Ralf Jung <[email protected]> writes: > I'd like to extend this to hardening-no-fortify-functions: My package > definitely has -D_FORTIFY_SOURCE=2 set (an excerpt from the build flags: > "-fstack-protector --param=ssp-buffer-size=4 -Wformat > -Werror=format-security -D_FORTIFY_SOURCE=2"), but I get a > hardening-no-stackprotector and hardening- no-fortify-functions for its > only binary.
False positives for _FORTIFY_SOURCE are somewhat rarer, and that one is much easier to miss applying due to the CPPFLAGS vs. CFLAGS distinction. My immediate inclination would be to ask people to add an override for false positives for it, since it's more likely that the tag is valid. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
