.3 amd64 systems. I have also been building a selection of packages locally with poudriere using the same make.conf setting for about two months and have seen no issues there either. I have just updated my pkg configuration to use the new repository and have reinstalled all official packages. Regards, Simon Wright.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?540308BE.3070009>