Bug#859440: opencv shouldn't disable PIE
Adrian Bunk
bunk at debian.org
Mon Apr 3 14:46:12 UTC 2017
Source: opencv
Version: 2.4.9.1+dfsg1-1
Severity: important
Tags: patch
With gcc in stretch defaulting to PIE, hardening=+all,-pie changed
semantics from "enable hardening but not PIE" to "enable all hardening
and explicitely disable the default PIE".
The latter is usually not intended.
For packages like opencv that include static libraries the situation
is even worse, since non-PIE static libraries cannot be used with
the stretch gcc unless -no-pie is explicitly passed when linking.
The -pie in hardening flags was in some cases required in pre-stretch
releases to avoid build failures caused by (incorrectly) passing -fPIE
to the compiler when building shared libraries or plugins.
This problem does no longer exist.
Please apply the following patch:
--- debian/rules.old 2017-04-03 13:15:35.000000000 +0000
+++ debian/rules 2017-04-03 13:15:43.000000000 +0000
@@ -1,6 +1,6 @@
#!/usr/bin/make -f
-export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie,+fortify
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all,+fortify
DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH)
DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
More information about the debian-science-maintainers
mailing list