Hi Guillem, Many packages fail to build due to gcc ... -shared -no-pie ... failing. I have reported the issue to GCC but they don't seem to fix that: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77464
The proposed workarounds don't seem to be viable in Debian thus I propose making the -pie dpkg hardening flag a noop instead of passing -no-pie and friends as compiler/ flags like in the proposed patch. This is not symmetric but consistent with Ubuntu's way of enabling PIE. What do you think? Cheers, Balint On Tue, 23 Aug 2016 00:29:00 +0200 Balint Reczey <bal...@balintreczey.hu> wrote: > Package: dpkg > Version: 1.18.10 > Severity: wishlist > Tags: patch moreinfo > > Dear Guillem, > > As a continuation of the discussions [1][2] on debian-devel I'm > attaching the simple patch that changes dpkg's pie hardening flag > to adapt to GCC's new default settings proposed in #835148. > > I'm continuing with the rebuild/autopkgtest tests according to > the Dpkg FAQ, hence the moreinfo tag. > > Cheers, > Balint > > [1] https://lists.debian.org/debian-devel/2016/05/msg00228.html > [2] https://lists.debian.org/debian-devel/2016/08/msg00324.html >
