* [PATCH] security-flags: Disable PIE for coreutils, elfutils, gcc, iptables
@ 2015-07-27 11:26 Richard Purdie
2015-08-11 0:11 ` Khem Raj
0 siblings, 1 reply; 2+ messages in thread
From: Richard Purdie @ 2015-07-27 11:26 UTC (permalink / raw)
To: openembedded-core
With gcc 5, we need to disable the PIE flags for more recipes in order
to have successful builds.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 85a3bfe..3724972 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -25,11 +25,10 @@ SECURITY_CFLAGS_pn-webkit-gtk_powerpc = ""
# arm specific security flag issues
SECURITY_CFLAGS_pn-lttng-tools_arm = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-elfutils_arm = "${SECURITY_NO_PIE_CFLAGS}"
-
SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-coreutils = "${SECURITY_NO_PIE_CFLAGS}"
# Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned
# to CPPFLAGS it gets picked into CFLAGS in bitbake.
#TARGET_CPPFLAGS_pn-curl += "-D_FORTIFY_SOURCE=2"
@@ -39,10 +38,12 @@ SECURITY_CFLAGS_pn-db = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-directfb = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-glibc = ""
SECURITY_CFLAGS_pn-glibc-initial = ""
+SECURITY_CFLAGS_pn-elfutils = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-enchant = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-expect = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-flac = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-flex = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-gcc = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gcc-runtime = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gcc-sanitizers = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gdb = "${SECURITY_NO_PIE_CFLAGS}"
@@ -60,6 +61,7 @@ SECURITY_CFLAGS_pn-gstreamer1.0-plugins-bad = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gstreamer1.0-plugins-good = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-harfbuzz = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-kexec-tools = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-iptables = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libaio = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libcap = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libgcc = "${SECURITY_NO_PIE_CFLAGS}"
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] security-flags: Disable PIE for coreutils, elfutils, gcc, iptables
2015-07-27 11:26 [PATCH] security-flags: Disable PIE for coreutils, elfutils, gcc, iptables Richard Purdie
@ 2015-08-11 0:11 ` Khem Raj
0 siblings, 0 replies; 2+ messages in thread
From: Khem Raj @ 2015-08-11 0:11 UTC (permalink / raw)
To: Richard Purdie; +Cc: openembedded-core
On Mon, Jul 27, 2015 at 4:26 AM, Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
> With gcc 5, we need to disable the PIE flags for more recipes in order
> to have successful builds.
what error do you see ?
>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>
> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
> index 85a3bfe..3724972 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -25,11 +25,10 @@ SECURITY_CFLAGS_pn-webkit-gtk_powerpc = ""
>
> # arm specific security flag issues
> SECURITY_CFLAGS_pn-lttng-tools_arm = "${SECURITY_NO_PIE_CFLAGS}"
> -SECURITY_CFLAGS_pn-elfutils_arm = "${SECURITY_NO_PIE_CFLAGS}"
> -
> SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}"
> +SECURITY_CFLAGS_pn-coreutils = "${SECURITY_NO_PIE_CFLAGS}"
> # Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned
> # to CPPFLAGS it gets picked into CFLAGS in bitbake.
> #TARGET_CPPFLAGS_pn-curl += "-D_FORTIFY_SOURCE=2"
> @@ -39,10 +38,12 @@ SECURITY_CFLAGS_pn-db = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-directfb = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-glibc = ""
> SECURITY_CFLAGS_pn-glibc-initial = ""
> +SECURITY_CFLAGS_pn-elfutils = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-enchant = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-expect = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-flac = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-flex = "${SECURITY_NO_PIE_CFLAGS}"
> +SECURITY_CFLAGS_pn-gcc = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-gcc-runtime = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-gcc-sanitizers = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-gdb = "${SECURITY_NO_PIE_CFLAGS}"
> @@ -60,6 +61,7 @@ SECURITY_CFLAGS_pn-gstreamer1.0-plugins-bad = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-gstreamer1.0-plugins-good = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-harfbuzz = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-kexec-tools = "${SECURITY_NO_PIE_CFLAGS}"
> +SECURITY_CFLAGS_pn-iptables = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-libaio = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-libcap = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-libgcc = "${SECURITY_NO_PIE_CFLAGS}"
>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-08-11 0:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-07-27 11:26 [PATCH] security-flags: Disable PIE for coreutils, elfutils, gcc, iptables Richard Purdie
2015-08-11 0:11 ` Khem Raj
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox