On 2012-05-18 22:34 +0200, Russ Allbery wrote:
> Ralf Jung <p...@ralfj.de> writes:
>
>> I'd like to extend this to hardening-no-fortify-functions: My package
>> definitely has -D_FORTIFY_SOURCE=2 set (an excerpt from the build flags:
>> "-fstack-protector --param=ssp-buffer-size=4 -Wformat
>> -Werror=format-security -D_FORTIFY_SOURCE=2"), but I get a
>> hardening-no-stackprotector and hardening- no-fortify-functions for its
>> only binary.
>
> False positives for _FORTIFY_SOURCE are somewhat rarer, and that one is
> much easier to miss applying due to the CPPFLAGS vs. CFLAGS distinction.
> My immediate inclination would be to ask people to add an override for
> false positives for it, since it's more likely that the tag is valid.
Easier said then done, how should I override this warning:
,----
| W: libncurses5: hardening-no-fortify-functions
usr/lib/i386-linux-gnu/libmenu.so.5.9
`----
Using the output verbatim only works for one architecture and generates
an additional problem (unused-override) for all others, substituting
${DEB_HOST_MULTIARCH} at build time instead leads to
/usr/share/lintian/overrides/libncurses5 having architecture-dependent
content, breaking multiarch coinstallability.
Cheers,
Sven
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
