From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dan.rpsys.net (5751f4a1.skybroadband.com [87.81.244.161]) by mail.openembedded.org (Postfix) with ESMTP id AC64775874 for ; Mon, 27 Jul 2015 11:26:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by dan.rpsys.net (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id t6RBQikI016096 for ; Mon, 27 Jul 2015 12:26:44 +0100 Received: from dan.rpsys.net ([127.0.0.1]) by localhost (dan.rpsys.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id RrgOuxpDEYdC for ; Mon, 27 Jul 2015 12:26:44 +0100 (BST) Received: from [192.168.3.10] ([192.168.3.10]) (authenticated bits=0) by dan.rpsys.net (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id t6RBQUuk016062 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for ; Mon, 27 Jul 2015 12:26:41 +0100 Message-ID: <1437996390.821.229.camel@linuxfoundation.org> From: Richard Purdie To: openembedded-core Date: Mon, 27 Jul 2015 12:26:30 +0100 X-Mailer: Evolution 3.12.10-0ubuntu1~14.10.1 Mime-Version: 1.0 Subject: [PATCH] security-flags: Disable PIE for coreutils, elfutils, gcc, iptables X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jul 2015 11:26:47 -0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit With gcc 5, we need to disable the PIE flags for more recipes in order to have successful builds. Signed-off-by: Richard Purdie diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 85a3bfe..3724972 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -25,11 +25,10 @@ SECURITY_CFLAGS_pn-webkit-gtk_powerpc = "" # arm specific security flag issues SECURITY_CFLAGS_pn-lttng-tools_arm = "${SECURITY_NO_PIE_CFLAGS}" -SECURITY_CFLAGS_pn-elfutils_arm = "${SECURITY_NO_PIE_CFLAGS}" - SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}" +SECURITY_CFLAGS_pn-coreutils = "${SECURITY_NO_PIE_CFLAGS}" # Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned # to CPPFLAGS it gets picked into CFLAGS in bitbake. #TARGET_CPPFLAGS_pn-curl += "-D_FORTIFY_SOURCE=2" @@ -39,10 +38,12 @@ SECURITY_CFLAGS_pn-db = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-directfb = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-glibc = "" SECURITY_CFLAGS_pn-glibc-initial = "" +SECURITY_CFLAGS_pn-elfutils = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-enchant = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-expect = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-flac = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-flex = "${SECURITY_NO_PIE_CFLAGS}" +SECURITY_CFLAGS_pn-gcc = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-gcc-runtime = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-gcc-sanitizers = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-gdb = "${SECURITY_NO_PIE_CFLAGS}" @@ -60,6 +61,7 @@ SECURITY_CFLAGS_pn-gstreamer1.0-plugins-bad = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-gstreamer1.0-plugins-good = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-harfbuzz = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-kexec-tools = "${SECURITY_NO_PIE_CFLAGS}" +SECURITY_CFLAGS_pn-iptables = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-libaio = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-libcap = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-libgcc = "${SECURITY_NO_PIE_CFLAGS}"