diff options
| author | bdrewery <bdrewery@FreeBSD.org> | 2013-09-20 20:54:54 +0800 |
|---|---|---|
| committer | bdrewery <bdrewery@FreeBSD.org> | 2013-09-20 20:54:54 +0800 |
| commit | d6c170198e97f1109801df05948762e423645c4b (patch) | |
| tree | e61ab76efa292f985d8e20e449572329fa964c1c /Mk | |
| parent | 6174635d1f2fb489f2267a3388ddd0cc658b8c00 (diff) | |
| download | freebsd-ports-gnome-d6c170198e97f1109801df05948762e423645c4b.tar.gz freebsd-ports-gnome-d6c170198e97f1109801df05948762e423645c4b.tar.zst freebsd-ports-gnome-d6c170198e97f1109801df05948762e423645c4b.zip | |
SSP support has been added to ports with WITH_SSP for i386 and amd64
on FreeBSD 10, and amd64 on earlier versions.
SSP_UNSAFE is added to disable in a port if it fails to build, but
this should only be used in rare circumstances such as kernel modules.
Otherwise, the port may just be failing due to lack of respecting
LDFLAGS.
On FreeBSD 10, this uses an ldscript in /usr/lib/libc.so to pull in
libssp_nonshared.a to address issues linking on i386 [1].
On earlier FreeBSD versions the WITH_SSP knob will add -lssp_nonshared
to LDFLAGS on i386. This is not needed on amd64. However, several hundred
ports do not currently respect LDFLAGS, so this support is disabled currently
as it causes build failures if a dependency is looking for the stack_chk
symbols.
Many thanks to jlh@ for this as he had many years of patience in getting
all of the necessary pieces [1][2] in.
[1] http://svnweb.freebsd.org/base/head/lib/libc/libc.ldscript?revision=251668&view=markup
PR: ports/138228 [2]
Submitted by: jlh (bsd.ssp.mk based on)
Reviewed by: bapt
With hat: portmgr
exp-runs done: 37 over a month on 91i386,91amd64,10i386,10amd64
Diffstat (limited to 'Mk')
| -rw-r--r-- | Mk/bsd.port.mk | 11 | ||||
| -rw-r--r-- | Mk/bsd.ssp.mk | 30 |
2 files changed, 41 insertions, 0 deletions
diff --git a/Mk/bsd.port.mk b/Mk/bsd.port.mk index a86c85c3c8ca..3fe95b34cbfb 100644 --- a/Mk/bsd.port.mk +++ b/Mk/bsd.port.mk @@ -301,6 +301,13 @@ FreeBSD_MAINTAINER= portmgr@FreeBSD.org # passed to the compiler by setting DEBUG_FLAGS. It is # set to "-g" at default. # +# WITH_SSP - If set, SSP_FLAGS (defaults to -fstack-protector) +# is added to CFLAGS and the necessary flags +# are added to LDFLAGS. Note that SSP_UNSAFE +# can be used in Makefiles by port maintainers +# if a port breaks with it (it should be +# extremely rare). +# # USE_BZIP2 - If set, this port tarballs use bzip2, not gzip, for # compression. # USE_LHA - If set, this port distfile uses lha for compression @@ -1563,6 +1570,10 @@ DEBUG_FLAGS?= -g CFLAGS:= ${CFLAGS:N-O*:N-fno-strict*} ${DEBUG_FLAGS} .endif +.if defined(WITH_SSP) +.include "${PORTSDIR}/Mk/bsd.ssp.mk" +.endif + .if defined(NOPORTDOCS) PLIST_SUB+= PORTDOCS="@comment " .else diff --git a/Mk/bsd.ssp.mk b/Mk/bsd.ssp.mk new file mode 100644 index 000000000000..c71b3b3722c4 --- /dev/null +++ b/Mk/bsd.ssp.mk @@ -0,0 +1,30 @@ +# $FreeBSD$ +# SSP Support + +SSP_Include_MAINTAINER= portmgr@FreeBSD.org + +# See: http://svnweb.freebsd.org/base/head/lib/libc/libc.ldscript?revision=251668&view=markup +.if ${OSVERSION} < 1000036 && ${ARCH} == i386 + +# Disabled on i386 for now on releases without the ldscript as too many ports +# do not respect LDFLAGS and fail to build due to not adding in -lssp_nonshared when needed +# despite dependencies working fine, which breaks a lot. Can enable once LDFLAGS is more +# supported. XXX +SSP_UNSAFE= yes + +# i386 needs -lssp_nonshared, see svn link above for more information +SSP_NEED_NONSHARED= yes +.endif + +.if defined(WITH_SSP) && !defined(WITHOUT_SSP) && !defined(SSP_UNSAFE) && \ + (${ARCH} == i386 || ${ARCH} == amd64) +# Overridable as a user may want to use -fstack-protector-all +SSP_CFLAGS?= -fstack-protector +CFLAGS:= ${CFLAGS} ${SSP_CFLAGS} +LDFLAGS:= ${LDFLAGS} -fstack-protector +# -lssp_nonshared is needed on i386 where /usr/lib/libc.so is not an ldscript +# This is currently unused XXX +. if defined(SSP_NEED_NONSHARED) +LDFLAGS:= ${LDFLAGS} -lssp_nonshared +. endif +.endif |