Package: hardening-includes Version: 2.5+nmu1 Severity: Important Hi maintainer, the last Steps to reproduce (reproducible on a sid pbuilder clean environment)
# apt-get install binwalk hardening-check hardening-check /usr/lib/python2.7/dist-packages/binwalk/libs/libcompress42.so /usr/lib/python2.7/dist-packages/binwalk/libs/libcompress42.so: Position Independent Executable: no, regular shared library (ignored) Stack protected: no, not found! Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no, not found! # hardening-check /usr/lib/python2.7/dist-packages/binwalk/libs/libtinfl.so /usr/lib/python2.7/dist-packages/binwalk/libs/libtinfl.so: Position Independent Executable: no, regular shared library (ignored) Stack protected: yes Fortify Source functions: no, only unprotected functions found! Read-only relocations: yes Immediate binding: no, not found! I don't think I should blame binwalk since both libraries are built with almost the same Makefile, and I see flags injected correctly https://buildd.debian.org/status/fetch.php?pkg=binwalk&arch=i386&ver=2.0.1-1&stamp=1408985010 make[3]: Entering directory '/«PKGBUILDDIR»/src/C/miniz' gcc -Wall -fPIC -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c tinfl.c gcc -Wall -fPIC -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -shared -Wl,-soname,libtinfl.so tinfl.o -o libtinfl.so -Wl,-z,relro chmod +x libtinfl.so make[3]: Leaving directory '/«PKGBUILDDIR»/src/C/miniz' cp miniz/*.so "../"./binwalk/libs"" make -C compress make[3]: Entering directory '/«PKGBUILDDIR»/src/C/compress' gcc -Wall -fPIC -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 compress42.c -c gcc -Wall -fPIC -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -shared -Wl,-soname,libcompress42.so compress42.o -o libcompress42.so -Wl,-z,relro chmod +x libcompress42.so This is why I'm creating this bug report, because I believe this might be a false positive on your package. Have many thanks, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
