Bug#1066033: RFS: galvani/0.34-1 [ITP] -- reads data from a device with graphical plots and evaluation
Am Dienstag, dem 26.03.2024 um 17:03 +0000 schrieb Jeremy Sowden:
> [...]
>
> The following should suffice:
>
> export DH_VERBOSE = 1
> export DEB_BUILD_MAINT_OPTIONS = hardening=+all
> export DEB_LDFLAGS_MAINT_APPEND = -lstdc++fs
>
> %:
> dh $@ --with autoreconf
>
So, this is exactly what I had initially.
> Running the build one can see:
>
> g++ [...] -D_FORTIFY_SOURCE=2 [...]
>
> so the right argument is being passed to the compiler.
> There is a list
> of the functions that are fortified here:
>
>
> https://www.gnu.org/software/libc/manual/html_node/Source-Fortification.html
>
> Does the software use any of these? If not, this is a false
> positive.
>
> J.
Galvani only uses "open" for file operations and "read" to read from
usb devices.
I'm a bit confused now. The output of "blhc galvani_0.34-1_amd64.build"
is empty, but "hardening-check -vR /usr/bin/galvani" gives:
------------------------------------
/usr/bin/galvani:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: no, only unprotected functions found!
unprotected: read
unprotected: memcpy
unprotected: readlink
unprotected: vsnprintf
unprotected: memset
unprotected: memmove
unprotected: realpath
unprotected: getcwd
Read-only relocations: yes
Immediate binding: yes
Stack clash protection: unknown, no -fstack-clash-protection
instructions found
Control flow integrity: no, not found!
--------------------------------------
followed by a long list.
Burkard
Reply to: