[lintian] 01/01: c/binaries: Rewrite no-bindnow description
This is an automated email from the git hooks/post-receive script.
nthykier pushed a commit to branch master
in repository lintian.
commit d1d3e6aed7f2ea28933702c13cef10b81055a595
Author: Niels Thykier <niels@thykier.net>
Date: Fri Apr 29 13:51:44 2016 +0000
c/binaries: Rewrite no-bindnow description
Signed-off-by: Niels Thykier <niels@thykier.net>
---
checks/binaries.desc | 8 ++++----
debian/changelog | 3 +++
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/checks/binaries.desc b/checks/binaries.desc
index 2499917..541b2ef 100644
--- a/checks/binaries.desc
+++ b/checks/binaries.desc
@@ -391,10 +391,10 @@ Certainty: certain
Info: This package provides an ELF binary that lacks the "bindnow"
linker flag.
.
- If the ELF binary does not rely on late binding of symbols (e.g. weak
- symbols), then please consider enabling this feature. Otherwise,
- please consider overriding the tag (possibly with a comment about
- why).
+ This is needed (together with "relro") to make the "Global Offset
+ Table" (GOT) fully read-only. The bindnow feature trades startup
+ time for improved security. Plase consider enabling this feature
+ or consider overriding the tag (possibly with a comment about why).
.
If you use <tt>dpkg-buildflags</tt>, you may have to add
<tt>hardening=+bindnow</tt> or <tt>hardening=+all</tt> to
diff --git a/debian/changelog b/debian/changelog
index 030547e..6eb1a22 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ lintian (2.5.45) UNRELEASED; urgency=medium
XXX: generate tag summary with private/generate-tag-summary
+ * checks/binaries.desc:
+ + [NT] Rewrite description for hardening-no-bindnow. There
+ is no references to why bindnow would cause issues.
* checks/debhelper.pm:
+ [NT] The /usr/share/R/debian/r-cran.mk file implies
/usr/share/cdbs/1/rules/debhelper.mk.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: