pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/mk
Module Name: pkgsrc
Committed By: khorben
Date: Fri Mar 11 23:03:32 UTC 2016
Modified Files:
pkgsrc/mk: bsd.prefs.mk
pkgsrc/mk/compiler: gcc.mk
pkgsrc/mk/defaults: mk.conf
pkgsrc/mk/platform: NetBSD.mk SunOS.mk
pkgsrc/mk/wrapper: arg-source bsd.wrapper.mk transform-gcc
Added Files:
pkgsrc/mk/wrapper: cmd-sink-mkpie-gcc
Log Message:
Add support for a number of security features
- Revisit (and rename) support for FORTIFY as PKGSRC_USE_FORTIFY (instead
of PKGSRC_USE_FORT) for easier support outside NetBSD/gcc;
- PKGSRC_USE_SSP is no longer enabled by default when PKGSRC_USE_FORTIFY
is enabled;
- PKGSRC_MKPIE builds executables as PIE (to leverage userland ASLR)
- PKGSRC_USE_RELRO builds with a read-only GOT to prevent some exploits
from functioning.
Tested on NetBSD/amd64 by myself, in every combination, with and without
pkgtools/cwrappers. MKPIE is not supported at the moment with cwrappers.
Also, MKPIE is known to still break a number of packages when enabled (and
actually supported).
Tested on SunOS by jperkin@, thank you!
As discussed on tech-pkg@, the default behavior is not changed, except
where noted above.
ok bsiegert@
To generate a diff of this commit:
cvs rdiff -u -r1.379 -r1.380 pkgsrc/mk/bsd.prefs.mk
cvs rdiff -u -r1.164 -r1.165 pkgsrc/mk/compiler/gcc.mk
cvs rdiff -u -r1.262 -r1.263 pkgsrc/mk/defaults/mk.conf
cvs rdiff -u -r1.46 -r1.47 pkgsrc/mk/platform/NetBSD.mk
cvs rdiff -u -r1.69 -r1.70 pkgsrc/mk/platform/SunOS.mk
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mk/wrapper/arg-source
cvs rdiff -u -r1.96 -r1.97 pkgsrc/mk/wrapper/bsd.wrapper.mk
cvs rdiff -u -r0 -r1.1 pkgsrc/mk/wrapper/cmd-sink-mkpie-gcc
cvs rdiff -u -r1.29 -r1.30 pkgsrc/mk/wrapper/transform-gcc
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index