On Thu, Jun 30, 2016 at 08:46:54PM +0100, Simon McVittie wrote: > On Thu, 30 Jun 2016 at 16:31:43 +0100, Jose M Calhariz wrote: > > On Thu, Jun 30, 2016 at 02:59:39PM +0000, Niels Thykier wrote: > > > Please verify that the CPPFLAGS are passed to the compiler (a lot of > > > build systems fail to pass exactly CPPFLAGS on). > > What Niels said. This appears to be exactly the bug here. > > You can either modify the build system to take CPPFLAGS from the > environment, or do something like CFLAGS += $(CPPFLAGS) in debian/rules. >
Added this. > > Fortify Source functions: no, only unprotected functions found! > > This looks like the lintian tag is justified. There are three > possibilities for "fortify": > > - the binary does not call any functions that have a "fortified" version > so there is nothing to do; > - the binary calls functions that have a "fortified" version and gets the > "fortified" version; > - the binary calls functions that have a "fortified" version but gets the > original (unhardened) version > > This looks like you're in the third possibility. > > > gcc -c -I. -g -O2 -fPIE -fstack-protector-strong -Wformat > > -Werror=format-security -DHAVE_CONFIG_H -DVERSION=\"3.1.19\" > > -DETCDIR=\"/etc\" -DLOADAVG_MX=1.5 -DDAEMON_USERNAME=\"daemon\" > > -DDAEMON_GROUPNAME=\"daemon\" -DLFILE=\"/var/spool/cron/atjobs/.SEQ\" -Wall > > at.c > > > > The flags are enabled and most protections are in place, right? > > Not all. You should also be seeing -D_FORTIFY_SOURCE=2. and this was the missing bits. Now lintian is happy. Thank you. > > (blhc would probably have told you that.) > > S > > Kind regards Jose M Calhariz -- -- "O fardo do casamento é tão pesado que precisa de dois para carregá-lo, às vezes, três."
signature.asc
Description: Digital signature
