[OE-core] [PATCH 0/6] Fix issues when using security_flags on musl

Khem Raj raj.khem at gmail.com
Wed Feb 3 06:27:51 UTC 2016 

security_flags enabled builds revealed several issues when building on musl
especially compiling gcc runtime libs we should not use fstack-protector
another change is to replace with -fstack-protector-all with -fstack-protector-strong
which is available since 4.9 and has best of both worlds (stack size usage and security)
gcc on musl/ppc was missing patches as a result images werent booting on qemuppc
that is fixed too. It also revealed some more issues in compiling gcc for musl systems
was not getting all configs right.
Addressed the review comments on nss-myhostname

The following changes since commit 2218490b075b077683f17b643ab211c7716d0dfc:

  documentation.conf: align the documentation for DEBUG_OPTIMIZATION and FULL_OPTIMIZATION with bitbake.conf (2016-02-02 17:48:00 +0000)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib kraj/pu
  http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=kraj/pu

Khem Raj (6):
  nss-myhostname: Fix build on musl
  gcc: Fix build on musl with -fstack-protector
  security_flags: Disable fstack-protector for gcc runtime libs
  security_flags: Replace -fstack-protector-all with
    -fstack-protector-strong
  gcc: Assume libssp and dl_iterate_phdr on musl
  gcc: musl related fixes for unwinding,ppc/secure-plt and gthr

 meta/conf/distro/include/security_flags.inc        | 17 +++--
 meta/recipes-devtools/gcc/gcc-5.3.inc              |  7 +-
 .../gcc/gcc-5.3/0047-Fix-nios2-musl-build.patch    | 11 ---
 .../0047-nios2-Define-MUSL_DYNAMIC_LINKER.patch    | 28 ++++++++
 .../gcc/gcc-5.3/0048-ssp_nonshared.patch           | 29 ++++++++
 ...-weak-reference-logic-in-gthr.h-for-os-ge.patch | 78 ++++++++++++++++++++++
 ...050-powerpc-pass-secure-plt-to-the-linker.patch | 66 ++++++++++++++++++
 .../gcc-5.3/0051-support-unwinding-on-musl.patch   | 34 ++++++++++
 ...tname-Check-for-nss.h-presense-before-use.patch | 53 +++++++++++++++
 .../nss-myhostname/nss-myhostname_0.3.bb           |  4 +-
 10 files changed, 307 insertions(+), 20 deletions(-)
 delete mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0047-Fix-nios2-musl-build.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0047-nios2-Define-MUSL_DYNAMIC_LINKER.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0048-ssp_nonshared.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0049-Disable-the-weak-reference-logic-in-gthr.h-for-os-ge.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0050-powerpc-pass-secure-plt-to-the-linker.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0051-support-unwinding-on-musl.patch
 create mode 100644 meta/recipes-support/nss-myhostname/nss-myhostname/0001-nss-myhostname-Check-for-nss.h-presense-before-use.patch

-- 
2.7.0

More information about the Openembedded-core mailing list