[PATCH 00/10] Add GCCPIE knob to configure gcc with --enable-default-pie

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Khem Raj <raj.khem@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH 00/10] Add GCCPIE knob to configure gcc with --enable-default-pie
Date: Wed, 14 Jun 2017 08:23:10 -0700	[thread overview]
Message-ID: <cover.1497453168.git.raj.khem@gmail.com> (raw)

* This patchset add a switch to configure gcc driver with PIE defaults
* Add support for generating static PIE in gcc
* Gets rid of lot of bandaids from distro security flags file
* Adjust recipes for new way of specifying pie
* Upgrade and Fix mips build for ffmpeg along the way

The following changes since commit 059846662f1ea1c82804cfce5f91afcb2980ec8a:

  mtools-native: fix Upstream-Status (2017-06-14 14:45:01 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib kraj/hardening-fixes
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=kraj/hardening-fixes

Khem Raj (10):
  gcc: Introduce a knob to configure gcc to default to PIE
  security_flags.inc: Delete pinnings for SECURITY_NO_PIE_CFLAGS
  distutils,setuptools: Delete use of SECURITY_NO_PIE_CFLAGS
  ffmpeg: Upgrade to 3.3.2 stable
  gobject-introspection: Disable generating static lbraries
  zlib: Pass pre-calculate uname enable re-entrant flags
  gcc-sanitizer: Fix build with glibc 2.26
  gcc7: Enable static PIE
  libunwind: We set -fPIE in security flags now if gcc is not configured
    for default PIE
  valgrind: Remove -no-pie from cflags

 meta/classes/distutils-common-base.bbclass         |   2 -
 meta/classes/setuptools.bbclass                    |   2 -
 meta/conf/distro/include/security_flags.inc        |  85 ++++-------
 meta/recipes-core/zlib/zlib_1.2.11.bb              |  12 +-
 meta/recipes-devtools/gcc/gcc-7.1.inc              |   2 +
 ...r-Use-stack_t-instead-of-struct-sigaltsta.patch | 160 +++++++++++++++++++++
 .../gcc/gcc-7.1/0049-gcc-Enable-static-PIE.patch   |  37 +++++
 meta/recipes-devtools/gcc/gcc-configure-common.inc |   3 +
 meta/recipes-devtools/valgrind/valgrind_3.12.0.bb  |   1 -
 .../gobject-introspection_1.50.0.bb                |   1 +
 .../ffmpeg/ffmpeg/0001-build-fix-for-mips.patch    |  44 ++++++
 .../ffmpeg/{ffmpeg_3.3.bb => ffmpeg_3.3.2.bb}      |   5 +-
 meta/recipes-support/libunwind/libunwind_1.2.bb    |   4 -
 13 files changed, 281 insertions(+), 77 deletions(-)
 create mode 100644 meta/recipes-devtools/gcc/gcc-7.1/0048-libsanitizer-Use-stack_t-instead-of-struct-sigaltsta.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-7.1/0049-gcc-Enable-static-PIE.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-build-fix-for-mips.patch
 rename meta/recipes-multimedia/ffmpeg/{ffmpeg_3.3.bb => ffmpeg_3.3.2.bb} (97%)

-- 
2.13.1

next             reply	other threads:[~2017-06-14 15:23 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-14 15:23 Khem Raj [this message]
2017-06-14 15:23 ` [PATCH 01/10] gcc: Introduce a knob to configure gcc to default to PIE Khem Raj
2017-06-14 15:23 ` [PATCH 02/10] security_flags.inc: Delete pinnings for SECURITY_NO_PIE_CFLAGS Khem Raj
2017-06-14 15:23 ` [PATCH 03/10] distutils, setuptools: Delete use of SECURITY_NO_PIE_CFLAGS Khem Raj
2017-06-14 15:23 ` [PATCH 04/10] ffmpeg: Upgrade to 3.3.2 stable Khem Raj
2017-06-14 15:23 ` [PATCH 05/10] gobject-introspection: Disable generating static lbraries Khem Raj
2017-06-15  9:50   ` Alexander Kanavin
2017-06-15 16:02     ` Khem Raj
2017-06-15 20:46       ` Alexander Kanavin
2017-06-15 23:27         ` Khem Raj
2017-06-14 15:23 ` [PATCH 06/10] zlib: Pass pre-calculate uname enable re-entrant flags Khem Raj
2017-06-14 15:23 ` [PATCH 07/10] gcc-sanitizer: Fix build with glibc 2.26 Khem Raj
2017-06-14 22:47   ` Burton, Ross
2017-06-14 23:26     ` Khem Raj
2017-06-14 15:23 ` [PATCH 08/10] gcc7: Enable static PIE Khem Raj
2017-06-14 15:23 ` [PATCH 09/10] libunwind: We set -fPIE in security flags now if gcc is not configured for default PIE Khem Raj
2017-06-14 15:23 ` [PATCH 10/10] valgrind: Remove -no-pie from cflags Khem Raj

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1497453168.git.raj.khem@gmail.com \
    --to=raj.khem@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.