vapier 15/04/15 08:37:14 Added: kexec-tools-2.0.9-hardened.patch Log: Improve handling of hardened toolchains by only disabling PIE/etc... in the purgatory subdir. (Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key D2E96200)
Revision Changes Path 1.1 sys-apps/kexec-tools/files/kexec-tools-2.0.9-hardened.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/kexec-tools/files/kexec-tools-2.0.9-hardened.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/kexec-tools/files/kexec-tools-2.0.9-hardened.patch?rev=1.1&content-type=text/plain Index: kexec-tools-2.0.9-hardened.patch =================================================================== the purgatory subdir gets loaded into the kernel so we need to make sure it does not get built with compiler settings like the rest of the userland tools. that means no PIC/PIE/SSP/etc... --- a/purgatory/Makefile +++ b/purgatory/Makefile @@ -47,7 +47,8 @@ purgatory/sha256.o: $(srcdir)/util_lib/sha256.c $(PURGATORY): CC=$(TARGET_CC) $(PURGATORY): CFLAGS+=$(PURGATORY_EXTRA_CFLAGS) \ $($(ARCH)_PURGATORY_EXTRA_CFLAGS) \ - -Os -fno-builtin -ffreestanding + -Os -fno-builtin -ffreestanding \ + -fno-PIC -fno-PIE -fno-stack-protector $(PURGATORY): CPPFLAGS=$($(ARCH)_PURGATORY_EXTRA_CFLAGS) \ -I$(srcdir)/purgatory/include \