diff options
| author | Mark Hatle <mark.hatle@windriver.com> | 2016-03-04 13:03:52 -0600 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-03-09 17:00:28 +0000 |
| commit | 59a4d99c20af0ef60513eab5928c40b03903e5e8 (patch) | |
| tree | 25fb812c421523c0ffdd3300af27d259973d53af /meta/conf/distro | |
| parent | 007c284cb83cf5d98f3e4f605244ca6f1d46caea (diff) | |
| download | poky-59a4d99c20af0ef60513eab5928c40b03903e5e8.tar.gz | |
security_flags.inc: Special flags are needed for RPM
RPM interally has support to build and work with the stack protector.
This is disabled by default in the RPM package, and the proper settings
should be specified in the security_flags. Using the default setting of
stack-protector-strong causes linking problems due to issues with libtool
selecting the wrong GCC objections to link against.
Falling back to the RPM values of stack-protector will permit linking to
work properly, and some level of protection.
(From OE-Core rev: 98b5f1ef188965f0116ebbe00be746dceb96936e)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/conf/distro')
| -rw-r--r-- | meta/conf/distro/include/security_flags.inc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index ed82087693..ff5f34e3a3 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc | |||
| @@ -78,6 +78,8 @@ SECURITY_CFLAGS_pn-python-pycurl = "${SECURITY_NO_PIE_CFLAGS}" | |||
| 78 | SECURITY_CFLAGS_pn-python-smartpm = "${SECURITY_NO_PIE_CFLAGS}" | 78 | SECURITY_CFLAGS_pn-python-smartpm = "${SECURITY_NO_PIE_CFLAGS}" |
| 79 | SECURITY_CFLAGS_pn-python-numpy = "${SECURITY_NO_PIE_CFLAGS}" | 79 | SECURITY_CFLAGS_pn-python-numpy = "${SECURITY_NO_PIE_CFLAGS}" |
| 80 | SECURITY_CFLAGS_pn-python3 = "${SECURITY_NO_PIE_CFLAGS}" | 80 | SECURITY_CFLAGS_pn-python3 = "${SECURITY_NO_PIE_CFLAGS}" |
| 81 | # Revert RPM to using internally supported values | ||
| 82 | SECURITY_CFLAGS_pn-rpm = "${lcl_maybe_fortify} -fstack-protector" | ||
| 81 | SECURITY_CFLAGS_pn-syslinux = "${SECURITY_NO_PIE_CFLAGS}" | 83 | SECURITY_CFLAGS_pn-syslinux = "${SECURITY_NO_PIE_CFLAGS}" |
| 82 | SECURITY_CFLAGS_pn-tcl = "${SECURITY_NO_PIE_CFLAGS}" | 84 | SECURITY_CFLAGS_pn-tcl = "${SECURITY_NO_PIE_CFLAGS}" |
| 83 | SECURITY_CFLAGS_pn-tiff = "${SECURITY_NO_PIE_CFLAGS}" | 85 | SECURITY_CFLAGS_pn-tiff = "${SECURITY_NO_PIE_CFLAGS}" |