From owner-freebsd-ports@FreeBSD.ORG Thu Aug 21 14:05:53 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DF4C94F4 for ; Thu, 21 Aug 2014 14:05:53 +0000 (UTC) Received: from www94.your-server.de (www94.your-server.de [213.133.104.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9CDD33A7D for ; Thu, 21 Aug 2014 14:05:53 +0000 (UTC) Received: from [188.104.2.112] (helo=[192.168.0.102]) by www94.your-server.de with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1XKSzu-0000wU-Mf for freebsd-ports@freebsd.org; Thu, 21 Aug 2014 16:05:50 +0200 Subject: Re: [CFT] SSP Package Repository available From: Mathias Picker To: freebsd-ports@freebsd.org In-Reply-To: <53F4CE0E.8040106@FreeBSD.org> References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> Content-Type: text/plain; charset="UTF-8" Organization: virtual earth GmbH Date: Thu, 21 Aug 2014 16:05:46 +0200 Message-ID: <1408629946.2442.136.camel@marcopolo.fritz.box> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit X-Authenticated-Sender: Mathias.Picker@virtual-earth.de X-Virus-Scanned: Clear (ClamAV 0.98.4/19298/Thu Aug 21 12:12:08 2014) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Aug 2014 14:05:54 -0000 On Mi, 2014-08-20 at 11:34 -0500, Bryan Drewery wrote: > On 9/21/2013 5:49 AM, Bryan Drewery wrote: > > Ports now support enabling Stack Protector [1] support on FreeBSD 10 > > i386 and amd64, and older releases on amd64 only currently. > > > > Support may be added for earlier i386 releases once all ports properly > > respect LDFLAGS. > > > > To enable, just add WITH_SSP=yes to your make.conf and rebuild all ports. > > > > The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all > > may optionally be set instead. > > > > Please help test this on your system. We would like to eventually enable > > this by default, but need to identify any major ports that have run-time > > issues due to it. > > > > [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection > > > > We have not had any feedback on this yet and want to get it enabled by > default for ports and packages. > > We now have a repository that you can use rather than the default to > help test. We need your help to identify any issues before switching the > default. > > This repository is available for: > > head > 10.0 > 9.1,9.2,9.3 > > It is not available for 8.4. If someone is willing to test on 8.4 I will > build a repository for it. > > Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf: > > FreeBSD: { enabled: no } > FreeBSD_ssp: { > url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp", > mirror_type: "srv", > signature_type: "fingerprints", > fingerprints: "/usr/share/keys/pkg", > enabled: yes > } > > Once that is done you should force reinstall packages from this repository: > > pkg update > pkg upgrade -f This wants me to downgrade pkg to 1.2.7, so I didn't try... Cheers, Mathias > > Thanks for your help! > Bryan Drewery > On behalf of portmgr. >