From owner-freebsd-ports@FreeBSD.ORG Thu Aug 21 15:57:05 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DBDD9F6C for ; Thu, 21 Aug 2014 15:57:04 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BDAE43659 for ; Thu, 21 Aug 2014 15:57:04 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id s7LFv4p6049114 for ; Thu, 21 Aug 2014 15:57:04 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s7LFv4tL049113 for freebsd-ports@freebsd.org; Thu, 21 Aug 2014 15:57:04 GMT (envelope-from bdrewery) Received: (qmail 16096 invoked from network); 21 Aug 2014 10:57:03 -0500 Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24) by sweb.xzibition.com with ESMTPA; 21 Aug 2014 10:57:03 -0500 Message-ID: <53F616C9.1040909@FreeBSD.org> Date: Thu, 21 Aug 2014 10:56:57 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: freebsd-ports@freebsd.org Subject: Re: [CFT] SSP Package Repository available References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> <53F5F4E6.2010703@mail.lifanov.com> In-Reply-To: <53F5F4E6.2010703@mail.lifanov.com> OpenPGP: id=6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="M029kogQWfopgrjVG80PSneRVOJbq8KdD" X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Aug 2014 15:57:05 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --M029kogQWfopgrjVG80PSneRVOJbq8KdD Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 8/21/2014 8:32 AM, Nikolai Lifanov wrote: > On 08/20/14 12:34, Bryan Drewery wrote: >> On 9/21/2013 5:49 AM, Bryan Drewery wrote: >>> Ports now support enabling Stack Protector [1] support on FreeBSD 10 >>> i386 and amd64, and older releases on amd64 only currently. >>> >>> Support may be added for earlier i386 releases once all ports properl= y >>> respect LDFLAGS. >>> >>> To enable, just add WITH_SSP=3Dyes to your make.conf and rebuild all = ports. >>> >>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-al= l >>> may optionally be set instead. >>> >>> Please help test this on your system. We would like to eventually ena= ble >>> this by default, but need to identify any major ports that have run-t= ime >>> issues due to it. >>> >>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection >>> >> >> We have not had any feedback on this yet and want to get it enabled by= >> default for ports and packages. >> >> We now have a repository that you can use rather than the default to >> help test. We need your help to identify any issues before switching t= he >> default. >> >> This repository is available for: >> >> head >> 10.0 >> 9.1,9.2,9.3 >> >> It is not available for 8.4. If someone is willing to test on 8.4 I wi= ll >> build a repository for it. >> >> Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf: >> >> FreeBSD: { enabled: no } >> FreeBSD_ssp: { >> url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp", >> mirror_type: "srv", >> signature_type: "fingerprints", >> fingerprints: "/usr/share/keys/pkg", >> enabled: yes >> } >> >> Once that is done you should force reinstall packages from this reposi= tory: >> >> pkg update >> pkg upgrade -f >> >> Thanks for your help! >> Bryan Drewery >> On behalf of portmgr. >> >=20 > I have been doing a full tree build with WITH_SSP_PORTS enabled and > several partial tree builds for different machines since the initial > inclusion. I had exactly one problem port with it (I can't remember wha= t > it was anymore), but the port was fixed almost immediately. >=20 > - Nikolai Lifanov My own feedback is that I've been using ports SSP since at least 2009 without issues. --=20 Regards, Bryan Drewery --M029kogQWfopgrjVG80PSneRVOJbq8KdD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iQEcBAEBAgAGBQJT9hbJAAoJEDXXcbtuRpfPt8MH/iqCp8RQedKTicVjYwQwSBY9 roKx7wikzCZP9TiJ65igpHTgW+SRzAS3iNR5ML4AAZji2E0yXywNHrLrIS+kQU+V /W6/qoZ2BjWqXDas4SWxNz5qOVJolM4lXkLyn1iR3t3oWJxWy4VLpiXNMK5r7cIA vJui+EDCwEoXfh//gu1DGD8nKdOxWhA/prd3YEz/fOatlEZLrcgdtviIyhJkdK2A aoSYVlmoqRXbwzwzi/MyLkiaL+hehH/aEW9SF7bXEaPi5aI3mTrneNSa94VmJs0Y PfThSFbaba0VyCXseudNEql03ZwPRnlKT+O4S9g0C398b2FaqzDgwuofOFbmsV0= =oilM -----END PGP SIGNATURE----- --M029kogQWfopgrjVG80PSneRVOJbq8KdD--