From owner-freebsd-security@FreeBSD.ORG Sun Nov 2 20:02:24 2014 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BA99C1C5 for ; Sun, 2 Nov 2014 20:02:24 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A3483D4F for ; Sun, 2 Nov 2014 20:02:24 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id sA2K2Odt066855 for ; Sun, 2 Nov 2014 20:02:24 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id sA2K2O7H066850 for freebsd-security@FreeBSD.org; Sun, 2 Nov 2014 20:02:24 GMT (envelope-from bdrewery) Received: (qmail 5280 invoked from network); 2 Nov 2014 14:02:20 -0600 Received: from unknown (HELO blah) (freebsd@shatow.net@129.253.54.225) by sweb.xzibition.com with ESMTPA; 2 Nov 2014 14:02:20 -0600 Message-ID: <54568DA2.6030309@FreeBSD.org> Date: Sun, 02 Nov 2014 14:01:38 -0600 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: freebsd-ports@FreeBSD.org Subject: SSP now default for ports/packages, ssp/new_xorg repository EOL Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sun, 02 Nov 2014 20:07:56 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 20:02:24 -0000 Ports and Package users, Ports now have SSP enabled by default. The package repository will now build SSP by default as well. SSP is "Stack Smashing Protection" and can be read about at https://en.wikipedia.org/wiki/Buffer_overflow_protection. This only applies to the head (/latest) packages, not the Quarterly branch packages. This applies to the ports checkout that portsnap uses. WITHOUT_SSP can be defined in make.conf to not use this feature. SSP will be used to build ports (with -fstack-protector) on all amd64 releases and i386 releases which are 10.0 or newer. The "ssp" repository and "new_xorg" repositories will no longer be updated after 11/15 as they are no longer needed as both are default for ports now. Please update your repository configurations to now only track the /latest repository. This is the default from /etc/pkg/FreeBSD.conf. Remove any overrides from /usr/local/etc/pkg/repos/ for the "ssp" or "new_xorg" repositories. Regards, Bryan Drewery on behalf of portmgr