On 2012-05-21 20:25, Modestas Vainius wrote: > Hello, > Hi,
For the record, I have just demoted no-stackprotector to a wild-guess (thus, it is now an I tag) and moved it to a separate profile (debian/extra-hardening) so it is no longer enabled by default. > On šeštadienis 19 Gegužė 2012 19:49:14 Russ Allbery wrote: >> Sven Joachim <svenj...@gmx.de> writes: >>> Easier said then done, how should I override this warning: >>> >>> ,---- >>> >>> | W: libncurses5: hardening-no-fortify-functions >>> | usr/lib/i386-linux-gnu/libmenu.so.5.9 >>> >>> `---- >> >> libncurses5 binary: hardening-no-fortify-functions usr/lib/*/libmenu.so.* > > Well, I get this "nice" lintian output: > > $ lintian -I amarok_2.5.0-2_amd64.changes > [...] > > This is like 90 false positives in a single source package, it makes lintian > output unreadable. I don't know how this hardening stuff is detected but I > suspect this failure might be because the package is built with > -fvisibility=hidden. If so, all KDE packages will suffer, and badly. > > [...] We use hardening-check (from hardening-includes) - as I recall it carries a list of "unprotected functions" and checks for them (via readelf). It maps them to a "safe-variant" and checks for that as well. If both protected and unprotected are used or if no unprotected functions are used, it should mark it safe. However, I believe Kees (CC'ed) can correct me on (or confirm) the above. ~Niels -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
