diff options
author | Mike Frysinger <vapier@gentoo.org> | 2015-04-15 08:37:14 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2015-04-15 08:37:14 +0000 |
commit | bcebb14e8a188c64817e8ac5b2e8e81220a659b3 (patch) | |
tree | e614c3141d7570b2ac66b1f434321c4cf684c745 /sys-apps/kexec-tools/files | |
parent | Version Bump (diff) | |
download | gentoo-2-bcebb14e8a188c64817e8ac5b2e8e81220a659b3.tar.gz gentoo-2-bcebb14e8a188c64817e8ac5b2e8e81220a659b3.tar.bz2 gentoo-2-bcebb14e8a188c64817e8ac5b2e8e81220a659b3.zip |
Improve handling of hardened toolchains by only disabling PIE/etc... in the purgatory subdir.
(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key D2E96200)
Diffstat (limited to 'sys-apps/kexec-tools/files')
-rw-r--r-- | sys-apps/kexec-tools/files/kexec-tools-2.0.9-hardened.patch | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/sys-apps/kexec-tools/files/kexec-tools-2.0.9-hardened.patch b/sys-apps/kexec-tools/files/kexec-tools-2.0.9-hardened.patch new file mode 100644 index 000000000000..01a8b4be933b --- /dev/null +++ b/sys-apps/kexec-tools/files/kexec-tools-2.0.9-hardened.patch @@ -0,0 +1,16 @@ +the purgatory subdir gets loaded into the kernel so we need to +make sure it does not get built with compiler settings like the +rest of the userland tools. that means no PIC/PIE/SSP/etc... + +--- a/purgatory/Makefile ++++ b/purgatory/Makefile +@@ -47,7 +47,8 @@ purgatory/sha256.o: $(srcdir)/util_lib/sha256.c + $(PURGATORY): CC=$(TARGET_CC) + $(PURGATORY): CFLAGS+=$(PURGATORY_EXTRA_CFLAGS) \ + $($(ARCH)_PURGATORY_EXTRA_CFLAGS) \ +- -Os -fno-builtin -ffreestanding ++ -Os -fno-builtin -ffreestanding \ ++ -fno-PIC -fno-PIE -fno-stack-protector + + $(PURGATORY): CPPFLAGS=$($(ARCH)_PURGATORY_EXTRA_CFLAGS) \ + -I$(srcdir)/purgatory/include \ |