summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/conf/distro/include/security_flags.inc2
-rw-r--r--meta/recipes-core/glibc/glibc_2.27.bb3
2 files changed, 5 insertions, 0 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 49d2417a88..d66dd57649 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -6,6 +6,7 @@
6# in the DISTRO="poky-lsb" configuration. 6# in the DISTRO="poky-lsb" configuration.
7 7
8GCCPIE ?= "--enable-default-pie" 8GCCPIE ?= "--enable-default-pie"
9GLIBCPIE ?= "--enable-static-pie"
9 10
10# _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use 11# _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use
11# -O0 which then results in a compiler warning. 12# -O0 which then results in a compiler warning.
@@ -30,6 +31,7 @@ SECURITY_X_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro"
30SECURITY_CFLAGS_powerpc = "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_NOPIE_CFLAGS}" 31SECURITY_CFLAGS_powerpc = "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_NOPIE_CFLAGS}"
31SECURITY_CFLAGS_pn-libgcc_powerpc = "" 32SECURITY_CFLAGS_pn-libgcc_powerpc = ""
32GCCPIE_powerpc = "" 33GCCPIE_powerpc = ""
34GLIBCPIE_powerpc = ""
33 35
34# arm specific security flag issues 36# arm specific security flag issues
35SECURITY_CFLAGS_pn-glibc = "" 37SECURITY_CFLAGS_pn-glibc = ""
diff --git a/meta/recipes-core/glibc/glibc_2.27.bb b/meta/recipes-core/glibc/glibc_2.27.bb
index 2434c06105..bcc1acfbc2 100644
--- a/meta/recipes-core/glibc/glibc_2.27.bb
+++ b/meta/recipes-core/glibc/glibc_2.27.bb
@@ -69,6 +69,8 @@ GLIBC_BROKEN_LOCALES = ""
69# 69#
70COMPATIBLE_HOST_libc-musl_class-target = "null" 70COMPATIBLE_HOST_libc-musl_class-target = "null"
71 71
72GLIBCPIE ??= ""
73
72EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \ 74EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
73 --without-cvs --disable-profile \ 75 --without-cvs --disable-profile \
74 --disable-debug --without-gd \ 76 --disable-debug --without-gd \
@@ -82,6 +84,7 @@ EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
82 --enable-bind-now \ 84 --enable-bind-now \
83 --enable-stack-protector=strong \ 85 --enable-stack-protector=strong \
84 --enable-stackguard-randomization \ 86 --enable-stackguard-randomization \
87 ${GLIBCPIE} \
85 ${GLIBC_EXTRA_OECONF}" 88 ${GLIBC_EXTRA_OECONF}"
86 89
87EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}" 90EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}"