Source: epiphany
Version: 0.7.0+0-3
Severity: normal
Tags: patch
With gcc in stretch defaulting to PIE, hardening=+all,-pie changed
semantics from "enable hardening but not PIE" to "enable all hardening
and explicitely disable the default PIE".
The latter is usually not intended.
The -pie in hardening flags was in some cases required in pre-stretch
releases to avoid build failures caused by (incorrectly) passing -fPIE
to the compiler when building shared libraries or plugins.
This problem does no longer exist.
Please consider applying the following change:
--- debian/rules.old 2017-04-02 19:07:31.000000000 +0000
+++ debian/rules 2017-04-02 19:07:35.000000000 +0000
@@ -3,7 +3,7 @@
TOP := $(shell pwd)
UPSTREAM_VERSION := $(shell /bin/bash ${TOP}/debian/get-ups-ver.sh ${TOP})
-export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
%:
dh $@ --with autoreconf
