Source: choreonoid Version: 1.5.0+dfsg-0.1 Severity: normal Tags: patch With gcc in stretch defaulting to PIE, hardening=+all,-pie changed semantics from "enable hardening but not PIE" to "enable all hardening and explicitely disable the default PIE". The latter is usually not intended.
The -pie in hardening flags was in some cases required in pre-stretch releases to avoid build failures caused by (incorrectly) passing -fPIE to the compiler when building shared libraries or plugins. This problem does no longer exist. Please consider applying the following change: --- debian/rules.old 2017-04-02 18:35:57.000000000 +0000 +++ debian/rules 2017-04-02 18:36:10.000000000 +0000 @@ -2,7 +2,7 @@ # -*- makefile -*- # Hardening. -export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie,+fortify +export DEB_BUILD_MAINT_OPTIONS=hardening=+all,+fortify CPPFLAGS:=$(shell dpkg-buildflags --get CPPFLAGS) CFLAGS:=$(shell dpkg-buildflags --get CFLAGS) -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss