[OE-core] [PATCH] openssl: build always with -Wa,--noexecstack
Enrico Scholz
enrico.scholz at sigma-chemnitz.de
Thu Jan 12 16:30:21 UTC 2012
There is no reason to disable exec-stack only for -native builds;
binaries on the target will suffer from the same SELinux ACLs.
OpenSSL does not use executable stack so this option can be disabled
unconditionally.
Signed-off-by: Enrico Scholz <enrico.scholz at sigma-chemnitz.de>
---
meta/recipes-connectivity/openssl/openssl.inc | 6 +-----
1 files changed, 1 insertions(+), 5 deletions(-)
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 771f146..65bb671 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -19,11 +19,7 @@ S = "${WORKDIR}/openssl-${PV}"
AR_append = " r"
CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
- -DTERMIO ${FULL_OPTIMIZATION} -Wall"
-
-# Avoid binaries being marked as requiring an executable stack (which causes
-# issues with SELinux on the host)
-CFLAG_append_virtclass-native = " -Wa,--noexecstack"
+ -DTERMIO ${FULL_OPTIMIZATION} -Wall -Wa,--noexecstack"
# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
--
1.7.7.5
More information about the Openembedded-core
mailing list