summaryrefslogtreecommitdiffstats
path: root/meta/conf/distro/include
diff options
context:
space:
mode:
authorAlexander Kanavin <alexander.kanavin@linux.intel.com>2016-06-20 15:56:43 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-06-23 14:26:15 +0100
commit088120816835bfab2a675eb3f265b63290d077e6 (patch)
tree028761bf0dc34686a9b72b57d77858edbe559213 /meta/conf/distro/include
parent95cd78a7b5861f8ef10f419ba336439c50fda9ab (diff)
downloadpoky-088120816835bfab2a675eb3f265b63290d077e6.tar.gz
security_flags.inc: add SECURITY_NO_PIE_CFLAGS to libgcc and gcc-sanitizers
These recipes no longer seem to need full exclusion from security hardening. The rest (glibc, gcc-runtime, valgrind, grub, grub-efi, uclibc) still do. [YOCTO #9489] (From OE-Core rev: b3d7aae42550fb92bcb82fdee7e518b04bdf49b4) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/conf/distro/include')
-rw-r--r--meta/conf/distro/include/security_flags.inc6
1 files changed, 2 insertions, 4 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index ea1d4e5328..cd2b9648f5 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -43,7 +43,7 @@ SECURITY_CFLAGS_pn-flac = "${SECURITY_NO_PIE_CFLAGS}"
43SECURITY_CFLAGS_pn-flex = "${SECURITY_NO_PIE_CFLAGS}" 43SECURITY_CFLAGS_pn-flex = "${SECURITY_NO_PIE_CFLAGS}"
44SECURITY_CFLAGS_pn-gcc = "${SECURITY_NO_PIE_CFLAGS}" 44SECURITY_CFLAGS_pn-gcc = "${SECURITY_NO_PIE_CFLAGS}"
45SECURITY_CFLAGS_pn-gcc-runtime = "" 45SECURITY_CFLAGS_pn-gcc-runtime = ""
46SECURITY_CFLAGS_pn-gcc-sanitizers = "" 46SECURITY_CFLAGS_pn-gcc-sanitizers = "${SECURITY_NO_PIE_CFLAGS}"
47SECURITY_CFLAGS_pn-gdb = "${SECURITY_NO_PIE_CFLAGS}" 47SECURITY_CFLAGS_pn-gdb = "${SECURITY_NO_PIE_CFLAGS}"
48SECURITY_CFLAGS_pn-gmp = "${SECURITY_NO_PIE_CFLAGS}" 48SECURITY_CFLAGS_pn-gmp = "${SECURITY_NO_PIE_CFLAGS}"
49SECURITY_CFLAGS_pn-gnutls = "${SECURITY_NO_PIE_CFLAGS}" 49SECURITY_CFLAGS_pn-gnutls = "${SECURITY_NO_PIE_CFLAGS}"
@@ -62,7 +62,7 @@ SECURITY_CFLAGS_pn-kexec-tools = "${SECURITY_NO_PIE_CFLAGS}"
62SECURITY_CFLAGS_pn-iptables = "${SECURITY_NO_PIE_CFLAGS}" 62SECURITY_CFLAGS_pn-iptables = "${SECURITY_NO_PIE_CFLAGS}"
63SECURITY_CFLAGS_pn-libaio = "${SECURITY_NO_PIE_CFLAGS}" 63SECURITY_CFLAGS_pn-libaio = "${SECURITY_NO_PIE_CFLAGS}"
64SECURITY_CFLAGS_pn-libcap = "${SECURITY_NO_PIE_CFLAGS}" 64SECURITY_CFLAGS_pn-libcap = "${SECURITY_NO_PIE_CFLAGS}"
65SECURITY_CFLAGS_pn-libgcc = "" 65SECURITY_CFLAGS_pn-libgcc = "${SECURITY_NO_PIE_CFLAGS}"
66SECURITY_CFLAGS_pn-libid3tag = "${SECURITY_NO_PIE_CFLAGS}" 66SECURITY_CFLAGS_pn-libid3tag = "${SECURITY_NO_PIE_CFLAGS}"
67SECURITY_CFLAGS_pn-libnewt = "${SECURITY_NO_PIE_CFLAGS}" 67SECURITY_CFLAGS_pn-libnewt = "${SECURITY_NO_PIE_CFLAGS}"
68SECURITY_CFLAGS_pn-libglu = "${SECURITY_NO_PIE_CFLAGS}" 68SECURITY_CFLAGS_pn-libglu = "${SECURITY_NO_PIE_CFLAGS}"
@@ -109,10 +109,8 @@ TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"
109TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}" 109TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
110 110
111SECURITY_LDFLAGS_remove_pn-gcc-runtime = "-fstack-protector-strong" 111SECURITY_LDFLAGS_remove_pn-gcc-runtime = "-fstack-protector-strong"
112SECURITY_LDFLAGS_remove_pn-gcc-sanitizers = "-fstack-protector-strong"
113SECURITY_LDFLAGS_remove_pn-glibc = "-fstack-protector-strong" 112SECURITY_LDFLAGS_remove_pn-glibc = "-fstack-protector-strong"
114SECURITY_LDFLAGS_remove_pn-glibc-initial = "-fstack-protector-strong" 113SECURITY_LDFLAGS_remove_pn-glibc-initial = "-fstack-protector-strong"
115SECURITY_LDFLAGS_remove_pn-libgcc = "-fstack-protector-strong"
116SECURITY_LDFLAGS_remove_pn-uclibc = "-fstack-protector-strong" 114SECURITY_LDFLAGS_remove_pn-uclibc = "-fstack-protector-strong"
117SECURITY_LDFLAGS_remove_pn-uclibc-initial = "-fstack-protector-strong" 115SECURITY_LDFLAGS_remove_pn-uclibc-initial = "-fstack-protector-strong"
118SECURITY_LDFLAGS_pn-xf86-video-fbdev = "${SECURITY_X_LDFLAGS}" 116SECURITY_LDFLAGS_pn-xf86-video-fbdev = "${SECURITY_X_LDFLAGS}"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-10 18:23:06 +0000