freebsd-ports/Mk/bsd.ssp.mk
Bryan Drewery ec713d99b6 - Enable SSP by default.
This is the culmination of years of work and testing including work by jlh@.

  This will enable SSP by default for all amd64 releases, and i386 releases
  10.0 and over.

With hat:	portmgr
Tested by:	multiple exp-runs, CFT package repository, CFT ports
Discussed with:	bapt, antoine
2014-11-02 20:01:31 +00:00

30 lines
1,008 B
Makefile

# $FreeBSD$
# SSP Support
SSP_Include_MAINTAINER= portmgr@FreeBSD.org
# See: http://svnweb.freebsd.org/base/head/lib/libc/libc.ldscript?revision=251668&view=markup
.if ${OSVERSION} < 1000036 && ${ARCH} == i386
# Disabled on i386 for now on releases without the ldscript as too many ports
# do not respect LDFLAGS and fail to build due to not adding in -lssp_nonshared when needed
# despite dependencies working fine, which breaks a lot. Can enable once LDFLAGS is more
# supported. XXX
SSP_UNSAFE= yes
# i386 needs -lssp_nonshared, see svn link above for more information
SSP_NEED_NONSHARED= yes
.endif
.if !defined(SSP_UNSAFE) && \
(${ARCH} == i386 || ${ARCH} == amd64)
# Overridable as a user may want to use -fstack-protector-all
SSP_CFLAGS?= -fstack-protector
CFLAGS+= ${SSP_CFLAGS}
LDFLAGS+= -fstack-protector
# -lssp_nonshared is needed on i386 where /usr/lib/libc.so is not an ldscript
# This is currently unused XXX
. if defined(SSP_NEED_NONSHARED)
LDFLAGS+= -lssp_nonshared
. endif
.endif