CVS commit: pkgsrc/mk/defaults

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/mk/defaults
From: "Pierre Pronchery" <khorben%netbsd.org@localhost>
Date: Wed, 5 Jul 2017 15:58:30 +0000

Module Name:    pkgsrc
Committed By:   khorben
Date:           Wed Jul  5 15:58:30 UTC 2017

Modified Files:
        pkgsrc/mk/defaults: mk.conf

Log Message:
Enable both SSP and FORTIFY by default

This is only actually in use where known supported.

Prepared for a while, also the default in the base system (for NetBSD and
numerous others), introduced on mailing-lists and in my talk "Hardening
pkgsrc", and finally accepted unanimously during pkgsrcCon 2017.

Used by Joyent already (according to jperkin@) and tested in EdgeBSD for a
couple years now (amd64 and i386).


To generate a diff of this commit:
cvs rdiff -u -r1.276 -r1.277 pkgsrc/mk/defaults/mk.conf

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mk/defaults/mk.conf
diff -u pkgsrc/mk/defaults/mk.conf:1.276 pkgsrc/mk/defaults/mk.conf:1.277
--- pkgsrc/mk/defaults/mk.conf:1.276    Fri Jun 23 15:44:06 2017
+++ pkgsrc/mk/defaults/mk.conf  Wed Jul  5 15:58:30 2017
@@ -1,4 +1,4 @@
-# $NetBSD: mk.conf,v 1.276 2017/06/23 15:44:06 schmonz Exp $
+# $NetBSD: mk.conf,v 1.277 2017/07/05 15:58:30 khorben Exp $
 #
 
 # This file provides default values for variables that may be overridden
@@ -231,7 +231,7 @@ PKGSRC_MKPIE?= no
 # Possible: yes, no
 # Default: no
 
-PKGSRC_USE_FORTIFY?= no
+PKGSRC_USE_FORTIFY?= strong
 # Turns on substitute wrappers for commonly used functions that do not bounds
 # checking regularly, but could in some cases. This is effectively in use only
 # when both enabled and supported.
@@ -239,7 +239,7 @@ PKGSRC_USE_FORTIFY?= no
 #      no:     Do not pass any flags for FORTIFY
 #      weak:   Pass -D_FORTIFY_SOURCE=1
 #      strong: Pass -D_FORTIFY_SOURCE=2
-# Default: no
+# Default: strong
 
 PKGSRC_USE_RELRO?= no
 # Link with RELRO by default (on supported platforms). This makes the
@@ -249,14 +249,14 @@ PKGSRC_USE_RELRO?= no
 #      partial: Pass -Wl,-z,relro
 #      full:    Pass -Wl,-z,relro -Wl,-z,now
 
-PKGSRC_USE_SSP?= no
+PKGSRC_USE_SSP?= yes
 # Configure this to enable stack smashing protection (on supported platforms).
 # Possible values:
 #      no:     Do not pass any stack protection flags
 #      yes:    Pass -fstack-protector
 #      strong: Pass -fstack-protector-strong
 #      all:    Pass -fstack-protector-all
-# Default: no
+# Default: yes
 
 # The default PREFER_PKGSRC should be empty, but due to historical reasons we have the list below.
 # Please add your platform here once you have confirmed it is correct

Prev by Date: CVS commit: pkgsrc/mk/check
Next by Date: CVS commit: pkgsrc/math/py-pandas-datareader
Previous by Thread: CVS commit: pkgsrc/mk/check
Next by Thread: CVS commit: pkgsrc/math/py-pandas-datareader
Indexes:

Home | Main Index | Thread Index | Old Index