Lintian this time only complains about libnfsidmap-regex being built without fortify: I: libnfsidmap-regex: hardening-no-fortify-functions [usr/lib/x86_64-linux-gnu/libnfsidmap/regex.so]
But the build log has -D_FORTIFY_SOURCE=2: /bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../support/include -I/usr/include/tirpc -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -pipe -Wall -Wextra -Werror=strict-prototypes -Werror=missing-prototypes -Werror=missing-declarations -Werror=format=2 -Werror=undef -Werror=missing-include-dirs -Werror=strict-aliasing=2 -Werror=init-self -Werror=implicit-function-declaration -Werror=return-type -Werror=switch -Werror=overflow -Werror=parentheses -Werror=aggregate-return -Werror=unused-result -fno-strict-aliasing -Werror=format-overflow=2 -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Wno-cast-function-type -g -O2 -ffile-prefix-map=/home/ubuntu/git/packages/nfs-utils/nfs-utils=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -c -o regex.lo regex.c
then libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../support/include -I/usr/include/tirpc -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -pipe -Wall -Wextra -Werror=strict-prototypes -Werror=missing-prototypes -Werror=missing-declarations -Werror=format=2 -Werror=undef -Werror=missing-include-dirs -Werror=strict-aliasing=2 -Werror=init-self -Werror=implicit-function-declaration -Werror=return-type -Werror=switch -Werror=overflow -Werror=parentheses -Werror=aggregate-return -Werror=unused-result -fno-strict-aliasing -Werror=format-overflow=2 -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Wno-cast-function-type -g -O2 -ffile-prefix-map=/home/ubuntu/git/packages/nfs-utils/nfs-utils=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -c regex.c -fPIC -DPIC -o .libs/regex.o
and libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../support/include -I/usr/include/tirpc -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -pipe -Wall -Wextra -Werror=strict-prototypes -Werror=missing-prototypes -Werror=missing-declarations -Werror=format=2 -Werror=undef -Werror=missing-include-dirs -Werror=strict-aliasing=2 -Werror=init-self -Werror=implicit-function-declaration -Werror=return-type -Werror=switch -Werror=overflow -Werror=parentheses -Werror=aggregate-return -Werror=unused-result -fno-strict-aliasing -Werror=format-overflow=2 -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Wno-cast-function-type -g -O2 -ffile-prefix-map=/home/ubuntu/git/packages/nfs-utils/nfs-utils=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -c regex.c -o regex.o >/dev/null 2>&1
But not in the linker state (expected I think):/bin/bash ../../libtool --tag=CC --mode=link gcc -pipe -Wall -Wextra -Werror=strict-prototypes -Werror=missing-prototypes -Werror=missing-declarations -Werror=format=2 -Werror=undef -Werror=missing-include-dirs -Werror=strict-aliasing=2 -Werror=init-self -Werror=implicit-function-declaration -Werror=return-type -Werror=switch -Werror=overflow -Werror=parentheses -Werror=aggregate-return -Werror=unused-result -fno-strict-aliasing -Werror=format-overflow=2 -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Wno-cast-function-type -g -O2 -ffile-prefix-map=/home/ubuntu/git/packages/nfs-utils/nfs-utils=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -module -avoid-version -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -o regex.la -rpath /usr/lib/x86_64-linux-gnu/libnfsidmap regex.lo ../../support/nfs/libnfsconf.la -lresolv
So maybe it's a false alert.
« Back to merge proposal
Lintian this time only complains about libnfsidmap-regex being built without fortify: no-fortify- functions [usr/lib/ x86_64- linux-gnu/ libnfsidmap/ regex.so]
I: libnfsidmap-regex: hardening-
But the build log has -D_FORTIFY_ SOURCE= 2: /support/ include -I/usr/ include/ tirpc -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -pipe -Wall -Wextra -Werror= strict- prototypes -Werror= missing- prototypes -Werror= missing- declarations -Werror=format=2 -Werror=undef -Werror= missing- include- dirs -Werror= strict- aliasing= 2 -Werror=init-self -Werror= implicit- function- declaration -Werror=return-type -Werror=switch -Werror=overflow -Werror=parentheses -Werror= aggregate- return -Werror= unused- result -fno-strict- aliasing -Werror= format- overflow= 2 -Werror= int-conversion -Werror= incompatible- pointer- types -Werror= misleading- indentation -Wno-cast- function- type -g -O2 -ffile- prefix- map=/home/ ubuntu/ git/packages/ nfs-utils/ nfs-utils= . -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack- protector- strong -Wformat -Werror= format- security -c -o regex.lo regex.c
/bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../..
then /support/ include -I/usr/ include/ tirpc -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -pipe -Wall -Wextra -Werror= strict- prototypes -Werror= missing- prototypes -Werror= missing- declarations -Werror=format=2 -Werror=undef -Werror= missing- include- dirs -Werror= strict- aliasing= 2 -Werror=init-self -Werror= implicit- function- declaration -Werror=return-type -Werror=switch -Werror=overflow -Werror=parentheses -Werror= aggregate- return -Werror= unused- result -fno-strict- aliasing -Werror= format- overflow= 2 -Werror= int-conversion -Werror= incompatible- pointer- types -Werror= misleading- indentation -Wno-cast- function- type -g -O2 -ffile- prefix- map=/home/ ubuntu/ git/packages/ nfs-utils/ nfs-utils= . -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack- protector- strong -Wformat -Werror= format- security -c regex.c -fPIC -DPIC -o .libs/regex.o
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../..
and /support/ include -I/usr/ include/ tirpc -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -pipe -Wall -Wextra -Werror= strict- prototypes -Werror= missing- prototypes -Werror= missing- declarations -Werror=format=2 -Werror=undef -Werror= missing- include- dirs -Werror= strict- aliasing= 2 -Werror=init-self -Werror= implicit- function- declaration -Werror=return-type -Werror=switch -Werror=overflow -Werror=parentheses -Werror= aggregate- return -Werror= unused- result -fno-strict- aliasing -Werror= format- overflow= 2 -Werror= int-conversion -Werror= incompatible- pointer- types -Werror= misleading- indentation -Wno-cast- function- type -g -O2 -ffile- prefix- map=/home/ ubuntu/ git/packages/ nfs-utils/ nfs-utils= . -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack- protector- strong -Wformat -Werror= format- security -c regex.c -o regex.o >/dev/null 2>&1
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../..
But not in the linker state (expected I think):/bin/bash ../../libtool --tag=CC --mode=link gcc -pipe -Wall -Wextra -Werror= strict- prototypes -Werror= missing- prototypes -Werror= missing- declarations -Werror=format=2 -Werror=undef -Werror= missing- include- dirs -Werror= strict- aliasing= 2 -Werror=init-self -Werror= implicit- function- declaration -Werror=return-type -Werror=switch -Werror=overflow -Werror=parentheses -Werror= aggregate- return -Werror= unused- result -fno-strict- aliasing -Werror= format- overflow= 2 -Werror= int-conversion -Werror= incompatible- pointer- types -Werror= misleading- indentation -Wno-cast- function- type -g -O2 -ffile- prefix- map=/home/ ubuntu/ git/packages/ nfs-utils/ nfs-utils= . -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack- protector- strong -Wformat -Werror= format- security -module -avoid-version -Wl,-Bsymbolic- functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -o regex.la -rpath /usr/lib/ x86_64- linux-gnu/ libnfsidmap regex.lo ../../support/ nfs/libnfsconf. la -lresolv
So maybe it's a false alert.