2012/11/19 Alberto Luaces <alua...@udc.es>:
> Ok, I will follow your examples.  I had already taken into account that
> CMake problem, and in fact I am already adding CPPFLAGS into CFLAGS.
> However, if lintian throws those warnings for me and not for you,
> something has to be different between those packages.  I will inspect
> more carefully at the compilation flags.

I think that it's good to take a deeper look at it if you have the
time, but I don't think that even if they are indeed not working, that
it's terribly important for a package for OSG -- it's more serious for
programs running as root and being exposed to the outside world
(mail/ft/web servers, or admin tools like dpkg/sudo/etc).

But I think that the most likely cause of this is some kind of
misdetection.  According to at least some of these tags, there are
false positives: if the package is not using typically vulnerable
functions from libc, the lintian checks cannot see the "fortified
versions" of these library functions, and thus assumes that maybe the
fortifying options were not used when compiling.

E.g.:
http://lintian.debian.org/maintainer/pkg-games-de...@lists.alioth.debian.org.html#ogre
http://lintian.debian.org/tags/hardening-no-fortify-functions.html

--------------------------------
This package provides an ELF binary that lacks the use of fortified
libc functions. Either there are no potentially unfortified functions
called by any routines, all unfortified calls have already been fully
validated at compile-time, or the package was not built with the
default Debian compiler flags defined by dpkg-buildflags. If built
using dpkg-buildflags directly, be sure to import CPPFLAGS.

NB: Due to false-positives, Lintian ignores some unprotected functions
(e.g. memcpy).

Refer to http://wiki.debian.org/Hardening and
http://bugs.debian.org/673112 for details.

Severity: normal, Certainty: possible
Check: binaries, Type: binary, udeb
--------------------------------

So, indeed, lintian also shows these warnings for some of my packages ;)


Cheers.
-- 
Manuel A. Fernandez Montecelo <manuel.montez...@gmail.com>

_______________________________________________
Pkg-osg-devel mailing list
Pkg-osg-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-osg-devel

Reply via email to