Bug#921136: lintian: hardening-no-fortify-functions possible false positive

2019-10-29 Thread Olly Betts
On Tue, Oct 29, 2019 at 11:05:02PM -0400, Scott Talbert wrote: > On Wed, 30 Oct 2019, Olly Betts wrote: > > > The same issue applies to memcpy() which is why it's deliberately from > > lintian's list: > > > > https://sources.debian.org/src/lintian/2.31.0/data/binaries/hardened-functions/?hl=6#L6

Bug#921136: lintian: hardening-no-fortify-functions possible false positive

2019-10-29 Thread Scott Talbert
On Wed, 30 Oct 2019, Olly Betts wrote: The same issue applies to memcpy() which is why it's deliberately from lintian's list: https://sources.debian.org/src/lintian/2.31.0/data/binaries/hardened-functions/?hl=6#L6 Presumably wmemcpy() is simply much less widely used than memcpy(), and that's

Bug#921136: lintian: hardening-no-fortify-functions possible false positive

2019-10-29 Thread Olly Betts
Control: tags -1 -moreinfo On Sat, Feb 16, 2019 at 12:26:36AM +0100, Chris Lamb wrote: > I will thus leave this bug as "moreinfo" awaiting input from others. What's presumably happening here is that the size of the destination buffer and size of the copy are known, so it's clear at compile time

Bug#921136: lintian: hardening-no-fortify-functions possible false positive

2019-02-15 Thread Chris Lamb
Hi Scott, > I really don't understand C++ templates very well, but grepping around > the system includes directory, I have a hunch this might be the wmemcpy in > question: > https://github.com/gcc-mirror/gcc/blob/master/libstdc%2B%2B-v3/include/bits/char_traits.h#L477 Looks plausible... Alas,

Bug#921136: lintian: hardening-no-fortify-functions possible false positive

2019-02-13 Thread Scott Talbert
On Wed, 13 Feb 2019, Chris Lamb wrote: I can confirm this. Yes, it does look like these are some sort of auto-generated C++ function. However, is there any reason why these should not be subject to hardening too? If they should, then either we are missing some kind of compiler/linker flag or

Bug#921136: lintian: hardening-no-fortify-functions possible false positive

2019-02-13 Thread Chris Lamb
tags 921136 + moreinfo thanks Hi Scott, > I added some debug to binaries.pm and I determined that it is only finding > wmemcpy function as not being hardened. I can confirm this. Yes, it does look like these are some sort of auto-generated C++ function. However, is there any reason why these

Bug#921136: lintian: hardening-no-fortify-functions possible false positive

2019-02-01 Thread Scott Talbert
Package: lintian Version: 2.5.124 Severity: normal Dear Maintainer, I'm trying to figure out why my package (wxpython4.0) is getting flagged for hardening-no-fortify-functions even though I have export DEB_BUILD_MAINT_OPTIONS = hardening=+all in my debian/rules and I can see the