Re: [CFT] SSP Package Repository available

From: Dimitry Andric <dim_at_FreeBSD.org>
Date: Fri, 22 Aug 2014 18:07:16 +0200
On 21 Aug 2014, at 18:07, Bryan Drewery <bdrewery_at_FreeBSD.org> wrote:
> On 8/21/2014 10:53 AM, Bryan Drewery wrote:
>> On 8/21/2014 5:34 AM, Mark Martinec wrote:
>>> Bryan Drewery wrote:
>>>> Ports now support enabling Stack Protector [1] support on FreeBSD 10
>>>> i386 and amd64, and older releases on amd64 only currently.
>>>> 
>>>> Support may be added for earlier i386 releases once all ports properly
>>>> respect LDFLAGS.
>>>> 
>>>> To enable, just add WITH_SSP=yes to your make.conf and rebuild all ports.
>>>> 
>>>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all
>>>> may optionally be set instead.
>>> 
>>> That's probably SSP_CFLAGS, not SSP_CLFAGS.
>> 
>> Nice find.
>> 
>>> 
>>> 
>>> Does clang (in 10-STABLE or CURRENT) support also the
>>> option -fstack-protector-strong ?
>> 
>> Not sure if clang 3.4 has it, but I found a patch for it here:
> 
> I'm told that clang 3.5 has support for it. We do not (yet) have 3.5 in
> CURRENT.

Indeed, support for -fstack-protector-strong was added after clang 3.4.
Upstream is in the process of releasing clang 3.5; they're currently at
-rc3, and unless something weird happens, the actual release should be
soonish.

That said, it might take a while to get this version into the base
system, because there are some problems to overcome.  The major one
being, after 3.4 llvm and clang require a C++11-compatible compiler and
standard library to build. :-)

If there is a great demand for -fstack-protector-strong support, I can
see if it can be backported to our 3.4 version.

-Dimitry


Received on Fri Aug 22 2014 - 14:07:41 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:51 UTC