> On Apr 28, 2016, at 6:27 AM, Joshua Lock <[email protected]> wrote: > > -SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify}" > -SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify}" > +# Error on use of format strings that represent possible security problems > +SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security" > + > +SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify} > ${SECURITY_STRINGFORMAT}" > +SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify} > ${SECURITY_STRINGFORMAT}" > > SECURITY_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro,-z,now" > SECURITY_X_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro" > @@ -92,6 +95,23 @@ SECURITY_CFLAGS_pn-zlib = "${SECURITY_NO_PIE_CFLAGS}" > SECURITY_CFLAGS_pn-ltp = "${SECURITY_NO_PIE_CFLAGS}" > SECURITY_CFLAGS_pn-pulseaudio = "${SECURITY_NO_PIE_CFLAGS}" > > +# Recipes which fail to compile when elevating -Wformat-security to an error > +SECURITY_STRINGFORMAT_pn-busybox = "" > +SECURITY_STRINGFORMAT_pn-console-tools = "" > +SECURITY_STRINGFORMAT_pn-cmake = "" > +SECURITY_STRINGFORMAT_pn-expect = "" > +SECURITY_STRINGFORMAT_pn-gcc = "" > +SECURITY_STRINGFORMAT_pn-gettext = "" > +SECURITY_STRINGFORMAT_pn-kexec-tools = "" > +SECURITY_STRINGFORMAT_pn-leafpad = "" > +SECURITY_STRINGFORMAT_pn-libuser = "" > +SECURITY_STRINGFORMAT_pn-ltp = "" > +SECURITY_STRINGFORMAT_pn-makedevs = "" > +SECURITY_STRINGFORMAT_pn-oh-puzzles = "" > +SECURITY_STRINGFORMAT_pn-stat = "" > +SECURITY_STRINGFORMAT_pn-unzip = "" > +SECURITY_STRINGFORMAT_pn-zip = ""
Can we use _remove operation instead of introducing a new variable and emptying it out here.
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
