diff options
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/libpam-cracklib.lintian-overrides | 5 | ||||
| -rw-r--r-- | debian/libpam-modules-bin.lintian-overrides | 5 | ||||
| -rw-r--r-- | debian/libpam-modules.lintian-overrides | 13 |
4 files changed, 24 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index e2279271..a19753b3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -16,6 +16,8 @@ pam (1.1.3-8) UNRELEASED; urgency=low instance, this gets us aarch64 support. * Install pam_timestamp_check - and while we're at it, move the manpage to the correct binary package. Closes: #648695. + * Update lintian overrides to suppress some noise about hardening and + manpages. -- Steve Langasek <vorlon@debian.org> Mon, 11 Feb 2013 19:00:19 -0800 diff --git a/debian/libpam-cracklib.lintian-overrides b/debian/libpam-cracklib.lintian-overrides new file mode 100644 index 00000000..c3d6b240 --- /dev/null +++ b/debian/libpam-cracklib.lintian-overrides @@ -0,0 +1,5 @@ +# This is afalse positive because it doesn't use any functions that need +# fortifying. Since we know we have hardening turned on globally, suppress +# this. If we ever see this warning again for *other* modules, then we know +# there's a real problem. +libpam-cracklib: hardening-no-fortify-functions lib/*/security/pam_cracklib.so diff --git a/debian/libpam-modules-bin.lintian-overrides b/debian/libpam-modules-bin.lintian-overrides index a4579766..56345417 100644 --- a/debian/libpam-modules-bin.lintian-overrides +++ b/debian/libpam-modules-bin.lintian-overrides @@ -1,3 +1,6 @@ # yes, we know it's sgid, that's the whole point... libpam-modules-bin: setgid-binary sbin/unix_chkpwd 2755 root/shadow - +# these manpages are in libpam-modules as they document both the module and +# the helper binary +libpam-modules-bin: binary-without-manpage sbin/pam_tally +libpam-modules-bin: binary-without-manpage sbin/pam_tally2 diff --git a/debian/libpam-modules.lintian-overrides b/debian/libpam-modules.lintian-overrides new file mode 100644 index 00000000..c6f25ec7 --- /dev/null +++ b/debian/libpam-modules.lintian-overrides @@ -0,0 +1,13 @@ +# These are false positives because they don't use any functions that need +# fortifying. Since we know we have hardening turned on globally, suppress +# them. If we ever see this warning again for *other* modules, then we know +# there's a real problem. +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_echo.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_filter.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_group.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_limits.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_shells.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_tally.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_tally2.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_time.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_wheel.so |