From 59a4d99c20af0ef60513eab5928c40b03903e5e8 Mon Sep 17 00:00:00 2001 From: Mark Hatle Date: Fri, 4 Mar 2016 13:03:52 -0600 Subject: security_flags.inc: Special flags are needed for RPM RPM interally has support to build and work with the stack protector. This is disabled by default in the RPM package, and the proper settings should be specified in the security_flags. Using the default setting of stack-protector-strong causes linking problems due to issues with libtool selecting the wrong GCC objections to link against. Falling back to the RPM values of stack-protector will permit linking to work properly, and some level of protection. (From OE-Core rev: 98b5f1ef188965f0116ebbe00be746dceb96936e) Signed-off-by: Mark Hatle Signed-off-by: Richard Purdie --- meta/conf/distro/include/security_flags.inc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'meta/conf') diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index ed82087693..ff5f34e3a3 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -78,6 +78,8 @@ SECURITY_CFLAGS_pn-python-pycurl = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-python-smartpm = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-python-numpy = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-python3 = "${SECURITY_NO_PIE_CFLAGS}" +# Revert RPM to using internally supported values +SECURITY_CFLAGS_pn-rpm = "${lcl_maybe_fortify} -fstack-protector" SECURITY_CFLAGS_pn-syslinux = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-tcl = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-tiff = "${SECURITY_NO_PIE_CFLAGS}" -- cgit v1.2.3-54-g00ecf