Package: iodine Version: 0.6.0~rc1-1 Severity: wishlist iodine and iodined would benefit from being built with hardening, and using hardening-includes it is completely trivial to do so:
diff -Nru iodine-0.6.0~rc1/debian/control iodine-0.6.0~rc1/debian/control --- iodine-0.6.0~rc1/debian/control 2010-07-03 18:42:57.000000000 +0200 +++ iodine-0.6.0~rc1/debian/control 2010-07-14 10:36:11.000000000 +0200 @@ -4,7 +4,7 @@ Maintainer: gregor herrmann <[email protected]> Uploaders: tony mancill <[email protected]> Build-Depends: debhelper (>= 7.0.50), po-debconf, help2man, - zlib1g-dev, check + zlib1g-dev, check, hardening-includes Standards-Version: 3.9.0 Homepage: http://code.kryo.se/iodine Vcs-Svn: http://svn.toastfreeware.priv.at/debian/iodine/trunk/ diff -Nru iodine-0.6.0~rc1/debian/rules iodine-0.6.0~rc1/debian/rules --- iodine-0.6.0~rc1/debian/rules 2010-05-24 14:09:51.000000000 +0200 +++ iodine-0.6.0~rc1/debian/rules 2010-07-14 10:36:00.000000000 +0200 @@ -1,5 +1,10 @@ #!/usr/bin/make -f +include /usr/share/hardening-includes/hardening.make + +export CFLAGS += $(HARDENING_CFLAGS) +export LDFLAGS += $(HARDENING_LDFLAGS) + %: dh $@ In that configuration there are a few warnings that you may wish to investigate further: | common.c: In function 'do_detach': | common.c:211: warning: ignoring return value of 'daemon', declared with attribute warn_unused_result | common.c: In function 'read_password': | common.c:239: warning: ignoring return value of 'scanf', declared with attribute warn_unused_result | In file included from /usr/include/string.h:641, | from client.c:22: | In function 'strncat', | inlined from 'send_upenctest' at client.c:1339, | inlined from 'handshake_upenctest' at client.c:1625: | /usr/include/bits/string3.h:154: warning: call to __builtin___strncat_chk might overflow destination buffer | util.c: In function 'get_resolvconf_addr': | util.c:35: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result Thanks, -- Romain Francoise <[email protected]> http://people.debian.org/~rfrancoise/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
