Bug#859368: gdal shouldn't disable PIE
On Sun, Apr 02, 2017 at 10:40:18PM +0200, Sebastiaan Couwenberg wrote: > On 04/02/2017 10:15 PM, Adrian Bunk wrote: > > The -pie in hardening flags was in some cases required in pre-stretch > > releases to avoid build failures caused by (incorrectly) passing -fPIE > > to the compiler when building shared libraries or plugins. > > This problem does no longer exist. > > > > Please apply the following change: > > Only if it no longer breaks the Python bindings. > > I'm a little short on time, so I'm tempted to move this to post-stretch. If the Python bindings breakage was a FTBFS, then it was exactly the problem I described. And I verified that gdal builds with my change before sending the bug. > Kind Regards, > > Bas cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel
Bug#859368: gdal shouldn't disable PIE
On 04/02/2017 10:15 PM, Adrian Bunk wrote: > The -pie in hardening flags was in some cases required in pre-stretch > releases to avoid build failures caused by (incorrectly) passing -fPIE > to the compiler when building shared libraries or plugins. > This problem does no longer exist. > > Please apply the following change: Only if it no longer breaks the Python bindings. I'm a little short on time, so I'm tempted to move this to post-stretch. Kind Regards, Bas -- GPG Key ID: 4096R/6750F10AE88D4AF1 Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1 ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel
Bug#859368: gdal shouldn't disable PIE
Source: gdal Version: 2.1.2+dfsg-3 Severity: important Tags: patch With gcc in stretch defaulting to PIE, hardening=+all,-pie changed semantics from "enable hardening but not PIE" to "enable all hardening and explicitely disable the default PIE". The latter is usually not intended. For packages like gdal that include static libraries the situation is even worse, since non-PIE static libraries cannot be used with the stretch gcc unless -no-pie is explicitly passed when linking. The -pie in hardening flags was in some cases required in pre-stretch releases to avoid build failures caused by (incorrectly) passing -fPIE to the compiler when building shared libraries or plugins. This problem does no longer exist. Please apply the following change: --- debian/rules.old2017-04-02 19:23:02.0 + +++ debian/rules2017-04-02 19:23:08.0 + @@ -9,7 +9,7 @@ #export DH_VERBOSE=1 # Enable hardening build flags -export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie +export DEB_BUILD_MAINT_OPTIONS=hardening=+all UPSTREAM_VERSION = $(shell dpkg-parsechangelog | sed -ne 's/^Version: \(.*\)-.*/\1/p' | sed -e 's/\+.*//; s/^[0-9]://') ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel