From: Khem Raj <raj.khem@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH 0/6] Fix issues when using security_flags on musl
Date: Wed, 3 Feb 2016 06:27:51 +0000 [thread overview]
Message-ID: <cover.1454480571.git.raj.khem@gmail.com> (raw)
security_flags enabled builds revealed several issues when building on musl
especially compiling gcc runtime libs we should not use fstack-protector
another change is to replace with -fstack-protector-all with -fstack-protector-strong
which is available since 4.9 and has best of both worlds (stack size usage and security)
gcc on musl/ppc was missing patches as a result images werent booting on qemuppc
that is fixed too. It also revealed some more issues in compiling gcc for musl systems
was not getting all configs right.
Addressed the review comments on nss-myhostname
The following changes since commit 2218490b075b077683f17b643ab211c7716d0dfc:
documentation.conf: align the documentation for DEBUG_OPTIMIZATION and FULL_OPTIMIZATION with bitbake.conf (2016-02-02 17:48:00 +0000)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib kraj/pu
http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=kraj/pu
Khem Raj (6):
nss-myhostname: Fix build on musl
gcc: Fix build on musl with -fstack-protector
security_flags: Disable fstack-protector for gcc runtime libs
security_flags: Replace -fstack-protector-all with
-fstack-protector-strong
gcc: Assume libssp and dl_iterate_phdr on musl
gcc: musl related fixes for unwinding,ppc/secure-plt and gthr
meta/conf/distro/include/security_flags.inc | 17 +++--
meta/recipes-devtools/gcc/gcc-5.3.inc | 7 +-
.../gcc/gcc-5.3/0047-Fix-nios2-musl-build.patch | 11 ---
.../0047-nios2-Define-MUSL_DYNAMIC_LINKER.patch | 28 ++++++++
.../gcc/gcc-5.3/0048-ssp_nonshared.patch | 29 ++++++++
...-weak-reference-logic-in-gthr.h-for-os-ge.patch | 78 ++++++++++++++++++++++
...050-powerpc-pass-secure-plt-to-the-linker.patch | 66 ++++++++++++++++++
.../gcc-5.3/0051-support-unwinding-on-musl.patch | 34 ++++++++++
...tname-Check-for-nss.h-presense-before-use.patch | 53 +++++++++++++++
.../nss-myhostname/nss-myhostname_0.3.bb | 4 +-
10 files changed, 307 insertions(+), 20 deletions(-)
delete mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0047-Fix-nios2-musl-build.patch
create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0047-nios2-Define-MUSL_DYNAMIC_LINKER.patch
create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0048-ssp_nonshared.patch
create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0049-Disable-the-weak-reference-logic-in-gthr.h-for-os-ge.patch
create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0050-powerpc-pass-secure-plt-to-the-linker.patch
create mode 100644 meta/recipes-devtools/gcc/gcc-5.3/0051-support-unwinding-on-musl.patch
create mode 100644 meta/recipes-support/nss-myhostname/nss-myhostname/0001-nss-myhostname-Check-for-nss.h-presense-before-use.patch
--
2.7.0
next reply other threads:[~2016-02-03 6:27 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-03 6:27 Khem Raj [this message]
2016-02-03 6:27 ` [PATCH 1/6] nss-myhostname: Fix build on musl Khem Raj
2016-02-03 6:27 ` [PATCH 2/6] gcc: Fix build on musl with -fstack-protector Khem Raj
2016-02-03 6:27 ` [PATCH 3/6] security_flags: Disable fstack-protector for gcc runtime libs Khem Raj
2016-02-03 6:27 ` [PATCH 4/6] security_flags: Replace -fstack-protector-all with -fstack-protector-strong Khem Raj
2016-02-03 6:27 ` [PATCH 5/6] gcc: Assume libssp and dl_iterate_phdr on musl Khem Raj
2016-02-03 6:27 ` [PATCH 6/6] gcc: musl related fixes for unwinding, ppc/secure-plt and gthr Khem Raj
2016-02-03 16:17 ` Burton, Ross
2016-02-03 16:38 ` Khem Raj
2016-02-03 16:40 ` Burton, Ross
2016-02-03 19:27 ` Khem Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1454480571.git.raj.khem@gmail.com \
--to=raj.khem@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox