The curl configure script contains sanity checks for unexpected options being passed via CFLAGS, LDFLAGS, etc. environment variables.
These sanity checks catch -Dxxx options in CFLAGS, which clashes with OE's approach of using CFLAGS to pass -D_FORTIFY_SOURCE (curl's configure script suggests, quite correctly, that -Dxxx options should be passed via CPPFLAGS instead). These sanity checks previously generated fatal errors, but have been downgraded to warnings since curl v7.32. Therefore the workaround of avoiding -D_FORTIFY_SOURCE for curl is obsolete and can be removed. https://github.com/bagder/curl/commit/5d3cbde72ece7d83c280492957a26e26ab4e5cca Signed-off-by: Andre McCurdy <armccu...@gmail.com> --- meta/conf/distro/include/security_flags.inc | 4 ---- 1 file changed, 4 deletions(-) diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 1795750..ac4fc65 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -28,11 +28,7 @@ SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-coreutils = "${SECURITY_NO_PIE_CFLAGS}" -# Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned -# to CPPFLAGS it gets picked into CFLAGS in bitbake. -#TARGET_CPPFLAGS_pn-curl += "-D_FORTIFY_SOURCE=2" SECURITY_CFLAGS_pn-cups = "${SECURITY_NO_PIE_CFLAGS}" -SECURITY_CFLAGS_pn-curl = "-fstack-protector-all -pie -fpie" SECURITY_CFLAGS_pn-db = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-directfb = "${SECURITY_NO_PIE_CFLAGS}" SECURITY_CFLAGS_pn-glibc = "" -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
