Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Sep 2014 08:50:55 -0400
From:      Michael Jung <mikej@mikej.com>
To:        Ports FreeBSD <freebsd-ports@freebsd.org>
Cc:        pkg@freebsd.org, owner-freebsd-pkg@freebsd.org
Subject:   Re: [CFT] SSP Package Repository available
Message-ID:  <c69de8189c4a4430b3337f6456e3c4b3@mail.mikej.com>
In-Reply-To: <53F4CE0E.8040106@FreeBSD.org>
References:  <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2014-08-20 12:34, Bryan Drewery wrote:
> On 9/21/2013 5:49 AM, Bryan Drewery wrote:
>> Ports now support enabling Stack Protector [1] support on FreeBSD 10
>> i386 and amd64, and older releases on amd64 only currently.
>> 
>> Support may be added for earlier i386 releases once all ports properly
>> respect LDFLAGS.
>> 
>> To enable, just add WITH_SSP=yes to your make.conf and rebuild all 
>> ports.
>> 
>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all
>> may optionally be set instead.
>> 
>> Please help test this on your system. We would like to eventually 
>> enable
>> this by default, but need to identify any major ports that have 
>> run-time
>> issues due to it.
>> 
>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection
>> 
> 
> We have not had any feedback on this yet and want to get it enabled by
> default for ports and packages.
> 
> We now have a repository that you can use rather than the default to
> help test. We need your help to identify any issues before switching 
> the
> default.
> 
> This repository is available for:
> 
> head
> 10.0
> 9.1,9.2,9.3
> 
> It is not available for 8.4. If someone is willing to test on 8.4 I 
> will
> build a repository for it.
> 
> Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf:
> 
> FreeBSD: { enabled: no }
> FreeBSD_ssp: {
>   url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp",
>   mirror_type: "srv",
>   signature_type: "fingerprints",
>   fingerprints: "/usr/share/keys/pkg",
>   enabled: yes
> }
> 
> Once that is done you should force reinstall packages from this 
> repository:
> 
>   pkg update
>   pkg upgrade -f
> 
> Thanks for your help!
> Bryan Drewery
> On behalf of portmgr.

I have been building (poudriere) and running some 1100+ ports 
WITH_SSP_PORT=yes under 10-STABLE and CURRENT without issue. This is 
using both our local repository and the ssp repository listed above.

--mikej

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c69de8189c4a4430b3337f6456e3c4b3>