security_flags.inc: Special flags are needed for RPM

RPM interally has support to build and work with the stack protector.
This is disabled by default in the RPM package, and the proper settings
should be specified in the security_flags.  Using the default setting of
stack-protector-strong causes linking problems due to issues with libtool
selecting the wrong GCC objections to link against.

Falling back to the RPM values of stack-protector will permit linking to
work properly, and some level of protection.

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>

diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index ed82087693f64f49bb61e4bc645b7d5b9eb2cce5..ff5f34e3a384b18392e1b65ed401aa2e01c6e83b 100644 (file)
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -78,6 +78,8 @@ SECURITY_CFLAGS_pn-python-pycurl = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-python-smartpm = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-python-numpy = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-python3 = "${SECURITY_NO_PIE_CFLAGS}"
+# Revert RPM to using internally supported values
+SECURITY_CFLAGS_pn-rpm = "${lcl_maybe_fortify} -fstack-protector"
 SECURITY_CFLAGS_pn-syslinux = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-tcl = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-tiff = "${SECURITY_NO_PIE_CFLAGS}"