[Pkg-ace-devel] Bug#859350: ace shouldn't disable PIE

Adrian Bunk bunk at debian.org
Sun Apr 2 18:17:28 UTC 2017


Source: ace
Version: 6.3.3+dfsg-1.2
Severity: normal
Tags: patch

With gcc in stretch defaulting to PIE, hardening=...,-pie changed
semantics from "enable hardening but not PIE" to "enable hardening
and explicitely disable the default PIE".
The latter is usually not intended.

The -pie in hardening flags was in some cases required in pre-stretch
releases to avoid build failures caused by (incorrectly) passing -fPIE
to the compiler when building shared libraries or plugins.
This problem does no longer exist.

Please consider applying the following change:

--- debian/rules.old	2017-03-20 08:43:43.000000000 +0000
+++ debian/rules	2017-03-20 08:43:43.000000000 +0000
@@ -9,7 +9,7 @@
 # Copyright © 2010-2014 Johnny Willemsen <jwillemsen at remedy.nl>
 
 #export DEB_BUILD_MAINT_OPTIONS = hardening=+all
-export DEB_BUILD_MAINT_OPTIONS = hardening=+format,+fortify,+stackprotector,+relro,+bindnow,-pie
+export DEB_BUILD_MAINT_OPTIONS = hardening=+format,+fortify,+stackprotector,+relro,+bindnow
 DPKG_EXPORT_BUILDFLAGS = 1
 include /usr/share/dpkg/buildflags.mk
 CFLAGS+=$(CPPFLAGS)


More information about the Pkg-ace-devel mailing list