[OE-core] [RESEND PATCH 1/2] security_flags: Remove stack protector flags from LDFLAGS
Khem Raj
raj.khem at gmail.com
Mon Mar 2 18:40:04 UTC 2020
On 3/2/20 9:17 AM, Junling Zheng wrote:
> The stack protector flag is a compile option, not a link option, so
> remove it from LDFLAGS.
we use compiler driver to do linking as well, what does this change fix
for you.
>
> Signed-off-by: Junling Zheng <zhengjunling at huawei.com>
> ---
> meta/conf/distro/include/security_flags.inc | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
> index aaf04e9e59..5b79340be9 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -26,8 +26,8 @@ SECURITY_STACK_PROTECTOR ?= "-fstack-protector-strong"
> SECURITY_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${SECURITY_PIE_CFLAGS} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
> SECURITY_NO_PIE_CFLAGS ?= "${SECURITY_STACK_PROTECTOR} ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
>
> -SECURITY_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro,-z,now"
> -SECURITY_X_LDFLAGS ?= "${SECURITY_STACK_PROTECTOR} -Wl,-z,relro"
> +SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
> +SECURITY_X_LDFLAGS ?= "-Wl,-z,relro"
>
> # powerpc does not get on with pie for reasons not looked into as yet
> GCCPIE_powerpc = ""
>
More information about the Openembedded-core
mailing list