Source: hardening-wrapper Version: 2.7 Severity: important It appears that the behavior of hardening-wrapper has changed recently, and now PIE and stack protection are missing. mumble got a binNMU for the GCC-5 upgrade relating to library transitions for protobuf and zeroc-ice after which these protections were missing where they had them before the binNMU.
Looking at the snapshot: http://snapshot.debian.org/archive/debian/20141110T040546Z/pool/main/m/mumble/mumble_1.2.8-2_amd64.deb mumble_1.2.8-2_amd64 hardening check: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes Looking at Sid: http://ftp.us.debian.org/debian/pool/main/m/mumble/mumble_1.2.8-2+b1_amd64.deb mumble_1.2.8-2+b1_amd64 hardening check: Position Independent Executable: no, normal executable! Stack protected: no, not found! Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes Reporting this as these are unexpected differences. Also: is hardening-wrapper being deprecated? I ask because lintian is reporting it as such. (See #711193) Thanks. -- Chris Chris Knadle chris.kna...@coredump.us -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
