Task Todo List Prepare packages for -D_FORTIFY_SOURCE=3
Sept. 5, 2023 - kpcyrd
As specified in the RFC[1] we need to check packages that make use of `malloc_usable_size`:
> Some applications use malloc_usable_size (despite the glibc manual stating it is for diagnostic purposes only). This is currently incompatible with _FORTIFY_SOURCE=3, so these packages will need to continue using level 2 by modifying C{,XX}FLAGS in the PKGBUILD. A TODO list will be created for all such packages on adoption of this proposal.
This list was generated using a scanner[2] that runs `readelf -Ws <path>` on all ELF binaries and checks the output for mentions of `malloc_usable_size@GLIBC`.
A possible fix looks like this:
```
# this uses malloc_usable_size, which is incompatible with fortification level 3
export CFLAGS="${CFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
export CXXFLAGS="${CXXFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
```
[1]: https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0017-increase-fortification-level.rst
[2]: https://github.com/kpcyrd/archlinux-scan-malloc-usable-size
[3]: https://gitlab.archlinux.org/archlinux/devtools/-/merge_requests/191
Filter Todo List Packages
| Arch | Repository | Name | Current Version | Staging Version | Maintainers | Status | Last Touched By |
|---|---|---|---|---|---|---|---|
| x86_64 | Extra | 0ad | a26-17 | svenstaro | Complete | kpcyrd | |
| any | Extra | aarch64-linux-gnu-glibc | 2.39-1 | anatolik | Complete | kpcyrd | |
| x86_64 | Extra | anura | 4.0.2-2 | svenstaro | Complete | kpcyrd | |
| x86_64 | Extra | bcachefs-tools | 3:1.13.0-1 | freswa | Complete | kpcyrd | |
| x86_64 | Extra | blender | 17:4.2.3-6 | svenstaro | Complete | kpcyrd | |
| x86_64 | Extra | cardinal-clap | 24.09-1 | dvzrv | Complete | kpcyrd | |
| x86_64 | Extra | cardinal-lv2 | 24.09-1 | dvzrv | Complete | kpcyrd | |
| x86_64 | Extra | cardinal-standalone | 24.09-1 | dvzrv | Complete | kpcyrd | |
| x86_64 | Extra | cardinal-vst | 24.09-1 | dvzrv | Complete | kpcyrd | |
| x86_64 | Extra | cardinal-vst3 | 24.09-1 | dvzrv | Complete | kpcyrd | |
| x86_64 | Extra | cuda-tools | 12.6.2-2 | svenstaro, Lahwaacz, kgizdov | Complete | kpcyrd | |
| x86_64 | Extra | cuneiform | Complete | kpcyrd | |||
| x86_64 | Extra | deno | 1.46.3-2 | felixonmars | Complete | kpcyrd | |
| x86_64 | Extra | dotnet-runtime | 8.0.10.sdk110-1 | alucryd | Complete | kpcyrd | |
| x86_64 | Extra | dotnet-runtime-6.0 | 6.0.35.sdk135-1 | alucryd | Complete | kpcyrd | |
| x86_64 | Extra | dotnet-runtime-7.0 | 7.0.20.sdk120-1 | alucryd | Complete | kpcyrd | |
| x86_64 | Extra | dotnet-targeting-pack | 8.0.10.sdk110-1 | alucryd | Complete | kpcyrd | |
| x86_64 | Extra | dotnet-targeting-pack-6.0 | 6.0.35.sdk135-1 | alucryd | Complete | kpcyrd | |
| x86_64 | Extra | dotnet-targeting-pack-7.0 | 7.0.20.sdk120-1 | alucryd | Complete | kpcyrd | |
| x86_64 | Extra | dovecot | 2.3.21.1-1 | demize, foxxx0 | Complete | blakkheim | |
| x86_64 | Extra | emptyepsilon | 2024.08.09-1 | anthraxx | Complete | blakkheim | |
| x86_64 | Extra | firefox | 132.0.2-1 | heftig | Complete | heftig | |
| x86_64 | Extra | firefox-developer-edition | 133.0b8-1 | andrewSC | Complete | blakkheim | |
| x86_64 | Extra | giac | 1.9.0.996-3 | arojas | Complete | kpcyrd | |
| x86_64 | Core | glibc | 2.40+r16+gaa533d58ff-2 | grazzolini, freswa | Complete | freswa | |
| x86_64 | Extra | gnustep-base | 1.30.0-1 | Complete | kpcyrd | ||
| x86_64 | Extra | goxel | 0.15.1-1 | arodseth | Complete | arodseth | |
| x86_64 | Extra | intel-oneapi-basekit | 2024.1.0.596-3 | kgizdov, tpkessler | Complete | tpkessler | |
| x86_64 | Extra | js102 | heftig | Complete | heftig | ||
| x86_64 | Extra | js115 | 115.17.0-1 | heftig | Complete | heftig | |
| x86_64 | Extra | js91 | 91.13.0-2 | heftig | Complete | heftig | |
| x86_64 | Core | lib32-glibc | 2.40+r16+gaa533d58ff-2 | grazzolini, freswa | Complete | freswa | |
| x86_64 | Multilib | lib32-nvidia-utils | 565.57.01-1 | svenstaro, felixonmars, dbermond | Complete | kpcyrd | |
| x86_64 | Multilib | lib32-sqlite | 3.46.1-1 | lcarlier | Complete | kpcyrd | |
| x86_64 | Multilib | lib32-systemd | 256.7-1 | eworm | Complete | eworm | |
| x86_64 | Extra | libreoffice-fresh | 24.8.2-3 | andyrtr | Complete | andyrtr | |
| x86_64 | Extra | libreoffice-still | 24.2.7-2 | andyrtr | Complete | kpcyrd | |
| x86_64 | Extra | libtorrent-rasterbar | 1:2.0.10-3 | Complete | kpcyrd | ||
| x86_64 | Extra | libwebsockets | 4.3.3-1 | jelle, dvzrv | Complete | kpcyrd | |
| x86_64 | Extra | mariadb | 11.5.2-1 | eworm | Complete | eworm | |
| x86_64 | Extra | mosquitto | 2.0.18-3 | jelle, grawlinson | Complete | kpcyrd | |
| x86_64 | Extra | ncdu | 2.6-1 | anthraxx, daurnimator, Segaja | Complete | daurnimator | |
| x86_64 | Extra | neovide | 0.13.3-3 | alerque | Complete | alerque | |
| x86_64 | Extra | networkmanager | 1.50.0-1 | heftig | Complete | heftig | |
| x86_64 | Extra | nodejs | 23.1.0-1 | felixonmars, polyzen | Complete | kpcyrd | |
| x86_64 | Extra | nodejs-lts-iron | 20.18.0-1 | jelle | Complete | kpcyrd | |
| x86_64 | Extra | nvidia-utils | 565.57.01-1 | svenstaro, felixonmars, dbermond, daurnimator, ptr1337 | Complete | kpcyrd | |
| x86_64 | Extra | nvme-cli | 2.10.2-1 | Foxboron, coderobe | Complete | kpcyrd | |
| x86_64 | Extra | openucx | 1.17.0-3 | Lahwaacz | Complete | kpcyrd | |
| x86_64 | Extra | osquery | 5.13.1-2 | anatolik, carsme | Complete | kpcyrd | |
| x86_64 | Extra | qbs | 2.4.2-1 | arojas | Complete | kpcyrd | |
| x86_64 | Extra | qt5-webengine | 5.15.18-2 | felixonmars, arojas | Complete | kpcyrd | |
| x86_64 | KDE-Unstable | qt6-webengine | 6.8.0-8 | arojas | Complete | kpcyrd | |
| any | Extra | riscv64-linux-gnu-glibc | 2.40-2 | felixonmars, FFY00, kpcyrd | Complete | kpcyrd | |
| x86_64 | Extra | river | 0.3.5-2 | andyrtr, daurnimator | Complete | daurnimator | |
| x86_64 | Extra | ruby | 3.3.5-2 | anatolik, bastelfreak, Segaja | Complete | kpcyrd | |
| x86_64 | Extra | ruby2.7 | 2.7.8-1 | anatolik | Complete | kpcyrd | |
| x86_64 | Extra | singular | 4.4.0.p6-1 | arojas | Complete | kpcyrd | |
| x86_64 | Extra | sqlcipher | 4.6.0-1 | jlichtblau | Complete | kpcyrd | |
| x86_64 | Core | sqlite | 3.46.1-1 | andyrtr | Complete | blakkheim | |
| x86_64 | Core | sqlite-analyzer | 3.46.1-1 | andyrtr | Complete | andyrtr | |
| x86_64 | Core | systemd | 256.7-1 | eworm | Complete | eworm | |
| x86_64 | Core | systemd-libs | 256.7-1 | eworm | Complete | kpcyrd | |
| x86_64 | Extra | thunderbird | 128.4.2-1 | anthraxx, artafinde | Complete | artafinde | |
| x86_64 | Extra | warzone2100 | 4.5.3-1 | lcarlier | Complete | kpcyrd | |
| x86_64 | Extra | waylock | 1.3.0-1 | dvzrv, daurnimator | Complete | kpcyrd | |
| x86_64 | Extra | z3 | 4.13.0-2 | anthraxx | Complete | kpcyrd |