Hi, dpkg-buildflags will soon start using -fstack-protector-strong instead of -fstack-protector as the compiler flag used to enable stack protection. The new flag is a new feature introduced in GCC 4.9, more information is available here:
https://lwn.net/Articles/584225/ http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong/ https://fedorahosted.org/fesco/ticket/1128 There was a previous discussion about this on the dpkg mailing list, see: https://lists.debian.org/debian-dpkg/2014/06/msg00031.html In preparation of this switch David Suárez did a full archive rebuild on EC2, the results of which are detailed in the post linked above. In summary, the bulk of the failures is for packages that explicitly use an older GCC version, which doesn't understand -fstack-protector-strong. If your package is affected, you will need to filter out the new flag and re-add the old one, or disable stack protection entirely (which is the least preferred option). See dpkg-buildflags(1) for details on how to do this. Also, if your package uses hardening-wrapper or hardening-includes, now would be a good time to switch to dpkg-buildflags. Finally, please note that this new flag will not be used on m68k, or1k, powerpcspe, sh4, and x32. The stack protector itself is currently disabled on ia64, alpha, mips, mipsel, hppa, and arm64. If you have any concerns or comments about this, please voice them now. Thanks, -- Romain Francoise <rfranco...@debian.org> http://people.debian.org/~rfrancoise/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87oaxhggd4....@kima.orebokech.com
