Bug#921136: lintian: hardening-no-fortify-functions possible false positive
Package: lintian
Version: 2.5.124
Severity: normal
Dear Maintainer,
I'm trying to figure out why my package (wxpython4.0) is getting flagged for
hardening-no-fortify-functions even though I have
export DEB_BUILD_MAINT_OPTIONS = hardening=+all in my debian/rules and I can see
the -DFORTIFY_SOURCE=2 being set in g++ arguments.
I added some debug to binaries.pm and I determined that it is only finding
wmemcpy function as not being hardened. I grepped my source tree and I do not
find any calls to wmemcpy. I then ran objdump -d on one of the built .so's. If
I am reading the objdump correctly, the only calls to wmemcpy are in functions
named like:
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE12_M_constructIPKwEEvT_S8_St20forward_iterator_tag
This sounds like some sort of auto-generated C++ function?
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages lintian depends on:
ii binutils 2.31.1-11
ii bzip2 1.0.6-9
ii diffstat 1.62-1
ii dpkg 1.19.4
ii dpkg-dev 1.19.4
ii file 1:5.35-2
ii gettext 0.19.8.1-9
ii gpg 2.2.12-1
ii intltool-debian 0.35.0+20060710.5
ii libapt-pkg-perl 0.1.34+b1
ii libarchive-zip-perl 1.64-1
ii libcgi-pm-perl 4.40-1
ii libclass-accessor-perl 0.51-1
ii libclone-perl 0.41-1+b1
pn libdigest-sha-perl <none>
ii libdpkg-perl 1.19.4
ii libemail-valid-perl 1.202-1
ii libfile-basedir-perl 0.08-1
ii libio-async-perl 0.72-1
ii libipc-run-perl 20180523.0-1
ii liblist-moreutils-perl 0.416-1+b4
ii libparse-debianchangelog-perl 1.2.0-13
ii libtext-levenshtein-perl 0.13-1
ii libtimedate-perl 2.3000-2
ii liburi-perl 1.76-1
ii libxml-simple-perl 2.25-1
ii libyaml-libyaml-perl 0.76+repack-1
ii man-db 2.8.5-1
ii patchutils 0.3.4-2
ii perl 5.28.1-3
ii t1utils 1.41-3
ii xz-utils 5.2.4-1
Versions of packages lintian recommends:
ii libperlio-gzip-perl 0.19-1+b5
Versions of packages lintian suggests:
pn binutils-multiarch <none>
ii libhtml-parser-perl 3.72-3+b3
ii libtext-template-perl 1.54-1
-- no debconf information
Reply to: