Bug#859372: grass shouldn't disable PIE
Adrian Bunk
bunk at debian.org
Sun Apr 2 20:52:06 UTC 2017
Source: grass
Version: 7.2.0-1
Severity: normal
Tags: patch
With gcc in stretch defaulting to PIE, hardening=+all,-pie changed
semantics from "enable hardening but not PIE" to "enable all hardening
and explicitely disable the default PIE".
The latter is usually not intended.
The -pie in hardening flags was in some cases required in pre-stretch
releases to avoid build failures caused by (incorrectly) passing -fPIE
to the compiler when building shared libraries or plugins.
This problem does no longer exist, and grass builds with my patch.
Please consider applying the following patch:
--- debian/rules.old 2017-04-02 20:40:04.000000000 +0000
+++ debian/rules 2017-04-02 20:40:18.000000000 +0000
@@ -3,9 +3,8 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
-# Enable hardening build flags, except:
-# pie: causes build failure
-export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie
+# Enable hardening build flags:
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
VERSION=$(shell echo `head -2 $(CURDIR)/include/VERSION` | sed -e 's/ //')
ABI=$(shell echo `head -3 $(CURDIR)/include/VERSION` | sed -e 's/ //g' -e 's/RC/-/')
More information about the Pkg-grass-devel
mailing list