diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-07-27 12:26:30 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-07-27 23:29:15 +0100 |
commit | 997893e92862774424b65c53691cb2ecc2010035 (patch) | |
tree | e3a80119ecec555a44e49a7de8c6c58395fc9c17 /meta/conf/distro | |
parent | f4f72b15ad915fb1354dcc79fe1f03d06757f5aa (diff) | |
download | poky-997893e92862774424b65c53691cb2ecc2010035.tar.gz |
security-flags: Disable PIE for coreutils, elfutils, gcc, iptables
With gcc 5, we need to disable the PIE flags for more recipes in order
to have successful builds.
(From OE-Core rev: ec2f1b5af102ab6a8fcc23bf115c8f0451ab7eb8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/conf/distro')
-rw-r--r-- | meta/conf/distro/include/security_flags.inc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 85a3bfe589..372497290d 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc | |||
@@ -25,11 +25,10 @@ SECURITY_CFLAGS_pn-webkit-gtk_powerpc = "" | |||
25 | 25 | ||
26 | # arm specific security flag issues | 26 | # arm specific security flag issues |
27 | SECURITY_CFLAGS_pn-lttng-tools_arm = "${SECURITY_NO_PIE_CFLAGS}" | 27 | SECURITY_CFLAGS_pn-lttng-tools_arm = "${SECURITY_NO_PIE_CFLAGS}" |
28 | SECURITY_CFLAGS_pn-elfutils_arm = "${SECURITY_NO_PIE_CFLAGS}" | ||
29 | |||
30 | SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}" | 28 | SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}" |
31 | SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}" | 29 | SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}" |
32 | SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}" | 30 | SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}" |
31 | SECURITY_CFLAGS_pn-coreutils = "${SECURITY_NO_PIE_CFLAGS}" | ||
33 | # Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned | 32 | # Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned |
34 | # to CPPFLAGS it gets picked into CFLAGS in bitbake. | 33 | # to CPPFLAGS it gets picked into CFLAGS in bitbake. |
35 | #TARGET_CPPFLAGS_pn-curl += "-D_FORTIFY_SOURCE=2" | 34 | #TARGET_CPPFLAGS_pn-curl += "-D_FORTIFY_SOURCE=2" |
@@ -39,10 +38,12 @@ SECURITY_CFLAGS_pn-db = "${SECURITY_NO_PIE_CFLAGS}" | |||
39 | SECURITY_CFLAGS_pn-directfb = "${SECURITY_NO_PIE_CFLAGS}" | 38 | SECURITY_CFLAGS_pn-directfb = "${SECURITY_NO_PIE_CFLAGS}" |
40 | SECURITY_CFLAGS_pn-glibc = "" | 39 | SECURITY_CFLAGS_pn-glibc = "" |
41 | SECURITY_CFLAGS_pn-glibc-initial = "" | 40 | SECURITY_CFLAGS_pn-glibc-initial = "" |
41 | SECURITY_CFLAGS_pn-elfutils = "${SECURITY_NO_PIE_CFLAGS}" | ||
42 | SECURITY_CFLAGS_pn-enchant = "${SECURITY_NO_PIE_CFLAGS}" | 42 | SECURITY_CFLAGS_pn-enchant = "${SECURITY_NO_PIE_CFLAGS}" |
43 | SECURITY_CFLAGS_pn-expect = "${SECURITY_NO_PIE_CFLAGS}" | 43 | SECURITY_CFLAGS_pn-expect = "${SECURITY_NO_PIE_CFLAGS}" |
44 | SECURITY_CFLAGS_pn-flac = "${SECURITY_NO_PIE_CFLAGS}" | 44 | SECURITY_CFLAGS_pn-flac = "${SECURITY_NO_PIE_CFLAGS}" |
45 | SECURITY_CFLAGS_pn-flex = "${SECURITY_NO_PIE_CFLAGS}" | 45 | SECURITY_CFLAGS_pn-flex = "${SECURITY_NO_PIE_CFLAGS}" |
46 | SECURITY_CFLAGS_pn-gcc = "${SECURITY_NO_PIE_CFLAGS}" | ||
46 | SECURITY_CFLAGS_pn-gcc-runtime = "${SECURITY_NO_PIE_CFLAGS}" | 47 | SECURITY_CFLAGS_pn-gcc-runtime = "${SECURITY_NO_PIE_CFLAGS}" |
47 | SECURITY_CFLAGS_pn-gcc-sanitizers = "${SECURITY_NO_PIE_CFLAGS}" | 48 | SECURITY_CFLAGS_pn-gcc-sanitizers = "${SECURITY_NO_PIE_CFLAGS}" |
48 | SECURITY_CFLAGS_pn-gdb = "${SECURITY_NO_PIE_CFLAGS}" | 49 | SECURITY_CFLAGS_pn-gdb = "${SECURITY_NO_PIE_CFLAGS}" |
@@ -60,6 +61,7 @@ SECURITY_CFLAGS_pn-gstreamer1.0-plugins-bad = "${SECURITY_NO_PIE_CFLAGS}" | |||
60 | SECURITY_CFLAGS_pn-gstreamer1.0-plugins-good = "${SECURITY_NO_PIE_CFLAGS}" | 61 | SECURITY_CFLAGS_pn-gstreamer1.0-plugins-good = "${SECURITY_NO_PIE_CFLAGS}" |
61 | SECURITY_CFLAGS_pn-harfbuzz = "${SECURITY_NO_PIE_CFLAGS}" | 62 | SECURITY_CFLAGS_pn-harfbuzz = "${SECURITY_NO_PIE_CFLAGS}" |
62 | SECURITY_CFLAGS_pn-kexec-tools = "${SECURITY_NO_PIE_CFLAGS}" | 63 | SECURITY_CFLAGS_pn-kexec-tools = "${SECURITY_NO_PIE_CFLAGS}" |
64 | SECURITY_CFLAGS_pn-iptables = "${SECURITY_NO_PIE_CFLAGS}" | ||
63 | SECURITY_CFLAGS_pn-libaio = "${SECURITY_NO_PIE_CFLAGS}" | 65 | SECURITY_CFLAGS_pn-libaio = "${SECURITY_NO_PIE_CFLAGS}" |
64 | SECURITY_CFLAGS_pn-libcap = "${SECURITY_NO_PIE_CFLAGS}" | 66 | SECURITY_CFLAGS_pn-libcap = "${SECURITY_NO_PIE_CFLAGS}" |
65 | SECURITY_CFLAGS_pn-libgcc = "${SECURITY_NO_PIE_CFLAGS}" | 67 | SECURITY_CFLAGS_pn-libgcc = "${SECURITY_NO_PIE_CFLAGS}" |