tclibc: For newlib and baremetal disable some security features

With GCCPIE being enabled by default with security_flags.inc the
compiler will by default attempt to compile and link programs as PIE.
The targets that use newlib and baremetal in general do not support PIE
or are otherwise unable to use it due to how embedded targets are
compiled and executed. As such it makes sense to disable PIE by default
for these libc's in order to prevent build failures.

For baremetal tclibc there are no libc features or implementation as
such there is no implementation for the strong stack protector by
default.

(From OE-Core rev: dfe434b793c156a87b5ead5cb85fe60d920d69d3)

Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/conf/distro/include/tclibc-baremetal.inc

@@ -28,3 +28,9 @@ TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}"
 TOOLCHAIN_HOST_TASK_ATTEMPTONLY ?= ""
 TOOLCHAIN_TARGET_TASK ?= "libgcc-dev"
 TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "virtual/${MLPREFIX}libc zlib ncurses"
+
+# disable stack protector by default (no-libc, no protector implementation)
+SECURITY_STACK_PROTECTOR_libc-baremetal = ""
+# disable pie security flags by default
+SECURITY_CFLAGS_libc-baremetal = "${SECURITY_NOPIE_CFLAGS}"
+SECURITY_LDFLAGS_libc-baremetal = ""

meta/conf/distro/include/tclibc-newlib.inc

@@ -42,3 +42,7 @@ TARGET_OS_arm = "eabi"
 TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}"
 TOOLCHAIN_TARGET_TASK ?= "${LIBC_DEPENDENCIES}"
 TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "zlib ncurses"
+
+# disable pie security flags by default
+SECURITY_CFLAGS_libc-newlib = "${SECURITY_NOPIE_CFLAGS}"
+SECURITY_LDFLAGS_libc-newlib = ""