Bug#865600: 2.0.0-release-3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#865600: 2.0.0-release-3
From: Adrian Bunk <bunk@debian.org>
Date: Fri, 23 Jun 2017 06:44:27 +0300
Message-id: <[🔎] 149818946714.1270.11295495711061593921.reportbug@localhost>
Reply-to: Adrian Bunk <bunk@debian.org>, 865600@bugs.debian.org

Source: flite
Version: 2.0.0-release-3+b1
Severity: normal
Tags: patch

With gcc in stretch defaulting to PIE, hardening=+all,-pie changed
semantics from "enable hardening but not PIE" to "enable all hardening
and explicitely disable the default PIE".
The latter is usually not intended.

The -pie in hardening flags was in some cases required in pre-stretch
releases to avoid build failures caused by (incorrectly) passing -fPIE
to the compiler when building shared libraries or plugins.
This problem does no longer exist.

Please consider applying the following patch:

--- debian/rules.old	2017-06-23 03:37:26.000000000 +0000
+++ debian/rules	2017-06-23 03:37:42.000000000 +0000
@@ -3,11 +3,8 @@
 %:
 	dh $@ --with autoreconf
 
-export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
-# -fPIE doesn't work, but at least get -fPIC as we used to have with
-# hardening-wrapper
-export DEB_CFLAGS_MAINT_APPEND = -no-pie -fno-pie -fno-PIE -fPIC
-export DEB_CXXFLAGS_MAINT_APPEND = -no-pie -fno-pie -fno-PIE -fPIC
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
 #fix FTBFS with binutils-gold
 export DEB_LDFLAGS_MAINT_APPEND = -lm

Reply to:

Prev by Date: Bug#865597: at-spi2-core shouldn't disable PIE
Next by Date: Processed: Correct title and found version
Previous by thread: Bug#865597: at-spi2-core shouldn't disable PIE
Next by thread: Processed: Correct title and found version
Index(es):
- Date
- Thread