CVS commit: pkgsrc/mk

["Pierre Pronchery" <khorben%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   khorben
Date:           Fri Mar 11 23:03:32 UTC 2016

Modified Files:
        pkgsrc/mk: bsd.prefs.mk
        pkgsrc/mk/compiler: gcc.mk
        pkgsrc/mk/defaults: mk.conf
        pkgsrc/mk/platform: NetBSD.mk SunOS.mk
        pkgsrc/mk/wrapper: arg-source bsd.wrapper.mk transform-gcc
Added Files:
        pkgsrc/mk/wrapper: cmd-sink-mkpie-gcc

Log Message:
Add support for a number of security features

- Revisit (and rename) support for FORTIFY as PKGSRC_USE_FORTIFY (instead
  of PKGSRC_USE_FORT) for easier support outside NetBSD/gcc;
- PKGSRC_USE_SSP is no longer enabled by default when PKGSRC_USE_FORTIFY
  is enabled;
- PKGSRC_MKPIE builds executables as PIE (to leverage userland ASLR)
- PKGSRC_USE_RELRO builds with a read-only GOT to prevent some exploits
  from functioning.

Tested on NetBSD/amd64 by myself, in every combination, with and without
pkgtools/cwrappers. MKPIE is not supported at the moment with cwrappers.
Also, MKPIE is known to still break a number of packages when enabled (and
actually supported).

Tested on SunOS by jperkin@, thank you!

As discussed on tech-pkg@, the default behavior is not changed, except
where noted above.

ok bsiegert@


To generate a diff of this commit:
cvs rdiff -u -r1.379 -r1.380 pkgsrc/mk/bsd.prefs.mk
cvs rdiff -u -r1.164 -r1.165 pkgsrc/mk/compiler/gcc.mk
cvs rdiff -u -r1.262 -r1.263 pkgsrc/mk/defaults/mk.conf
cvs rdiff -u -r1.46 -r1.47 pkgsrc/mk/platform/NetBSD.mk
cvs rdiff -u -r1.69 -r1.70 pkgsrc/mk/platform/SunOS.mk
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mk/wrapper/arg-source
cvs rdiff -u -r1.96 -r1.97 pkgsrc/mk/wrapper/bsd.wrapper.mk
cvs rdiff -u -r0 -r1.1 pkgsrc/mk/wrapper/cmd-sink-mkpie-gcc
cvs rdiff -u -r1.29 -r1.30 pkgsrc/mk/wrapper/transform-gcc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.