Dpkg::Vendor::Debian: Switch PIE handling to have no default (!)

Delegate the setting to gcc builtin or an explicit request by a user.
This is needed to cope with the general PIE brokenness situation in
Debian, and the current specific brokenness of a Debian gcc patch
mangling the dpkg build flags.

This is wrong in so many levels, as we'll have discrepancies between
architectures, the interface towards maintainers is inconsistent, and
updating the PIE support needs touching and coordinating two places. But
it's certainly the current lesser evil.

Closes: #848129, #845550

debian/changelog

@@ -17,6 +17,11 @@ dpkg (1.18.23) UNRELEASED; urgency=medium
       Thanks to Nicolas Boulenguez <nicolas@debian.org>.
     - Mark kfreebsd-amd64, kfreebsd-i386, sparc and sparc64 architectures as
       having gcc builtin PIE in Dpkg::Vendor::Debian.
+    - Switch PIE handling in Dpkg::Vendor::Debian to have no default (!) and
+      delegate the setting to gcc or an explicit request by a user. This is
+      needed to cope with the general PIE brokenness situation in Debian, and
+      the current specific brokenness of a Debian gcc patch mangling the dpkg
+      build flags. Closes: #848129, #845550
   * Documentation:
     - Clarify the requirements for deb-conffile(5) pathnames. Closes: #854417
       Proposed by Dieter Adriaenssens <dieter.adriaenssens@gmail.com>.

man/dpkg-buildflags.man

@@ -347,7 +347,7 @@ above). The option cannot become enabled if \fBrelro\fP is not enabled.
 .
 .TP
 .B pie
-This setting (enabled by default since dpkg 1.18.11, and injected by default
+This setting (with no default since dpkg 1.18.23, and injected by default
 by gcc on the amd64, arm64, armel, armhf, i386, kfreebsd-amd64, kfreebsd-i386,
 mips, mipsel, mips64el, ppc64el, s390x, sparc and sparc64 Debian architectures)
 adds the required options via gcc specs files if

scripts/Dpkg/Vendor/Debian.pm

@@ -258,7 +258,9 @@ sub _add_hardening_flags {
 
     # Default feature states.
     my %use_feature = (
-	pie => 1,
+	# XXX: This is set to undef so that we can cope with the brokenness
+	# of gcc managing this feature builtin.
+	pie => undef,
 	stackprotector => 1,
 	stackprotectorstrong => 1,
 	fortify => 1,
@@ -321,7 +323,8 @@ sub _add_hardening_flags {
     }
 
     # PIE
-    if ($use_feature{pie} and not $builtin_feature{pie}) {
+    if (defined $use_feature{pie} and $use_feature{pie} and
+        not $builtin_feature{pie}) {
 	my $flag = "-specs=$Dpkg::DATADIR/pie-compile.specs";
 	$flags->append('CFLAGS', $flag);
 	$flags->append('OBJCFLAGS',  $flag);
@@ -331,7 +334,8 @@ sub _add_hardening_flags {
 	$flags->append('CXXFLAGS', $flag);
 	$flags->append('GCJFLAGS', $flag);
 	$flags->append('LDFLAGS', "-specs=$Dpkg::DATADIR/pie-link.specs");
-    } elsif (not $use_feature{pie} and $builtin_feature{pie}) {
+    } elsif (defined $use_feature{pie} and not $use_feature{pie} and
+             $builtin_feature{pie}) {
 	my $flag = "-specs=$Dpkg::DATADIR/no-pie-compile.specs";
 	$flags->append('CFLAGS', $flag);
 	$flags->append('OBJCFLAGS',  $flag);
@@ -388,6 +392,11 @@ sub _add_hardening_flags {
 	$flags->append('LDFLAGS', '-Wl,-z,now');
     }
 
+    # Set used features to their builtin setting if unset.
+    foreach my $feature (keys %builtin_feature) {
+	$use_feature{$feature} //= $builtin_feature{$feature};
+    }
+
     # Store the feature usage.
     while (my ($feature, $enabled) = each %use_feature) {
 	$flags->set_feature('hardening', $feature, $enabled);