diff --git a/Mk/Features/aslr.mk b/Mk/Features/aslr.mk new file mode 100644 --- /dev/null +++ b/Mk/Features/aslr.mk @@ -0,0 +1,13 @@ +# ASLR Support + +.if !defined(_ASLR_MK_INCLUDED) +_ASLR_MK_INCLUDED= yes +ASLR_Include_MAINTAINER= portmgr@FreeBSD.org + +.if defined(ASLR_UNSAFE) && !defined(TRYFORCEASLR) +USES+= elfctl +.for entry in ${ASLR_UNSAFE} +ELF_FEATURES+= +noaslr:${entry} +.endfor +.endif +.endif diff --git a/Mk/bsd.port.mk b/Mk/bsd.port.mk --- a/Mk/bsd.port.mk +++ b/Mk/bsd.port.mk @@ -1015,8 +1015,9 @@ # These need to be absolute since we don't know how deep in the ports # tree we are and thus can't go relative. They can, of course, be overridden # by individual Makefiles or local system make configuration. -_LIST_OF_WITH_FEATURES= bind_now debug debuginfo lto pie relro sanitize ssp testing -_DEFAULT_WITH_FEATURES= ssp +_LIST_OF_WITH_FEATURES= aslr bind_now debug debuginfo lto pie relro sanitize \ + ssp testing +_DEFAULT_WITH_FEATURES= ssp aslr PORTSDIR?= /usr/ports LOCALBASE?= /usr/local LINUXBASE?= /compat/linux diff --git a/lang/php83/Makefile b/lang/php83/Makefile --- a/lang/php83/Makefile +++ b/lang/php83/Makefile @@ -80,7 +80,6 @@ USE_RC_SUBR+=php-fpm IPV6_CONFIGURE_OFF= --disable-ipv6 LINKTHR_LIBS= -lpthread -NOASLR_USES= elfctl MYSQLND_CONFIGURE_ON= --enable-mysqlnd PCRE_BUILD_DEPENDS= re2c>0:devel/re2c PCRE_CONFIGURE_ON= --with-external-pcre=${LOCALBASE} @@ -105,19 +104,17 @@ .include -.if ${PORT_OPTIONS:NOASLR} .if ${PORT_OPTIONS:MCLI} -ELF_FEATURES+=+noaslr:sapi/cli/php +ASLR_UNSAFE+=sapi/cli/php .endif .if ${PORT_OPTIONS:MCGI} -ELF_FEATURES+=+noaslr:sapi/cgi/php-cgi +ASLR_UNSAFE+=sapi/cgi/php-cgi .endif .if ${PORT_OPTIONS:MPHPDBG} -ELF_FEATURES+=+noaslr:sapi/phpdbg/phpdbg +ASLR_UNSAFE+=sapi/phpdbg/phpdbg .endif .if ${PORT_OPTIONS:MFPM} -ELF_FEATURES+=+noaslr:sapi/fpm/php-fpm -.endif +ASLR_UNSAFE+=sapi/fpm/php-fpm .endif .include