Help with annocheck output

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I'm trying to understand why annocheck is complaining in [1] about
_FORTIFY_SOURCE and _GLIBCXX_ASSERTIONS when these flags are defined
(see [2]).

A specific example, the first function reported:

Hardened: /usr/lib/flexiblas/libflexiblas_fallback_lapack.so: FAIL:
fortify test because -D_FORTIFY_SOURCE=2 was not present on the
command line (function: sgbbrd_)

If we take a look at the build log, we see:

[ 34%] Building C object
src/CMakeFiles/flexiblas.dir/lapack_interface/wrapper/sgbbrd.c.o
cd /builddir/build/BUILD/flexiblas-3.2.0/build/src && /usr/bin/gcc
-DFLEXIBLAS_CBLAS -DFLEXIBLAS_LAPACK -D_FILE_OFFSET_BITS=64 -D_NONE_
-D_POSIX_C_SOURCE=200809L -Dflexiblas_EXPORTS
-I/builddir/build/BUILD/flexiblas-3.2.0/src
-I/builddir/build/BUILD/flexiblas-3.2.0/build/include
-I/builddir/build/BUILD/flexiblas-3.2.0/include
-I/builddir/build/BUILD/flexiblas-3.2.0/build
-I/builddir/build/BUILD/flexiblas-3.2.0/libcscutils/include
-I/builddir/build/BUILD/flexiblas-3.2.0/build/libcscutils/include
-I/builddir/build/BUILD/flexiblas-3.2.0/libcscutils/src
-I/builddir/build/BUILD/flexiblas-3.2.0/build/libcscutils/src
-I/builddir/build/BUILD/flexiblas-3.2.0/build/libcscutils/include/cscutils
-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches
-pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
-Wp,-D_GLIBCXX_ASSERTIONS
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
-fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
  -m64  -mtune=generic -fasynchronous-unwind-tables
-fstack-clash-protection -fcf-protection -fPIC -std=c99
-fstack-protector-strong -fstack-clash-protection
-D_FILE_OFFSET_BITS=64 -DNDEBUG -O3 -fPIC -MD -MT
src/CMakeFiles/flexiblas.dir/lapack_interface/wrapper/sgbbrd.c.o -MF
CMakeFiles/flexiblas.dir/lapack_interface/wrapper/sgbbrd.c.o.d -o
CMakeFiles/flexiblas.dir/lapack_interface/wrapper/sgbbrd.c.o -c
/builddir/build/BUILD/flexiblas-3.2.0/src/lapack_interface/wrapper/sgbbrd.c

So the flags are there. Is this a false positive or am I missing something?

[1] https://osci-jenkins-1.ci.fedoraproject.org/job/fedora-ci/job/rpminspect-pipeline/job/master/101025/testReport/(root)/tests/_annocheck/
[2] https://kojipkgs.fedoraproject.org//packages/flexiblas/3.2.0/2.fc37/data/logs/x86_64/build.log

-- 
Iñaki Úcar
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux