summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2015-04-15 08:37:14 +0000
committerMike Frysinger <vapier@gentoo.org>2015-04-15 08:37:14 +0000
commitbcebb14e8a188c64817e8ac5b2e8e81220a659b3 (patch)
treee614c3141d7570b2ac66b1f434321c4cf684c745 /sys-apps/kexec-tools/files
parentVersion Bump (diff)
downloadgentoo-2-bcebb14e8a188c64817e8ac5b2e8e81220a659b3.tar.gz
gentoo-2-bcebb14e8a188c64817e8ac5b2e8e81220a659b3.tar.bz2
gentoo-2-bcebb14e8a188c64817e8ac5b2e8e81220a659b3.zip
Improve handling of hardened toolchains by only disabling PIE/etc... in the purgatory subdir.
(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key D2E96200)
Diffstat (limited to 'sys-apps/kexec-tools/files')
-rw-r--r--sys-apps/kexec-tools/files/kexec-tools-2.0.9-hardened.patch16
1 files changed, 16 insertions, 0 deletions
diff --git a/sys-apps/kexec-tools/files/kexec-tools-2.0.9-hardened.patch b/sys-apps/kexec-tools/files/kexec-tools-2.0.9-hardened.patch
new file mode 100644
index 000000000000..01a8b4be933b
--- /dev/null
+++ b/sys-apps/kexec-tools/files/kexec-tools-2.0.9-hardened.patch
@@ -0,0 +1,16 @@
+the purgatory subdir gets loaded into the kernel so we need to
+make sure it does not get built with compiler settings like the
+rest of the userland tools. that means no PIC/PIE/SSP/etc...
+
+--- a/purgatory/Makefile
++++ b/purgatory/Makefile
+@@ -47,7 +47,8 @@ purgatory/sha256.o: $(srcdir)/util_lib/sha256.c
+ $(PURGATORY): CC=$(TARGET_CC)
+ $(PURGATORY): CFLAGS+=$(PURGATORY_EXTRA_CFLAGS) \
+ $($(ARCH)_PURGATORY_EXTRA_CFLAGS) \
+- -Os -fno-builtin -ffreestanding
++ -Os -fno-builtin -ffreestanding \
++ -fno-PIC -fno-PIE -fno-stack-protector
+
+ $(PURGATORY): CPPFLAGS=$($(ARCH)_PURGATORY_EXTRA_CFLAGS) \
+ -I$(srcdir)/purgatory/include \