summaryrefslogtreecommitdiffstats
path: root/meta/conf/distro/include/security_flags.inc
Commit message (Collapse)AuthorAgeFilesLines
* grub: Remove native version of grub-efiJacob Kroon2020-06-231-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The native version of grub-efi only installs the tools /usr/bin/grub-editenv /usr/bin/grub-mkimage to sysroots-components/, but equivalent tools are already provided by grub-native, the difference on x86_64 being 4 hardwired paths in grub-mkimage (values taken from grub-native): LOCALEDIR = $TMPDIR/work/x86_64-linux/grub-native/2.04-r0/recipe-sysroot-native/usr/share/locale GRUB_DATADIR = $TMPDIR/work/x86_64-linux/grub-native/2.04-r0/recipe-sysroot-native/usr/share GRUB_LIBDIR = $TMPDIR/work/x86_64-linux/grub-native/2.04-r0/recipe-sysroot-native/usr/lib GRUB_SYSCONFDIR = $TMPDIR/work/x86_64-linux/grub-native/2.04-r0/recipe-sysroot-native/etc If grub-native and grub-efi-native are built with the following patch --- grub-2.04.orig/configure.ac +++ grub-2.04/configure.ac @@ -1980,10 +1980,10 @@ grub_libdir="$(eval echo "$libdir")" grub_localedir="$(eval echo "$localedir")" grub_datadir="$(eval echo "$datadir")" grub_sysconfdir="$(eval echo "$sysconfdir")" -AC_DEFINE_UNQUOTED(LOCALEDIR, "$grub_localedir", [Locale dir]) -AC_DEFINE_UNQUOTED(GRUB_LIBDIR, "$grub_libdir", [Library dir]) -AC_DEFINE_UNQUOTED(GRUB_DATADIR, "$grub_datadir", [Data dir]) -AC_DEFINE_UNQUOTED(GRUB_SYSCONFDIR, "$grub_sysconfdir", [Configuration dir]) +AC_DEFINE_UNQUOTED(LOCALEDIR, "/non-existent", [Locale dir]) +AC_DEFINE_UNQUOTED(GRUB_LIBDIR, "/non-existent", [Library dir]) +AC_DEFINE_UNQUOTED(GRUB_DATADIR, "/non-existent", [Data dir]) +AC_DEFINE_UNQUOTED(GRUB_SYSCONFDIR, "/non-existent", [Configuration dir]) the produced grub-editenv/grub-mkimage binaries become binary equivalent, assuming reproducible builds is active. Since the unpatched values of LOCALEDIR/GRUB_DATADIR/GRUB_LIBDIR/GRUB_SYSCONFDIR point to directories that are not expected to exist at runtime, they can be ignored. Therefore: * remove grub-efi-native and instead rely on the same tools from grub-native * replace references to grub-efi-native with grub-native * remove unused grub-efi-native security flags overrides (From OE-Core rev: 7044181df7487f047d175242f7ebbc3c35bf5402) Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: Remove stack protector flag from LDFLAGSJunling Zheng2020-06-041-2/+2
| | | | | | | | | | | SECURITY_LDFLAGS contains stack protector flag inappropriately, which has already be contained in SECURITY_CFLAGS. Let's remove it from SECURITY_LDFLAGS. (From OE-Core rev: 549cce578b859986e37900bf15c1bf904d33e47b) Signed-off-by: Junling Zheng <zhengjunling@huawei.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: fix flags missing from SDK toolchainTom Hochstein2020-03-251-0/+2
| | | | | | | | | | | | | The security flags were missing from the SDK toolchain because they were added specifically to class-target. Add them to class-cross-canadian as well (since the SDK environment file is created from cross-canadian target flags). (From OE-Core rev: cd46e8f890069a40d1e9048cfa0f378dec1dc5e9) Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> Signed-off-by: Antoine Manache <a.manache@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: Add overrides for glibc-testsuite to match glibcNathan Rossi2019-09-061-0/+2
| | | | | | | | | Ensure glibc-testsuite has the same flags as glibc. (From OE-Core rev: f8ab08441f90eb75295304c57746c6e5f907ca64) Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Clean up remnants of glibc-initialNathan Rossi2019-09-061-2/+0
| | | | | | | | | Remove remnants of the glibc-initial recipe. (From OE-Core rev: 332b1e21db3e0cbeeb14f12dd6aeedb89b76d761) Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: add var-SECURITY_STACK_PROTECTOR to improve variable ↵Hongxu Jia2018-09-041-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | OVERRIDES There are var-SECURITY_PIE_CFLAGS, var-lcl_maybe_fortify and var-SECURITY_STRINGFORMAT which are helpful for OVERRIDES. Also add var-SECURITY_STACK_PROTECTOR, and drop hardcoded `_remove' overrides. Such as `4ca946c security_flags: use -fstack-protector-strong', it s/-fstack-protector-all/-fstack-protector-strong/, only tweak var-SECURITY_STACK_PROTECTOR is sufficient. The fix does not have any side affect on SECURITY_CFLAGS of glibc/ glibc-initial/gcc-runtime, these three directly assigned with "". ... SECURITY_CFLAGS_pn-glibc = "" SECURITY_CFLAGS_pn-glibc-initial = "" SECURITY_CFLAGS_pn-gcc-runtime = "" ... (From OE-Core rev: 0ed4a6233bdcb25cbdce698504611541420d92d0) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: use `?=' to set a default var-lcl_maybe_fortifyHongxu Jia2018-09-041-2/+2
| | | | | | | | | | | | | | | | | - Since poky enable security flags+pie by default, tweak comments to sync with it. [poky commit] 491082c poky.conf: Enable security flags+pie by default 29d76b3 poky-lsb: Remove including security_flags.inc [poky commit] - Use `?=' to set a default lcl_maybe_fortify, it is helpful for variable OVERRIDES. (From OE-Core rev: 38c410bb7d1688cd952da9f19269c2a65a92ab45) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* powerpc: Remove pie flags from compiler cmdlineKhem Raj2018-08-201-5/+2
| | | | | | | | | | | | | | | | | Original approach to add -no-<pie> flags cause link time behavior changes where packages start to lose the -fPIC -DPIC in compiler cmdline and this list keeps growing as we build more and more packages, Instead lets just remove the options we dont need from SECURITY_CFLAGS this makes it more robust and less intrusive This also means we do not need to re-add pic options as we started to do for affected packages (From OE-Core rev: 1520f5a345fd03d46f33f0efaf76191e96344bec) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: Add PIC to cflags for some recipes on ppcKhem Raj2018-08-161-0/+3
| | | | | | | | | | | Fixes issues related out of range R_PPC_REL24 e.g. /usr/lib/xorg/modules/input/libinput_drv.so: /usr/lib/libinput.so.10: R_PPC_REL24 relocation at 0x0e8602c4 for symbol `libevdev_has_event_code' out of range (From OE-Core rev: 48c8d13a9bdcacb64a330074588f7c6bb5cae90d) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: drop obsolete commentAndre McCurdy2018-05-151-2/+0
| | | | | | | | | | | | | | The last ARM specific over-ride was removed in: http://git.openembedded.org/openembedded-core/commit/?id=e93765ffb5718b0fce84f0b8123963176dea95e4 but the comment was accidentally left behind. (From OE-Core rev: efcf629e2d84bacb955201d1960969020796678e) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: disable static PIE in glibcRoss Burton2018-05-151-1/+1
| | | | | | | | | | | | Static PIE doesn't work entirely right in GCC 7, for example ldconfig on ARM with the flags enabled will something segfault during initialisation. To mitigate this until we have GCC 8 integrated, don't enable static PIE. (From OE-Core rev: 5f64946b8740a5d944f48ec430470265703bfe5e) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Enable static PIE support when security_flags are enabledKhem Raj2018-03-011-0/+2
| | | | | | | | (From OE-Core rev: 8e4ece7bf0b09275a34ce8e7cc3e1e54a366c361) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc, xorg-driver-common.inc: Move SECURITY_X_LDFLAGS logicTom Rini2018-02-061-6/+2
| | | | | | | | | | | | | | | | We need to ensure that all xorg modules are linked with SECURITY_X_LDFLAGS to ensure that they will be able to resolve their run time dependencies. The approach of listing each driver in security_flags.inc lets less frequently used drivers be run-time broken. Move the flag logic into xorg-driver-common.inc so that all xorg modules from all layers will have the correct security flags used. Cc: Khem Raj <raj.khem@gmail.com> (From OE-Core rev: 27fce6ec277788f8fad0c9799e784df80f791120) Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: don't use deprecated functions from utils.bbclassRoss Burton2018-01-301-1/+1
| | | | | | | | | | | These functions were moved to meta/lib/oe in 2010 and the base_* functions in utils.bbclass were intended to be a short-term compatibility layer. They're still used in a few places, so update the callers to use the new functions. (From OE-Core rev: c97acbd034532895ce57c6717ed1b3ccc7900b0d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: Do not build gcc for powerpc with PIE defaultsKhem Raj2017-07-081-0/+1
| | | | | | | | | | | Since we have disabled FPIE from SECURITY_CFLAGS already, we have to ensure the same with gcc, otherwise gcc (on-device) will be built defaulting to PIE, and such binaries will fail to execute (From OE-Core rev: 4f3a9ccdb1d45804f4c094589e69e0bc87dc9c62) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: Delete pinnings for SECURITY_NO_PIE_CFLAGSKhem Raj2017-07-081-61/+22
| | | | | | | | | GCC is configured correctly to pass PIE cflags/ldflags (From OE-Core rev: e93765ffb5718b0fce84f0b8123963176dea95e4) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: Introduce a knob to configure gcc to default to PIEKhem Raj2017-07-081-1/+3
| | | | | | | | | | | | GCCPIE flag which is empty by default adds "--enable-default-pie" configure option for harderned distros We do not require to add -fpie -pie flag externally anymore (From OE-Core rev: 1c7e195c94764d680a12a49b870f04cd58860f81) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Drop remnants of uclibc supportRichard Purdie2017-06-221-4/+0
| | | | | | | | | | | | | | uclibc support was removed a while ago and musl works much better. Start to remove the various overrides and patches related to uclibc which are no longer needed. uclibc support in a layer would still be possible. I have strong reasons to believe nobody is still using uclibc since patches are missing and I doubt the metadata even parses anymore. (From OE-Core rev: 653704e9cf325cb494eb23facca19e9f05132ffd) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python-pycurl: create python3-pycurl recipeDmitry Rozhkov2017-04-101-0/+1
| | | | | | | | | | | | | The python-pycurl recipe can be used with python2 only even though python3 is officially supported by upstream. Create python3-pycurl recipe enabling the pycurl module for python3. (From OE-Core rev: 6cb9c0a4e75c647b38c81d2d7217b54b2fdfd972) Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dnf: move the entire dnf/rpm4 stack to Python 3Alexander Kanavin2017-03-281-2/+1
| | | | | | | | | [YOCTO #11180] (From OE-Core rev: bedcdc4cf921b70a8cfb16c6684668d0ac9e1942) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* expect: resolve string formatting issuesAlexander Kanavin2017-03-241-1/+0
| | | | | | | | | [YOCTO #9542] (From OE-Core rev: b5fd2874cfe199703e7a5d12fa708e12ff0a2ad1) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kexec-tools: Add patches to enable format-securityJussi Kukkonen2017-03-171-1/+0
| | | | | | | | | Also remove the override from security_flags.inc (From OE-Core rev: 33d084a66a371fb10e26a0a23c639c69ddd3f1e5) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cmake: Backport fix to enable -Wformat-securityJussi Kukkonen2017-03-171-1/+0
| | | | | | | | | | Backport build fix that removes -Wformat-security for specific tests. Enable "-Wformat-security" for cmake in security_flags.inc. (From OE-Core rev: b00f9c77ebd211578ba133c28abcbc5752305e25) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: update to reflect smart->dnf transitionAlexander Kanavin2017-03-141-3/+0
| | | | | | | (From OE-Core rev: 0f3c57e9aca490c0f8d94117c915c075fd112b65) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: Update for new python modulesAlexander Kanavin2017-03-111-0/+2
| | | | | | | (From OE-Core rev: 544d96d37e32a0e08af4d91da48c9f9ef296a515) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: let gettext be secureRobert Yang2017-02-231-1/+0
| | | | | | | | | | | | It has been fixed. [YOCTO #9544] (From OE-Core rev: ab711c978ba612a5a636155d703f45365604222c) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: disable -pie for gpgmeRoss Burton2017-02-151-0/+1
| | | | | | | | | | | | Otherwise this fails to build the libraries: relocation R_X86_64_PC32 against undefined hidden symbol `__init_array_start' can not be used when making a shared object (From OE-Core rev: 632eee4fbd4627482aae752eb41104b3a848fd58) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: enable string formatting check for console toolsChen Qi2017-02-151-1/+0
| | | | | | | | | | | | | As we've fixed the string formatting issue in console-tools, we don't need to override SECURITY_STRINGFORMAT for console-tools any more. [YOCTO #9540] (From OE-Core rev: 3883332f84d9da0792c2c7337e842da34ea1b06c) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: Diable PIE for mesa-glKhem Raj2016-10-071-0/+1
| | | | | | | | | | | | | | | | This creeped in along with rest of the changes in c999b3d88dfcffbe0fb66406fb0bff1fb66f34bc even after it was reported a build failure in mesa-gl This is also showing up on arm architecture now | /usr/src/debug/glibc/2.24-r0/git/csu/elf-init.c:87: undefined reference to `__init_array_end' | /usr/src/debug/glibc/2.24-r0/git/csu/elf-init.c:87: undefined reference to `__init_array_start' | /a/builder/mnt/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/arm-oe-linux-gnueabi/gcc/arm-oe-linux-gnueabi/6.2.0/ld: .libs/mesa_dri_drivers.so: hidden symbol `__init_array_end' isn't defined (From OE-Core rev: 9211fb2a6d6c2d72ec7c2664737aee3a6b6149cf) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* source-highlight: add a recipeAlexander Kanavin2016-09-091-0/+1
| | | | | | | | | gtk-doc relies on this to highlight source code snippets (From OE-Core rev: 380f449bc1881a6e8592463c7eeda3655efb97ea) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: enable PIE for a few recipesAlexander Kanavin2016-08-171-11/+0
| | | | | | | | | | They used to fail with PIE enabled, but no longer do. (From OE-Core rev: c999b3d88dfcffbe0fb66406fb0bff1fb66f34bc) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* slang: 2.2.4 -> 2.3.0Robert Yang2016-07-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | * Removed: change-char-type-to-signed-char-in-macros.patch sprintf-bug-concerning-8-bit-characters.patch They are already in the source. * Updated: fix-check-pcre.patch fix-check-pcre.patch slang-fix-the-iconv-existence-checking.patch * Use SECURITY_NO_PIE_CFLAGS for SECURITY_CFLAGS, it can't be built with "-pie -fpie": tmp/sysroots/qemux86-64/usr/lib64/../lib64/Scrt1.o: In function `_start': /usr/src/debug/glibc/2.24-r0/git/csu/../sysdeps/x86_64/start.S:104: undefined reference to `main' /tmp/ccMFTA8A.o: In function `smg_char_at': /usr/src/debug/slang/2.3.0-r0/slang-2.3.0/modules/slsmg-module.c:134: undefined reference to `SLsmg_char_at' /tmp/ccMFTA8A.o: In function `smg_resume_smg': (From OE-Core rev: b2d6e069b9ecc5a13754393200a6fa48cdaaf4c6) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: add python3-pycairo and libnewt-python to no-pie ↵Alexander Kanavin2016-06-231-0/+2
| | | | | | | | | | exception list (From OE-Core rev: 0bfbc3e901067b0fee09c55d203b850a258fbbe3) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: add SECURITY_NO_PIE_CFLAGS to libgcc and gcc-sanitizersAlexander Kanavin2016-06-231-4/+2
| | | | | | | | | | | | | | These recipes no longer seem to need full exclusion from security hardening. The rest (glibc, gcc-runtime, valgrind, grub, grub-efi, uclibc) still do. [YOCTO #9489] (From OE-Core rev: b3d7aae42550fb92bcb82fdee7e518b04bdf49b4) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: add an entry for python3-numpyAlexander Kanavin2016-06-031-0/+1
| | | | | | | | | | The entry is same as for python-numpy and prevents build failures when extra security flags are in use (e.g. in poky-lsb). (From OE-Core rev: 4a95989848df62b34e3115c7e81d4f005de74119) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python-imaging: remove unused recipeAlexander Kanavin2016-06-031-1/+0
| | | | | | | (From OE-Core rev: b03ebfaee278eb98b4bd0e11a682ac0cda192086) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: fix security issuesEdwin Plauchu2016-06-011-1/+0
| | | | | | | | | | | This patch avoids unzip fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security). [YOCTO #9551] (From OE-Core rev: 2dd1c02fbc7492002df9030f50710e242369e8b2) Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* makedevs: fix security issuesEdwin Plauchu2016-05-191-1/+0
| | | | | | | | | | | | | This avoids makedevs failure to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security). [YOCTO #9549] (From OE-Core rev: f6b0dd13ac90bb431bb51e0cbf1681a4d9fbea14) Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* zip: fix security issuesEdwin Plauchu2016-05-191-1/+0
| | | | | | | | | | | | | This patch avoids zip recipe fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security). [YOCTO #9552] (From OE-Core rev: f63a36360b7e138d2a63c84b5b1a8287ffe3d2ae) Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* stat: fix security issuesEdwin Plauchu2016-05-191-1/+0
| | | | | | | | | | | | | This patch avoids stat fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security). [YOCTO #9550] (From OE-Core rev: f03c1f41933e9997a01a8b1dcdf9fb18579de1d1) Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: Enable security flags on leafpad, ltp and libuser.Aníbal Limón2016-05-151-3/+0
| | | | | | | | | | Now we have patches that solves the security formatting issues into those packages. (From OE-Core rev: 901cfa5a217f78464f8b81a990039fe60810650f) Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: turn potential string format security issues into an errorJoshua Lock2016-05-061-2/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add "-Wformat -Wformat-security -Werror=format-security" to the default SECURITY_CFLAGS to catch potential security vulnerabilities due to the misuse of various string formatting functions. These flags are widely used in distributions such as Fedora and Ubuntu, however we have 15 recipes in OE-Core which fail to build with these flags included and thus the flags are removed for: - busybox - console-tools - cmake - expect - gcc - gettext - kexec-tools - leafpad - libuser - ltp - makedevs - oh-puzzles - stat - unzip - zip [YOCTO #9488] (From OE-Core rev: f335f8e744fb312b3eb599c331d08a9a6e5a8ff8) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: Special flags are needed for RPMMark Hatle2016-03-091-0/+2
| | | | | | | | | | | | | | | | RPM interally has support to build and work with the stack protector. This is disabled by default in the RPM package, and the proper settings should be specified in the security_flags. Using the default setting of stack-protector-strong causes linking problems due to issues with libtool selecting the wrong GCC objections to link against. Falling back to the RPM values of stack-protector will permit linking to work properly, and some level of protection. (From OE-Core rev: 98b5f1ef188965f0116ebbe00be746dceb96936e) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: Disable ssp when compiling uclibcKhem Raj2016-02-221-0/+4
| | | | | | | (From OE-Core rev: 208fbdbff17f19a23944a62f1b9ff380f1bc8ac8) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: Add SECURITY_CFLAGS to TARGET_CC_ARCH for binutilsKhem Raj2016-02-161-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | libtool decides to filter out -fstack-protector-strong on its own and its documented here https://www.gnu.org/software/libtool/manual/html_node/Stripped-link-flags.html this causes linking errors when linking libbfd.so since objects (.o) are compiled using -fstack-protector-strong so they are expecting to link with libssp but the option goes missing in linker flags. With this patch the security flags are hoisted upto CC itself and libtool thankfully does not touch CC. Adding to CC also means that we can now remove it from LDFLAGS since when gcc driver is used to do linking then we have LD = CC and this option makes to linker cmdline Since CC is used without CFLAGS in configure tests, some tests fail complaining that -Olevel is not used while using _FORTIFY_SOURCE therefore added SELECTED_OPTIMIZATION to TARGET_CC_ARCH as well (From OE-Core rev: 9349f28531619a4ff15c382dacc460d61e3ec7af) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: wipe security flags for gcc/glibc and related librariesKhem Raj2016-02-071-3/+8
| | | | | | | | | | | It causes a catch-22 situation where we build libssp in gcc-runtime but also pass -fstack-protector flags which require libssp (From OE-Core rev: 61ef8212cc6880f502f1e05e2683d232ea782ae4) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: use -fstack-protector-strongKhem Raj2016-02-071-5/+5
| | | | | | | | | | | | | | | This is a better version of -fstack-protector-all with reduced stack usage and better performance yet giving same amount of coverage. It's available in gcc 4.9 onwards. https://outflux.net/blog/archives/2014/01/27/fstack-protector-strong/ has more details. (From OE-Core rev: 4ca946c029f04ba3991ed0f1f65355a7a7840ff4) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: ensure security flags only apply to target buildsKhem Raj2016-02-071-2/+2
| | | | | | | | | | | As otherwise the security flags can leak into target builds. This can result in flags that the host compiler doesn't support, causing build failures. (From OE-Core rev: ff2c8af73046f55aa733ce8289b6236c88300290) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: don't do -pie for syslinuxRoss Burton2016-02-071-0/+1
| | | | | | | | | | | sysroots/x86_64-linux/usr/libexec/x86_64-poky-linux/gcc/x86_64-poky-linux/5.3.0/ld: syslinux.o: relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC (From OE-Core rev: b87a9c82663446fa8c002e144de57127e8902b54) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags.inc: remove obsolete workarounds for curlAndre McCurdy2016-01-191-4/+0
| | | | | | | | | | | | | | | | | | | | | | The curl configure script contains sanity checks for unexpected options being passed via CFLAGS, LDFLAGS, etc. environment variables. These sanity checks catch -Dxxx options in CFLAGS, which clashes with OE's approach of using CFLAGS to pass -D_FORTIFY_SOURCE (curl's configure script suggests, quite correctly, that -Dxxx options should be passed via CPPFLAGS instead). These sanity checks previously generated fatal errors, but have been downgraded to warnings since curl v7.32. Therefore the workaround of avoiding -D_FORTIFY_SOURCE for curl is obsolete and can be removed. https://github.com/bagder/curl/commit/5d3cbde72ece7d83c280492957a26e26ab4e5cca (From OE-Core rev: d0dfd7bf9b2d6fb269f4d9b62263fd7ccc805fde) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>