Package: lintian Version: 2.5.33 Severity: normal Tags: patch >From the patch description:
[PATCH] Suppress hardening-{no-relro,no-fortify-functions} for Go binaries. The Go compiler (gc) does not currently support these features, so don’t warn about them on _every_ binary which is implemented in Go. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.0.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lintian depends on: ii binutils 2.25-10 ii bzip2 1.0.6-8 ii diffstat 1.58-1 ii file 1:5.22+15-2 ii gettext 0.19.4-1 ii hardening-includes 2.7 ii intltool-debian 0.35.0+20060710.2 ii libapt-pkg-perl 0.1.29+b2 ii libarchive-zip-perl 1.48-1 ii libclass-accessor-perl 0.34-1 ii libclone-perl 0.38-1 ii libdpkg-perl 1.18.1 ii libemail-valid-perl 1.196-1 ii libfile-basedir-perl 0.07-1 ii libipc-run-perl 0.94-1 ii liblist-moreutils-perl 0.413-1 ii libparse-debianchangelog-perl 1.2.0-4 ii libtext-levenshtein-perl 0.12-1 ii libtimedate-perl 2.3000-2 ii liburi-perl 1.64-1 ii man-db 2.7.0.2-5 ii patchutils 0.3.4-1 ii perl [libdigest-sha-perl] 5.20.2-6 ii t1utils 1.38-4 ii xz-utils 5.1.1alpha+20120614-2.1 Versions of packages lintian recommends: ii dpkg 1.18.1 pn libperlio-gzip-perl <none> ii perl 5.20.2-6 ii perl-modules [libautodie-perl] 5.20.2-6 Versions of packages lintian suggests: pn binutils-multiarch <none> ii dpkg-dev 1.18.1 ii libhtml-parser-perl 3.71-2 ii libtext-template-perl 1.46-1 pn libyaml-perl <none> -- no debconf information
>From 87e1d19a9cb2dfdfd1b23108bdff89d264102a3c Mon Sep 17 00:00:00 2001 From: Michael Stapelberg <stapelb...@debian.org> Date: Sun, 16 Aug 2015 09:52:24 +0200 Subject: [PATCH] Suppress hardening-{no-relro,no-fortify-functions} for Go binaries. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Go compiler (gc) does not currently support these features, so don’t warn about them on _every_ binary which is implemented in Go. --- checks/binaries.pm | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/checks/binaries.pm b/checks/binaries.pm index 1ad6282..3542611 100644 --- a/checks/binaries.pm +++ b/checks/binaries.pm @@ -547,6 +547,11 @@ sub run { if ($flags) { foreach my $t (@{$info->hardening_info->{$fname}}) { my $tag = "hardening-$t"; + # Binaries built by the Go compiler do not support all + # hardening measures. + next if ($t eq 'no-relro' || + $t eq 'no-fortify-functions') && + $built_with_golang; tag $tag, $file if $flags->{$tag}; } } -- 2.1.4