On Thu, Jun 16, 2016 at 3:59 AM, Alexander Kanavin
<alexander.kana...@linux.intel.com> wrote:
> The packages that break due to -fpie can be still built with -fPIC.
>
> [YOCTO #9486]
>
> Signed-off-by: Alexander Kanavin <alexander.kana...@linux.intel.com>
> ---
> meta/conf/distro/include/security_flags.inc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/conf/distro/include/security_flags.inc
> b/meta/conf/distro/include/security_flags.inc
> index a7be185..26804bd 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -13,7 +13,7 @@ lcl_maybe_fortify =
> "${@base_conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE
> SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security"
>
> SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify}
> ${SECURITY_STRINGFORMAT}"
> -SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify}
> ${SECURITY_STRINGFORMAT}"
> +SECURITY_NO_PIE_CFLAGS ?= "-fPIC -fstack-protector-strong
> ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
I don't think this does anything useful. An executable won't be
position independent unless -pie is passed to the linker, so if
linking with -pie doesn't work, forcing all object code to be position
independent is just adding overhead with no benefit.
> SECURITY_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro,-z,now"
> SECURITY_X_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro"
> --
> 2.8.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
