On 21 Aug 2014, at 18:07, Bryan Drewery <bdrew...@freebsd.org> wrote: > On 8/21/2014 10:53 AM, Bryan Drewery wrote: >> On 8/21/2014 5:34 AM, Mark Martinec wrote: >>> Bryan Drewery wrote: >>>> Ports now support enabling Stack Protector  support on FreeBSD 10 >>>> i386 and amd64, and older releases on amd64 only currently. >>>> >>>> Support may be added for earlier i386 releases once all ports properly >>>> respect LDFLAGS. >>>> >>>> To enable, just add WITH_SSP=yes to your make.conf and rebuild all ports. >>>> >>>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all >>>> may optionally be set instead. >>> >>> That's probably SSP_CFLAGS, not SSP_CLFAGS. >> >> Nice find. >> >>> >>> >>> Does clang (in 10-STABLE or CURRENT) support also the >>> option -fstack-protector-strong ? >> >> Not sure if clang 3.4 has it, but I found a patch for it here: > > I'm told that clang 3.5 has support for it. We do not (yet) have 3.5 in > CURRENT.
Indeed, support for -fstack-protector-strong was added after clang 3.4. Upstream is in the process of releasing clang 3.5; they're currently at -rc3, and unless something weird happens, the actual release should be soonish. That said, it might take a while to get this version into the base system, because there are some problems to overcome. The major one being, after 3.4 llvm and clang require a C++11-compatible compiler and standard library to build. :-) If there is a great demand for -fstack-protector-strong support, I can see if it can be backported to our 3.4 version. -Dimitry
Description: Message signed with OpenPGP using GPGMail