Hi, On 01/18/2013 12:51 PM, Niels Thykier wrote: > On 2012-08-19 13:47, Roland Stigge wrote: >> Package: lintian >> Version: 2.5.10.1 >> Severity: normal >> >> Hi, >> >> consider the following (guitarix 0.24.0-1 is in experimental): >> >> $ lintian -i guitarix_0.24.0-1_i386.changes >> [...] >> >> I already sorted out similar issues with upstream to correctly pass the >> correct >> dpkg-buildflags to the build. But the above is still present, even though it >> looks like everything (especially CPPFLAGS) is passed correctly. >> >> See also the build log at >> https://buildd.debian.org/status/fetch.php?pkg=guitarix&arch=amd64&ver=0.24.0-1&stamp=1345247045 >> >> Maybe this is a false positive? >> >> Thanks in advance, >> >> Roland >> [...] > > Hi, > > It is quite likely to be a false-positive, but Lintian does not have > enough information to deduce that. > Can you please run hardening-check --verbose on those binaries and > give return the result.
All reported files basically do like this: $ hardening-check --verbose ./debian/guitarix/usr/lib/ladspa/guitarix.so ./debian/guitarix/usr/lib/ladspa/guitarix.so: Position Independent Executable: no, regular shared library (ignored) Stack protected: no, not found! Fortify Source functions: no, only unprotected functions found! unprotected: memset unprotected: memmove Read-only relocations: yes Immediate binding: no, not found! $ What would you suggest here? Thanks in advance, Roland -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org