CVS commit: pkgsrc/mk/defaults

["Nia Alarie" <nia%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   nia
Date:           Mon Sep 27 14:31:55 UTC 2021

Modified Files:
        pkgsrc/mk/defaults: mk.conf

Log Message:
mk: Bump default hardening options.


To generate a diff of this commit:
cvs rdiff -u -r1.318 -r1.319 pkgsrc/mk/defaults/mk.conf

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mk/defaults/mk.conf
diff -u pkgsrc/mk/defaults/mk.conf:1.318 pkgsrc/mk/defaults/mk.conf:1.319
--- pkgsrc/mk/defaults/mk.conf:1.318    Sun May 30 23:41:05 2021
+++ pkgsrc/mk/defaults/mk.conf  Mon Sep 27 14:31:55 2021
@@ -1,4 +1,4 @@
-# $NetBSD: mk.conf,v 1.318 2021/05/30 23:41:05 khorben Exp $
+# $NetBSD: mk.conf,v 1.319 2021/09/27 14:31:55 nia Exp $
 #
 
 # This file provides default values for variables that may be overridden
@@ -234,7 +234,7 @@ PKGSRC_RUN_TEST?=   no
 # Possible: yes, no
 # Default: no
 
-PKGSRC_MKPIE?= no
+PKGSRC_MKPIE?= yes
 # If no, create regular executables. Otherwise create PIE (Position Independent
 # Executables, on supported platforms). This option is necessary to fully
 # leverage ASLR as a mitigation for security vulnerabilities.
@@ -271,7 +271,7 @@ PKGSRC_USE_FORTIFY?= strong
 #
 # Keywords: fortify FORTIFY_SOURCE
 
-PKGSRC_USE_RELRO?= no
+PKGSRC_USE_RELRO?= full
 # Link with RELRO by default (on supported platforms). This makes the
 # exploitation of some security vulnerabilities more difficult in some cases.
 # Possible values:
@@ -281,7 +281,7 @@ PKGSRC_USE_RELRO?= no
 #
 # Keywords: relro
 
-PKGSRC_USE_SSP?= yes
+PKGSRC_USE_SSP?= strong
 # Configure this to enable stack smashing protection (on supported platforms).
 # Possible values:
 #      no:     Do not pass any stack protection flags