kiwix_0.9~beta6-1_amd64.changes REJECTED

Tue Jun 19 07:07:52 UTC 2012

Hi Vasudev,

On Mo 18 Jun 2012 19:19:24 CEST Vasudev Kamath wrote:

> On 15:42 Mon 18 Jun     , renaud gaudin wrote:
>> On 06/18/2012 03:11 PM, Vasudev Kamath wrote:
>> >I imported the new tarball and tried to build but the package won't
>> >build. I'm attaching the buildlog. I have not pushed the new changes
>> >to collab since its not building.
>> >
>> >@Renaud please let me know how to fix this
>>
>> Thanks for catching this, it's fixed in 6.5 tarball:
>> http://download.kiwix.org/src/kiwix-0.9~beta6.5.tar.gz
>>
>
> Done. New version is ready. I found some issue with hardening reported
> by lintian not sure how to fix it
>
> W: kiwix: hardening-no-fortify-functions usr/bin/kiwix-index
> N:
> N:    This package provides an ELF binary that lacks the use of  
> fortified libc
> N:    functions. Either there are no potentially unfortified functions called
> N:    by any routines, all unfortified calls have already been fully  
> validated
> N:    at compile-time, or the package was not built with the default Debian
> N:    compiler flags defined by dpkg-buildflags. If built using
> N:    dpkg-buildflags directly, be sure to import CPPFLAGS.
> N:
> N:    NB: Due to false-positives, Lintian ignores some unprotected functions
> N:    (e.g. memcpy).
> N:
> N:    Refer to http://wiki.debian.org/Hardening and
> N:    http://bugs.debian.org/673112 for details.
> N:
> N:    Severity: normal, Certainty: possible
> N:
> N:    Check: binaries, Type: binary, udeb
> N:
> W: kiwix: hardening-no-fortify-functions  
> usr/lib/kiwix/components/libZimCluceneIndexer.so.0.0.0
> W: kiwix: hardening-no-fortify-functions  
> usr/lib/kiwix/components/libZimXapianIndexer.so.0.0.0
>
> @Mike may be you can have a look. Also lot of warnings are generated
> by hardening while compilation but may be its not required to
> fix. @Mike please suggest

I heard from several DDs that the lintian check for  
hardening-no-fortify-functions (CPPFLAGS contains -D_FORTIFY_SOURCE=2)  
delivers false positive sometimes. I am not that much of a C++ coder  
to really know a solution or patch for this. Due to the  
false-positives-thing most people recommend not to override this  
lintian warning and rather to wait for lintian to become more accurate  
on this.

However, maybe Renauld can check upstream code if anything in it  
matches the above verbose lintian information.

Greets,
Mike

-- 

DAS-NETZWERKTEAM
mike gabriel, rothenstein 5, 24214 neudorf-bornstein
fon: +49 (1520) 1976 148

GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.alioth.debian.org/pipermail/debian-edu-pkg-team/attachments/20120619/2be0dc28/attachment.pgp>