Index: Mk/Features/aslr.mk =================================================================== --- /dev/null +++ Mk/Features/aslr.mk @@ -0,0 +1,13 @@ +# ASLR Support + +.if !defined(_ASLR_MK_INCLUDED) +_ASLR_MK_INCLUDED= yes +ASLR_Include_MAINTAINER= portmgr@FreeBSD.org + +.if defined(ASLR_UNSAFE) && !defined(TRYFORCEASLR) +USES+= elfctl +.for entry in ${ASLR_UNSAFE} +ELF_FEATURES+= +noaslr:${entry} +.endfor +.endif +.endif Index: Mk/bsd.port.mk =================================================================== --- Mk/bsd.port.mk +++ Mk/bsd.port.mk @@ -1020,8 +1020,8 @@ # These need to be absolute since we don't know how deep in the ports # tree we are and thus can't go relative. They can, of course, be overridden # by individual Makefiles or local system make configuration. -_LIST_OF_WITH_FEATURES= debug lto ssp pie relro bind_now -_DEFAULT_WITH_FEATURES= ssp +_LIST_OF_WITH_FEATURES= debug lto ssp pie relro bind_now aslr +_DEFAULT_WITH_FEATURES= ssp aslr PORTSDIR?= /usr/ports LOCALBASE?= /usr/local LINUXBASE?= /compat/linux Index: lang/php83/Makefile =================================================================== --- lang/php83/Makefile +++ lang/php83/Makefile @@ -82,7 +82,6 @@ USE_RC_SUBR+=php-fpm IPV6_CONFIGURE_OFF= --disable-ipv6 LINKTHR_LIBS= -lpthread -NOASLR_USES= elfctl MYSQLND_CONFIGURE_ON= --enable-mysqlnd PCRE_BUILD_DEPENDS= re2c>0:devel/re2c PCRE_CONFIGURE_ON= --with-external-pcre=${LOCALBASE} @@ -107,19 +106,17 @@ .include -.if ${PORT_OPTIONS:NOASLR} .if ${PORT_OPTIONS:MCLI} -ELF_FEATURES+=+noaslr:sapi/cli/php +ASLR_UNSAFE+=+noaslr:sapi/cli/php .endif .if ${PORT_OPTIONS:MCGI} -ELF_FEATURES+=+noaslr:sapi/cgi/php-cgi +ASLR_UNSAFE+=+noaslr:sapi/cgi/php-cgi .endif .if ${PORT_OPTIONS:MPHPDBG} -ELF_FEATURES+=+noaslr:sapi/phpdbg/phpdbg +ASLR_UNSAFE+=+noaslr:sapi/phpdbg/phpdbg .endif .if ${PORT_OPTIONS:MFPM} -ELF_FEATURES+=+noaslr:sapi/fpm/php-fpm -.endif +ASLR_UNSAFE+=+noaslr:sapi/fpm/php-fpm .endif .include