Control: tags -1 patch Hi Hilko,
On Sun, 11 Sep 2016 17:27:47 +0200 Balint Reczey <bal...@balintreczey.hu> wrote: > Source: binpac > Version: 0.44-1 > Severity: important > User: bal...@balintreczey.hu > Usertags: pie-bindnow-20160906 > Justification: makes bro FTBFS on amd64 with extra hardening > Affects: bro > > Dear Maintainers, > > During a rebuild of all packages in sid, dicomnifti failed to build on > amd64 with patched GCC and dpkg. The root cause seems to be that > libbinpac.a is shipped as a non-PIC library. > > The rebuild tested if packages are ready for a transition > enabling PIE and bindnow for amd64. > > For more information about the changes to sid's dpkg and GCC please > visit: > https://wiki.debian.org/Hardening/PIEByDefaultTransition I have pushed the attached patch to the packaging repository. It would be nice if you could update the package in the not too distant future including the patch. Cheers, Balint
>From e3a387e46da03d64f1970aa008e8230d005a8274 Mon Sep 17 00:00:00 2001 From: Balint Reczey <bal...@balintreczey.hu> Date: Thu, 29 Sep 2016 15:07:17 +0200 Subject: [PATCH] Build PIC binaries Closes: 837434 --- debian/README.Debian | 8 ++++++++ debian/rules | 2 ++ 2 files changed, 10 insertions(+) create mode 100644 debian/README.Debian diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..21d0d91 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,8 @@ +This package ships only static libraries and they are compiled with -fPIC +to let reverse dependencies use the static libraries as part of shared +libraries and PIE binaries. + +The exception is discussed in this thread: + https://lists.debian.org/debian-devel/2016/09/msg00277.html + + -- Balint Reczey <bal...@balintreczey.hu>, Thu, 29 Sep 2016 15:11:58 +0200 diff --git a/debian/rules b/debian/rules index a40ddca..1597820 100755 --- a/debian/rules +++ b/debian/rules @@ -1,6 +1,8 @@ #!/usr/bin/make -f #DH_VERBOSE = 1 +export DEB_CXXFLAGS_MAINT_APPEND = -fPIC + DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/default.mk -- 2.1.4
