From owner-freebsd-current@FreeBSD.ORG Fri Aug 22 16:07:41 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 311B7836; Fri, 22 Aug 2014 16:07:41 +0000 (UTC) Received: from tensor.andric.com (tensor.andric.com [87.251.56.140]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "tensor.andric.com", Issuer "CAcert Class 3 Root" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DD823347B; Fri, 22 Aug 2014 16:07:40 +0000 (UTC) Received: from [IPv6:2001:7b8:3a7::e0c6:9330:fbaa:25a7] (unknown [IPv6:2001:7b8:3a7:0:e0c6:9330:fbaa:25a7]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id 71D75B803; Fri, 22 Aug 2014 18:07:29 +0200 (CEST) Content-Type: multipart/signed; boundary="Apple-Mail=_CD016B2C-64EC-41AC-B961-F8A38CC90A5F"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: [CFT] SSP Package Repository available From: Dimitry Andric In-Reply-To: <53F61949.6050402@FreeBSD.org> Date: Fri, 22 Aug 2014 18:07:16 +0200 Message-Id: References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> <53F615FA.6030604@FreeBSD.org> <53F61949.6050402@FreeBSD.org> To: Bryan Drewery X-Mailer: Apple Mail (2.1878.6) Cc: Mark Martinec , freebsd-current@freebsd.org, freebsd-ports@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Aug 2014 16:07:41 -0000 --Apple-Mail=_CD016B2C-64EC-41AC-B961-F8A38CC90A5F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 21 Aug 2014, at 18:07, Bryan Drewery wrote: > On 8/21/2014 10:53 AM, Bryan Drewery wrote: >> On 8/21/2014 5:34 AM, Mark Martinec wrote: >>> Bryan Drewery wrote: >>>> Ports now support enabling Stack Protector [1] support on FreeBSD = 10 >>>> i386 and amd64, and older releases on amd64 only currently. >>>>=20 >>>> Support may be added for earlier i386 releases once all ports = properly >>>> respect LDFLAGS. >>>>=20 >>>> To enable, just add WITH_SSP=3Dyes to your make.conf and rebuild = all ports. >>>>=20 >>>> The default SSP_CLFAGS is -fstack-protector, but = -fstack-protector-all >>>> may optionally be set instead. >>>=20 >>> That's probably SSP_CFLAGS, not SSP_CLFAGS. >>=20 >> Nice find. >>=20 >>>=20 >>>=20 >>> Does clang (in 10-STABLE or CURRENT) support also the >>> option -fstack-protector-strong ? >>=20 >> Not sure if clang 3.4 has it, but I found a patch for it here: >=20 > I'm told that clang 3.5 has support for it. We do not (yet) have 3.5 = in > CURRENT. Indeed, support for -fstack-protector-strong was added after clang 3.4. Upstream is in the process of releasing clang 3.5; they're currently at -rc3, and unless something weird happens, the actual release should be soonish. That said, it might take a while to get this version into the base system, because there are some problems to overcome. The major one being, after 3.4 llvm and clang require a C++11-compatible compiler and standard library to build. :-) If there is a great demand for -fstack-protector-strong support, I can see if it can be backported to our 3.4 version. -Dimitry --Apple-Mail=_CD016B2C-64EC-41AC-B961-F8A38CC90A5F Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlP3ar0ACgkQsF6jCi4glqNbmwCg8SYm7jnC6VpIhQV3JW3iNWp6 LkMAoLOG2K/OAlZhmy0VxqHiLwlZM6bQ =9sNE -----END PGP SIGNATURE----- --Apple-Mail=_CD016B2C-64EC-41AC-B961-F8A38CC90A5F--