[lintian] 01/01: c/binaries.desc: Expand on the -fPIE caveat
This is an automated email from the git hooks/post-receive script.
nthykier pushed a commit to branch master
in repository lintian.
commit a0678c6c89c80be01b11af56a141b13b353cbd21
Author: Niels Thykier <niels@thykier.net>
Date: Sun Mar 27 14:44:19 2016 +0000
c/binaries.desc: Expand on the -fPIE caveat
Signed-off-by: Niels Thykier <niels@thykier.net>
---
checks/binaries.desc | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/checks/binaries.desc b/checks/binaries.desc
index 0aa58fa..8815945 100644
--- a/checks/binaries.desc
+++ b/checks/binaries.desc
@@ -425,11 +425,17 @@ Info: This package provides an ELF executable that was not compiled
and the linker (e.g. for C that would be commonly be
<tt>CFLAGS</tt> and <tt>LDFLAGS</tt>).
.
- CAVEAT: Some binaries FTBFS when built with the PIE flags. A
- notable example being static libraries (<tt>gcc -static</tt>).
- If your upstream build compiles both static libs and executables,
- you may have to patch the build to ensure that only the latter
- are compiled with PIE.
+ CAVEAT: Please keep in mind that the PIE flags (-fPIE) is not
+ suitable for all cases:
+ .
+ * It is <i>not</i> compatible with -fPIC which required for
+ compiling shared libraries.
+ * It is unlikely to work when compiling static libraries or
+ executables (<tt>gcc -static</tt>).
+ .
+ If your upstream build compiles either of the above, you may have to
+ patch the build to ensure that only ELF executables are compiled with
+ PIE.
Ref: https://wiki.debian.org/Hardening,
https://gcc.gnu.org/gcc-5/changes.html,
https://software.intel.com/en-us/blogs/2014/12/26/new-optimizations-for-x86-in-upcoming-gcc-50-32bit-pic-mode
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: