[oe-commits] Richard Purdie : security-flags: Disable PIE for coreutils, elfutils, gcc, iptables
git at git.openembedded.org
git at git.openembedded.org
Mon Jul 27 17:05:38 UTC 2015
Module: openembedded-core.git
Branch: master-next
Commit: 4effbf42c22cbb095f17ad3cd61b2d16367decc4
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=4effbf42c22cbb095f17ad3cd61b2d16367decc4
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Mon Jul 27 12:26:30 2015 +0100
security-flags: Disable PIE for coreutils, elfutils, gcc, iptables
With gcc 5, we need to disable the PIE flags for more recipes in order
to have successful builds.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
meta/conf/distro/include/security_flags.inc | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 85a3bfe..3724972 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -25,11 +25,10 @@ SECURITY_CFLAGS_pn-webkit-gtk_powerpc = ""
# arm specific security flag issues
SECURITY_CFLAGS_pn-lttng-tools_arm = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-elfutils_arm = "${SECURITY_NO_PIE_CFLAGS}"
-
SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-coreutils = "${SECURITY_NO_PIE_CFLAGS}"
# Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned
# to CPPFLAGS it gets picked into CFLAGS in bitbake.
#TARGET_CPPFLAGS_pn-curl += "-D_FORTIFY_SOURCE=2"
@@ -39,10 +38,12 @@ SECURITY_CFLAGS_pn-db = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-directfb = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-glibc = ""
SECURITY_CFLAGS_pn-glibc-initial = ""
+SECURITY_CFLAGS_pn-elfutils = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-enchant = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-expect = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-flac = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-flex = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-gcc = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gcc-runtime = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gcc-sanitizers = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gdb = "${SECURITY_NO_PIE_CFLAGS}"
@@ -60,6 +61,7 @@ SECURITY_CFLAGS_pn-gstreamer1.0-plugins-bad = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gstreamer1.0-plugins-good = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-harfbuzz = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-kexec-tools = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-iptables = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libaio = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libcap = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libgcc = "${SECURITY_NO_PIE_CFLAGS}"
More information about the Openembedded-commits
mailing list