Hello. I maintain python-pytools, python-pyopencl, python-pycuda, the last two are in contrib. Those packages contain binary wrappers to allow for using OpenCL and CUDA in Python. I am working on packaging latest versions of those packages to put before Wheezy freeze. Recently lintian started giving warnings on amd64: : python-pyopencl: hardening-no-fortify-functions usr/lib/python2.6/dist-packages/pyopencl/_cl.so N: N: This package provides an ELF binary that lacks the use of fortified libc N: functions. Either there are no potentially unfortified functions called N: by any routines, all unfortified calls have already been fully validated N: at compile-time, or the package was not built with the default Debian N: compiler flags defined by dpkg-buildflags. If built using N: dpkg-buildflags directly, be sure to import CPPFLAGS. N: N: Refer to http://wiki.debian.org/Hardening for details. N: N: Severity: normal, Certainty: possible N: N: Check: binaries, Type: binary, udeb N: W: python-pyopencl: hardening-no-stackprotector usr/lib/python2.6/dist-packages/pyopencl/_pvt_struct.so N: N: This package provides an ELF binary that lacks the stack protector N: function __stack_chk_fail. Either there are no character arrays used on N: the stack of any routines, or the package was not built with the default N: Debian compiler flags defined by dpkg-buildflags. If built using N: dpkg-buildflags directly, be sure to import CFLAGS and/or CXXFLAGS. N: N: Refer to http://wiki.debian.org/Hardening for details. N: N: Severity: normal, Certainty: possible N: N: Check: binaries, Type: binary, udeb hardening-check returns: _cl.so: Position Independent Executable: yes Stack protected: yes Fortify Source functions: no, only unprotected functions found! Read-only relocations: yes Immediate binding: no, not found! _pvt_struct.so: Position Independent Executable: yes Stack protected: no, not found! Fortify Source functions: no, only unprotected functions found! Read-only relocations: yes Immediate binding: no, not found! Sample gcc call: gcc -pthread -fwrapv -Wall -O3 -DNDEBUG -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -fPIC -DPYGPU_PACKAGE=pyopencl -DPYGPU_PYOPENCL=1 -DPYOPENCL_USE_DEVICE_FISSION=1 -DHAVE_GL=1 -I/usr/lib/python3/dist-packages/numpy/core/include -I/usr/lib/python3/dist-packages/numpy/core/include -I/usr/include/python3.2mu -c src/wrapper/wrap_cl_part_2.cpp -o build/temp.linux-x86_64-3.2/src/wrapper/wrap_cl_part_2.o so hardening options are given to the compiler. Package does not contain printf and most of the functions are just wrappers around appropriate OpenCL/CUDA functions. I have tried forcing hardening options, but was getting the same lintian complaints. Should I ignore those (and add packages to lintian overrides, or is there something missing in my packaging? Best regards. -- Tomasz Rybak GPG/PGP key ID: 2AD5 9860 Fingerprint A481 824E 7DD3 9C0E C40A 488E C654 FB33 2AD5 9860 http://member.acm.org/~tomaszrybak
Attachment:
signature.asc
Description: This is a digitally signed message part