Ralf Jung <p...@ralfj.de> writes: > I'd like to extend this to hardening-no-fortify-functions: My package > definitely has -D_FORTIFY_SOURCE=2 set (an excerpt from the build flags: > "-fstack-protector --param=ssp-buffer-size=4 -Wformat > -Werror=format-security -D_FORTIFY_SOURCE=2"), but I get a > hardening-no-stackprotector and hardening- no-fortify-functions for its > only binary.
False positives for _FORTIFY_SOURCE are somewhat rarer, and that one is much easier to miss applying due to the CPPFLAGS vs. CFLAGS distinction. My immediate inclination would be to ask people to add an override for false positives for it, since it's more likely that the tag is valid. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org