I still see the hardening issues in lintian, slightly different now: W: loopino-standalone: hardening-no-relro [usr/bin/loopino] I: loopino-clap: hardening-no-bindnow [usr/lib/clap/loopino.clap] I: loopino-vst: hardening-no-bindnow [usr/lib/vst/loopinovst.so]
I checked build logs, I see -z,relro in the linker flags. I don't see -z,now. I think this is missing, a new build I tried with it seems to have worked: --- a/debian/rules +++ b/debian/rules @@ -1,6 +1,7 @@ #!/usr/bin/make -f export DEB_BUILD_MAINT_OPTIONS = hardening=+all +include /usr/share/dpkg/buildflags.mk # Force using ld-based resource embedding instead of xxd-generated C arrays export USE_LDD = 1 That reduced the lintian warnings to: W: loopino-standalone: hardening-no-relro [usr/bin/loopino] And I also see other flags from dpkg-buildflags being used now, like -Bsymbolic-functions. The compiler command-line that has "-o loopino", i.e., that builds that binary, does seem to have the correct options, so I'm not sure why relro isn't being applied: g++ -MMD -g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix- map=/<<PKGBUILDDIR>>=/usr/src/loopino-0.5.0-0ubuntu2~ppa3 -O2 -DNDEBUG -MMD -std=c++17 -fPIC -D_OS_UNIX_ -DALVER=\"0.1\" -g -O2 -Werror=implicit-function-declaration -fno-omit-frame-pointer -mno-omit- leaf-frame-pointer -ffile-prefix-map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix- map=/<<PKGBUILDDIR>>=/usr/src/loopino-0.5.0-0ubuntu2~ppa3 -Wall -funroll-loops `pkg-config --cflags sndfile jack fftw3f ` -ffast-math -fomit-frame-pointer -fstrength-reduce -fdata-sections -pthread -msse3 -mfpmath=sse `pkg-config --cflags rubberband` main.cpp -o loopino -Wl,-Bsymbolic-functions -Wl,--package- metadata=%7B%22type%22:%22deb%22%2C%22os%22:%22ubuntu%22%2C%22name%22:%22loopino%22%2C%22version%22:%220.5.0-0ubuntu2~ppa3%22%2C%22architecture%22:%22amd64%22%7D -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now -Wl,-z,relro -lasound -I. -I./Machines/ -I./Filter/ -I./Backends/ -lm -pthread -lpthread -lstdc++ `pkg-config --libs rubberband` `pkg-config --libs sndfile jack fftw3f ` -lrt -lc -I. -I../libxputty/libxputty/include/ -Wl,--gc-sections -L. ../libxputty/libxputty/libxputty.a `pkg-config --cflags --libs cairo x11` -lm -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2137383 Title: Packaged: loopino To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2137383/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
