[lintian] 01/01: c/binaries.desc: PIE is on by default now

To: debian-lint-maint@lists.debian.org
Subject: [lintian] 01/01: c/binaries.desc: PIE is on by default now
From: Niels Thykier <nthykier@moszumanska.debian.org>
Date: Thu, 27 Oct 2016 06:16:54 +0000
Message-id: <[🔎] E1bzdzi-0007aW-RH@moszumanska.debian.org>
Reply-to: Niels Thykier <niels@thykier.net>
In-reply-to: <[🔎] 20161027061654.29056.94252@moszumanska.debian.org>
References: <[🔎] 20161027061654.29056.94252@moszumanska.debian.org>

This is an automated email from the git hooks/post-receive script.

nthykier pushed a commit to branch master
in repository lintian.

commit 90e8628d8d723ed30938241f3e856ca61cfc5932
Author: Niels Thykier <niels@thykier.net>
Date:   Thu Oct 27 06:16:03 2016 +0000

    c/binaries.desc: PIE is on by default now
    
    Signed-off-by: Niels Thykier <niels@thykier.net>
---
 checks/binaries.desc | 12 ++++--------
 debian/changelog     |  4 ++++
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/checks/binaries.desc b/checks/binaries.desc
index 9cee31c..7adeefe 100644
--- a/checks/binaries.desc
+++ b/checks/binaries.desc
@@ -398,6 +398,10 @@ Certainty: certain
 Info: This package provides an ELF executable that was not compiled
  as a position independent executable (PIE).
  .
+ In Debian, gcc-6 as of version 6.2.0-9 will compile ELF binaries with
+ PIE by default.  In most cases a simple rebuild will be sufficient to
+ remove this tag.
+ .
  PIE is required for fully enabling Address Space Layout
  Randomization (ASLR), which makes "Return-oriented" attacks more
  difficult.
@@ -414,14 +418,6 @@ Info: This package provides an ELF executable that was not compiled
  and the linker (e.g. for C that would be commonly be
  <tt>CFLAGS</tt> and <tt>LDFLAGS</tt>).
  .
- CAVEAT: Please keep in mind that the PIE flag (-fPIE) is not
- suitable for all cases:
- .
-  * It is <i>not</i> compatible with -fPIC which required for
-    compiling shared libraries.
-  * It is unlikely to work when compiling static libraries or
-    executables (<tt>gcc -static</tt>).
- .
  If your upstream build compiles either of the above, you may have to
  patch the build to ensure that only ELF executables are compiled with
  PIE.
diff --git a/debian/changelog b/debian/changelog
index 5d5a4f6..1f12dfe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,10 @@ lintian (2.5.50) UNRELEASED; urgency=medium
 
   XXX: generate tag summary with private/generate-tag-summary
 
+  * checks/binaries.desc:
+    + [NT] Update hardening-no-pie description to reflect that
+      PIE is on by default in Debian.
+
   * data/spelling/corrections:
     + [PW] Add more corrections.
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git

Reply to:

References:
- [lintian] branch master updated (0b2ee06 -> 90e8628)
  - From: Niels Thykier <nthykier@moszumanska.debian.org>

Prev by Date: [lintian] branch master updated (3453bc9 -> 0b2ee06)
Next by Date: [lintian] branch master updated (0b2ee06 -> 90e8628)
Previous by thread: [lintian] branch master updated (0b2ee06 -> 90e8628)
Next by thread: Processed: limit source to lintian, tagging 839822
Index(es):
- Date
- Thread