[Debian-med-packaging] Bug#865608: jellyfish shouldn't disable PIE
Adrian Bunk
bunk at debian.org
Fri Jun 23 05:02:23 UTC 2017
Source: jellyfish
Version: 2.2.6-1
Severity: normal
Tags: patch
With gcc in stretch defaulting to PIE, hardening=+all,-pie changed
semantics from "enable hardening but not PIE" to "enable all hardening
and explicitely disable the default PIE".
The latter is usually not intended.
The -pie in hardening flags was in some cases required in pre-stretch
releases to avoid build failures caused by (incorrectly) passing -fPIE
to the compiler when building shared libraries or plugins.
This problem does no longer exist.
Please consider applying the following patch:
--- debian/rules.old 2017-06-23 04:50:02.000000000 +0000
+++ debian/rules 2017-06-23 04:50:07.000000000 +0000
@@ -3,7 +3,7 @@
DEBPKGNAME := $(shell dpkg-parsechangelog | awk '/^Source:/ {print $$2}')
build3vers := $(shell py3versions -sv)
-export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
export DH_OPTIONS
export PKG_CONFIG_LIBDIR=${CURDIR}
More information about the Debian-med-packaging
mailing list