evince no longer built with -PIE

Bug #1496548 reported by st0ve on 2015-09-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
evince (Ubuntu)
High
Unassigned

Bug Description

It seems that evince is no longer built with -PIE in 15.04:

$ hardening-check /usr/bin/evince
/usr/bin/evince:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: yes
 Immediate binding: no, not found!

From 14.04:

$ hardening-check /usr/bin/evince
/usr/bin/evince:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: yes
 Immediate binding: yes

evince is a targeted package for 'Built as PIE' here:

https://wiki.ubuntu.com/Security/Features#Built_as_PIE

Changed in evince (Ubuntu):
importance: Undecided → High
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 3.18.1-1ubuntu1

---------------
evince (3.18.1-1ubuntu1) xenial; urgency=medium

  * Resynchronize on Debian including fixed PIE build (lp: #1496548),
    remaining changes
  * debian/apparmor-profile:
  * debian/apparmor-profile.abstraction:
  * debian/evince.apport:
  * debian/evince-common.dirs:
    - Ubuntu apparmor profile
  * debian/control:
    - Build-Depend on dh-apparmor and libgrip-dev
    - Suggests on apparmor
  * debian/patches/git_sidebar_label.patch:
    - show the page label instead of page number (lp: #1506967)
  * debian/patches/traditional_menu_bar.patch:
    - use traditionnal menubars under Unity, updated to show the buttons
      in the window as well as upstream does (less change and clean
      warnings displayed on start before)
  * debian/patches/unity_normal_titlebar.patch:
    - use traditionnal titlebar out of gnome-shell
  * debian/rules:
    - install apparmor and apport files, update translations template

evince (3.18.1-1) unstable; urgency=medium

  [ Andreas Henriksson ]
  * libevview3-3: depend on gstreamer1.0-plugins-base
    - for playbin plugin

  [ Michael Biebl ]
  * New upstream release.
  * Update Depends of libevince-dev as per evince-document-3.0.pc:
    - Bump libgtk-3-dev to (>= 3.16.0)
    - Bump libglib2.0-dev to (>= 2.36.0)

 -- Sebastien Bacher <email address hidden> Tue, 27 Oct 2015 11:00:30 +0100

Changed in evince (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers