* This patchset add a switch to configure gcc driver with PIE defaults * Add support for generating static PIE in gcc * Gets rid of lot of bandaids from distro security flags file * Adjust recipes for new way of specifying pie * Upgrade and Fix mips build for ffmpeg along the way
The following changes since commit 059846662f1ea1c82804cfce5f91afcb2980ec8a: mtools-native: fix Upstream-Status (2017-06-14 14:45:01 +0100) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib kraj/hardening-fixes http://cgit.openembedded.org/openembedded-core-contrib/log/?h=kraj/hardening-fixes Khem Raj (10): gcc: Introduce a knob to configure gcc to default to PIE security_flags.inc: Delete pinnings for SECURITY_NO_PIE_CFLAGS distutils,setuptools: Delete use of SECURITY_NO_PIE_CFLAGS ffmpeg: Upgrade to 3.3.2 stable gobject-introspection: Disable generating static lbraries zlib: Pass pre-calculate uname enable re-entrant flags gcc-sanitizer: Fix build with glibc 2.26 gcc7: Enable static PIE libunwind: We set -fPIE in security flags now if gcc is not configured for default PIE valgrind: Remove -no-pie from cflags meta/classes/distutils-common-base.bbclass | 2 - meta/classes/setuptools.bbclass | 2 - meta/conf/distro/include/security_flags.inc | 85 ++++------- meta/recipes-core/zlib/zlib_1.2.11.bb | 12 +- meta/recipes-devtools/gcc/gcc-7.1.inc | 2 + ...r-Use-stack_t-instead-of-struct-sigaltsta.patch | 160 +++++++++++++++++++++ .../gcc/gcc-7.1/0049-gcc-Enable-static-PIE.patch | 37 +++++ meta/recipes-devtools/gcc/gcc-configure-common.inc | 3 + meta/recipes-devtools/valgrind/valgrind_3.12.0.bb | 1 - .../gobject-introspection_1.50.0.bb | 1 + .../ffmpeg/ffmpeg/0001-build-fix-for-mips.patch | 44 ++++++ .../ffmpeg/{ffmpeg_3.3.bb => ffmpeg_3.3.2.bb} | 5 +- meta/recipes-support/libunwind/libunwind_1.2.bb | 4 - 13 files changed, 281 insertions(+), 77 deletions(-) create mode 100644 meta/recipes-devtools/gcc/gcc-7.1/0048-libsanitizer-Use-stack_t-instead-of-struct-sigaltsta.patch create mode 100644 meta/recipes-devtools/gcc/gcc-7.1/0049-gcc-Enable-static-PIE.patch create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-build-fix-for-mips.patch rename meta/recipes-multimedia/ffmpeg/{ffmpeg_3.3.bb => ffmpeg_3.3.2.bb} (97%) -- 2.13.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core