desktop-packages team mailing list archive

Thread
Date

[Bug 1496548] Re: evince no longer built with -PIE

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Sebastien Bacher <seb128@xxxxxxxxxx>
Date: Tue, 27 Oct 2015 08:11:04 -0000
Reply-to: Bug 1496548 <1496548@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: evince (Ubuntu)
   Importance: Undecided => High

** Changed in: evince (Ubuntu)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1496548

Title:
  evince no longer built with -PIE

Status in evince package in Ubuntu:
  In Progress

Bug description:
  It seems that evince is no longer built with -PIE in 15.04:

  $ hardening-check /usr/bin/evince
  /usr/bin/evince:
   Position Independent Executable: no, normal executable!
   Stack protected: yes
   Fortify Source functions: no, only unprotected functions found!
   Read-only relocations: yes
   Immediate binding: no, not found!

  From 14.04:

  $ hardening-check /usr/bin/evince
  /usr/bin/evince:
   Position Independent Executable: yes
   Stack protected: yes
   Fortify Source functions: no, only unprotected functions found!
   Read-only relocations: yes
   Immediate binding: yes

  evince is a targeted package for 'Built as PIE' here:

  https://wiki.ubuntu.com/Security/Features#Built_as_PIE

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1496548/+subscriptions

References

[Bug 1496548] [NEW] evince no longer built with -PIE
From: st0ve, 2015-09-16