diff options
| author | Bryan Drewery <bdrewery@FreeBSD.org> | 2013-09-20 12:54:54 +0000 |
|---|---|---|
| committer | Bryan Drewery <bdrewery@FreeBSD.org> | 2013-09-20 12:54:54 +0000 |
| commit | c93dfc2e9f8b7b990c22c6baa6cdab361cd12e16 (patch) | |
| tree | e61ab76efa292f985d8e20e449572329fa964c1c /UPDATING | |
| parent | b10d5a64b7ea8bb32e9735304272e7344926e3b2 (diff) | |
| download | ports-c93dfc2e9f8b7b990c22c6baa6cdab361cd12e16.tar.gz ports-c93dfc2e9f8b7b990c22c6baa6cdab361cd12e16.zip | |
SSP support has been added to ports with WITH_SSP for i386 and amd64
on FreeBSD 10, and amd64 on earlier versions.
SSP_UNSAFE is added to disable in a port if it fails to build, but
this should only be used in rare circumstances such as kernel modules.
Otherwise, the port may just be failing due to lack of respecting
LDFLAGS.
On FreeBSD 10, this uses an ldscript in /usr/lib/libc.so to pull in
libssp_nonshared.a to address issues linking on i386 [1].
On earlier FreeBSD versions the WITH_SSP knob will add -lssp_nonshared
to LDFLAGS on i386. This is not needed on amd64. However, several hundred
ports do not currently respect LDFLAGS, so this support is disabled currently
as it causes build failures if a dependency is looking for the stack_chk
symbols.
Many thanks to jlh@ for this as he had many years of patience in getting
all of the necessary pieces [1][2] in.
[1] http://svnweb.freebsd.org/base/head/lib/libc/libc.ldscript?revision=251668&view=markup
PR: ports/138228 [2]
Submitted by: jlh (bsd.ssp.mk based on)
Reviewed by: bapt
With hat: portmgr
exp-runs done: 37 over a month on 91i386,91amd64,10i386,10amd64
Notes
Notes:
svn path=/head/; revision=327697
Diffstat (limited to 'UPDATING')
| -rw-r--r-- | UPDATING | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -5,6 +5,30 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20130920: + AFFECTS: Users of ports + AUTHOR: bdrewery@FreeBSD.org + + Optional Stack Protector [1] support has been added with the WITH_SSP + knob. + + This currently is only supported on FreeBSD 10 amd64/i386 and earlier + releases on amd64 only. + + The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all + may optionally be set instead. + + To enable support, add WITH_SSP=yes to your make.conf and rebuild all + ports. + + # portmaster -af + + or + + # portupgrade -af + + [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection + 20130904: AFFECTS: 10-CURRENT users with any port depending on converters/libiconv AUTHOR: madpilot@FreeBSD.org |