diff options
Diffstat (limited to 'sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch')
| -rw-r--r-- | sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch new file mode 100644 index 0000000..253a61b --- /dev/null +++ b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch @@ -0,0 +1,29 @@ +Prevent default-fPIE from confusing configure into thinking +PIC code is default. This causes glibc to build both PIC and +non-PIC code as normal, which on the hardened compiler generates +PIC and PIE. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> + +--- configure.in ++++ configure.in +@@ -2145,7 +2145,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then + pic_default=no + fi + rm -f conftest.*]) +--- configure ++++ configure +@@ -7698,7 +7698,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then + pic_default=no + fi + rm -f conftest.* |