Source: gnuplot
Version: 5.0.5+dfsg1-5
Severity: important
Tags: patch
With gcc in stretch defaulting to PIE, hardening=+all,-pie changed
semantics from "enable hardening but not PIE" to "enable all hardening
and explicitely disable the default PIE".
The latter is usually not intended.
For packages like gnuplot that include static libraries the situation
is even worse, since non-PIE static libraries cannot be used with
the stretch gcc unless -no-pie is explicitly passed when linking.
Note that this patch does not change the addition of -fPIC
to DEB_CXXFLAGS_MAINT_APPEND for Qt, it only changes the
default when no PIE/PIC related flags are passed from
non-PIE/PIC to PIE.
Please apply the following change:
--- debian/rules.old 2017-04-02 20:15:34.000000000 +0000
+++ debian/rules 2017-04-02 20:15:46.000000000 +0000
@@ -3,7 +3,7 @@
%:
dh $@ --parallel
-export DEB_BUILD_MAINT_OPTIONS := hardening=+all,-pie
+export DEB_BUILD_MAINT_OPTIONS := hardening=+all
export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
# Tell compiler where should find lua headers
