From 75f8b55318db0d55f9fd097491a2422c71005d6c Mon Sep 17 00:00:00 2001 From: khorben Date: Mon, 10 Aug 2015 21:44:34 +0000 Subject: Add support for building with fortify This is pretty much the same change as with SSP, and completes it with support for fortify (like USE_FORT in NetBSD's base system). Like SSP, this is disabled by default for the moment. Like in NetBSD's base system, enabling fortify explicitly also enables SSP by default - but SSP can still be disabled explicitly in this situation. All four combinations tested on NetBSD/amd64. --- mk/defaults/mk.conf | 14 ++++++++++++-- mk/platform/NetBSD.mk | 7 ++++++- 2 files changed, 18 insertions(+), 3 deletions(-) (limited to 'mk') diff --git a/mk/defaults/mk.conf b/mk/defaults/mk.conf index e87e114a4a4..c2529bbd68e 100644 --- a/mk/defaults/mk.conf +++ b/mk/defaults/mk.conf @@ -1,4 +1,4 @@ -# $NetBSD: mk.conf,v 1.258 2015/07/26 22:13:17 khorben Exp $ +# $NetBSD: mk.conf,v 1.259 2015/08/10 21:44:34 khorben Exp $ # # This file provides default values for variables that may be overridden @@ -215,10 +215,20 @@ PKGSRC_RUN_TEST?= no # Possible: yes, no # Default: no +PKGSRC_USE_FORT?= no +# Turns on substitute wrappers for commonly used functions that do not bounds +# checking regularly, but could in some cases (with GCC for instance). +# Possible: yes, no +# Default: no + +.if ${PKGSRC_USE_FORT:Uno} != "no" +PKGSRC_USE_SSP?= yes +.else PKGSRC_USE_SSP?= no +.endif # Set this to YES to enable stack-smashing protection (on supported platforms). # Possible: yes, no -# Default: no +# Default: no, except if PKGSRC_USE_FORT is set to "yes". .if (!empty(MACHINE_PLATFORM:MNetBSD-*-*) && \ exists(/usr/X11R7/lib/libX11.so)) diff --git a/mk/platform/NetBSD.mk b/mk/platform/NetBSD.mk index f771006e238..784ad534dab 100644 --- a/mk/platform/NetBSD.mk +++ b/mk/platform/NetBSD.mk @@ -1,4 +1,4 @@ -# $NetBSD: NetBSD.mk,v 1.44 2015/07/27 23:37:38 khorben Exp $ +# $NetBSD: NetBSD.mk,v 1.45 2015/08/10 21:44:34 khorben Exp $ # # Variable definitions for the NetBSD operating system. @@ -128,6 +128,11 @@ FFLAGS+= -mieee PKG_HAVE_KQUEUE= # defined .endif +.if ${PKGSRC_USE_FORT:Uno} != "no" +# build with fortify +_GCC_CFLAGS+= -D_FORTIFY_SOURCE=2 +.endif + .if ${PKGSRC_USE_SSP:Uno} != "no" . if (${MACHINE_ARCH} != "alpha") && \ (${MACHINE_ARCH} != "hppa") && \ -- cgit v1.2.3