Bug#859430: netcdf shouldn't disable PIE

Adrian Bunk bunk at debian.org
Mon Apr 3 12:49:40 UTC 2017


Source: netcdf
Version: 1:4.4.1.1-1
Severity: normal
Tags: patch

With gcc in stretch defaulting to PIE, hardening=+all,-pie changed
semantics from "enable hardening but not PIE" to "enable all hardening
and explicitely disable the default PIE".
The latter is usually not intended.

The -pie in hardening flags was in some cases required in pre-stretch
releases to avoid build failures caused by (incorrectly) passing -fPIE
to the compiler when building shared libraries or plugins.
This problem does no longer exist.

Please consider applying the following patch:

--- debian/rules.old	2017-04-03 12:44:22.000000000 +0000
+++ debian/rules	2017-04-03 12:44:40.000000000 +0000
@@ -2,9 +2,8 @@
 
 #export DH_VERBOSE=1
 
-# Enable hardening build flags, except:
-#  pie: causes build failure
-export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie
+# Enable hardening build flags
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
 
 DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
 



More information about the Pkg-grass-devel mailing list