Bug#859424: marked as done (mapnik shouldn't disable PIE)
Your message dated Mon, 03 Apr 2017 15:35:30 + with message-idand subject line Bug#859424: fixed in mapnik 3.0.13+ds-1~exp2 has caused the Debian Bug report #859424, regarding mapnik shouldn't disable PIE to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859424 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: mapnik Version: 3.0.12+ds-2 Severity: important Tags: patch With gcc in stretch defaulting to PIE, hardening=+all,-pie changed semantics from "enable hardening but not PIE" to "enable all hardening and explicitely disable the default PIE". The latter is usually not intended. For packages like mapnik that include static libraries the situation is even worse, since non-PIE static libraries cannot be used with the stretch gcc unless -no-pie is explicitly passed when linking. The -pie in hardening flags was in some cases required in pre-stretch releases to avoid build failures caused by (incorrectly) passing -fPIE to the compiler when building shared libraries or plugins. This problem does no longer exist. I verified that python-mapnik still builds after this change. Please apply the following patch: --- debian/rules.old2017-04-03 11:04:40.0 + +++ debian/rules2017-04-03 11:04:53.0 + @@ -4,9 +4,8 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 -# Enable hardening build flags, except: -# pie: causes python-mapnik build failure -export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie +# Enable hardening build flags: +export DEB_BUILD_MAINT_OPTIONS=hardening=+all NJOBS := -j1 ifneq (,$(filter parallel=%,$(subst $(COMMA), ,$(DEB_BUILD_OPTIONS --- End Message --- --- Begin Message --- Source: mapnik Source-Version: 3.0.13+ds-1~exp2 We believe that the bug you reported is fixed in the latest version of mapnik, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 859...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bas Couwenberg (supplier of updated mapnik package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 03 Apr 2017 15:36:12 +0200 Source: mapnik Binary: libmapnik3.0 libmapnik-dev mapnik-utils mapnik-doc Architecture: source amd64 all Version: 3.0.13+ds-1~exp2 Distribution: experimental Urgency: medium Maintainer: Debian GIS Project Changed-By: Bas Couwenberg Description: libmapnik-dev - C++ toolkit for developing GIS applications (devel) libmapnik3.0 - C++ toolkit for developing GIS applications (libraries) mapnik-doc - C++ toolkit for developing GIS applications (doc) mapnik-utils - C++ toolkit for developing GIS applications (utilities) Closes: 859424 Changes: mapnik (3.0.13+ds-1~exp2) experimental; urgency=medium . * Merge changes from mapnik (3.0.12+ds-3). (closes: #859424) * Drop unused lintian overrides for hardening-no-pie. Checksums-Sha1: 2d5c6f22a996fdb7c6171ccb44660a7ea367817e 3022 mapnik_3.0.13+ds-1~exp2.dsc 7ac6103bbfcebfe9bec7cc55ac235e2eeb7285c7 16612 mapnik_3.0.13+ds-1~exp2.debian.tar.xz 80c5802ded8cbb1f9b97dbae89af2ac75962bf95 668034 libmapnik-dev_3.0.13+ds-1~exp2_amd64.deb 4630c6d7ab7ac1bbd7b3cb4dd88097680a1b0cc2 2165282 libmapnik3.0_3.0.13+ds-1~exp2_amd64.deb dff5b167a0d9c51723b0bf32a6475b3397c121b9 2137372 mapnik-doc_3.0.13+ds-1~exp2_all.deb 9f004745a320d06a6fc74449f7606be40bc0d958 223636 mapnik-utils_3.0.13+ds-1~exp2_amd64.deb a78fc1e6631d0e9922ed8ec3f3202aeb85dfab9a 13372 mapnik_3.0.13+ds-1~exp2_amd64.buildinfo Checksums-Sha256: 12bda52cb3dd7bca62633bc3f5fffcf64e6ef59032cd38f6d283a89b5bad43a3 3022 mapnik_3.0.13+ds-1~exp2.dsc 771e642d71c3c99f8b255e6c6d40f63c5f6cb0b7047d2a2e6f6357d55f112109 16612 mapnik_3.0.13+ds-1~exp2.debian.tar.xz 7f283918a37088e118f0f9be1fd1fec653e1ea68361f5460715e297f1af21826 668034 libmapnik-dev_3.0.13+ds-1~exp2_amd64.deb 7df5d28ca7f5a16c5b996ccf9f44f6ba9a82568ead82a511fbc19089647c6300 2165282 libmapnik3.0_3.0.13+ds-1~exp2_amd64.deb
Bug#859424: marked as done (mapnik shouldn't disable PIE)
Your message dated Mon, 03 Apr 2017 13:50:26 + with message-idand subject line Bug#859424: fixed in mapnik 3.0.12+ds-3 has caused the Debian Bug report #859424, regarding mapnik shouldn't disable PIE to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859424 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: mapnik Version: 3.0.12+ds-2 Severity: important Tags: patch With gcc in stretch defaulting to PIE, hardening=+all,-pie changed semantics from "enable hardening but not PIE" to "enable all hardening and explicitely disable the default PIE". The latter is usually not intended. For packages like mapnik that include static libraries the situation is even worse, since non-PIE static libraries cannot be used with the stretch gcc unless -no-pie is explicitly passed when linking. The -pie in hardening flags was in some cases required in pre-stretch releases to avoid build failures caused by (incorrectly) passing -fPIE to the compiler when building shared libraries or plugins. This problem does no longer exist. I verified that python-mapnik still builds after this change. Please apply the following patch: --- debian/rules.old2017-04-03 11:04:40.0 + +++ debian/rules2017-04-03 11:04:53.0 + @@ -4,9 +4,8 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 -# Enable hardening build flags, except: -# pie: causes python-mapnik build failure -export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie +# Enable hardening build flags: +export DEB_BUILD_MAINT_OPTIONS=hardening=+all NJOBS := -j1 ifneq (,$(filter parallel=%,$(subst $(COMMA), ,$(DEB_BUILD_OPTIONS --- End Message --- --- Begin Message --- Source: mapnik Source-Version: 3.0.12+ds-3 We believe that the bug you reported is fixed in the latest version of mapnik, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 859...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bas Couwenberg (supplier of updated mapnik package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 03 Apr 2017 14:47:38 +0200 Source: mapnik Binary: libmapnik3.0 libmapnik-dev mapnik-utils mapnik-doc Architecture: source amd64 all Version: 3.0.12+ds-3 Distribution: unstable Urgency: medium Maintainer: Debian GIS Project Changed-By: Bas Couwenberg Description: libmapnik-dev - C++ toolkit for developing GIS applications (devel) libmapnik3.0 - C++ toolkit for developing GIS applications (libraries) mapnik-doc - C++ toolkit for developing GIS applications (doc) mapnik-utils - C++ toolkit for developing GIS applications (utilities) Closes: 859424 Changes: mapnik (3.0.12+ds-3) unstable; urgency=medium . * Update branch in gbp.conf & Vcs-Git URL. * Enable PIE hardening buildflags. (closes: #859424) Checksums-Sha1: 5ed5044fe26ca1dbaf582e2566c5c999f3e63066 3013 mapnik_3.0.12+ds-3.dsc 193187df79c28a70e94ce9d47ec3a040e1309c46 17404 mapnik_3.0.12+ds-3.debian.tar.xz e8a650aea8245760c5c76dd15f421327f697b589 674258 libmapnik-dev_3.0.12+ds-3_amd64.deb 910dcbe8cdec58f9b1f7e8b7b2704364076ec9c1 2169062 libmapnik3.0_3.0.12+ds-3_amd64.deb 1b6250660cdbe0ee10716288b1506a8392684738 2136812 mapnik-doc_3.0.12+ds-3_all.deb 896761a1b4696994f91d6016799f9c9759c75a3a 228404 mapnik-utils_3.0.12+ds-3_amd64.deb 032e34c321c46ca4578f362a121890914d7b20b4 13292 mapnik_3.0.12+ds-3_amd64.buildinfo Checksums-Sha256: 9cc1865ba12bda09be20f93d7ba0b9748b339ede82bc7b30176ba512377b4034 3013 mapnik_3.0.12+ds-3.dsc 833dd61dd346f2cf16bd99da812c1bd2e28329f3b9a3a6e0b42a012507629f6c 17404 mapnik_3.0.12+ds-3.debian.tar.xz 0ac5ebc480daba557976057ecacf7ac2fd751286596a37af87ac5224a1beb8e4 674258 libmapnik-dev_3.0.12+ds-3_amd64.deb 4382d221b985516d1446a456deea58a9fdcce70fa52e16323513b4a89f336ffa 2169062 libmapnik3.0_3.0.12+ds-3_amd64.deb ca1e0b8e8c0a17b65c9552c44355321f97d45f4cfe35bf673ae0f602dca57337 2136812 mapnik-doc_3.0.12+ds-3_all.deb