Source: cpputest Version: 3.8-3 Severity: important User: bal...@balintreczey.hu Usertags: pie-bindnow-20160906 Justification: makes other packages FTBFS with extra hardening Tags: patch Affects: bzflag
Dear Maintainers, During a rebuild of all packages in sid, other packages failed to build on amd64 with patched GCC and dpkg. The root cause seems to be that libCppUTest.a is shipped as a non-PIC library. The rebuild tested if packages are ready for a transition enabling PIE and bindnow for amd64. For more information about the changes to sid's dpkg and GCC please visit: https://wiki.debian.org/Hardening/PIEByDefaultTransition Relevant part of bzflag's build log: ... /bin/bash ../libtool --silent --tag=CXX --silent --mode=link g++ -lCppUTest -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -o unittests unittests-tests.o unittests-bans.o unittests-AccessControlList.o ../src/common/libCommon.la -lc -lm -lpthread /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libCppUTest.a(lib_libCppUTest_a-CommandLineTestRunner.o): relocation R_X86_64_32S against symbol `_ZTV21CommandLineTestRunner' can not be used when making a shared object; recompile with -fPIC ... The full build log is available from: https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/bzflag_2.4.6-1_amd64.build.gz Thanks, Balint
