From owner-freebsd-ports@FreeBSD.ORG Mon Sep 22 12:51:27 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3606F888; Mon, 22 Sep 2014 12:51:27 +0000 (UTC) Received: from mx2.paymentallianceintl.com (mx2.paymentallianceintl.com [216.26.158.171]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mx2.paymentallianceintl.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D75451B1; Mon, 22 Sep 2014 12:51:26 +0000 (UTC) Received: from firewall.mikej.com (162-230-214-65.lightspeed.lsvlky.sbcglobal.net [162.230.214.65]) by mx2.paymentallianceintl.com (8.14.5/8.13.8) with ESMTP id s8MCpH2a045336 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 22 Sep 2014 08:51:18 -0400 (EDT) (envelope-from mikej@mikej.com) Received: from mail.mikej.com ([192.168.6.63]) by firewall.mikej.com (8.14.9/8.14.9) with ESMTP id s8MCotGC064968; Mon, 22 Sep 2014 08:51:16 -0400 (EDT) (envelope-from mikej@mikej.com) X-Authentication-Warning: firewall.mikej.com: Host [192.168.6.63] claimed to be mail.mikej.com MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 22 Sep 2014 08:50:55 -0400 From: Michael Jung To: Ports FreeBSD Subject: Re: [CFT] SSP Package Repository available In-Reply-To: <53F4CE0E.8040106@FreeBSD.org> References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> Message-ID: X-Sender: mikej@mikej.com User-Agent: Roundcube Webmail/1.0.2 Cc: pkg@freebsd.org, owner-freebsd-pkg@freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Sep 2014 12:51:27 -0000 On 2014-08-20 12:34, Bryan Drewery wrote: > On 9/21/2013 5:49 AM, Bryan Drewery wrote: >> Ports now support enabling Stack Protector [1] support on FreeBSD 10 >> i386 and amd64, and older releases on amd64 only currently. >> >> Support may be added for earlier i386 releases once all ports properly >> respect LDFLAGS. >> >> To enable, just add WITH_SSP=yes to your make.conf and rebuild all >> ports. >> >> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all >> may optionally be set instead. >> >> Please help test this on your system. We would like to eventually >> enable >> this by default, but need to identify any major ports that have >> run-time >> issues due to it. >> >> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection >> > > We have not had any feedback on this yet and want to get it enabled by > default for ports and packages. > > We now have a repository that you can use rather than the default to > help test. We need your help to identify any issues before switching > the > default. > > This repository is available for: > > head > 10.0 > 9.1,9.2,9.3 > > It is not available for 8.4. If someone is willing to test on 8.4 I > will > build a repository for it. > > Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf: > > FreeBSD: { enabled: no } > FreeBSD_ssp: { > url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp", > mirror_type: "srv", > signature_type: "fingerprints", > fingerprints: "/usr/share/keys/pkg", > enabled: yes > } > > Once that is done you should force reinstall packages from this > repository: > > pkg update > pkg upgrade -f > > Thanks for your help! > Bryan Drewery > On behalf of portmgr. I have been building (poudriere) and running some 1100+ ports WITH_SSP_PORT=yes under 10-STABLE and CURRENT without issue. This is using both our local repository and the ssp repository listed above. --mikej