FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F14.3.0 2023-08-16T17:55:03Z 2023-08-16T17:55:03Z Warner Losh imp@FreeBSD.org 2023-08-16T17:55:03Z urn:sha1:d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ 2020-03-14T15:15:27Z Kyle Evans kevans@FreeBSD.org 2020-03-14T15:15:27Z urn:sha1:19fe57fdb4fd2c18a37f2a972617c8769609cdb8 This similarly matches what we do in libc; compiling libssp with -fstack-protector* is actively harmful. For instance, if the canary ctor ends up with a stack protector then it will trivially trigger a false positive as the canary's being initialized. This was noted by the reporter as irc/ircd-hybrid started crashing at start after our libssp was MFC'd to stable/11, as its build will explicitly link in libssp. On FreeBSD, this isn't necessary as SSP bits are included in libc, but it should absolutely not trigger runtime breakage -- it does mean that the canary will get initialized twice, but as this is happening early on in application startup it should just be redundant work. Reported by: Tod McQuillin <devin@sevenlayer.studio> MFC after: 3 days 2020-01-04T20:19:25Z Kyle Evans kevans@FreeBSD.org 2020-01-04T20:19:25Z urn:sha1:cd0d51baaa4509a1db83251a601d34404d20c990 For libssp.so, rebuild stack_protector.c with FORTIFY_SOURCE stubs that just abort built into it. For libssp_nonshared.a, steal stack_protector_compat.c from ^/lib/libc/secure and massage it to maintain that __stack_chk_fail_local is a hidden symbol. libssp is now built unconditionally regardless of {WITH,WITHOUT}_SSP in the build environment, and the gcclibs version has been disconnected from the build in favor of this one. PR: 242950 (exp-run) Reviewed by: kib, emaste, pfg, Oliver Pinter (earlier version) Also discussed with: kan MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D22943