On 8/21/2014 8:32 AM, Nikolai Lifanov wrote: > On 08/20/14 12:34, Bryan Drewery wrote: >> On 9/21/2013 5:49 AM, Bryan Drewery wrote: >>> Ports now support enabling Stack Protector [1] support on FreeBSD 10 >>> i386 and amd64, and older releases on amd64 only currently. >>> >>> Support may be added for earlier i386 releases once all ports properly >>> respect LDFLAGS. >>> >>> To enable, just add WITH_SSP=yes to your make.conf and rebuild all ports. >>> >>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all >>> may optionally be set instead. >>> >>> Please help test this on your system. We would like to eventually enable >>> this by default, but need to identify any major ports that have run-time >>> issues due to it. >>> >>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection >>> >> >> We have not had any feedback on this yet and want to get it enabled by >> default for ports and packages. >> >> We now have a repository that you can use rather than the default to >> help test. We need your help to identify any issues before switching the >> default. >> >> This repository is available for: >> >> head >> 10.0 >> 9.1,9.2,9.3 >> >> It is not available for 8.4. If someone is willing to test on 8.4 I will >> build a repository for it. >> >> Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf: >> >> FreeBSD: { enabled: no } >> FreeBSD_ssp: { >> url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp";, >> mirror_type: "srv", >> signature_type: "fingerprints", >> fingerprints: "/usr/share/keys/pkg", >> enabled: yes >> } >> >> Once that is done you should force reinstall packages from this repository: >> >> pkg update >> pkg upgrade -f >> >> Thanks for your help! >> Bryan Drewery >> On behalf of portmgr. >> > > I have been doing a full tree build with WITH_SSP_PORTS enabled and > several partial tree builds for different machines since the initial > inclusion. I had exactly one problem port with it (I can't remember what > it was anymore), but the port was fixed almost immediately. > > - Nikolai Lifanov
My own feedback is that I've been using ports SSP since at least 2009 without issues. -- Regards, Bryan Drewery
signature.asc
Description: OpenPGP digital signature
