[cdftools] 219/228: WIP: More Hardening
Alastair McKinstry
mckinstry at moszumanska.debian.org
Fri Jun 12 08:21:52 UTC 2015
This is an automated email from the git hooks/post-receive script.
mckinstry pushed a commit to branch master
in repository cdftools.
commit 6d88eb9637926eeac1b6d59f1080739bbbf8aab8
Author: Alastair McKinstry <mckinstry at debian.org>
Date: Thu May 30 02:52:53 2013 +0100
WIP: More Hardening
---
debian/patches/harden.patch | 2 +-
debian/source/lintian-overrides | 116 +++++++++++++++++++++++++++++++++++++++-
2 files changed, 116 insertions(+), 2 deletions(-)
diff --git a/debian/patches/harden.patch b/debian/patches/harden.patch
index 64f4387..9bbb946 100644
--- a/debian/patches/harden.patch
+++ b/debian/patches/harden.patch
@@ -14,6 +14,6 @@ Index: cdftools-3.0/Macrolib/macro.gfortran
-MPF90=
-FFLAGS= -O $(NCDF) -fno-second-underscore -ffree-line-length-256
-LMPI=-lmpich
-+FFLAGS= -O3 -Wl,-z,now $(LDFLAGS) $(NCDF) -fno-second-underscore -ffree-line-length-256 -D_FORTIFY_SOURCE=2
++FFLAGS= -O3 -Wl,-z,now $(LDFLAGS) $(NCDF) -fno-second-underscore -ffree-line-length-256 -D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4
INSTALL=$(HOME)/bin
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
index 266a073..359f16d 100644
--- a/debian/source/lintian-overrides
+++ b/debian/source/lintian-overrides
@@ -1 +1,115 @@
-cdo source: package-needs-versioned-debhelper-build-depends 9
+# What can be done in Fortran is already done.
+# Can't select checked versions of functions. If you know how,
+# please tell me: -- mckinstry at debian.org 2013-06-04
+W: cdftools: hardening-no-fortify-functions usr/bin/cdf16bit
+W: cdftools: hardening-no-fortify-functions usr/bin/cdf2levitusgrid2d
+W: cdftools: hardening-no-fortify-functions usr/bin/cdf2matlab
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfbathy
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfbci
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfbn2
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfbotpressure
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfbottom
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfbottomsig
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfbti
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfbuoyflx
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfcensus
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfchgrid
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfclip
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfcmp
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfcofdis
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfcoloc
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfconvert
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfcsp
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfcurl
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfdifmask
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfeke
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfets
+W: cdftools: hardening-no-fortify-functions usr/bin/cdffindij
+W: cdftools: hardening-no-fortify-functions usr/bin/cdffixtime
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfflxconv
+W: cdftools: hardening-no-fortify-functions usr/bin/cdffracinv
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfgeo-uv
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfgeostrophy
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfhdy
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfhdy3d
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfheatc
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfhflx
+W: cdftools: hardening-no-fortify-functions usr/bin/cdficediags
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfimprovechk
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfinfo
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfisopsi
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfkempemekeepe
+W: cdftools: hardening-no-fortify-functions usr/bin/cdflinreg
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmaskdmp
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmax
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmaxmoc
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmean
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmhst
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmkmask
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmltmask
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmoc
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmocsig
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmoy
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmoy_freq
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmoy_weighted
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmoyt
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmoyuvwt
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmppini
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmxl
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmxlhcsc
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmxlheatc
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfmxlsaltc
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfnamelist
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfnan
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfnorth_unfold
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfnrjcomp
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfokubo-w
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfovide
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfpendep
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfpolymask
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfprobe
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfprofile
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfpsi
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfpsi_level
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfpvor
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfrhoproj
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfrichardson
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfrmsssh
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfscale
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfsections
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfsig0
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfsigi
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfsiginsitu
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfsigintegr
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfsigtrp
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfsmooth
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfspeed
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfspice
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfsstconv
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfstatcoord
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfstats
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfstd
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfstdevts
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfstdevw
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfstrconv
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfsum
+W: cdftools: hardening-no-fortify-functions usr/bin/cdftempvol-full
+W: cdftools: hardening-no-fortify-functions usr/bin/cdftransport
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfvFWov
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfvT
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfvertmean
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfvhst
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfvint
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfvita
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfvita-geo
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfvsig
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfvtrp
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfw
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfweight
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfwflx
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfwhereij
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfzisot
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfzonalmean
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfzonalout
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfzonalsum
+W: cdftools: hardening-no-fortify-functions usr/bin/cdfzoom
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-science/packages/cdftools.git
More information about the debian-science-commits
mailing list