Bug#795667: Suppress hardening-{no-relro,no-fortify-functions}
Package: lintian
Version: 2.5.33
Severity: normal
Tags: patch
>From the patch description:
[PATCH] Suppress hardening-{no-relro,no-fortify-functions} for Go binaries.
The Go compiler (gc) does not currently support these features, so don’t
warn about them on _every_ binary which is implemented in Go.
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.0.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lintian depends on:
ii binutils 2.25-10
ii bzip2 1.0.6-8
ii diffstat 1.58-1
ii file 1:5.22+15-2
ii gettext 0.19.4-1
ii hardening-includes 2.7
ii intltool-debian 0.35.0+20060710.2
ii libapt-pkg-perl 0.1.29+b2
ii libarchive-zip-perl 1.48-1
ii libclass-accessor-perl 0.34-1
ii libclone-perl 0.38-1
ii libdpkg-perl 1.18.1
ii libemail-valid-perl 1.196-1
ii libfile-basedir-perl 0.07-1
ii libipc-run-perl 0.94-1
ii liblist-moreutils-perl 0.413-1
ii libparse-debianchangelog-perl 1.2.0-4
ii libtext-levenshtein-perl 0.12-1
ii libtimedate-perl 2.3000-2
ii liburi-perl 1.64-1
ii man-db 2.7.0.2-5
ii patchutils 0.3.4-1
ii perl [libdigest-sha-perl] 5.20.2-6
ii t1utils 1.38-4
ii xz-utils 5.1.1alpha+20120614-2.1
Versions of packages lintian recommends:
ii dpkg 1.18.1
pn libperlio-gzip-perl <none>
ii perl 5.20.2-6
ii perl-modules [libautodie-perl] 5.20.2-6
Versions of packages lintian suggests:
pn binutils-multiarch <none>
ii dpkg-dev 1.18.1
ii libhtml-parser-perl 3.71-2
ii libtext-template-perl 1.46-1
pn libyaml-perl <none>
-- no debconf information
>From 87e1d19a9cb2dfdfd1b23108bdff89d264102a3c Mon Sep 17 00:00:00 2001
From: Michael Stapelberg <stapelberg@debian.org>
Date: Sun, 16 Aug 2015 09:52:24 +0200
Subject: [PATCH] Suppress hardening-{no-relro,no-fortify-functions} for Go
binaries.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The Go compiler (gc) does not currently support these features, so don’t
warn about them on _every_ binary which is implemented in Go.
---
checks/binaries.pm | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/checks/binaries.pm b/checks/binaries.pm
index 1ad6282..3542611 100644
--- a/checks/binaries.pm
+++ b/checks/binaries.pm
@@ -547,6 +547,11 @@ sub run {
if ($flags) {
foreach my $t (@{$info->hardening_info->{$fname}}) {
my $tag = "hardening-$t";
+ # Binaries built by the Go compiler do not support all
+ # hardening measures.
+ next if ($t eq 'no-relro' ||
+ $t eq 'no-fortify-functions') &&
+ $built_with_golang;
tag $tag, $file if $flags->{$tag};
}
}
--
2.1.4
Reply to: