Date: Wed, 20 Aug 2014 12:40:28 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Mark Martinec <Mark.Martinec+freebsd@ijs.si>, Ports FreeBSD <freebsd-ports@freebsd.org> Subject: Re: [CFT] SSP Package Repository available Message-ID: <53F4DD8C.1030905@FreeBSD.org> In-Reply-To: <34632ff93c04551e334a659512a728a9@mailbox.ijs.si> References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> <34632ff93c04551e334a659512a728a9@mailbox.ijs.si>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --UGqtKoDPJhlfGENhcTeRQBe5rllQ9owOa Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 8/20/2014 12:20 PM, Mark Martinec wrote: > 2014-08-20 18:34 Bryan Drewery wrote: >> On 9/21/2013 5:49 AM, Bryan Drewery wrote: >>> Ports now support enabling Stack Protector [1] support on FreeBSD 10 >>> i386 and amd64, and older releases on amd64 only currently. >>> >>> Support may be added for earlier i386 releases once all ports properl= y >>> respect LDFLAGS. >>> >>> To enable, just add WITH_SSP=3Dyes to your make.conf and rebuild all >>> ports. >>> >>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-al= l >>> may optionally be set instead. >>> >>> Please help test this on your system. We would like to eventually ena= ble >>> this by default, but need to identify any major ports that have run-t= ime >>> issues due to it. >>> >>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection >>> >> >> We have not had any feedback on this yet and want to get it enabled by= >> default for ports and packages. >> >> We now have a repository that you can use rather than the default to >> help test. We need your help to identify any issues before switching t= he >> default. >> >> This repository is available for: >> >> head >> 10.0 >> 9.1,9.2,9.3 >> >> It is not available for 8.4. If someone is willing to test on 8.4 I wi= ll >> build a repository for it. >> >> Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf: >> >> FreeBSD: { enabled: no } >> FreeBSD_ssp: { >> url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp", >> mirror_type: "srv", >> signature_type: "fingerprints", >> fingerprints: "/usr/share/keys/pkg", >> enabled: yes >> } >> >> Once that is done you should force reinstall packages from this >> repository: >> >> pkg update >> pkg upgrade -f >> >> Thanks for your help! >> Bryan Drewery >> On behalf of portmgr. >=20 > I'm building about 2000 ports for our 10.0 servers and workstations usi= ng > poudriere since the 10.0 release, using WITH_SSP_PORTS=3Dyes in poudri= ere's > make.conf. I suppose the WITH_SSP_PORTS=3Dyes is equivalent to WITH_SSP= =3Dyes > but limited to ports (not sure where I got this setting, must have been= > some announcement). Yes since the original announcement the proper variable has changed to WITH_SSP_PORTS. >=20 > So far I haven't come across any ill effects that I could attribute to = SSP. >=20 Thanks! --=20 Regards, Bryan Drewery --UGqtKoDPJhlfGENhcTeRQBe5rllQ9owOa Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iQEcBAEBAgAGBQJT9N2MAAoJEDXXcbtuRpfP0SsH/R+V6GRRKUlwwBXlE5ioVmRj 597QRgLHjg0BN3X9DhCzOyDyv1HQAkFOSIDZqUbUctFvtENJ8aw3wUnJ+CP3J2pO yIdsMZNxfWH1W5km60F0mOPRU7NAAONFfQI/9Km1Wgx3Tfl31k1xJa8Dk3JPR+Sc we0jLPEgWcKDeWc2mmRvfBWNeMiQw5JTropssW5ki9DVXbHnigAnHEGOYh1Rw3Xe KC34Z6ciQKZCGW+NIGlGanWbb6eLrvtCJeFwZAPj8p1e/lC4bIf0MIa+QRfMINMV 5FZHeo+Zo7GWwWkMhHsK4bov+Vj5QI6NBA8BGpww77ANUgGJzbmZia3gTgl3Z3c= =cbo6 -----END PGP SIGNATURE----- --UGqtKoDPJhlfGENhcTeRQBe5rllQ9owOa--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53F4DD8C.1030905>