From 1c9c14700a9f3f3c6aea2c34afca7f7fb7c66358 Mon Sep 17 00:00:00 2001
From: Emanuele Aina <emanuele.aina@collabora.com>
Date: Tue, 29 Jun 2021 10:49:10 +0200
Subject: [PATCH] v2021.1: Mention enabling PIE by default in release notes

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>
---
 content/release/v2021.1/releasenotes.md | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/content/release/v2021.1/releasenotes.md b/content/release/v2021.1/releasenotes.md
index 138c64c8f..0067f5550 100644
--- a/content/release/v2021.1/releasenotes.md
+++ b/content/release/v2021.1/releasenotes.md
@@ -78,10 +78,28 @@ small changes are appropriate for this release stream.
 This release includes the security updates from Debian Buster and the latest
 LTS Linux kernel on the 5.10.x series.
 
-## Deprecations and ABI/API breaks
+## Deprecations
 
-Being a point release, no new deprecations or ABI breaks are part of
-this release
+No new deprecations or ABI breaks are part of this release.
+
+## ABI/API breaks
+
+### Position Independent Executables are now the default in GCC
+
+During a security audit it was found that due to a limitation in the upstream
+Debian packaging rules in the `gcc` package the default was not to produce
+Position Independent Executables (PIE).
+
+With this release the default has been tweaked to ensure
+that the address space layout randomization (ASLR) technique can be effective
+in mitigating attacks.
+
+This is a pretty safe change, but may still cause unintended effects: affected
+packages can opt-out using `export DEB_BUILD_MAINT_OPTIONS=hardening=-pie` in
+their `debian/rules`.
+
+The archive has not been re-built yet to apply new default to all the binary
+packages, with the rebuild being scheduled for the v2021.2 release.
 
 ## Infrastructure
 
-- 
GitLab