[debian-mysql] Bug#865774: mysql-5.7 shouldn't disable PIE
Adrian Bunk
bunk at debian.org
Sat Jun 24 18:20:15 UTC 2017
Source: mysql-5.7
Version: 5.7.18-1
Severity: normal
Tags: patch
With gcc in stretch defaulting to PIE, hardening=+all,-pie changed
semantics from "enable hardening but not PIE" to "enable all hardening
and explicitely disable the default PIE".
The latter is usually not intended.
The -pie in hardening flags was in some cases required in pre-stretch
releases to avoid build failures caused by (incorrectly) passing -fPIE
to the compiler when building shared libraries or plugins.
This problem does no longer exist.
Please consider applying the following patch:
--- debian/rules.old 2017-06-24 11:54:15.000000000 +0000
+++ debian/rules 2017-06-24 11:54:21.000000000 +0000
@@ -4,7 +4,7 @@
# enable Debian Hardening
# see: https://wiki.debian.org/Hardening
-export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/buildflags.mk
More information about the pkg-mysql-maint
mailing list