Hello, On šeštadienis 19 Gegužė 2012 19:49:14 Russ Allbery wrote: > Sven Joachim <svenjoac@gmx.de> writes: > > Easier said then done, how should I override this warning: > > > > ,---- > > > > | W: libncurses5: hardening-no-fortify-functions > > | usr/lib/i386-linux-gnu/libmenu.so.5.9 > > > > `---- > > libncurses5 binary: hardening-no-fortify-functions usr/lib/*/libmenu.so.* Well, I get this "nice" lintian output: $ lintian -I amarok_2.5.0-2_amd64.changes W: amarok: hardening-no-stackprotector usr/bin/amarok W: amarok: hardening-no-stackprotector usr/bin/amarokpkg W: amarok: hardening-no-fortify-functions usr/bin/amarokpkg W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_appletscript_simple_javascript.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_appletscript_simple_javascript.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_collection-audiocdcollection.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_collection-audiocdcollection.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_collection-ipodcollection.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_collection-mtpcollection.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_collection-mtpcollection.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_collection-mysqlservercollection.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_collection-playdarcollection.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_collection-playdarcollection.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_collection-umscollection.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_collection-umscollection.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_collection-upnpcollection.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_collection-upnpcollection.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_containment_vertical.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_containment_vertical.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_context_applet_albums.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_context_applet_albums.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_context_applet_currenttrack.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_context_applet_currenttrack.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_context_applet_info.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_context_applet_labels.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_context_applet_labels.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_context_applet_lyrics.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_context_applet_lyrics.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_context_applet_photos.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_context_applet_photos.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_context_applet_similarArtists.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_context_applet_similarArtists.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_context_applet_spectrum_analyzer.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_context_applet_spectrum_analyzer.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_context_applet_tabs.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_context_applet_tabs.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_context_applet_upcomingEvents.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_context_applet_upcomingEvents.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_context_applet_videoclip.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_context_applet_videoclip.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_context_applet_wikipedia.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_context_applet_wikipedia.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_data_engine_current.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_data_engine_info.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_data_engine_labels.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_data_engine_lyrics.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_data_engine_lyrics.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_data_engine_photos.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_data_engine_similarArtists.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_data_engine_spectrum_analyzer.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_data_engine_spectrum_analyzer.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_data_engine_tabs.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_data_engine_tabs.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_data_engine_upcomingEvents.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_data_engine_upcomingEvents.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_data_engine_videoclip.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_data_engine_videoclip.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_data_engine_wikipedia.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_device_massstorage.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_device_nfs.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_device_smb.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_runnerscript_javascript.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_service_amazonstore.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_service_amazonstore.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_service_ampache.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_service_ampache.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_service_jamendo.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_service_jamendo.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_service_lastfm.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_service_lastfm.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_service_magnatunestore.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_service_magnatunestore.so W: amarok: hardening-no-stackprotector usr/lib/kde4/amarok_service_opmldirectory.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/amarok_service_opmldirectory.so W: amarok: hardening-no-stackprotector usr/lib/kde4/kcm_amarok_service_amazonstore.so W: amarok: hardening-no-stackprotector usr/lib/kde4/kcm_amarok_service_ampache.so W: amarok: hardening-no-fortify-functions usr/lib/kde4/kcm_amarok_service_ampache.so W: amarok: hardening-no-stackprotector usr/lib/kde4/kcm_amarok_service_lastfm.so W: amarok: hardening-no-stackprotector usr/lib/kde4/kcm_amarok_service_magnatunestore.so W: amarok: hardening-no-stackprotector usr/lib/kde4/kcm_amarok_service_mp3tunes.so W: amarok: hardening-no-fortify-functions usr/lib/libamarok-sqlcollection.so.1.0.0 W: amarok: hardening-no-stackprotector usr/lib/libamarok-transcoding.so.1.0.0 W: amarok: hardening-no-fortify-functions usr/lib/libamarok-transcoding.so.1.0.0 W: amarok: hardening-no-fortify-functions usr/lib/libamarokcore.so.1.0.0 W: amarok: hardening-no-fortify-functions usr/lib/libamaroklib.so.1.0.0 W: amarok: hardening-no-stackprotector usr/lib/libamarokocsclient.so.4.7.0 W: amarok: hardening-no-fortify-functions usr/lib/libamarokocsclient.so.4.7.0 W: amarok: hardening-no-stackprotector usr/lib/libamarokpud.so.1.0.0 W: amarok: hardening-no-fortify-functions usr/lib/libamarokpud.so.1.0.0 W: amarok: binary-without-manpage usr/bin/amarokpkg W: amarok-utils: hardening-no-stackprotector usr/bin/amarok_afttagger W: amarok-utils: hardening-no-fortify-functions usr/bin/amarokcollectionscanner W: amarok-utils: binary-without-manpage usr/bin/amarok_afttagger This is like 90 false positives in a single source package, it makes lintian output unreadable. I don't know how this hardening stuff is detected but I suspect this failure might be because the package is built with -fvisibility=hidden. If so, all KDE packages will suffer, and badly. Anyway, in my opinion, lintian overrides should be used to fix rare corner cases rather than workarounding obvious lintian bugs.
Attachment:
signature.asc
Description: This is a digitally signed message part.