* [PATCH] poky-lsb: security_flags.inc
@ 2018-07-31 11:06 Hongzhi.Song
2018-07-31 21:37 ` Peter Kjellerstedt
0 siblings, 1 reply; 2+ messages in thread
From: Hongzhi.Song @ 2018-07-31 11:06 UTC (permalink / raw)
To: openembedded-core, raj.khem
To fix the following error, we append '-O' to the defination of _FORTIFY_SOURCE
recipe-sysroot/usr/include/features.h:381:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
# warning _FORTIFY_SOURCE requires compiling with optimization (-O)
^~~~~~~
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
---
meta/conf/distro/include/security_flags.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 6245e89ada..1c32fd3165 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -10,7 +10,7 @@ GCCPIE ?= "--enable-default-pie"
# _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use
# -O0 which then results in a compiler warning.
-lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}"
+lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2 -O',d)}"
# Error on use of format strings that represent possible security problems
SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security"
--
2.11.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] poky-lsb: security_flags.inc
2018-07-31 11:06 [PATCH] poky-lsb: security_flags.inc Hongzhi.Song
@ 2018-07-31 21:37 ` Peter Kjellerstedt
0 siblings, 0 replies; 2+ messages in thread
From: Peter Kjellerstedt @ 2018-07-31 21:37 UTC (permalink / raw)
To: Hongzhi.Song, openembedded-core, raj.khem
> -----Original Message-----
> From: openembedded-core-bounces@lists.openembedded.org <openembedded-
> core-bounces@lists.openembedded.org> On Behalf Of Hongzhi.Song
> Sent: den 31 juli 2018 13:07
> To: openembedded-core@lists.openembedded.org; raj.khem@gmail.com
> Subject: [OE-core] [oe-core][PATCH] poky-lsb: security_flags.inc
This is not only limited to poky-lsb. security_flags.inc is used
by many directly.
> To fix the following error, we append '-O' to the defination of
> _FORTIFY_SOURCE
>
> recipe-sysroot/usr/include/features.h:381:4: error: #warning
> _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
> # warning _FORTIFY_SOURCE requires compiling with optimization (-O)
> ^~~~~~~
>
> Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
> ---
> meta/conf/distro/include/security_flags.inc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/conf/distro/include/security_flags.inc
> b/meta/conf/distro/include/security_flags.inc
> index 6245e89ada..1c32fd3165 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -10,7 +10,7 @@ GCCPIE ?= "--enable-default-pie"
>
> # _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use
> # -O0 which then results in a compiler warning.
> -lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}"
> +lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2 -O',d)}"
This is not the correct way to solve this problem. It should be fixed on
a per recipe basis. There is probably a reason why the code is being built
with -O0, so then changing it here without an investigation of which is
correct, to build with fortification and enabling optimization or to build
without fortification and without enabling optimization.
Changing it as per above could also have an impact on some packages by
actually lowering the optimization level.
> # Error on use of format strings that represent possible security problems
> SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security"
> --
> 2.11.0
//Peter
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-07-31 21:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-31 11:06 [PATCH] poky-lsb: security_flags.inc Hongzhi.Song
2018-07-31 21:37 ` Peter Kjellerstedt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.