From owner-freebsd-ports@FreeBSD.ORG Thu Aug 21 13:32:36 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 615B68D3; Thu, 21 Aug 2014 13:32:36 +0000 (UTC) Received: from mail.lifanov.com (mail.lifanov.com [206.125.175.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4480A36BC; Thu, 21 Aug 2014 13:32:36 +0000 (UTC) Received: by mail.lifanov.com (Postfix, from userid 58) id 790EC1B2B60; Thu, 21 Aug 2014 09:32:30 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.lifanov.com X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT, URIBL_BLOCKED shortcircuit=ham autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (vnat004.nandomedia.com [166.108.31.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.lifanov.com (Postfix) with ESMTPSA id 24E571B2B5D; Thu, 21 Aug 2014 09:32:24 -0400 (EDT) Message-ID: <53F5F4E6.2010703@mail.lifanov.com> Date: Thu, 21 Aug 2014 09:32:22 -0400 From: Nikolai Lifanov User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: Ports FreeBSD , pkg@freebsd.org Subject: Re: [CFT] SSP Package Repository available References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> In-Reply-To: <53F4CE0E.8040106@FreeBSD.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Aug 2014 13:32:36 -0000 On 08/20/14 12:34, Bryan Drewery wrote: > On 9/21/2013 5:49 AM, Bryan Drewery wrote: >> Ports now support enabling Stack Protector [1] support on FreeBSD 10 >> i386 and amd64, and older releases on amd64 only currently. >> >> Support may be added for earlier i386 releases once all ports properly >> respect LDFLAGS. >> >> To enable, just add WITH_SSP=yes to your make.conf and rebuild all ports. >> >> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all >> may optionally be set instead. >> >> Please help test this on your system. We would like to eventually enable >> this by default, but need to identify any major ports that have run-time >> issues due to it. >> >> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection >> > > We have not had any feedback on this yet and want to get it enabled by > default for ports and packages. > > We now have a repository that you can use rather than the default to > help test. We need your help to identify any issues before switching the > default. > > This repository is available for: > > head > 10.0 > 9.1,9.2,9.3 > > It is not available for 8.4. If someone is willing to test on 8.4 I will > build a repository for it. > > Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf: > > FreeBSD: { enabled: no } > FreeBSD_ssp: { > url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp", > mirror_type: "srv", > signature_type: "fingerprints", > fingerprints: "/usr/share/keys/pkg", > enabled: yes > } > > Once that is done you should force reinstall packages from this repository: > > pkg update > pkg upgrade -f > > Thanks for your help! > Bryan Drewery > On behalf of portmgr. > I have been doing a full tree build with WITH_SSP_PORTS enabled and several partial tree builds for different machines since the initial inclusion. I had exactly one problem port with it (I can't remember what it was anymore), but the port was fixed almost immediately. - Nikolai Lifanov