[grass] 10/20: Add lintian overrides for hardening-no-fortify-functions false positives.

Bas Couwenberg sebastic at xs4all.nl
Wed Sep 3 22:27:16 UTC 2014 

This is an automated email from the git hooks/post-receive script.

sebastic-guest pushed a commit to branch master
in repository grass.

commit 15d44183d93f09993819ef0fadf7a11e48d2fb23
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date:   Fri Aug 22 01:24:23 2014 +0200

    Add lintian overrides for hardening-no-fortify-functions false positives.
---
 debian/changelog                    |  1 +
 debian/grass-core.lintian-overrides | 77 +++++++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index fac3680..b54cc04 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,7 @@ grass (6.4.4-1) UNRELEASED; urgency=low
   * Use {build,install}-arch targets in rules file.
   * Don't use hardening-includes, but dpkg-buildflags only.
   * Pass CPPFLAGS and LDFLAGS to configure for their hardening flags.
+  * Add lintian overrides for hardening-no-fortify-functions false positives.
 
  -- M. Hamish Bowman <hamish.webmail at gmail.com>  Mon, 11 Aug 2014 18:09:42 +1200
 
diff --git a/debian/grass-core.lintian-overrides b/debian/grass-core.lintian-overrides
new file mode 100644
index 0000000..6777223
--- /dev/null
+++ b/debian/grass-core.lintian-overrides
@@ -0,0 +1,77 @@
+# Build uses -D_FORTIFY_SOURCE=2, but hardening-check reports:
+#  Fortify Source functions: no, only unprotected functions found!
+#         unprotected: read
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.grow.distance
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.dominance
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.edgedensity
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.mpa
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.mps
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.padcv
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.padrange
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.padsd
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.patchdensity
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.patchnum
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.pielou
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.renyi
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.richness
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.shannon
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.shape
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.simpson
+grass-core: hardening-no-fortify-functions usr/lib/grass64/etc/lock
+
+# Build uses -D_FORTIFY_SOURCE=2, but hardening-check reports:
+#  Fortify Source functions: no, only unprotected functions found!
+#         unprotected: fread
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.in.arc
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.in.bin
+
+# Build uses -D_FORTIFY_SOURCE=2, but hardening-check reports:
+#  Fortify Source functions: no, only unprotected functions found!
+#         unprotected: fgets
+#         unprotected: fread
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.in.ascii
+
+# Build uses -D_FORTIFY_SOURCE=2, but hardening-check reports:
+#  Fortify Source functions: no, only unprotected functions found!
+#         unprotected: strcat
+#         unprotected: read
+#         unprotected: strcpy
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.li.cwed
+
+# Build uses -D_FORTIFY_SOURCE=2, but hardening-check reports:
+#  Fortify Source functions: no, only unprotected functions found!
+#         unprotected: fgets
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.null
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r3.mask
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/v.extract
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/v.lrs.segment
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/v.segment
+
+# Build uses -D_FORTIFY_SOURCE=2, but hardening-check reports:
+#  Fortify Source functions: no, only unprotected functions found!
+#         unprotected: strncpy
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r.topidx
+grass-core: hardening-no-fortify-functions usr/lib/grass64/bin/r3.in.ascii
+grass-core: hardening-no-fortify-functions usr/lib/grass64/etc/modcats
+grass-core: hardening-no-fortify-functions usr/lib/grass64/etc/modcolr
+
+# Build uses -D_FORTIFY_SOURCE=2, but hardening-check reports:
+#  Fortify Source functions: no, only unprotected functions found!
+#         unprotected: strcpy
+grass-core: hardening-no-fortify-functions usr/lib/grass64/etc/lister/cell
+grass-core: hardening-no-fortify-functions usr/lib/grass64/etc/lister/vector
+grass-core: hardening-no-fortify-functions usr/lib/grass64/etc/modhist
+
+# Build uses -D_FORTIFY_SOURCE=2, but hardening-check reports:
+#  Fortify Source functions: no, only unprotected functions found!
+#         unprotected: memset
+#         unprotected: read
+#         unprotected: memcpy
+grass-core: hardening-no-fortify-functions usr/lib/grass64/lib/libgrass_dgl.6.4.4.so
+
+# Build uses -D_FORTIFY_SOURCE=2, but hardening-check reports:
+#  Fortify Source functions: no, only unprotected functions found!
+#         unprotected: read
+#         unprotected: memcpy
+grass-core: hardening-no-fortify-functions usr/lib/grass64/lib/libgrass_segment.6.4.4.so
+

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/grass.git

More information about the Pkg-grass-devel mailing list