[Pkg-fonts-devel] Bug#865601: fontforge shouldn't disable PIE

Adrian Bunk bunk at debian.org
Fri Jun 23 04:06:31 UTC 2017

Source: fontforge
Version: 1:20161005~dfsg-4
Severity: normal
Tags: patch

With gcc in stretch defaulting to PIE, hardening=+all,-pie changed
semantics from "enable hardening but not PIE" to "enable all hardening
and explicitely disable the default PIE".
The latter is usually not intended.

The -pie in hardening flags was in some cases required in pre-stretch
releases to avoid build failures caused by (incorrectly) passing -fPIE
to the compiler when building shared libraries or plugins.
This problem does no longer exist.

Please consider applying the following patch:

--- debian/rules.old	2017-06-23 03:43:56.000000000 +0000
+++ debian/rules	2017-06-23 03:44:04.000000000 +0000
@@ -25,7 +25,7 @@
 CDBS_BUILD_DEPENDS +=, libreadline-dev, dh-python, python
 export CONFIG_SHELL=/bin/bash
-export DEB_BUILD_MAINT_OPTIONS := hardening=+all,-pie
+export DEB_BUILD_MAINT_OPTIONS := hardening=+all
 dev-deps = cairo2 freetype6 gif jpeg pango1.0 png spiro tiff5
 dev-deps += uninameslist xml2 xt glib2.0

More information about the Pkg-fonts-devel mailing list