mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-04 02:00:04 +00:00
Code Issues Projects Releases Wiki Activity

security_flags.inc: Special flags are needed for RPM

Browse Source 
RPM interally has support to build and work with the stack protector.
This is disabled by default in the RPM package, and the proper settings
should be specified in the security_flags.  Using the default setting of
stack-protector-strong causes linking problems due to issues with libtool
selecting the wrong GCC objections to link against.

Falling back to the RPM values of stack-protector will permit linking to
work properly, and some level of protection.

(From OE-Core rev: 98b5f1ef188965f0116ebbe00be746dceb96936e)

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Mark Hatle
2016-03-04 13:03:52 -06:00
committed by Richard Purdie
parent 007c284cb8
commit 59a4d99c20
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/conf/distro/include/security_flags.inc
+2
View File
@@ -78,6 +78,8 @@ SECURITY_CFLAGS_pn-python-pycurl = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-python-smartpm = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-python-numpy = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-python3 = "${SECURITY_NO_PIE_CFLAGS}"
# Revert RPM to using internally supported values
SECURITY_CFLAGS_pn-rpm = "${lcl_maybe_fortify} -fstack-protector"
SECURITY_CFLAGS_pn-syslinux = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-tcl = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-tiff = "${SECURITY_NO_PIE_CFLAGS}"