* [PATCH 1/2] security_flags.inc: elfutils on ARM fails with PIE flags
@ 2015-04-07 20:53 Denys Dmytriyenko
2015-04-07 20:53 ` [PATCH 2/2] security_flags.inc: disable PIE for bash due to issues in mkbuiltins Denys Dmytriyenko
0 siblings, 1 reply; 4+ messages in thread
From: Denys Dmytriyenko @ 2015-04-07 20:53 UTC (permalink / raw)
To: openembedded-core; +Cc: Denys Dmytriyenko
From: Denys Dmytriyenko <denys@ti.com>
The error messages look like this:
R_ARM_TLS_LE32 relocation not permitted in shared object
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
---
meta/conf/distro/include/security_flags.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index f3f0082..21e1a53 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -13,6 +13,7 @@ SECURITY_CFLAGS_pn-webkit-gtk_powerpc = ""
# arm specific security flag issues
SECURITY_CFLAGS_pn-lttng-tools_arm = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-elfutils_arm = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}"
--
2.2.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] security_flags.inc: disable PIE for bash due to issues in mkbuiltins
2015-04-07 20:53 [PATCH 1/2] security_flags.inc: elfutils on ARM fails with PIE flags Denys Dmytriyenko
@ 2015-04-07 20:53 ` Denys Dmytriyenko
2015-04-08 9:59 ` Richard Purdie
0 siblings, 1 reply; 4+ messages in thread
From: Denys Dmytriyenko @ 2015-04-07 20:53 UTC (permalink / raw)
To: openembedded-core; +Cc: Denys Dmytriyenko
From: Denys Dmytriyenko <denys@ti.com>
As bash builds a native tool called mkbuiltins, it fails with PIE flags:
ld: mkbuiltins.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a shared object; recompile with -fPIC
Affects at least version 3.2 of bash.
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
---
meta/conf/distro/include/security_flags.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 21e1a53..3401c4b 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -16,6 +16,7 @@ SECURITY_CFLAGS_pn-lttng-tools_arm = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-elfutils_arm = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-bash = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}"
# Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned
--
2.2.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] security_flags.inc: disable PIE for bash due to issues in mkbuiltins
2015-04-07 20:53 ` [PATCH 2/2] security_flags.inc: disable PIE for bash due to issues in mkbuiltins Denys Dmytriyenko
@ 2015-04-08 9:59 ` Richard Purdie
2015-04-09 6:59 ` Khem Raj
0 siblings, 1 reply; 4+ messages in thread
From: Richard Purdie @ 2015-04-08 9:59 UTC (permalink / raw)
To: Denys Dmytriyenko; +Cc: Denys Dmytriyenko, openembedded-core
On Tue, 2015-04-07 at 16:53 -0400, Denys Dmytriyenko wrote:
> From: Denys Dmytriyenko <denys@ti.com>
>
> As bash builds a native tool called mkbuiltins, it fails with PIE flags:
>
> ld: mkbuiltins.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a shared object; recompile with -fPIC
>
> Affects at least version 3.2 of bash.
I am a little worried about this one. Which architecture were you
building for and is this just 3.x of bash or 4.x as well? I'd like to
understand why we haven't seen this before...
Cheers,
Richard
> Signed-off-by: Denys Dmytriyenko <denys@ti.com>
> ---
> meta/conf/distro/include/security_flags.inc | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
> index 21e1a53..3401c4b 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -16,6 +16,7 @@ SECURITY_CFLAGS_pn-lttng-tools_arm = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-elfutils_arm = "${SECURITY_NO_PIE_CFLAGS}"
>
> SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}"
> +SECURITY_CFLAGS_pn-bash = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}"
> # Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned
> --
> 2.2.0
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] security_flags.inc: disable PIE for bash due to issues in mkbuiltins
2015-04-08 9:59 ` Richard Purdie
@ 2015-04-09 6:59 ` Khem Raj
0 siblings, 0 replies; 4+ messages in thread
From: Khem Raj @ 2015-04-09 6:59 UTC (permalink / raw)
To: Richard Purdie; +Cc: openembedded-core, Denys Dmytriyenko
> On Apr 8, 2015, at 2:59 AM, Richard Purdie <richard.purdie@linuxfoundation.org> wrote:
>
> On Tue, 2015-04-07 at 16:53 -0400, Denys Dmytriyenko wrote:
>> From: Denys Dmytriyenko <denys@ti.com>
>>
>> As bash builds a native tool called mkbuiltins, it fails with PIE flags:
>>
>> ld: mkbuiltins.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a shared object; recompile with -fPIC
>>
>> Affects at least version 3.2 of bash.
>
> I am a little worried about this one. Which architecture were you
> building for and is this just 3.x of bash or 4.x as well? I'd like to
> understand why we haven't seen this before…
If its a tool used during building bash, then you need to adjust CFLAGS_FOR_BUILD
and make sure that bash’s build system is not mixing things up. I am not sure
if we need to disable PIE completely, there should be a better fix for this.
>
> Cheers,
>
> Richard
>
>> Signed-off-by: Denys Dmytriyenko <denys@ti.com>
>> ---
>> meta/conf/distro/include/security_flags.inc | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
>> index 21e1a53..3401c4b 100644
>> --- a/meta/conf/distro/include/security_flags.inc
>> +++ b/meta/conf/distro/include/security_flags.inc
>> @@ -16,6 +16,7 @@ SECURITY_CFLAGS_pn-lttng-tools_arm = "${SECURITY_NO_PIE_CFLAGS}"
>> SECURITY_CFLAGS_pn-elfutils_arm = "${SECURITY_NO_PIE_CFLAGS}"
>>
>> SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}"
>> +SECURITY_CFLAGS_pn-bash = "${SECURITY_NO_PIE_CFLAGS}"
>> SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}"
>> SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}"
>> # Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned
>> --
>> 2.2.0
>>
>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-04-09 6:59 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-04-07 20:53 [PATCH 1/2] security_flags.inc: elfutils on ARM fails with PIE flags Denys Dmytriyenko
2015-04-07 20:53 ` [PATCH 2/2] security_flags.inc: disable PIE for bash due to issues in mkbuiltins Denys Dmytriyenko
2015-04-08 9:59 ` Richard Purdie
2015-04-09 6:59 ` Khem Raj
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.