summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/conf/distro/include/security_flags.inc4
-rw-r--r--meta/recipes-devtools/gcc/gcc-configure-common.inc3
2 files changed, 6 insertions, 1 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 38164d08b8..f2eb224a77 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -5,6 +5,8 @@
5# From a Yocto Project perspective, this file is included and tested 5# From a Yocto Project perspective, this file is included and tested
6# in the DISTRO="poky-lsb" configuration. 6# in the DISTRO="poky-lsb" configuration.
7 7
8GCCPIE ?= "--enable-default-pie"
9
8# _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use 10# _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use
9# -O0 which then results in a compiler warning. 11# -O0 which then results in a compiler warning.
10lcl_maybe_fortify = "${@base_conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}" 12lcl_maybe_fortify = "${@base_conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}"
@@ -12,7 +14,7 @@ lcl_maybe_fortify = "${@base_conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE
12# Error on use of format strings that represent possible security problems 14# Error on use of format strings that represent possible security problems
13SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security" 15SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security"
14 16
15SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" 17SECURITY_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
16SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" 18SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
17 19
18SECURITY_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro,-z,now" 20SECURITY_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro,-z,now"
diff --git a/meta/recipes-devtools/gcc/gcc-configure-common.inc b/meta/recipes-devtools/gcc/gcc-configure-common.inc
index 63fa1d9686..e2ce234aa1 100644
--- a/meta/recipes-devtools/gcc/gcc-configure-common.inc
+++ b/meta/recipes-devtools/gcc/gcc-configure-common.inc
@@ -22,6 +22,8 @@ EXTRA_OECONF_INITIAL ?= ""
22GCCMULTILIB ?= "--disable-multilib" 22GCCMULTILIB ?= "--disable-multilib"
23GCCTHREADS ?= "posix" 23GCCTHREADS ?= "posix"
24 24
25GCCPIE ??= ""
26
25EXTRA_OECONF = "\ 27EXTRA_OECONF = "\
26 ${@['--enable-clocale=generic', ''][d.getVar('USE_NLS') != 'no']} \ 28 ${@['--enable-clocale=generic', ''][d.getVar('USE_NLS') != 'no']} \
27 --with-gnu-ld \ 29 --with-gnu-ld \
@@ -29,6 +31,7 @@ EXTRA_OECONF = "\
29 --enable-languages=${LANGUAGES} \ 31 --enable-languages=${LANGUAGES} \
30 --enable-threads=${GCCTHREADS} \ 32 --enable-threads=${GCCTHREADS} \
31 ${GCCMULTILIB} \ 33 ${GCCMULTILIB} \
34 ${GCCPIE} \
32 --enable-c99 \ 35 --enable-c99 \
33 --enable-long-long \ 36 --enable-long-long \
34 --enable-symvers=gnu \ 37 --enable-symvers=gnu \
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-22 05:44:11 +0000