#
8b068264 |
|
13-May-2024 |
Kyle Evans <kevans@FreeBSD.org> |
Fix the GCC build after _FORTIFY_SOURCE import We haven't exposed gets(3) in a long time, rip out __gets_chk before it's too late and something builds a gets(3) user with it enabled.
|
#
be04fec4 |
|
12-May-2024 |
Kyle Evans <kevans@FreeBSD.org> |
Import _FORTIFY_SOURCE implementation from NetBSD This is a mostly-unmodified copy of the various *_chk implementations and headers from NetBSD, without yet modifying system headers to start actually including them. A future commit will also apply the needed bits to fix ssp/unistd.h. Reviewed by: imp, pauamma_gundo.com (both previous versions), kib Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D32306
|
#
d0b2dbfa |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
#
19fe57fd |
|
14-Mar-2020 |
Kyle Evans <kevans@FreeBSD.org> |
libssp: don't compile with -fstack-protector* This similarly matches what we do in libc; compiling libssp with -fstack-protector* is actively harmful. For instance, if the canary ctor ends up with a stack protector then it will trivially trigger a false positive as the canary's being initialized. This was noted by the reporter as irc/ircd-hybrid started crashing at start after our libssp was MFC'd to stable/11, as its build will explicitly link in libssp. On FreeBSD, this isn't necessary as SSP bits are included in libc, but it should absolutely not trigger runtime breakage -- it does mean that the canary will get initialized twice, but as this is happening early on in application startup it should just be redundant work. Reported by: Tod McQuillin <devin@sevenlayer.studio> MFC after: 3 days
|
#
cd0d51ba |
|
04-Jan-2020 |
Kyle Evans <kevans@FreeBSD.org> |
Provide libssp based on libc For libssp.so, rebuild stack_protector.c with FORTIFY_SOURCE stubs that just abort built into it. For libssp_nonshared.a, steal stack_protector_compat.c from ^/lib/libc/secure and massage it to maintain that __stack_chk_fail_local is a hidden symbol. libssp is now built unconditionally regardless of {WITH,WITHOUT}_SSP in the build environment, and the gcclibs version has been disconnected from the build in favor of this one. PR: 242950 (exp-run) Reviewed by: kib, emaste, pfg, Oliver Pinter (earlier version) Also discussed with: kan MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D22943
|