aboutsummaryrefslogtreecommitdiffstats
path: root/meta/conf/distro/include/security_flags.inc
AgeCommit message (Collapse)Author
2015-05-15security_flags.inc: elfutils on ARM fails with PIE flagsDenys Dmytriyenko
The error messages look like this: R_ARM_TLS_LE32 relocation not permitted in shared object (From OE-Core master rev: a915adfd1eaad9a0d65dffe9da92811284e491c8) Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-03-02security_flags: remove PIE flags from flex and gstreamer1.0-plugins-badRoss Burton
These recipes both fail to build with "relocation R_X86_64_PC32 against undefined hidden symbol `__init_array_start' can not be used when making a shared object" when using PIE. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-01-29security_flags: disable PIE on expectRoss Burton
Disable PIE in expect as otherwise it tries to link the shared library as an executable. Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-01-23gcc-sanitizers: Enable GCC sanitizersDan McGregor
AddressSanitizer is a fast memory error detector. ThreadSanitizer detects data races. UBSanitizer detectes undefined behaviour. All consist of compiler instrumentation and a run-time library. The compiler instrumentation was already enabled, this builds the run-time library component. Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
2015-01-16security_flags: disable pie support for libaio, blktrace and ltpSaul Wold
libaio when built with pie and fpie does not link correctly with blktrace or ltp so we need to disable those flags until a better solution comes along. Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-12-19security_flags: Fix typo for cupsRichard Purdie
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-09-01distro: TCLIBC now defines glibc instead of eglibcKhem Raj
Adjust naming conventions to reflect eglibc->glibc move Signed-off-by: Khem Raj <raj.khem@gmail.com>
2014-03-05security_flags: Update to correctly link X modulesSaul Wold
Remove the -z,now flag from linking [YOCTO #5885] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-02-26security-flags: Avoid lttng-tools issue on armRichard Purdie
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-02-26security-flags: Deal with powerpc build issuesRichard Purdie
Building powerpc machines with the standard security flags generated numerous build failures. Use a reduced set of flags for now to avoid linker issues and other compile failures. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-02-26security_flags: disable PIE flags for cups buildsSaul Wold
Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-01-14security_flags: db can't use pie flags from gcc for security buildSaul Wold
[YOCTO #5721] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-01-06security_flags: add the rest of the grub-efi related packagesSaul Wold
[YOCTO #5515] Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-12-18security_flags: more relocation issuesSaul Wold
These are similar relocation R_X86_64_PC32 issues that are solved by removing the -pie flags. [YOCTO #5515] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-12-04security_flags: Add entry for opensslSaul Wold
It seems we might be stumbling over an obscure linkage issues possibly similar to http://marc.info/?l=openssl-dev&m=130132183118768&w=2 This issue appears for x86-64 systems with the PIE related compiler flags. libcrypto.a(cryptlib.o): relocation R_X86_64_PC32 against symbol `OPENSSL_showfatal' can not be used when making a shared object; recompile with -fPIC The error suggests recompiling with -fPIC, but it is already compiled that way. Disable the PIE flags makes it work for now, I have posted to openssl ML [YOCTO #5515] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-11-22security_flags: grub-efi-natve does not build with flags enabledSaul Wold
[YOCTO #5505] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-09-17mesa-gl: add GL-only Mesa recipeRoss Burton
Some machines have hardware-specific GL drivers that do EGL and GLES (many ARM boards). Others have their own EGL/GLES drivers and provide a Mesa DRI driver (EMGD). Previously adding Mesa, for software GL/GLX rendering in the first case and hardware GLX in the second, involved bbappends and changing Mesa to be machine-specific. By adding a just-GL Mesa the machine definition can combine it with the hardware drivers cleanly. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-07-10security_flags: Add addition recipes to the non pie listSaul Wold
Create a local SECURITY_NO_PIE_CFLAGS to cover the recipes that have issues with with pic and pie cflags set. Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-07-02security_flags: Add the compiler and linker flags that enhance securitySaul Wold
These flags add addition checks at compile, link and runtime to prevent stack smashing, checking for buffer overflows, and link at program start to prevent call spoofing later. This needs to be explicitly enabled by adding the following line to your local.conf: require conf/distro/include/security_flags.inc [YOCTO #3868] Signed-off-by: Saul Wold <sgw@linux.intel.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-30 19:56:37 +0000