[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#680141: RFS: liblastfm/0.4.0~git20090710-2 [RC]

On Wed, Jul 04, 2012 at 02:03:57PM -0400, Asheesh Laroia wrote:
> I'm concerned by the following lintian warnings on mentors,
> which I can reproduce locally:
> 
> W: liblastfm-fingerprint0: hardening-no-fortify-functions usr/lib/x86_64-linux-gnu/liblastfm_fingerprint.so.0.4.0
> W: liblastfm0: hardening-no-fortify-functions usr/lib/x86_64-linux-gnu/liblastfm.so.0.4.0
> 
> Other than that, this seems reasonable so far!

Yes, those warnings concern me too.  The build uses -O2 &
-D_FORTIFY_SOURCE=2, but running hardening-check --verbose on each of
the libraries shows this:

/usr/lib/x86_64-linux-gnu/liblastfm.so.0.4.0:
 Position Independent Executable: no, regular shared library (ignored)
 Stack protected: yes
 Fortify Source functions: no, only unprotected functions found!
        unprotected: strncpy
        unprotected: fread
 Read-only relocations: yes
 Immediate binding: no, not found!

/usr/lib/x86_64-linux-gnu/liblastfm_fingerprint.so.0.4.0:
 Position Independent Executable: no, regular shared library (ignored)
 Stack protected: yes
 Fortify Source functions: no, only unprotected functions found!
        unprotected: memset
        unprotected: memmove
        unprotected: memcpy
 Read-only relocations: yes
 Immediate binding: no, not found!

I don't know which of these--if any--are false positives.  Any help
would be appreciated.
Reply to: