diff options
| author | khorben <khorben@pkgsrc.org> | 2017-04-16 23:12:37 +0000 |
|---|---|---|
| committer | khorben <khorben@pkgsrc.org> | 2017-04-16 23:12:37 +0000 |
| commit | 086f9cd2882ceac5e75fbbba72d7d804c538b17c (patch) | |
| tree | c2f6c46d6b2d898ae1653891686ea36d750ff1ca /mk/defaults | |
| parent | 9302d3ea518c52b2b3072ba8407d46b7e78fcc2f (diff) | |
| download | pkgsrc-086f9cd2882ceac5e75fbbba72d7d804c538b17c.tar.gz | |
Add granularity to PKGSRC_USE_FORTIFY and PKGSRC_USE_RELRO
The new options are, for FORTIFY:
"no" Do not pass any flags for FORTIFY
"weak" Pass -D_FORTIFY_SOURCE=1
"strong" Pass -D_FORTIFY_SOURCE=2
This allows users to reduce the level of FORTIFY specified if necessary
or desired. The previous setting as "yes" is now equivalent to "strong"
(the default when enabling).
The new options are, for RELRO:
"no" Do not pass any flags for RELRO
"partial" Pass -Wl,-z,relro
"full" Pass -Wl,-z,relro -Wl,-z,now
This allows users to reduce the level of RELRO specified if necessary or
desired. The previous setting as "yes" is now equivalent to "full" (the
default when enabling).
This is intended to match the changes committed by jperkin@ (for SSP)
after our discussion a (long) while back.
No functional change intended (with the settings supported so far).
Diffstat (limited to 'mk/defaults')
| -rw-r--r-- | mk/defaults/mk.conf | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/mk/defaults/mk.conf b/mk/defaults/mk.conf index 1cdb89e88ff..9a053556b89 100644 --- a/mk/defaults/mk.conf +++ b/mk/defaults/mk.conf @@ -1,4 +1,4 @@ -# $NetBSD: mk.conf,v 1.274 2017/04/16 22:10:40 khorben Exp $ +# $NetBSD: mk.conf,v 1.275 2017/04/16 23:12:37 khorben Exp $ # # This file provides default values for variables that may be overridden @@ -235,14 +235,19 @@ PKGSRC_USE_FORTIFY?= no # Turns on substitute wrappers for commonly used functions that do not bounds # checking regularly, but could in some cases. This is effectively in use only # when both enabled and supported. -# Possible: yes, no +# Possible values: +# no: Do not pass any flags for FORTIFY +# weak: Pass -D_FORTIFY_SOURCE=1 +# strong: Pass -D_FORTIFY_SOURCE=2 # Default: no PKGSRC_USE_RELRO?= no # Link with RELRO by default (on supported platforms). This makes the # exploitation of some security vulnerabilities more difficult in some cases. -# Possible: yes, no -# Default: no +# Possible values: +# no: Do not pass any flags for RELRO +# partial: Pass -Wl,-z,relro +# full: Pass -Wl,-z,relro -Wl,-z,now PKGSRC_USE_SSP?= no # Configure this to enable stack smashing protection (on supported platforms). |