[lintian] 01/01: c/binaries: Check for missing PIE hardening

To: debian-lint-maint@lists.debian.org
Subject: [lintian] 01/01: c/binaries: Check for missing PIE hardening
From: Niels Thykier <nthykier@moszumanska.debian.org>
Date: Fri, 22 Jan 2016 19:32:09 +0000
Message-id: <[🔎] E1aMhRJ-0006wy-O6@moszumanska.debian.org>
Reply-to: Niels Thykier <niels@thykier.net>
In-reply-to: <[🔎] 20160122193209.26654.48734@moszumanska.debian.org>
References: <[🔎] 20160122193209.26654.48734@moszumanska.debian.org>
This is an automated email from the git hooks/post-receive script.

nthykier pushed a commit to branch master
in repository lintian.

commit 52762d497bc398a320e1f9f06835b49606514797
Author: Niels Thykier <niels@thykier.net>
Date:   Fri Jan 22 19:31:43 2016 +0000

    c/binaries: Check for missing PIE hardening
    
    Signed-off-by: Niels Thykier <niels@thykier.net>
---
 checks/binaries.desc                             |  31 +++
 data/binaries/hardening-tags                     | 288 +++++++++++------------
 data/common/architectures                        |   2 +-
 data/common/multiarch-dirs                       |   2 +-
 data/files/triplets                              |   2 +-
 data/shared-libs/ldconfig-dirs                   |   2 +-
 debian/changelog                                 |   4 +-
 private/refresh-archs                            |   2 +-
 t/tests/binaries-hardening/desc                  |   3 +-
 t/tests/binaries-hardening/tags                  |   1 +
 t/tests/shared-libs-non-pic-i386/debian/Makefile |   7 +-
 11 files changed, 191 insertions(+), 153 deletions(-)

diff --git a/checks/binaries.desc b/checks/binaries.desc
index 32362da..4268b64 100644
--- a/checks/binaries.desc
+++ b/checks/binaries.desc
@@ -390,6 +390,37 @@ Info: This package provides an ELF binary that lacks the "bindnow"
  The relevant compiler flags are set in <tt>LDFLAGS</tt>.
 Ref: https://wiki.debian.org/Hardening
 
+Tag: hardening-no-pie
+Severity: wishlist
+Certainty: certain
+Experimental: yes
+Info: This package provides an ELF executable that was not compiled
+ as a position independent executable (PIE).
+ .
+ PIE is required for fully enabling Address Space Layout
+ Randomization (ASLR), which makes "Return-oriented" attacks more
+ difficult.
+ .
+ Historically, PIE has been associated with notiable performance
+ overhead on i386.  However, GCC-5 has implemented an optimization
+ that can reduce the overhead significantly.
+ .
+ If you use <tt>dpkg-buildflags</tt>, you may have to add
+ <tt>hardening=+pie</tt> or <tt>hardening=+all</tt> to
+ <tt>DEB_BUILD_MAINT_OPTIONS</tt>.
+ .
+ The relevant compiler flags must be passed both to the compiler
+ and the linker (e.g. for C that would be commonly be
+ <tt>CFLAGS</tt> and <tt>LDFLAGS</tt>).
+ .
+ CAVEAT: Some binaries FTBFS when built with the PIE flags.  A
+ notable example being static libraries (<tt>gcc -static</tt>).
+ If your upstream build compiles both static libs and executables,
+ you may have to patch the build to ensure that only the latter
+ are compiled with PIE.
+Ref: https://wiki.debian.org/Hardening,
+ https://gcc.gnu.org/gcc-5/changes.html
+
 Tag: debug-file-with-no-debug-symbols
 Severity: normal
 Certainty: possible
diff --git a/data/binaries/hardening-tags b/data/binaries/hardening-tags
index 53232fd..9e95df2 100644
--- a/data/binaries/hardening-tags
+++ b/data/binaries/hardening-tags
@@ -1,17 +1,17 @@
 # Map of architectures to enabled hardening tags.
 #
 # NB: Keep this in sync with checks/binaries.desc
-# Last updated: 2016-01-21
+# Last updated: 2016-01-22
 # With: Debian dpkg-architecture version 1.18.4.
 # This file was auto-generated by private/refresh-archs
 
-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro
-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro
-arm64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-armeb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-armel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-armhf || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
+alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro
+amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro
+arm64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+armeb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+armel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+armhf || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
 avr32 || hardening-no-fortify-functions, hardening-no-stackprotector
 darwin-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro
 darwin-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
@@ -101,37 +101,37 @@ freebsd-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening
 freebsd-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 freebsd-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 hppa || hardening-no-fortify-functions
-hurd-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro
-hurd-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-arm64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-armeb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
+hurd-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro
+hurd-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-arm64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-armeb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
 hurd-avr32 || hardening-no-fortify-functions, hardening-no-stackprotector
 hurd-hppa || hardening-no-fortify-functions
-hurd-i386 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-ia64 || hardening-no-fortify-functions
-hurd-m32r || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-m68k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-mips || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-mips64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-mips64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-mipsel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-nios2 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-or1k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-powerpc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-powerpcel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-ppc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-ppc64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-s390 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-s390x || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-sh3 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-sh3eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-hurd-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-i386 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-ia64 || hardening-no-fortify-functions
+hurd-i386 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-ia64 || hardening-no-fortify-functions, hardening-no-pie
+hurd-m32r || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-m68k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-mips || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-mips64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-mips64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-mipsel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-nios2 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-or1k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-powerpc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-powerpcel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-ppc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-ppc64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-s390 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-s390x || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-sh3 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-sh3eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+hurd-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+i386 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+ia64 || hardening-no-fortify-functions, hardening-no-pie
 kfreebsd-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro
 kfreebsd-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 kfreebsd-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
@@ -162,35 +162,35 @@ kfreebsd-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-
 kfreebsd-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 kfreebsd-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 kfreebsd-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro
-knetbsd-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-arm64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-armeb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
+knetbsd-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro
+knetbsd-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-arm64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-armeb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
 knetbsd-avr32 || hardening-no-fortify-functions, hardening-no-stackprotector
 knetbsd-hppa || hardening-no-fortify-functions
-knetbsd-i386 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-ia64 || hardening-no-fortify-functions
-knetbsd-m32r || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-m68k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-mips || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-mips64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-mips64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-mipsel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-nios2 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-or1k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-powerpc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-powerpcel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-ppc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-ppc64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-s390 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-s390x || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-sh3 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-sh3eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-knetbsd-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
+knetbsd-i386 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-ia64 || hardening-no-fortify-functions, hardening-no-pie
+knetbsd-m32r || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-m68k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-mips || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-mips64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-mips64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-mipsel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-nios2 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-or1k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-powerpc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-powerpcel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-ppc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-ppc64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-s390 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-s390x || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-sh3 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-sh3eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+knetbsd-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
 kopensolaris-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro
 kopensolaris-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 kopensolaris-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
@@ -220,45 +220,45 @@ kopensolaris-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, harden
 kopensolaris-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 kopensolaris-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 kopensolaris-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-m32r || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-m68k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
+m32r || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+m68k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
 mint-m68k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-mips || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-mips64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-mips64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-mipsel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-mipsn32 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-mipsn32el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro
-musl-linux-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-arm64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-armeb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-armhf || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
+mips || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+mips64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+mips64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+mipsel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+mipsn32 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+mipsn32el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro
+musl-linux-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-arm64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-armeb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-armhf || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
 musl-linux-avr32 || hardening-no-fortify-functions, hardening-no-stackprotector
 musl-linux-hppa || hardening-no-fortify-functions
-musl-linux-i386 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-ia64 || hardening-no-fortify-functions
-musl-linux-m32r || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-m68k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-mips || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-mips64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-mips64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-mipsel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-nios2 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-or1k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-powerpc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-powerpcel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-ppc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-ppc64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-s390 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-s390x || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-sh3 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-sh3eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-musl-linux-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
+musl-linux-i386 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-ia64 || hardening-no-fortify-functions, hardening-no-pie
+musl-linux-m32r || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-m68k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-mips || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-mips64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-mips64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-mipsel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-nios2 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-or1k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-powerpc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-powerpcel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-ppc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-ppc64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-s390 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-s390x || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-sh3 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-sh3eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+musl-linux-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
 netbsd-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro
 netbsd-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 netbsd-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
@@ -288,7 +288,7 @@ netbsd-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no
 netbsd-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 netbsd-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 netbsd-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-nios2 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
+nios2 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
 openbsd-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro
 openbsd-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 openbsd-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
@@ -318,18 +318,18 @@ openbsd-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-n
 openbsd-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 openbsd-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 openbsd-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-or1k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-powerpc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-powerpcel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-powerpcspe || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-ppc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-ppc64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-s390 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-s390x || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-sh3 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-sh3eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
+or1k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+powerpc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+powerpcel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+powerpcspe || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+ppc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+ppc64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+s390 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+s390x || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+sh3 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+sh3eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
 solaris-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro
 solaris-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 solaris-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
@@ -359,38 +359,38 @@ solaris-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-n
 solaris-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 solaris-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 solaris-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro
-uclibc-linux-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-arm64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-armeb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-armel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
+sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro
+uclibc-linux-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-arm64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-armeb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-armel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
 uclibc-linux-avr32 || hardening-no-fortify-functions, hardening-no-stackprotector
 uclibc-linux-hppa || hardening-no-fortify-functions
-uclibc-linux-i386 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-ia64 || hardening-no-fortify-functions
-uclibc-linux-m32r || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-m68k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-mips || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-mips64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-mips64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-mipsel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-nios2 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-or1k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-powerpc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-powerpcel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-ppc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-ppc64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-s390 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-s390x || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-sh3 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-sh3eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-uclibc-linux-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-i386 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-ia64 || hardening-no-fortify-functions, hardening-no-pie
+uclibc-linux-m32r || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-m68k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-mips || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-mips64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-mips64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-mipsel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-nios2 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-or1k || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-powerpc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-powerpcel || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-ppc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-ppc64el || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-s390 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-s390x || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-sh3 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-sh3eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
+uclibc-linux-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
 uclinux-alpha || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro
 uclinux-amd64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 uclinux-arm || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
@@ -421,4 +421,4 @@ uclinux-sh4 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-n
 uclinux-sh4eb || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 uclinux-sparc || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
 uclinux-sparc64 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
-x32 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-relro, hardening-no-stackprotector
+x32 || hardening-no-bindnow, hardening-no-fortify-functions, hardening-no-pie, hardening-no-relro, hardening-no-stackprotector
diff --git a/data/common/architectures b/data/common/architectures
index 5cfe708..ef83a59 100644
--- a/data/common/architectures
+++ b/data/common/architectures
@@ -1,6 +1,6 @@
 # List of known architectures as provided by dpkg-architecture
 # (excluding "all" and "any", which are handled specially)
-# Last updated: 2016-01-21
+# Last updated: 2016-01-22
 # With: Debian dpkg-architecture version 1.18.4.
 # This file was auto-generated by private/refresh-archs
 
diff --git a/data/common/multiarch-dirs b/data/common/multiarch-dirs
index 553cb8e..325fa11 100644
--- a/data/common/multiarch-dirs
+++ b/data/common/multiarch-dirs
@@ -1,6 +1,6 @@
 # List of "Multiarch dirs" relationships as provided by
 # dpkg-architecture - arch -> dir mapping
-# Last updated: 2016-01-21
+# Last updated: 2016-01-22
 # With: Debian dpkg-architecture version 1.18.4.
 # This file was auto-generated by private/refresh-archs
 
diff --git a/data/files/triplets b/data/files/triplets
index 3faaf32..2330947 100644
--- a/data/files/triplets
+++ b/data/files/triplets
@@ -1,6 +1,6 @@
 # List of "triplet architecture" relationships as provided by
 # dpkg-architecture'
-# Last updated: 2016-01-21
+# Last updated: 2016-01-22
 # With: Debian dpkg-architecture version 1.18.4.
 # This file was auto-generated by private/refresh-archs
 
diff --git a/data/shared-libs/ldconfig-dirs b/data/shared-libs/ldconfig-dirs
index 37d4142..f46b975 100644
--- a/data/shared-libs/ldconfig-dirs
+++ b/data/shared-libs/ldconfig-dirs
@@ -10,7 +10,7 @@
 #
 # See Bug#469301 and Bug#464796 for more details.
 #
-# Last updated: 2016-01-21
+# Last updated: 2016-01-22
 # With: Debian dpkg-architecture version 1.18.4.
 # This file was auto-generated by private/refresh-archs
 #
diff --git a/debian/changelog b/debian/changelog
index 1ded02a..c7d8d5d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,7 +7,9 @@ lintian (2.5.40) UNRELEASED; urgency=medium
       checks.  Thanks to Aurelien Jarno for the bug report.  (Closes:
       #809262)
     + [BR] Detect old style config script and detect Mutli-arch error.
-    + [NT] Add experimental tag for missing "bindnow" hardening.
+    + [NT] Add experimental tag for missing "bindnow" and "pie"
+      hardening.  Thanks to intrigeri for the suggestion.
+      (Closes: #759363)
   * checks/changes-file.pm:
     + [JW] Use "~bpo7+N" as the suffix for wheezy-backports-sloppy
       uploads.  Thanks to Vincent Bernat for the bug report.  (Closes:
diff --git a/private/refresh-archs b/private/refresh-archs
index 1079af8..dbc9039 100755
--- a/private/refresh-archs
+++ b/private/refresh-archs
@@ -39,7 +39,7 @@ my %hardening = (
     relro           => 'if-enabled',
     stackprotector  => 'if-enabled',
     bindnow         => 'always',
-    #    pie             => 'always',
+    pie             => 'always',
 );
 my (%archs, %files);
 
diff --git a/t/tests/binaries-hardening/desc b/t/tests/binaries-hardening/desc
index 2185a90..670905b 100644
--- a/t/tests/binaries-hardening/desc
+++ b/t/tests/binaries-hardening/desc
@@ -5,7 +5,8 @@ Description: Check for missing hardening features
 Architecture: amd64 i386 armhf arm64
 Profile: debian/extra-hardening
 Test-For:
- hardening-no-fortify-functions
  hardening-no-bindnow
+ hardening-no-fortify-functions
+ hardening-no-pie
  hardening-no-relro
  hardening-no-stackprotector
diff --git a/t/tests/binaries-hardening/tags b/t/tests/binaries-hardening/tags
index 805e27d..4be88a2 100644
--- a/t/tests/binaries-hardening/tags
+++ b/t/tests/binaries-hardening/tags
@@ -2,3 +2,4 @@ I: binaries-hardening: hardening-no-fortify-functions usr/bin/weak
 I: binaries-hardening: hardening-no-stackprotector usr/bin/weak
 W: binaries-hardening: hardening-no-relro usr/bin/weak
 X: binaries-hardening: hardening-no-bindnow usr/bin/weak
+X: binaries-hardening: hardening-no-pie usr/bin/weak
diff --git a/t/tests/shared-libs-non-pic-i386/debian/Makefile b/t/tests/shared-libs-non-pic-i386/debian/Makefile
index a62fdd7..5ccd2b8 100644
--- a/t/tests/shared-libs-non-pic-i386/debian/Makefile
+++ b/t/tests/shared-libs-non-pic-i386/debian/Makefile
@@ -3,14 +3,17 @@ CC=gcc
 NOPICOBJS=non-pic.o
 SONAME:=libbaz3.so.1
 
+NOPIC_CFLAGS = $(filter-out -fPIE,$(CFLAGS))
+NOPIC_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS))
+
 all: libbaz3.so.1.0.3b
 
 # Non-PIC. We can't test this on all architectures
 libbaz3.so.1.0.3b: $(NOPICOBJS)
-	$(CC) $(LDFLAGS) -o $@ -shared -Wl,-soname,$(SONAME) $^ -lc
+	$(CC) $(NOPIC_LDFLAGS) -o $@ -shared -Wl,-soname,$(SONAME) $^ -lc
 
 %.o: %.c
-	$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ -c $<
+	$(CC) $(NOPIC_CFLAGS) $(CPPFLAGS) -o $@ -c $<
 
 clean:
 	rm -f *.a *.o *.so* *.sho

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to:
References:
- [lintian] branch master updated (44a99b2 -> 52762d4)
  - From: Niels Thykier <nthykier@moszumanska.debian.org>
Prev by Date: [lintian] branch master updated (113fec4 -> 44a99b2)
Next by Date: Processed: limit source to lintian, tagging 759363
Previous by thread: [lintian] branch master updated (44a99b2 -> 52762d4)
Next by thread: Build failed in Jenkins: lintian-tests_sid #883
Index(es):
- Date
- Thread