Hi Guillem, gcc-6/6.2.0-7 has just been uploaded with the changed defaults. The list of architectures is a bit different than the one in the attaches patch. The updated list is: amd64 arm64 armel armhf i386 mips mipsel mips64el ppc64el s390x
Cheers, Balint 2016-09-07 0:48 GMT+02:00 Bálint Réczey <[email protected]>: > Hi Guillem, > > I'm rebuilding all packages failed with the original patch and a good share > does compile with the following additional patches. > > I would have preferred only the original patch, but apparently this is > our best chance for enabling PIE for the archive. > > I'll start filing bugs for for the packages still failing to build. > > Cheers, > Balint > > 2016-09-04 3:03 GMT+02:00 Balint Reczey <[email protected]>: >> Hi Guillem, >> >> Many packages fail to build due to gcc ... -shared -no-pie ... failing. >> I have reported the issue to GCC but they don't seem to fix that: >> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77464 >> >> The proposed workarounds don't seem to be viable in Debian thus I >> propose making the -pie dpkg hardening flag a noop instead of passing >> -no-pie and friends as compiler/ flags like in the proposed patch. >> This is not symmetric but consistent with Ubuntu's way of enabling PIE. >> >> What do you think? >> >> Cheers, >> Balint >> >> On Tue, 23 Aug 2016 00:29:00 +0200 Balint Reczey >> <[email protected]> wrote: >>> Package: dpkg >>> Version: 1.18.10 >>> Severity: wishlist >>> Tags: patch moreinfo >>> >>> Dear Guillem, >>> >>> As a continuation of the discussions [1][2] on debian-devel I'm >>> attaching the simple patch that changes dpkg's pie hardening flag >>> to adapt to GCC's new default settings proposed in #835148. >>> >>> I'm continuing with the rebuild/autopkgtest tests according to >>> the Dpkg FAQ, hence the moreinfo tag. >>> >>> Cheers, >>> Balint >>> >>> [1] https://lists.debian.org/debian-devel/2016/05/msg00228.html >>> [2] https://lists.debian.org/debian-devel/2016/08/msg00324.html >>>
