On 2013-05-23 09:18, Russ Allbery wrote: > Package: lintian > Version: 2.5.11 > Severity: normal >
Hi, Assuming you were using 2.5.11 for test, you may want to retry with 2.5.12. The latter did another false-positive -> false-negative trade-off (memset and memmove). > I'm getting these for a few different packages. Not sure if they're > related, but I took a moment to track this one down. In the new > xml-security-c 1.7.0-1, I get: > > W: xml-security-c-utils: hardening-no-fortify-functions usr/bin/xmlsec-xklient > > but the relevant build lines are: > > [...] > > so all the appropriate flags should be there. > > hardening-check of course has the same issue: > > % hardening-check xmlsec-xklient > xmlsec-xklient: > [...] > > I get the same thing from libkopenafs1: > > % hardening-check /usr/lib/libkopenafs.so > /usr/lib/libkopenafs.so: > [...] > > even though it's built with hardening-wrappers, although I wasn't as sure > with it since it incorporates some assembly and I wasn't sure if that > would confuse the check. Note that libkopenafs1 hardly calls anything in > libc: > > [...] > so I'm not sure what hardening-check has to complain about. > > [...] Try running hardening-check with --verbose, this will make hardening-check list all the "protectable" functions that appear in the binary. Example: """ $ hardening-check --verbose /bin/ls /bin/ls: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) unprotected: mempcpy [...] protected: mempcpy [...] Read-only relocations: yes Immediate binding: no, not found! """ As long as there is at least 1 protected function or no unprotected ones, Lintian should consider it "hardened". ~Niels -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org