From owner-cvs-src@FreeBSD.ORG Wed Jun 25 21:38:36 2008 Return-Path: Delivered-To: cvs-src@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 912591065678; Wed, 25 Jun 2008 21:38:36 +0000 (UTC) (envelope-from ru@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 7F6958FC1E; Wed, 25 Jun 2008 21:38:36 +0000 (UTC) (envelope-from ru@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m5PLcaLo067918; Wed, 25 Jun 2008 21:38:36 GMT (envelope-from ru@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m5PLcajG067917; Wed, 25 Jun 2008 21:38:36 GMT (envelope-from ru@repoman.freebsd.org) Message-Id: <200806252138.m5PLcajG067917@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to ru@repoman.freebsd.org using -f From: Ruslan Ermilov Date: Wed, 25 Jun 2008 21:33:28 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: src Makefile.inc1 src/gnu/lib Makefile src/gnu/lib/csu Makefile src/gnu/lib/libssp Makefile src/lib/csu Makefile.inc src/lib/libc Makefile src/lib/libstand Makefile src/lib/libthr Makefile src/libexec/rtld-elf Makefile src/release Makefile ... X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jun 2008 21:38:36 -0000 ru 2008-06-25 21:33:28 UTC FreeBSD src repository Modified files: . Makefile.inc1 gnu/lib Makefile gnu/lib/csu Makefile gnu/lib/libssp Makefile lib/libc Makefile lib/libstand Makefile lib/libthr Makefile libexec/rtld-elf Makefile release Makefile release/picobsd/build picobsd rescue/librescue Makefile rescue/rescue Makefile share/mk bsd.sys.mk sys/boot/arm/at91 Makefile.inc sys/boot/efi Makefile.inc sys/boot/i386 Makefile.inc sys/boot/i386/loader Makefile sys/boot/ia64 Makefile.inc sys/boot/ia64/common Makefile sys/boot/ia64/efi Makefile sys/boot/ia64/ski Makefile sys/boot/pc98 Makefile.inc sys/boot/pc98/loader Makefile sys/boot/powerpc/ofw Makefile sys/boot/sparc64 Makefile.inc sys/boot/sparc64/loader Makefile sys/conf files kern.mk kern.pre.mk tools/build/options WITHOUT_SSP Added files: lib/csu Makefile.inc sys/boot Makefile.inc sys/boot/arm Makefile.inc sys/boot/ofw Makefile.inc sys/boot/powerpc Makefile.inc sys/boot/uboot Makefile.inc sys/kern stack_protector.c Log: SVN rev 180012 on 2008-06-25 21:33:28Z by ru Enable GCC stack protection (aka Propolice) for userland: - It is opt-out for now so as to give it maximum testing, but it may be turned opt-in for stable branches depending on the consensus. You can turn it off with WITHOUT_SSP. - WITHOUT_SSP was previously used to disable the build of GNU libssp. It is harmless to steal the knob as SSP symbols have been provided by libc for a long time, GNU libssp should not have been much used. - SSP is disabled in a few corners such as system bootstrap programs (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves. - It should be safe to use -fstack-protector-all to build world, however libc will be automatically downgraded to -fstack-protector because it breaks rtld otherwise. - This option is unavailable on ia64. Enable GCC stack protection (aka Propolice) for kernel: - It is opt-out for now so as to give it maximum testing. - Do not compile your kernel with -fstack-protector-all, it won't work. Submitted by: Jeremie Le Hen Revision Changes Path 1.607 +6 -5 src/Makefile.inc1 1.43 +1 -5 src/gnu/lib/Makefile 1.29 +1 -0 src/gnu/lib/csu/Makefile 1.3 +1 -0 src/gnu/lib/libssp/Makefile 1.1 +3 -0 src/lib/csu/Makefile.inc (new) 1.74 +6 -0 src/lib/libc/Makefile 1.62 +1 -0 src/lib/libstand/Makefile 1.35 +2 -0 src/lib/libthr/Makefile 1.42 +2 -0 src/libexec/rtld-elf/Makefile 1.932 +4 -3 src/release/Makefile 1.42 +5 -4 src/release/picobsd/build/picobsd 1.10 +2 -0 src/rescue/librescue/Makefile 1.62 +1 -0 src/rescue/rescue/Makefile 1.45 +6 -0 src/share/mk/bsd.sys.mk 1.1 +3 -0 src/sys/boot/Makefile.inc (new) 1.1 +3 -0 src/sys/boot/arm/Makefile.inc (new) 1.8 +2 -0 src/sys/boot/arm/at91/Makefile.inc 1.8 +2 -0 src/sys/boot/efi/Makefile.inc 1.13 +2 -0 src/sys/boot/i386/Makefile.inc 1.86 +2 -0 src/sys/boot/i386/loader/Makefile 1.4 +2 -0 src/sys/boot/ia64/Makefile.inc 1.2 +2 -0 src/sys/boot/ia64/common/Makefile 1.29 +1 -0 src/sys/boot/ia64/efi/Makefile 1.21 +1 -0 src/sys/boot/ia64/ski/Makefile 1.1 +3 -0 src/sys/boot/ofw/Makefile.inc (new) 1.8 +2 -0 src/sys/boot/pc98/Makefile.inc 1.42 +2 -0 src/sys/boot/pc98/loader/Makefile 1.1 +3 -0 src/sys/boot/powerpc/Makefile.inc (new) 1.24 +2 -0 src/sys/boot/powerpc/ofw/Makefile 1.2 +2 -0 src/sys/boot/sparc64/Makefile.inc 1.21 +2 -0 src/sys/boot/sparc64/loader/Makefile 1.1 +3 -0 src/sys/boot/uboot/Makefile.inc (new) 1.1311 +2 -0 src/sys/conf/files 1.55 +7 -0 src/sys/conf/kern.mk 1.100 +1 -4 src/sys/conf/kern.pre.mk 1.1 +35 -0 src/sys/kern/stack_protector.c (new) 1.2 +1 -1 src/tools/build/options/WITHOUT_SSP