| #
9bfd3b40 |
| 13-May-2024 |
Kyle Evans <kevans@FreeBSD.org> |
Add a build knob for _FORTIFY_SOURCE
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to eas
Add a build knob for _FORTIFY_SOURCE
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.
include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.
Reviewed by: des, markj
Relnotes: yes
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32308
show more ...
|
|
Revision tags: release/13.3.0, release/14.0.0 |
|
| #
b461276d |
| 30-Aug-2023 |
Ed Maste <emaste@FreeBSD.org> |
Update WITH_/WITHOUT_SSP descriptions
ProPolice refers to a specific implementation by Hiroaki Etoh and
Kunikazu Yoda. The implementation in contemporary Clang and GCC is
somewhat different and new
Update WITH_/WITHOUT_SSP descriptions
ProPolice refers to a specific implementation by Hiroaki Etoh and
Kunikazu Yoda. The implementation in contemporary Clang and GCC is
somewhat different and newer, so use a generic term in the src.conf
descriptions.
Sponsored by: The FreeBSD Foundation
show more ...
|
| #
b2c76c41 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line nroff pattern
Remove /^\.\\"\s*\$FreeBSD\$$\n/
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0 |
|
| #
9d178c92 |
| 10-Apr-2021 |
Ed Maste <emaste@FreeBSD.org> |
Drop 'Set to' from most src.conf(5) knobs
The description is clearly what effect the knob has when set, so the
additional text was unnecessary.
Reviewed by: jhb, se
Sponsored by: The FreeBSD Founda
Drop 'Set to' from most src.conf(5) knobs
The description is clearly what effect the knob has when set, so the
additional text was unnecessary.
Reviewed by: jhb, se
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29583
show more ...
|
|
Revision tags: release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0, release/11.2.0, release/10.4.0, release/11.1.0, release/11.0.1, release/11.0.0, release/10.3.0, release/10.2.0, release/10.1.0, release/9.3.0, release/10.0.0, release/9.2.0, release/8.4.0, release/9.1.0, release/8.3.0_cvs, release/8.3.0, release/9.0.0, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, release/8.1.0_cvs, release/8.1.0, release/7.3.0_cvs, release/7.3.0, release/8.0.0_cvs, release/8.0.0, release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0 |
|
| #
042df2e2 |
| 25-Jun-2008 |
Ruslan Ermilov <ru@FreeBSD.org> |
Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
show more ...
|
|
Revision tags: release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0 |
|
| #
36aa6a9b |
| 19-May-2007 |
Alexander Kabaev <kan@FreeBSD.org> |
Introduce WITHOUT_SSP option that allows users to exclude LGPLed
libssp from the build.
|
|
Revision tags: release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0, release/11.2.0, release/10.4.0, release/11.1.0, release/11.0.1, release/11.0.0, release/10.3.0, release/10.2.0, release/10.1.0, release/9.3.0, release/10.0.0, release/9.2.0, release/8.4.0, release/9.1.0, release/8.3.0_cvs, release/8.3.0, release/9.0.0, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, release/8.1.0_cvs, release/8.1.0, release/7.3.0_cvs, release/7.3.0, release/8.0.0_cvs, release/8.0.0, release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0 |
|
| #
042df2e2 |
| 25-Jun-2008 |
Ruslan Ermilov <ru@FreeBSD.org> |
Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
show more ...
|
|
Revision tags: release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0 |
|
| #
36aa6a9b |
| 19-May-2007 |
Alexander Kabaev <kan@FreeBSD.org> |
Introduce WITHOUT_SSP option that allows users to exclude LGPLed
libssp from the build.
|