Comment 27 for bug 1266492

Unfortunately, the workaround prescribed, adding hardening-wrapper as a build dependency doesn't always work, and it's not clear why it does work occasionally. First, in order for hardened-cc to do anything at all, DEB_BUILD_HARDENING needs to be set, and second, if it detects '-static' or other position independent executable incompatible arguments, it only prevents itself from adding -pie; it does not filter it out from the command line if it's already there. In these cases, -pie is already present, having been added via DEB_BUILD_MAINT_OPTIONS or some other way in the debian/rules file.

The most proper way that I can see to address this would be to rely on the default dpkg-buildflags to get the basic level of protections. Then to get all the protections, build depend on hardening-wrapper and export DEB_BUILD_HARDENING=1 in debian/rules. I've attached a debdiff that I've verified builds on all available architectures for ureadahead, since that package is also hitting this issue.

The least invasive workaround would be to export MALLOC_CHECK=2 at build time (i.e. in debian/rules), as this causes glibc to abort without attempting to produce a backtrace when it detects internal malloc corruption. This unfortunately still leaves configure believing that 'gcc -static' doesn't work, but it at least causes builds not to hang.