Age | Commit message (Collapse) | Author |
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We need to ensure that all xorg modules are linked with
SECURITY_X_LDFLAGS to ensure that they will be able to resolve their run
time dependencies. The approach of listing each driver in
security_flags.inc lets less frequently used drivers be run-time
broken. Move the flag logic into xorg-driver-common.inc so that all
xorg modules from all layers will have the correct security flags used.
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
These functions were moved to meta/lib/oe in 2010 and the base_* functions in
utils.bbclass were intended to be a short-term compatibility layer. They're
still used in a few places, so update the callers to use the new functions.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since we have disabled FPIE from SECURITY_CFLAGS already, we have
to ensure the same with gcc, otherwise gcc (on-device) will be built
defaulting to PIE, and such binaries will fail to execute
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
GCC is configured correctly to pass PIE cflags/ldflags
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
GCCPIE flag which is empty by default adds "--enable-default-pie"
configure option for harderned distros
We do not require to add -fpie -pie flag externally anymore
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
uclibc support was removed a while ago and musl works much better. Start to
remove the various overrides and patches related to uclibc which are no longer
needed.
uclibc support in a layer would still be possible. I have strong reasons to
believe nobody is still using uclibc since patches are missing and I doubt
the metadata even parses anymore.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The python-pycurl recipe can be used with python2 only even
though python3 is officially supported by upstream.
Create python3-pycurl recipe enabling the pycurl module for
python3.
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[YOCTO #11180]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[YOCTO #9542]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Also remove the override from security_flags.inc
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport build fix that removes -Wformat-security for specific tests.
Enable "-Wformat-security" for cmake in security_flags.inc.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It has been fixed.
[YOCTO #9544]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Otherwise this fails to build the libraries:
relocation R_X86_64_PC32 against undefined hidden symbol `__init_array_start'
can not be used when making a shared object
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
As we've fixed the string formatting issue in console-tools, we don't
need to override SECURITY_STRINGFORMAT for console-tools any more.
[YOCTO #9540]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This creeped in along with rest of the changes in
c999b3d88dfcffbe0fb66406fb0bff1fb66f34bc
even after it was reported a build failure in mesa-gl
This is also showing up on arm architecture now
| /usr/src/debug/glibc/2.24-r0/git/csu/elf-init.c:87: undefined reference to `__init_array_end'
| /usr/src/debug/glibc/2.24-r0/git/csu/elf-init.c:87: undefined reference to `__init_array_start'
| /a/builder/mnt/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/arm-oe-linux-gnueabi/gcc/arm-oe-linux-gnueabi/6.2.0/ld: .libs/mesa_dri_drivers.so: hidden symbol `__init_array_end' isn't defined
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
gtk-doc relies on this to highlight source code snippets
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
They used to fail with PIE enabled, but no longer do.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Removed:
change-char-type-to-signed-char-in-macros.patch
sprintf-bug-concerning-8-bit-characters.patch
They are already in the source.
* Updated:
fix-check-pcre.patch
fix-check-pcre.patch
slang-fix-the-iconv-existence-checking.patch
* Use SECURITY_NO_PIE_CFLAGS for SECURITY_CFLAGS, it can't be built with
"-pie -fpie":
tmp/sysroots/qemux86-64/usr/lib64/../lib64/Scrt1.o: In function `_start':
/usr/src/debug/glibc/2.24-r0/git/csu/../sysdeps/x86_64/start.S:104: undefined reference to `main'
/tmp/ccMFTA8A.o: In function `smg_char_at':
/usr/src/debug/slang/2.3.0-r0/slang-2.3.0/modules/slsmg-module.c:134: undefined reference to `SLsmg_char_at'
/tmp/ccMFTA8A.o: In function `smg_resume_smg':
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
exception list
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
These recipes no longer seem to need full exclusion from security hardening.
The rest (glibc, gcc-runtime, valgrind, grub, grub-efi, uclibc) still do.
[YOCTO #9489]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The entry is same as for python-numpy and prevents build failures
when extra security flags are in use (e.g. in poky-lsb).
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch avoids unzip fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security).
[YOCTO #9551]
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This avoids makedevs failure to compile with compiler flags
which elevate common string formatting issues into an error
(-Wformat -Wformat-security -Werror=format-security).
[YOCTO #9549]
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch avoids zip recipe fails to compile with compiler
flags which elevate common string formatting issues into an
error (-Wformat -Wformat-security -Werror=format-security).
[YOCTO #9552]
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch avoids stat fails to compile with compiler flags which
elevate common string formatting issues into an error (-Wformat
-Wformat-security -Werror=format-security).
[YOCTO #9550]
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Now we have patches that solves the security formatting issues into
those packages.
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add "-Wformat -Wformat-security -Werror=format-security" to the default
SECURITY_CFLAGS to catch potential security vulnerabilities due to the
misuse of various string formatting functions.
These flags are widely used in distributions such as Fedora and Ubuntu,
however we have 15 recipes in OE-Core which fail to build with these
flags included and thus the flags are removed for:
- busybox
- console-tools
- cmake
- expect
- gcc
- gettext
- kexec-tools
- leafpad
- libuser
- ltp
- makedevs
- oh-puzzles
- stat
- unzip
- zip
[YOCTO #9488]
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
RPM interally has support to build and work with the stack protector.
This is disabled by default in the RPM package, and the proper settings
should be specified in the security_flags. Using the default setting of
stack-protector-strong causes linking problems due to issues with libtool
selecting the wrong GCC objections to link against.
Falling back to the RPM values of stack-protector will permit linking to
work properly, and some level of protection.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libtool decides to
filter out -fstack-protector-strong on its own and its documented here
https://www.gnu.org/software/libtool/manual/html_node/Stripped-link-flags.html
this causes linking errors when linking libbfd.so since objects (.o) are
compiled using -fstack-protector-strong so they are expecting to link
with libssp but the option goes missing in linker flags.
With this patch the security flags are hoisted upto CC itself and
libtool thankfully does not touch CC.
Adding to CC also means that we can now remove it from LDFLAGS since
when gcc driver is used to do linking then we have LD = CC and this
option makes to linker cmdline
Since CC is used without CFLAGS in configure tests, some tests fail
complaining that -Olevel is not used while using _FORTIFY_SOURCE
therefore added SELECTED_OPTIMIZATION to TARGET_CC_ARCH as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It causes a catch-22 situation where we build libssp in gcc-runtime but also
pass -fstack-protector flags which require libssp
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This is a better version of -fstack-protector-all with reduced stack usage and
better performance yet giving same amount of coverage. It's available in gcc
4.9 onwards.
https://outflux.net/blog/archives/2014/01/27/fstack-protector-strong/ has more
details.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
As otherwise the security flags can leak into target builds. This can result in
flags that the host compiler doesn't support, causing build failures.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
sysroots/x86_64-linux/usr/libexec/x86_64-poky-linux/gcc/x86_64-poky-linux/5.3.0/ld:
syslinux.o: relocation R_X86_64_32 against `.rodata.str1.1' can not be used
when making a shared object; recompile with -fPIC
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The curl configure script contains sanity checks for unexpected
options being passed via CFLAGS, LDFLAGS, etc. environment variables.
These sanity checks catch -Dxxx options in CFLAGS, which clashes with
OE's approach of using CFLAGS to pass -D_FORTIFY_SOURCE (curl's
configure script suggests, quite correctly, that -Dxxx options should
be passed via CPPFLAGS instead).
These sanity checks previously generated fatal errors, but have been
downgraded to warnings since curl v7.32. Therefore the workaround of
avoiding -D_FORTIFY_SOURCE for curl is obsolete and can be removed.
https://github.com/bagder/curl/commit/5d3cbde72ece7d83c280492957a26e26ab4e5cca
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Valgrind (v3.11.0) expects to build with stack protection disabled
and includes -fno-stack-protector in its default CFLAGS. However, the
CFLAGS provided by OE are included on the compiler command line after
the defaults so any -fstack-protector-all / -fstack-protector-strong
option provided by security_flags.inc will cause problems.
| .../build-bcm97425vms/tmp/work/mips32el-rdk-linux/valgrind/3.11.0-r0/valgrind-3.11.0/coregrind/m_mallocfree.c:892: undefined reference to `__stack_chk_guard'
| .../build-bcm97425vms/tmp/work/mips32el-rdk-linux/valgrind/3.11.0-r0/valgrind-3.11.0/coregrind/m_mallocfree.c:947: undefined reference to `__stack_chk_fail'
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
webkitgtk 2.8.3 is provided instead and midori browser is replaced by epiphany in
separate commits.
(From OE-Core rev: 1a72dc9c44c7806c869c3b3afcd5d31bcf2da979)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If security_flags.inc is 'required' to the image, -pie and -fpie options
are added to CFLAGS. These are not compatible with -shared GCC option.
The result is several errors of following form and missing Python3
modules in the image:
*.o In function `_start': *.S undefined reference to `main'
collect2: error: ld returned 1 exit status
Signed-off-by: Topi Kuutela <topi.kuutela@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With gcc 5, we need to disable the PIE flags for more recipes in order
to have successful builds.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If -D_FORTIFY_SOURCE=2 is included in CFLAGS for debug builds,
many warnings will be generated and some packages will fail to
build. So, only conditionally include it.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The following over-rides were both defined twice:
SECURITY_CFLAGS_pn-grub-efi-x86-64-native
SECURITY_CFLAGS_pn-ltp
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It was pointed out that people couldn't easily see who used this or
why so add some comments about that.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With poky-lsb (security flags enabled), python-numpy doesn't build
with pie flags.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The error messages look like this:
R_ARM_TLS_LE32 relocation not permitted in shared object
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These recipes both fail to build with "relocation R_X86_64_PC32 against
undefined hidden symbol `__init_array_start' can not be used when making a
shared object" when using PIE.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Disable PIE in expect as otherwise it tries to link the shared library as an
executable.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|