diff options
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | debian/libpam-modules.lintian-overrides | 13 |
2 files changed, 14 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 79a96fed..d042825d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,7 @@ pam (1.3.1-3) UNRELEASED; urgency=medium * debian/source.lintian-overrides: update for the current quilt warnings. * debian/control: drop redundant priority fields. * Standards-Version 4.3.0. + * Restore lintian overrides for hardening false-positives. -- Steve Langasek <vorlon@debian.org> Wed, 13 Feb 2019 05:57:21 +0000 diff --git a/debian/libpam-modules.lintian-overrides b/debian/libpam-modules.lintian-overrides index 286eae4c..ad808cfa 100644 --- a/debian/libpam-modules.lintian-overrides +++ b/debian/libpam-modules.lintian-overrides @@ -1,2 +1,15 @@ +# These are false positives because they don't use any functions that need +# fortifying. Since we know we have hardening turned on globally, suppress +# them. If we ever see this warning again for *other* modules, then we know +# there's a real problem. +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_echo.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_filter.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_group.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_limits.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_shells.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_tally.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_tally2.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_time.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_wheel.so # pam_deny.so does not use any symbol from libc. libpam-modules: shared-lib-without-dependency-information lib/*/security/pam_deny.so |