Source: grass Version: 7.2.0-1 Severity: normal Tags: patch With gcc in stretch defaulting to PIE, hardening=+all,-pie changed semantics from "enable hardening but not PIE" to "enable all hardening and explicitely disable the default PIE". The latter is usually not intended.
The -pie in hardening flags was in some cases required in pre-stretch releases to avoid build failures caused by (incorrectly) passing -fPIE to the compiler when building shared libraries or plugins. This problem does no longer exist, and grass builds with my patch. Please consider applying the following patch: --- debian/rules.old 2017-04-02 20:40:04.000000000 +0000 +++ debian/rules 2017-04-02 20:40:18.000000000 +0000 @@ -3,9 +3,8 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 -# Enable hardening build flags, except: -# pie: causes build failure -export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie +# Enable hardening build flags: +export DEB_BUILD_MAINT_OPTIONS=hardening=+all VERSION=$(shell echo `head -2 $(CURDIR)/include/VERSION` | sed -e 's/ //') ABI=$(shell echo `head -3 $(CURDIR)/include/VERSION` | sed -e 's/ //g' -e 's/RC/-/')
