Bug 186852 - [patch] Add 'fstack-protector-strong' to lang/gcc48
Summary: [patch] Add 'fstack-protector-strong' to lang/gcc48
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Gerald Pfeifer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-18 01:20 UTC by Olivier - interfaSys sàrl
Modified: 2015-11-09 08:28 UTC (History)
0 users

See Also:

Attachments
file.shar (11.94 KB, text/plain)
2014-02-18 01:20 UTC, Olivier - interfaSys sàrl 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier - interfaSys sàrl 2014-02-18 01:20:00 UTC 
FreeBSD has recently added the WITH_SSP_PORTS makefile option [1] which adds "-fstack-protector" and "-fstack-protector-all" compilation directives which adds extra code to check for buffer overflows to compiled ports [2].

While this is a good first step, those switches offer too little or too much protection and over 2 years ago, Google delivered "-fstack-protector-strong" [3] to try and solve the problem:
"The stack-protector option is over-simplified, which ignores pointer cast, address computation, while the stack-protector-all is over-killing, using this option brings too much performance overhead..." [4]

The new directive has been added to the 4.9 branch of gcc and several Linux distros have backported the patch, but so far, FreeBSD maintainer has decided not to do it, so here are patches which work against lang/gcc48.
There are based on the gcc 4.9 commits [5]

[1]https://wiki.freebsd.org/201309DevSummit/Ports
[2]http://gcc.gnu.org/onlinedocs/gcc-4.8.2/gcc/Optimize-Options.html
[3]https://codereview.appspot.com/5461043/
[4]https://docs.google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU/edit?hl=en_US
[5]http://repo.or.cz/w/official-gcc.git/commitdiff/b156ec373ccf27f4fcce7972de5e043d35acea43

Fix: Patch lang/gcc48

Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2014-02-18 01:20:09 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->gerald

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Gerald Pfeifer freebsd_committer freebsd_triage 2014-03-03 00:48:24 UTC 
State Changed
From-To: open->feedback

This is (a bit beyond) borderline what I'd usually consider in terms 
of backporting, but I tend to go for it. 

Can you please advise how you tested this?
Comment 3 Gerald Pfeifer freebsd_committer freebsd_triage 2014-06-10 02:13:12 UTC 
Thank you for your submission and apologies for the delay in getting
this committed.

I wanted to ensure proper testing (original, vanilla code with new
tests, patched code with new tests) and didn't have the time in one
stretch and infrastructure to do so as I wanted to.

Note that I renamed and combined the patch files, one per directory.
Comment 4 Gerald Pfeifer freebsd_committer freebsd_triage 2014-06-10 04:22:06 UTC 
...and changed their naming structure a bit.
Comment 5 commit-hook freebsd_committer freebsd_triage 2015-11-09 08:28:07 UTC 
A commit references this bug:

Author: gerald
Date: Mon Nov  9 08:27:42 UTC 2015
New revision: 401086
URL: https://svnweb.freebsd.org/changeset/ports/401086

Log:
  "Backport" the  -fstack-protector-strong patchset from lang/gcc48 to
  lang/gcc.

  PR:		203751, 186852 [1]
  Submitted by:	software-freebsd@interfasys.ch [1]

Changes:
  head/lang/gcc/files/patch-stackprotector-gcc
  head/lang/gcc/files/patch-stackprotector-gcc_c-family
  head/lang/gcc/files/patch-stackprotector-gcc_doc
  head/lang/gcc/files/patch-stackprotector-gcc_testsuite