Bug#695319: lintian: False positive: hardening-no-fortify-functions

To: submit@bugs.debian.org
Subject: Bug#695319: lintian: False positive: hardening-no-fortify-functions
From: Benjamin Drung <bdrung@debian.org>
Date: Fri, 07 Dec 2012 01:24:20 +0100
Message-id: <[🔎] 1354839860.3710.1.camel@deep-thought>
Reply-to: Benjamin Drung <bdrung@debian.org>, 695319@bugs.debian.org
Package: lintian
Version: 2.5.10.2
Severity: normal

Dear Maintainer,

lintian produces inter alia following output for VLC:

$ lintian vlc_2.0.3-4_amd64.changes 
W: vlc-plugin-pulse: hardening-no-fortify-functions usr/lib/vlc/plugins/access/libpulsesrc_plugin.so
W: vlc-plugin-pulse: hardening-no-fortify-functions usr/lib/vlc/plugins/audio_output/libpulse_plugin.so
W: vlc: hardening-no-fortify-functions usr/lib/vlc/plugins/video_filter/libpanoramix_plugin.so
W: vlc: hardening-no-fortify-functions usr/lib/vlc/plugins/video_output/libxcb_window_plugin.so
W: vlc: hardening-no-fortify-functions usr/lib/vlc/plugins/video_output/libxcb_xv_plugin.so
W: vlc-plugin-zvbi: hardening-no-fortify-functions usr/lib/vlc/plugins/codec/libzvbi_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/access/libaccess_mtp_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/access/libaccess_oss_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/access/libdc1394_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/access/liblibbluray_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/access_output/libaccess_output_file_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/access_output/libaccess_output_http_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/audio_filter/liba52tospdif_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/audio_filter/libdolby_surround_decoder_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/audio_filter/libdtstospdif_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/audio_filter/libheadphone_channel_mixer_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/audio_filter/libmono_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/audio_filter/libmpgatofixed32_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/audio_filter/libnormvol_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/audio_filter/libscaletempo_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/audio_output/liboss_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/codec/libcvdsub_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/codec/libdvbsub_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/codec/libfaad_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/codec/liblibass_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/codec/libspudec_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/codec/libsubsusf_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/codec/libsvcdsub_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/codec/libtheora_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/control/libnetsync_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/demux/libmjpeg_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/demux/libreal_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/demux/libty_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/demux/libvoc_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/gui/libfbosd_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/mux/libmux_asf_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/mux/libmux_avi_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/mux/libmux_ps_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/packetizer/libpacketizer_mpeg4audio_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/services_discovery/libpodcast_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/stream_filter/libstream_filter_dash_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/stream_out/libstream_out_autodel_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/stream_out/libstream_out_gather_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/stream_out/libstream_out_langfromtelx_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/stream_out/libstream_out_select_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_chroma/libgrey_yuv_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_chroma/libi422_i420_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_filter/libaudiobargraph_v_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_filter/libbluescreen_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_filter/libcroppadd_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_filter/libgradfun_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_filter/libgradient_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_filter/libmagnify_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_filter/libmotiondetect_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_filter/libpsychedelic_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_filter/libpuzzle_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_filter/libripple_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_filter/libswscale_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_filter/libwave_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/video_output/libfb_plugin.so
W: vlc-nox: hardening-no-fortify-functions usr/lib/vlc/plugins/visualization/libvisual_plugin.so

The hardening dpkg-buildflags are passed to the build system. The build log
looks like everything (including CPPFLAGS) is handled correctly. Most of the
vlc plugins are correctly detected to use fortified libc functions. I see no
difference in the logs between to detected and non detected plugins. Therefore
I assume that the lintian warnings are false positives.

Versions of packages lintian depends on:
ii  hardening-includes             2.2

-- 
Benjamin Drung
Debian & Ubuntu Developer
Reply to:
Next by Date: Bug#695345: Please add a check for gobject-introspection packages
Next by thread: Bug#695345: Please add a check for gobject-introspection packages
Index(es):
- Date
- Thread