From owner-freebsd-ports@FreeBSD.ORG  Wed Aug 20 19:26:28 2014
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mandree.no-ip.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C07B89FA
 for <freebsd-ports@freebsd.org>; Wed, 20 Aug 2014 19:26:28 +0000 (UTC)
Received: from [IPv6:::1] (localhost6.localdomain6 [IPv6:::1])
 by apollo.emma.line.org (Postfix) with ESMTP id 30CFA23CEB4
 for <freebsd-ports@freebsd.org>; Wed, 20 Aug 2014 21:26:27 +0200 (CEST)
Message-ID: <53F4F663.7070507@FreeBSD.org>
Date: Wed, 20 Aug 2014 21:26:27 +0200
From: Matthias Andree <mandree@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: "freebsd-ports@freebsd.org >> ports-list freebsd"
 <freebsd-ports@freebsd.org>
Subject: Re: [CFT] SSP Package Repository available
References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org>
In-Reply-To: <53F4CE0E.8040106@FreeBSD.org>
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Aug 2014 19:26:29 -0000

Am 20.08.2014 um 18:34 schrieb Bryan Drewery:

> We have not had any feedback on this yet and want to get it enabled by
> default for ports and packages.

Oops. Sorry about being silent about that;
I did enable WITH_SSP_PORTS=yes right after the original announcement on
my main 9.3-amd64 development machine (run mostly headless, but it does
have a full GNOME2 install) without ill effects, so at least it does not
appear to jam everything right away, and given that Fedora is using it
and they are rather talkative to upstreams about bugs, you'd think most
packages that have issues are fixed now.


Is there any way we can detect the effects of -fstack-protector from the
resulting executable, with peeking at objdump output?  Like so:

$ objdump -R /usr/local/bin/twolame | grep stack_chk
0000000000605ce0 R_X86_64_COPY     __stack_chk_guard
00000000006053b0 R_X86_64_JUMP_SLOT  __stack_chk_fail

Should we have stage-qa - at least in DEVELOPER=yes WITH_SSP_PORTS=yes
mode - check that either -fstack-protector{,-all,-strong} actually
propagated through the build system?