Date: Fri, 22 Aug 2014 18:07:16 +0200 From: Dimitry Andric <dim@FreeBSD.org> To: Bryan Drewery <bdrewery@FreeBSD.org> Cc: Mark Martinec <Mark.Martinec+freebsd@ijs.si>, freebsd-current@freebsd.org, freebsd-ports@freebsd.org Subject: Re: [CFT] SSP Package Repository available Message-ID: <DBC82558-45D6-45E6-A887-016BEE8CC79E@FreeBSD.org> In-Reply-To: <53F61949.6050402@FreeBSD.org> References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> <CAE2yjrqjNj1EJNZAa2FTfNyimpKpEXMdEyn9kdFH8PgqrTT8YQ@mail.gmail.com> <b2e18bbe12ba52752d97a2189b436a47@mailbox.ijs.si> <53F615FA.6030604@FreeBSD.org> <53F61949.6050402@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On 21 Aug 2014, at 18:07, Bryan Drewery <bdrewery@FreeBSD.org> wrote: > On 8/21/2014 10:53 AM, Bryan Drewery wrote: >> On 8/21/2014 5:34 AM, Mark Martinec wrote: >>> Bryan Drewery wrote: >>>> Ports now support enabling Stack Protector [1] support on FreeBSD 10 >>>> i386 and amd64, and older releases on amd64 only currently. >>>> >>>> Support may be added for earlier i386 releases once all ports properly >>>> respect LDFLAGS. >>>> >>>> To enable, just add WITH_SSP=yes to your make.conf and rebuild all ports. >>>> >>>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all >>>> may optionally be set instead. >>> >>> That's probably SSP_CFLAGS, not SSP_CLFAGS. >> >> Nice find. >> >>> >>> >>> Does clang (in 10-STABLE or CURRENT) support also the >>> option -fstack-protector-strong ? >> >> Not sure if clang 3.4 has it, but I found a patch for it here: > > I'm told that clang 3.5 has support for it. We do not (yet) have 3.5 in > CURRENT. Indeed, support for -fstack-protector-strong was added after clang 3.4. Upstream is in the process of releasing clang 3.5; they're currently at -rc3, and unless something weird happens, the actual release should be soonish. That said, it might take a while to get this version into the base system, because there are some problems to overcome. The major one being, after 3.4 llvm and clang require a C++11-compatible compiler and standard library to build. :-) If there is a great demand for -fstack-protector-strong support, I can see if it can be backported to our 3.4 version. -Dimitry [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlP3ar0ACgkQsF6jCi4glqNbmwCg8SYm7jnC6VpIhQV3JW3iNWp6 LkMAoLOG2K/OAlZhmy0VxqHiLwlZM6bQ =9sNE -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBC82558-45D6-45E6-A887-016BEE8CC79E>