[oe-commits] [meta-openembedded] 03/62: meta_oe_security_flags: disable PIE for libdbus-c++
git at git.openembedded.org
git at git.openembedded.org
Tue Mar 7 13:28:36 UTC 2017
This is an automated email from the git hooks/post-receive script.
martin_jansa pushed a commit to branch morty-next
in repository meta-openembedded.
commit 9aba5089bea7df72fff472641070a18c07cb7e5a
Author: André Draszik <adraszik at tycoint.com>
AuthorDate: Fri Nov 25 15:18:03 2016 +0000
meta_oe_security_flags: disable PIE for libdbus-c++
The short version - it ain't working.
The long version:
For shared libraries made from C++ sources, configure
runs some code to determine how to link shared libraries
(from libtool.m4) using g++. In particular, it calls
g++ ${CFLAGS} -c conftest.c
g++ ${CFLAGS} -nostdinc -shared -v conftest.o
to then parse the gcc -v output.
If CFLAGS contains -pie -fpie, g++ adds Scrt1.o to the
objects being linked together to form the final output.
Once Scrt1.o is pulled into a shared library, it becomes
impossible to link this DSO against a final binary. I
didn't investigate why, by I suspect because of
-Wl,relro -Wl,now
libtool takes note of Scrt1.o (and all other libraries
added by gcc, but those don't matter here) and adds it
everywhere a shared library is being created, see
predep_objects= and postdep_objects= in the
'LIBTOOL TAG CONFIG: CXX' section.
In other words, the the shared library created during
the build can't be linked against. This includes
some applications that are part of the libdbus-c++
source tree, but also any other external user.
While I am not sure if the root of the issue is in
- gcc (should it really add Scrt1.o despite -shared),
or in
- libtool (should it filter out -pie -fpie during the
configure step), or even in
- OE (should it really be adding -pie -fpie to
everything, even shared libraries by default and
unconditionally),
we can make things work by using SECURITY_NO_PIE_CFLAGS
instead.
Signed-off-by: André Draszik <adraszik at tycoint.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta-oe/conf/distro/include/meta_oe_security_flags.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta-oe/conf/distro/include/meta_oe_security_flags.inc b/meta-oe/conf/distro/include/meta_oe_security_flags.inc
index e57cc5b..42fedc2 100644
--- a/meta-oe/conf/distro/include/meta_oe_security_flags.inc
+++ b/meta-oe/conf/distro/include/meta_oe_security_flags.inc
@@ -1,4 +1,5 @@
# Build errors with the pie options enabled
+SECURITY_CFLAGS_pn-libdbus-c++ = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-lvm2 = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-rrdtool = "${SECURITY_NO_PIE_CFLAGS}"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list