On 2014-08-22 16:17, Bryan Drewery wrote:
On 8/22/2014 1:16 PM, mikej wrote:
On , Bryan Drewery wrote:
On 9/21/2013 5:49 AM, Bryan Drewery wrote:
Ports now support enabling Stack Protector [1] support on FreeBSD 10
i386 and amd64, and older releases on amd64 only currently.
Support may be added for earlier i386 releases once all ports
properly
respect LDFLAGS.
To enable, just add WITH_SSP=yes to your make.conf and rebuild all
ports.
The default SSP_CLFAGS is -fstack-protector, but
-fstack-protector-all
may optionally be set instead.
Please help test this on your system. We would like to eventually
enable
this by default, but need to identify any major ports that have
run-time
issues due to it.
[1] https://en.wikipedia.org/wiki/Buffer_overflow_protection
We have not had any feedback on this yet and want to get it enabled
by
default for ports and packages.
We now have a repository that you can use rather than the default to
help test. We need your help to identify any issues before switching
the
default.
This repository is available for:
head
10.0
9.1,9.2,9.3
It is not available for 8.4. If someone is willing to test on 8.4 I
will
build a repository for it.
Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf:
FreeBSD: { enabled: no }
FreeBSD_ssp: {
url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp";,
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkg",
enabled: yes
}
Once that is done you should force reinstall packages from this
repository:
pkg update
pkg upgrade -f
Thanks for your help!
Bryan Drewery
On behalf of portmgr.
I have been using this without issue on several machines until today.
root@firewall:/usr/ports # pkg -v
1.3.6
root@firewall:/usr/ports #
Repositories:
FreeBSD_ssp: {
url :
"pkg+http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp";,
enabled : yes,
mirror_type : "SRV",
signature_type : "FINGERPRINTS",
fingerprints : "/usr/share/keys/pkg"
}
root@firewall:/usr/ports # pkg update -f
Updating repository catalogue
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found
pkg: repository FreeBSD_ssp has no meta file, using default settings
Fetching digests.txz: 100% of 1 MB
Fetching packagesite.txz: 100% of 5 MB
Adding new entries: 100%
Incremental update completed, 23305 packages processed:
0 packages updated, 0 removed and 23305 added.
root@firewall:/usr/ports # pkg install mdnsresponder
Updating repository catalogue
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found
pkg: repository FreeBSD_ssp has no meta file, using default settings
FreeBSD_ssp repository is up-to-date
All repositories are up-to-date
Checking integrity... done (1 conflicting)
pkg: Cannot solve problem using SAT solver:
cannot install package mDNSResponder~net/mDNSResponder, remove it from
request [Y/n]: y
Checking integrity... done (0 conflicting)
The most recent version of packages are already installed
root@firewall:/usr/ports # uname -a
FreeBSD firewall 10.0-STABLE FreeBSD 10.0-STABLE #0 r269366M: Fri Aug
1
00:35:49 EDT 2014 mikej@firewall:/usr/obj/usr/src/sys/GENERIC
amd64
root@firewall:/usr/ports # date
Fri Aug 22 14:12:30 EDT 2014
root@firewall:/usr/ports #
root@firewall:/usr/ports # pkg info | grep mdns
root@firewall:/usr/ports #
Regards,
--mikej
It looks like the (SSP) freebsd:10:x86:64 freebsd:11:x86:32
repositories
are stale from a month ago. Looking into why.
Sadly this was not noticed and the instructions effectively will
downgrade packages. These 2 repositories have pkg-1.2 still as well.
Bryan,
Any update? As you probably expect if I build the port locally with
poudriere and install there is no issue. I'm building with
WITH_SSP_PORTS=YES
in /etc/make.conf
Regards,
--mikej
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[email protected]"
