[gnome-continuous-yocto/gnomeostree-3.28-rocko: 3585/8267] grub2: enforce -no-pie if supported by compiler
- From: Emmanuele Bassi <ebassi src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 3585/8267] grub2: enforce -no-pie if supported by compiler
- Date: Sun, 17 Dec 2017 00:50:22 +0000 (UTC)
commit bc209d9b8dbfb842eb00f0a09e52025f1ca403ae
Author: Alexander Kanavin <alexander kanavin linux intel com>
Date: Fri Dec 2 21:14:07 2016 +0200
grub2: enforce -no-pie if supported by compiler
Recent distros are enabling -pie by default; in case of grub
we need to turn it off.
(From OE-Core rev: aaff6c99dde3f1058bb3c4b320f27753c6c992ad)
Signed-off-by: Alexander Kanavin <alexander kanavin linux intel com>
Signed-off-by: Ross Burton <ross burton intel com>
Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>
...nforce-no-pie-if-the-compiler-supports-it.patch | 45 ++++++++++++++++++++
meta/recipes-bsp/grub/grub2.inc | 1 +
2 files changed, 46 insertions(+), 0 deletions(-)
---
diff --git a/meta/recipes-bsp/grub/files/0001-Enforce-no-pie-if-the-compiler-supports-it.patch
b/meta/recipes-bsp/grub/files/0001-Enforce-no-pie-if-the-compiler-supports-it.patch
new file mode 100644
index 0000000..ccdbee2
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0001-Enforce-no-pie-if-the-compiler-supports-it.patch
@@ -0,0 +1,45 @@
+From 6186bcf1bcaaa0f16e79339e07c64c841d4d957d Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex kanavin gmail com>
+Date: Fri, 2 Dec 2016 20:52:40 +0200
+Subject: [PATCH] Enforce -no-pie, if the compiler supports it.
+
+Add a -no-pie as recent (2 Dec 2016) Debian testing compiler
+seems to default to enabling PIE when linking. See
+https://wiki.ubuntu.com/SecurityTeam/PIE
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex kanavin gmail com>
+---
+ acinclude.m4 | 2 +-
+ configure.ac | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/acinclude.m4 b/acinclude.m4
+index 19200b0..a713923 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -416,7 +416,7 @@ int main() {
+
+ [# `$CC -c -o ...' might not be portable. But, oh, well... Is calling
+ # `ac_compile' like this correct, after all?
+-if eval "$ac_compile -S -o conftest.s" 2> /dev/null; then]
++if eval "$ac_compile -S -o conftest.s" 2> /dev/null && eval "$CC -dumpspecs 2>/dev/null | grep -e no-pie" ;
then]
+ AC_MSG_RESULT([yes])
+ [# Should we clear up other files as well, having called `AC_LANG_CONFTEST'?
+ rm -f conftest.s
+diff --git a/configure.ac b/configure.ac
+index df20991..506c6b4 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -603,7 +603,7 @@ grub_CHECK_PIE
+ [# Need that, because some distributions ship compilers that include
+ # `-fPIE' in the default specs.
+ if [ x"$pie_possible" = xyes ]; then
+- TARGET_CFLAGS="$TARGET_CFLAGS -fno-PIE"
++ TARGET_CFLAGS="$TARGET_CFLAGS -fno-PIE -no-pie"
+ fi]
+
+ # Position independent executable.
+--
+2.10.2
+
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index b10f633..f64198d 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -32,6 +32,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
file://0001-Remove-direct-_llseek-code-and-require-long-filesyst.patch \
file://fix-texinfo.patch \
file://0001-grub-core-gettext-gettext.c-main_context-secondary_c.patch \
+ file://0001-Enforce-no-pie-if-the-compiler-supports-it.patch \
"
DEPENDS = "flex-native bison-native autogen-native"
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]