[OE-core] [PATCH V2 0/6] Fix issues when using security_flags on musl

Khem Raj raj.khem at gmail.com
Thu Feb 4 22:55:10 UTC 2016 

security_flags enabled builds revealed several issues when building on musl
especially compiling gcc runtime libs we should not use fstack-protector
another change is to replace with -fstack-protector-all with -fstack-protector-strong
which is available since 4.9 and has best of both worlds (stack size usage and security)
gcc on musl/ppc was missing patches as a result images werent booting on qemuppc
that is fixed too. It also revealed some more issues in compiling gcc for musl systems
was not getting all configs right.
Addressed the review comments on nss-myhostname

Changes since v1:
Ignore security flags for non target packages

The following changes since commit 1b2e1eb6f08b6f95cf555d7f6bc6e4de2113aaed:

  libical: Work around hardcoded paths in pkgconfig file (2016-02-04 13:09:51 +0000)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib kraj/pu
  http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=kraj/pu

Khem Raj (6):
  nss-myhostname: Fix build on musl
  gcc: Fix build on musl with -fstack-protector
  security_flags: Disable fstack-protector for gcc runtime libs
  security_flags: Replace -fstack-protector-all with
    -fstack-protector-strong
  gcc: Assume libssp and dl_iterate_phdr on musl
  gcc: musl related fixes for unwinding,ppc/secure-plt and gthr

 meta/conf/distro/include/security_flags.inc        | 23 ++++---
 meta/recipes-devtools/gcc/gcc-5.3.inc              |  7 +-
 .../gcc/gcc-5.3/0047-Fix-nios2-musl-build.patch    | 11 ---
 .../0047-nios2-Define-MUSL_DYNAMIC_LINKER.patch    | 28 ++++++++
 .../gcc/gcc-5.3/0048-ssp_nonshared.patch           | 29 ++++++++
 ...-weak-reference-logic-in-gthr.h-for-os-ge.patch | 78 ++++++++++++++++++++++
 ...050-powerpc-pass-secure-plt-to-the-linker.patch | 66 ++++++++++++++++++
 .../gcc-5.3/0051-support-unwinding-on-musl.patch   | 34 ++++++++++
 ...tname-Check-for-nss.h-presense-before-use.patch | 53 +++++++++++++++
 .../nss-myhostname/nss-myhostname_0.3.bb           |  4 +-
 10 files changed, 311 insertions(+), 22 deletions(-)
 delete mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0047-Fix-nios2-musl-build.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0047-nios2-Define-MUSL_DYNAMIC_LINKER.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0048-ssp_nonshared.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0049-Disable-the-weak-reference-logic-in-gthr.h-for-os-ge.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0050-powerpc-pass-secure-plt-to-the-linker.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0051-support-unwinding-on-musl.patch
 create mode 100644 meta/recipes-support/nss-myhostname/nss-myhostname/0001-nss-myhostname-Check-for-nss.h-presense-before-use.patch

-- 
2.7.0

More information about the Openembedded-core mailing list