[poky] PATCH: openssl: disable execstack flag to prevent problems with SELinux

Saul Wold saul.wold at intel.com
Thu Dec 2 10:46:10 PST 2010 

On 11/19/2010 02:23 AM, Paul Eggleton wrote:
> openssl: disable execstack flag to prevent problems with SELinux
>
> The execstack flag gets set on libcrypto.so by default which causes SELinux
> to prevent it from being loaded on systems using SELinux, which includes
> Fedora. This patch disables the execstack flag. (Note: Red Hat do this in
> their openssl packaging.)
>
Should this be a native only CFLAG change?

Since we are not SELinux on the target (that might be a layer someone 
else might provide).


Sau!


> Signed-off-by: Paul Eggleton<paul.eggleton at intel.com>
>
> ---
> diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
> index da90456..15144b1 100644
> --- a/meta/recipes-connectivity/openssl/openssl.inc
> +++ b/meta/recipes-connectivity/openssl/openssl.inc
> @@ -15,7 +15,7 @@ S = "${WORKDIR}/openssl-${PV}"
>
>   AR_append = " r"
>   CFLAG = "${@base_conditional('SITEINFO_ENDIANESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
> -	-DTERMIO ${FULL_OPTIMIZATION} -Wall"
> +	-DTERMIO ${FULL_OPTIMIZATION} -Wall -Wa,--noexecstack"
>
>   # -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
>   CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
> diff --git a/meta/recipes-connectivity/openssl/openssl_0.9.8o.bb b/meta/recipes-connectivity/openssl/openssl_0.9.8o.bb
> index 3949540..fe02272 100644
> --- a/meta/recipes-connectivity/openssl/openssl_0.9.8o.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_0.9.8o.bb
> @@ -1,6 +1,6 @@
>   require openssl.inc
>
> -PR = "r0"
> +PR = "r1"
>   SRC_URI += "file://debian/ca.patch \
>               file://debian/config-hurd.patch;apply=no \
>               file://debian/debian-targets.patch \
> ---------------------------------------------------------------------
> Intel Corporation (UK) Limited
> Registered No. 1134945 (England)
> Registered Office: Pipers Way, Swindon SN3 1RJ
> VAT No: 860 2173 47
>
> This e-mail and any attachments may contain confidential material for
> the sole use of the intended recipient(s). Any review or distribution
> by others is strictly prohibited. If you are not the intended
> recipient, please contact the sender and delete all copies.
>
> _______________________________________________
> poky mailing list
> poky at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/poky
>

More information about the poky mailing list