RPM interally has support to build and work with the stack protector.
This is disabled by default in the RPM package, and the proper settings
should be specified in the security_flags. Using the default setting of
stack-protector-strong causes linking problems due to issues with libtool
selecting the wrong GCC objections to link against.
Falling back to the RPM values of stack-protector will permit linking to
work properly, and some level of protection.
Signed-off-by: Mark Hatle <mark.ha...@windriver.com>
---
meta/conf/distro/include/security_flags.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/conf/distro/include/security_flags.inc
b/meta/conf/distro/include/security_flags.inc
index ed82087..ff5f34e 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -78,6 +78,8 @@ SECURITY_CFLAGS_pn-python-pycurl = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-python-smartpm = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-python-numpy = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-python3 = "${SECURITY_NO_PIE_CFLAGS}"
+# Revert RPM to using internally supported values
+SECURITY_CFLAGS_pn-rpm = "${lcl_maybe_fortify} -fstack-protector"
SECURITY_CFLAGS_pn-syslinux = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-tcl = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-tiff = "${SECURITY_NO_PIE_CFLAGS}"
--
2.5.0
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
