[Pkg-postgresql-public] Bug#687208: Bug#687208: postgresql-9.1: pg_config --cflags includes -pie

Martin Pitt mpitt at debian.org
Tue Sep 11 04:12:59 UTC 2012 

tag 687208 wontfix
thanks

Hello Julian,

Julian Taylor [2012-09-10 22:34 +0200]:
> Package: postgresql-9.1
> Version: 9.1.5-2
> Severity: serious
> Justification: breaks packages in wheezy
> 
> pg_config --cflags in in 9.1.5-2 includes the -pie flag.

Yes, quite deliberately -- PIE was accidentally dropped in 9.1.3-2,
but now re-enabled.

> This flag causes issues in packages using pg_config to build libraries
> and due to performance issues it may also be unwanted in non-library builds.

Err, that's wrong I'm afraid. pg_config is not pkg-config, you are not
supposed to use pg_config --cflags for building libraries. It's ok to
use it to build server-side extensions.

For a library linking to libpq, I recommend to use 
"pg_config --includedir" for CFLAGS. For formality's sake you can use
"pg_config --libdir" for LDFLAGS, but as it's just a standard library
it's in /usr/lib that won't actually do anything.

> pg_config --cflags
> -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
> -Werror=format-security -fPIC -pie -Wall -Wmissing-prototypes
> -Wpointer-arith -Wdeclaration-after-statement -Wendif-labels
> -Wformat-security -fno-strict-aliasing -fwrapv
> -fexcess-precision=standard -g
> 
> the version in wheezy does not include the flag.

"man pg_config" says

      --cflags
           Print the value of the CFLAGS variable that was used for building PostgreSQL. This shows C
           compiler switches.

As psql is again built with -pie, as it was in the past, it ought to
be there. The version in wheezy is accidentally not built with
hardening (including PIE), which is a bug which needs to be fixed in
Wheezy.

Can we fix uwsgi to drop "pg_config --cflags"? This is really not what
you want for a third-party build system, it's just information about
postgresql itself.

Thanks!

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20120911/2d90cc30/attachment.pgp>

More information about the Pkg-postgresql-public mailing list