Hi tech-pkg@, I would like to give everyone a heads up on this one: On 05/07/2017 17:58, Pierre Pronchery wrote:
Module Name: pkgsrc Committed By: khorben Date: Wed Jul 5 15:58:30 UTC 2017 Modified Files: pkgsrc/mk/defaults: mk.conf Log Message: Enable both SSP and FORTIFY by default This is only actually in use where known supported. Prepared for a while, also the default in the base system (for NetBSD and numerous others), introduced on mailing-lists and in my talk "Hardening pkgsrc", and finally accepted unanimously during pkgsrcCon 2017. Used by Joyent already (according to jperkin@) and tested in EdgeBSD for a couple years now (amd64 and i386). [...]
This is not expected to affect users in any way, they should just get binary packages that are somewhat safer to use in untrusted environments (in the next release, where supported).
For more information, feel free to check: http://wiki.netbsd.org/pkgsrc/hardening/ (documents some caveats) and then my successive talks about security measures in pkgsrc: http://www.netbsd.org/gallery/presentations/ (everything "Hardening pkgsrc")I will be presenting this work one more time at EuroBSDCon 2017, in Paris this year.
Do not hesitate to include me in conversations in this matter, if I can be of any help.
Cheers, -- khorben