This is the culmination of years of work and testing including work by jlh@.
This will enable SSP by default for all amd64 releases, and i386 releases
10.0 and over.
With hat: portmgr
Tested by: multiple exp-runs, CFT package repository, CFT ports
Discussed with: bapt, antoine
has issues with 'installworld' when WITH_SSP is defined. [1]
Keep WITH_SSP support for now since it has been announced as that
already.
- Remove redundant wording in UPDATING [2]
Suggested by: bapt [1]
Reported by: blakkheim on EFNet
With hat: portmgr
on FreeBSD 10, and amd64 on earlier versions.
SSP_UNSAFE is added to disable in a port if it fails to build, but
this should only be used in rare circumstances such as kernel modules.
Otherwise, the port may just be failing due to lack of respecting
LDFLAGS.
On FreeBSD 10, this uses an ldscript in /usr/lib/libc.so to pull in
libssp_nonshared.a to address issues linking on i386 [1].
On earlier FreeBSD versions the WITH_SSP knob will add -lssp_nonshared
to LDFLAGS on i386. This is not needed on amd64. However, several hundred
ports do not currently respect LDFLAGS, so this support is disabled currently
as it causes build failures if a dependency is looking for the stack_chk
symbols.
Many thanks to jlh@ for this as he had many years of patience in getting
all of the necessary pieces [1][2] in.
[1] http://svnweb.freebsd.org/base/head/lib/libc/libc.ldscript?revision=251668&view=markup
PR: ports/138228 [2]
Submitted by: jlh (bsd.ssp.mk based on)
Reviewed by: bapt
With hat: portmgr
exp-runs done: 37 over a month on 91i386,91amd64,10i386,10amd64