Dpkg::Vendor::Debian: Switch PIE handling to have no default (!)

Delegate the setting to gcc builtin or an explicit request by a user.
This is needed to cope with the general PIE brokenness situation in
Debian, and the current specific brokenness of a Debian gcc patch
mangling the dpkg build flags.

This is wrong in so many levels, as we'll have discrepancies between
architectures, the interface towards maintainers is inconsistent, and
updating the PIE support needs touching and coordinating two places. But
it's certainly the current lesser evil.

Closes: #848129, #845550

3 files changed, 18 insertions, 4 deletions

diff --git a/debian/changelog b/debian/changelog
index ec8551d27..3c98ade18 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,11 @@ dpkg (1.18.23) UNRELEASED; urgency=medium
       Thanks to Nicolas Boulenguez <nicolas@debian.org>.
     - Mark kfreebsd-amd64, kfreebsd-i386, sparc and sparc64 architectures as
       having gcc builtin PIE in Dpkg::Vendor::Debian.
+    - Switch PIE handling in Dpkg::Vendor::Debian to have no default (!) and
+      delegate the setting to gcc or an explicit request by a user. This is
+      needed to cope with the general PIE brokenness situation in Debian, and
+      the current specific brokenness of a Debian gcc patch mangling the dpkg
+      build flags. Closes: #848129, #845550
   * Documentation:
     - Clarify the requirements for deb-conffile(5) pathnames. Closes: #854417
       Proposed by Dieter Adriaenssens <dieter.adriaenssens@gmail.com>.
diff --git a/man/dpkg-buildflags.man b/man/dpkg-buildflags.man
index e5ec7f7a9..60f67a5ce 100644
--- a/man/dpkg-buildflags.man
+++ b/man/dpkg-buildflags.man
@@ -347,7 +347,7 @@ above). The option cannot become enabled if \fBrelro\fP is not enabled.
 .
 .TP
 .B pie
-This setting (enabled by default since dpkg 1.18.11, and injected by default
+This setting (with no default since dpkg 1.18.23, and injected by default
 by gcc on the amd64, arm64, armel, armhf, i386, kfreebsd-amd64, kfreebsd-i386,
 mips, mipsel, mips64el, ppc64el, s390x, sparc and sparc64 Debian architectures)
 adds the required options via gcc specs files if
diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm
index 1ddd6f7fb..091ec42ad 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -258,7 +258,9 @@ sub _add_hardening_flags {
 
     # Default feature states.
     my %use_feature = (
-	pie => 1,
+	# XXX: This is set to undef so that we can cope with the brokenness
+	# of gcc managing this feature builtin.
+	pie => undef,
 	stackprotector => 1,
 	stackprotectorstrong => 1,
 	fortify => 1,
@@ -321,7 +323,8 @@ sub _add_hardening_flags {
     }
 
     # PIE
-    if ($use_feature{pie} and not $builtin_feature{pie}) {
+    if (defined $use_feature{pie} and $use_feature{pie} and
+        not $builtin_feature{pie}) {
 	my $flag = "-specs=$Dpkg::DATADIR/pie-compile.specs";
 	$flags->append('CFLAGS', $flag);
 	$flags->append('OBJCFLAGS',  $flag);
@@ -331,7 +334,8 @@ sub _add_hardening_flags {
 	$flags->append('CXXFLAGS', $flag);
 	$flags->append('GCJFLAGS', $flag);
 	$flags->append('LDFLAGS', "-specs=$Dpkg::DATADIR/pie-link.specs");
-    } elsif (not $use_feature{pie} and $builtin_feature{pie}) {
+    } elsif (defined $use_feature{pie} and not $use_feature{pie} and
+             $builtin_feature{pie}) {
 	my $flag = "-specs=$Dpkg::DATADIR/no-pie-compile.specs";
 	$flags->append('CFLAGS', $flag);
 	$flags->append('OBJCFLAGS',  $flag);
@@ -388,6 +392,11 @@ sub _add_hardening_flags {
 	$flags->append('LDFLAGS', '-Wl,-z,now');
     }
 
+    # Set used features to their builtin setting if unset.
+    foreach my $feature (keys %builtin_feature) {
+	$use_feature{$feature} //= $builtin_feature{$feature};
+    }
+
     # Store the feature usage.
     while (my ($feature, $enabled) = each %use_feature) {
 	$flags->set_feature('hardening', $feature, $enabled);