'Re: Lintian warning: hardening-no-fortify-functions & version numbering'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-devel
Subject:    Re: Lintian warning: hardening-no-fortify-functions & version numbering
From:       Andrey Rahmatullin <wrar () wrar ! name>
Date:       2012-06-19 14:10:34
Message-ID: 20120619141034.GG5754 () belkar ! wrar ! name
[Download RAW message or body]

On Tue, Jun 19, 2012 at 04:04:31PM +0200, José Luis Segura Lucas wrote:
> I have read the output of lintian-info -t about
> hardening-no-fortify-functions, and it helps a lot. The software uses
> Cmake as build tool, and the "hardening-wrapper" solution solved some
> lintian warnings, but not the latest one.
Why do you need hardening-wrapper? You should use flags set by
dpkg-buildflags.

> I have looked at the buld logs, and I can see that the CPPFLAGS
> "-D_FORTIFY_SOURCE=2" is included in all the compiler calls, but the
> warning is still present.
> 
> What's the problem with this?
You should read http://bugs.debian.org/673112 mentioned in the lintian tag
description and use hardening-check --verbose on binaries reported. If
only memcpy and memmove are printed by hardening-check, you should ignore
the warning.

> My another question is about the version numbering: the software is
> still in development and they make a new minor version each week
> (approximately). Sometimes I need to package something that is in their
> repository but not still in a numbered version, so, I tried to use the
> latest known version and add a ~TIMESTAMPgit... to the minor version
> number, but debuild warns me about the version 0.1.0~2012......git-1 is
> less than 0.1.0.
That's right, 0.1.0~2012......git-1 is less than 0.1.0. If you need
versions that are greater than 0.1.0, use + instead of ~.

> The latest thing is that I have seen several packages with ~TIMESTAMP
> (screen, by example): they add a alpha-numeric string after the "git"
> word... what does it mean?
git-describe(1)

> Where can I found some information about packaging directly from VCS?
file:///usr/share/doc/git-buildpackage/manual-html/gbp.import.html#GBP.IMPORT.UPSTREAM-GIT
(if you use git-buildpackage)

-- 
WBR, wRAR

["signature.asc" (application/pgp-signature)]
-- 
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20120619141034.GG5754@belkar.wrar.name


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic