[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: osmcoastline lintian override

> The 'osmcoastline' package contains a file
> ./usr/share/lintian/overrides/osmcoastline with this:
> # Build uses -D_FORTIFY_SOURCE=2, but hardening-check reports:
> #  Fortify Source functions: no, only unprotected functions found!
> #         unprotected: memset
> #         unprotected: vsnprintf
> #         unprotected: memmove
> #         unprotected: read
> #         unprotected: memcpy
> osmcoastline: hardening-no-fortify-functions usr/bin/osmcoastline_filter
> osmcoastline: hardening-no-fortify-functions usr/bin/osmcoastline_ways
> Is this something to be concerned about?

No, that's why there is an override.

The compiler optimizations tend to cause these unprotected functions even
when -D_FORTIFY_SOURCE=2 is used.

The lintian issue is a trigger to check if the hardening buildflag is
used, because it happens often that only CFLAGS are used by the build
system so you need to append CPPFLAGS to CFLAGS or patch the buildsystem
to also have -D_FORTIFY_SOURCE=2 used.

Kind Regards,


Reply to: