openembedded-core.git/meta/conf/distro/include/security_flags.inc, branch jethro Mirror of openembedded-core webkit-gtk: remove the recipe for the obsolete version 1.8.3 2015-09-14T09:43:59+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2015-06-15T14:15:39+00:00 68a1e346751c4d644a14035b0d7acf01d212f38c webkitgtk 2.8.3 is provided instead and midori browser is replaced by epiphany in separate commits. (From OE-Core rev: 1a72dc9c44c7806c869c3b3afcd5d31bcf2da979) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
webkitgtk 2.8.3 is provided instead and midori browser is replaced by epiphany in
separate commits.

(From OE-Core rev: 1a72dc9c44c7806c869c3b3afcd5d31bcf2da979)

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
security_flags.inc: disable -pie and -fpie from Python3 compilation. 2015-08-09T07:12:48+00:00 Topi Kuutela topi.kuutela@intel.com 2015-08-07T06:42:35+00:00 94818c5240b793464700945d0cf057bffb9e1008 If security_flags.inc is 'required' to the image, -pie and -fpie options are added to CFLAGS. These are not compatible with -shared GCC option. The result is several errors of following form and missing Python3 modules in the image: *.o In function `_start': *.S undefined reference to `main' collect2: error: ld returned 1 exit status Signed-off-by: Topi Kuutela <topi.kuutela@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
If security_flags.inc is 'required' to the image, -pie and -fpie options
are added to CFLAGS. These are not compatible with -shared GCC option.
The result is several errors of following form and missing Python3
modules in the image:

    *.o In function `_start': *.S undefined reference to `main'
    collect2: error: ld returned 1 exit status

Signed-off-by: Topi Kuutela <topi.kuutela@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
security-flags: Disable PIE for coreutils, elfutils, gcc, iptables 2015-07-27T22:28:22+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2015-07-27T11:26:30+00:00 ec2f1b5af102ab6a8fcc23bf115c8f0451ab7eb8 With gcc 5, we need to disable the PIE flags for more recipes in order to have successful builds. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
With gcc 5, we need to disable the PIE flags for more recipes in order
to have successful builds.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
security_flags: eliminate FORTIFY_SOURCE for debug builds 2015-07-07T22:57:13+00:00 Joe Slater jslater@windriver.com 2015-07-02T09:10:51+00:00 1b576012a6a2b2ebc2c507cdaebd62174810b191 If -D_FORTIFY_SOURCE=2 is included in CFLAGS for debug builds, many warnings will be generated and some packages will fail to build. So, only conditionally include it. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
If -D_FORTIFY_SOURCE=2 is included in CFLAGS for debug builds,
many warnings will be generated and some packages will fail to
build.  So, only conditionally include it.

Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
security_flags.inc: remove duplicated over-rides 2015-06-23T10:35:00+00:00 Andre McCurdy armccurdy@gmail.com 2015-06-12T22:17:34+00:00 dfae10889ab0fce2bae94294a78f4ea0aaf1b81e The following over-rides were both defined twice: SECURITY_CFLAGS_pn-grub-efi-x86-64-native SECURITY_CFLAGS_pn-ltp Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The following over-rides were both defined twice:

  SECURITY_CFLAGS_pn-grub-efi-x86-64-native
  SECURITY_CFLAGS_pn-ltp

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
security_flags: Add comment about what it does and who uses it 2015-05-30T21:25:10+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2015-05-29T13:16:50+00:00 67f09e9086b8fb1c0c8a1dd19419afb1a5af8daf It was pointed out that people couldn't easily see who used this or why so add some comments about that. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
It was pointed out that people couldn't easily see who used this or
why so add some comments about that.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
security_flags: Add python-numpy to pie incompatible list 2015-05-03T10:42:41+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2015-05-03T10:26:49+00:00 d4694ac5e18db1d0db314d0d8b1104c073037a60 With poky-lsb (security flags enabled), python-numpy doesn't build with pie flags. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
With poky-lsb (security flags enabled), python-numpy doesn't build
with pie flags.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
security_flags.inc: elfutils on ARM fails with PIE flags 2015-04-08T22:11:07+00:00 Denys Dmytriyenko denys@ti.com 2015-04-07T20:53:54+00:00 a915adfd1eaad9a0d65dffe9da92811284e491c8 The error messages look like this: R_ARM_TLS_LE32 relocation not permitted in shared object Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The error messages look like this:
R_ARM_TLS_LE32 relocation not permitted in shared object

Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
security_flags: remove PIE flags from flex and gstreamer1.0-plugins-bad 2015-03-02T18:04:20+00:00 Ross Burton ross.burton@intel.com 2015-03-02T12:56:06+00:00 37e6e62f0faae3fa16421b051599aea0e03a5825 These recipes both fail to build with "relocation R_X86_64_PC32 against undefined hidden symbol `__init_array_start' can not be used when making a shared object" when using PIE. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
These recipes both fail to build with "relocation R_X86_64_PC32 against
undefined hidden symbol `__init_array_start' can not be used when making a
shared object" when using PIE.

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
security_flags: disable PIE on expect 2015-01-29T10:37:54+00:00 Ross Burton ross.burton@intel.com 2015-01-28T12:40:07+00:00 fe1f5c90eede593100fe57630d39cf329e59ef8f Disable PIE in expect as otherwise it tries to link the shared library as an executable. Signed-off-by: Ross Burton <ross.burton@intel.com> 
Disable PIE in expect as otherwise it tries to link the shared library as an
executable.

Signed-off-by: Ross Burton <ross.burton@intel.com>