mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-03 13:49:49 +00:00
Code Issues Projects Releases Wiki Activity

glibc: Enable static PIE support when security_flags are enabled

Browse Source 
(From OE-Core rev: 8e4ece7bf0b09275a34ce8e7cc3e1e54a366c361)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Khem Raj
2018-03-01 18:26:34 +00:00
committed by Richard Purdie
parent de4b8febd8
commit 8ec37c0811
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/conf/distro/include/security_flags.inc
+2
View File
@@ -6,6 +6,7 @@
# in the DISTRO="poky-lsb" configuration. # in the DISTRO="poky-lsb" configuration.
GCCPIE ?= "--enable-default-pie" GCCPIE ?= "--enable-default-pie"
GLIBCPIE ?= "--enable-static-pie"
# _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use # _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use
# -O0 which then results in a compiler warning. # -O0 which then results in a compiler warning.
@@ -30,6 +31,7 @@ SECURITY_X_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro"
SECURITY_CFLAGS_powerpc = "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_NOPIE_CFLAGS}" SECURITY_CFLAGS_powerpc = "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_NOPIE_CFLAGS}"
SECURITY_CFLAGS_pn-libgcc_powerpc = "" SECURITY_CFLAGS_pn-libgcc_powerpc = ""
GCCPIE_powerpc = "" GCCPIE_powerpc = ""
GLIBCPIE_powerpc = ""
# arm specific security flag issues # arm specific security flag issues
SECURITY_CFLAGS_pn-glibc = "" SECURITY_CFLAGS_pn-glibc = ""
meta/recipes-core/glibc/glibc_2.27.bb
+3
View File
@@ -69,6 +69,8 @@ GLIBC_BROKEN_LOCALES = ""
# #
COMPATIBLE_HOST_libc-musl_class-target = "null" COMPATIBLE_HOST_libc-musl_class-target = "null"
GLIBCPIE ??= ""
EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \ EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
--without-cvs --disable-profile \ --without-cvs --disable-profile \
--disable-debug --without-gd \ --disable-debug --without-gd \
@@ -82,6 +84,7 @@ EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
--enable-bind-now \ --enable-bind-now \
--enable-stack-protector=strong \ --enable-stack-protector=strong \
--enable-stackguard-randomization \ --enable-stackguard-randomization \
${GLIBCPIE} \
${GLIBC_EXTRA_OECONF}" ${GLIBC_EXTRA_OECONF}"
EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}" EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}"