Task Todo List Prepare packages for -D_FORTIFY_SOURCE=3
As specified in the RFC[1] we need to check packages that make use of `malloc_usable_size`:
> Some applications use malloc_usable_size (despite the glibc manual stating it is for diagnostic purposes only). This is currently incompatible with _FORTIFY_SOURCE=3, so these packages will need to continue using level 2 by modifying C{,XX}FLAGS in the PKGBUILD. A TODO list will be created for all such packages on adoption of this proposal.
This list was generated using a scanner[2] that runs `readelf -Ws <path>` on all ELF binaries and checks the output for mentions of `malloc_usable_size@GLIBC`.
A possible fix looks like this:
```
# this uses malloc_usable_size, which is incompatible with fortification level 3
export CFLAGS="${CFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
export CXXFLAGS="${CXXFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
```
[1]: https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0017-increase-fortification-level.rst
[2]: https://github.com/kpcyrd/archlinux-scan-malloc-usable-size
[3]: https://gitlab.archlinux.org/archlinux/devtools/-/merge_requests/191
Filter Todo List Packages
Arch | Repository | Name | Current Version | Staging Version | Maintainers | Status | Last Touched By |
---|---|---|---|---|---|---|---|
x86_64 | Extra | 0ad | a26-12 | svenstaro | Complete | kpcyrd | |
any | Extra | aarch64-linux-gnu-glibc | 2.39-1 | anatolik | Complete | kpcyrd | |
x86_64 | Extra | anura | 4.0.2-1 | svenstaro | Complete | kpcyrd | |
x86_64 | Extra | bcachefs-tools | 3:1.7.0-1 | freswa | Complete | kpcyrd | |
x86_64 | Extra | blender | 17:4.1.1-4 | svenstaro, FFY00, freswa | Complete | kpcyrd | |
x86_64 | Extra | cardinal-clap | 24.04-1 | dvzrv | Complete | kpcyrd | |
x86_64 | Extra | cardinal-lv2 | 24.04-1 | dvzrv | Complete | kpcyrd | |
x86_64 | Extra | cardinal-standalone | 24.04-1 | dvzrv | Complete | kpcyrd | |
x86_64 | Extra | cardinal-vst | 24.04-1 | dvzrv | Complete | kpcyrd | |
x86_64 | Extra | cardinal-vst3 | 24.04-1 | dvzrv | Complete | kpcyrd | |
x86_64 | Extra | cuda-tools | 12.4.1-2 | svenstaro, Lahwaacz, kgizdov | Complete | kpcyrd | |
x86_64 | Extra | cuneiform | 1.1.0-22 | Complete | kpcyrd | ||
x86_64 | Extra | deno | 1.42.2-1 | felixonmars | Complete | kpcyrd | |
x86_64 | Extra | dotnet-runtime | 8.0.4.sdk104-1 | alucryd | Complete | kpcyrd | |
x86_64 | Extra | dotnet-runtime-6.0 | 6.0.29.sdk129-1 | alucryd | Complete | kpcyrd | |
x86_64 | Extra | dotnet-runtime-7.0 | 7.0.18.sdk118-1 | alucryd | Complete | kpcyrd | |
x86_64 | Extra | dotnet-targeting-pack | 8.0.4.sdk104-1 | alucryd | Complete | kpcyrd | |
x86_64 | Extra | dotnet-targeting-pack-6.0 | 6.0.29.sdk129-1 | alucryd | Complete | kpcyrd | |
x86_64 | Extra | dotnet-targeting-pack-7.0 | 7.0.18.sdk118-1 | alucryd | Complete | kpcyrd | |
x86_64 | Extra | dovecot | 2.3.20-4 | demize, foxxx0 | Complete | blakkheim | |
x86_64 | Extra | emptyepsilon | 2023.06.17-2 | anthraxx | Complete | blakkheim | |
x86_64 | Extra | firefox | 125.0.3-1 | heftig | Complete | heftig | |
x86_64 | Extra | firefox-developer-edition | 126.0b8-1 | andrewSC | Complete | blakkheim | |
x86_64 | Extra | giac | 1.9.0.97-1 | arojas | Complete | kpcyrd | |
x86_64 | Core | glibc | 2.39-3 | grazzolini, freswa | Complete | freswa | |
x86_64 | Extra | gnustep-base | 1.29.0-3 | Complete | kpcyrd | ||
x86_64 | Extra | goxel | 0.14.0-1 | arodseth | Complete | arodseth | |
x86_64 | Extra | intel-oneapi-basekit | 2024.0.0.49564-3 | 2024.1.0.596-2 | kgizdov, tpkessler | Complete | tpkessler |
x86_64 | Extra | js102 | 102.15.1-2 | heftig | Complete | heftig | |
x86_64 | Extra | js115 | 115.10.0-1 | heftig | Complete | heftig | |
x86_64 | Extra | js91 | 91.13.0-2 | heftig | Complete | heftig | |
x86_64 | Core | lib32-glibc | 2.39-3 | grazzolini, freswa | Complete | freswa | |
x86_64 | Multilib | lib32-nvidia-utils | 550.76-1 | svenstaro, felixonmars | Complete | kpcyrd | |
x86_64 | Multilib | lib32-sqlite | 3.45.2-1 | lcarlier | Complete | kpcyrd | |
x86_64 | Multilib | lib32-systemd | 255.5-1 | eworm | Complete | eworm | |
x86_64 | Extra | libreoffice-fresh | 24.2.3-1 | andyrtr | Complete | andyrtr | |
x86_64 | Extra | libreoffice-still | 7.6.6-3 | andyrtr | Complete | kpcyrd | |
x86_64 | Extra | libtorrent-rasterbar | 1:2.0.10-2 | felixonmars | Complete | kpcyrd | |
x86_64 | Extra | libwebsockets | 4.3.3-1 | jelle, dvzrv | Complete | kpcyrd | |
x86_64 | Extra | mariadb | 11.3.2-1 | eworm | Complete | eworm | |
x86_64 | Extra | mosquitto | 2.0.18-1 | jelle, grawlinson | Complete | kpcyrd | |
x86_64 | Extra | ncdu | 2.4-1 | anthraxx, daurnimator, Segaja | Complete | daurnimator | |
x86_64 | Extra | neovide | 0.12.2-1 | alerque | Complete | alerque | |
x86_64 | Extra | networkmanager | 1.46.0-2 | heftig | Complete | heftig | |
x86_64 | Extra | nodejs | 21.7.3-1 | felixonmars | Complete | kpcyrd | |
x86_64 | Extra | nodejs-lts-iron | 20.12.2-1 | jelle | Complete | kpcyrd | |
x86_64 | Extra | nvidia-utils | 550.76-3 | svenstaro, felixonmars, daurnimator | Complete | kpcyrd | |
x86_64 | Extra | nvme-cli | 2.8-1 | Foxboron, coderobe | Complete | kpcyrd | |
x86_64 | Extra | openucx | 1.16.0-1 | Lahwaacz | Complete | kpcyrd | |
x86_64 | Extra | osquery | 5.7.0-1 | anatolik | Complete | kpcyrd | |
x86_64 | Extra | qbs | 2.3.0-1 | arojas | Complete | kpcyrd | |
x86_64 | Extra | qt5-webengine | 5.15.16-6 | felixonmars, arojas | Complete | kpcyrd | |
x86_64 | KDE-Unstable | qt6-webengine | 6.7.0-1 | arojas | Complete | kpcyrd | |
any | Extra | riscv64-linux-gnu-glibc | 2.39-3 | felixonmars, FFY00, kpcyrd | Complete | kpcyrd | |
x86_64 | Extra | river | 0.3.0-2 | daurnimator | Complete | daurnimator | |
x86_64 | Extra | ruby | 3.0.6-1 | anatolik, bastelfreak, Segaja | Complete | kpcyrd | |
x86_64 | Extra | ruby2.7 | 2.7.8-1 | anatolik | Complete | kpcyrd | |
x86_64 | Extra | singular | 4.3.2.p16-1 | arojas | Complete | kpcyrd | |
x86_64 | Extra | sqlcipher | 4.5.5-1 | jlichtblau | Complete | kpcyrd | |
x86_64 | Core | sqlite | 3.45.3-1 | andyrtr | Complete | blakkheim | |
x86_64 | Core | sqlite-analyzer | 3.45.3-1 | andyrtr | Complete | andyrtr | |
x86_64 | Core | systemd | 255.5-4 | eworm | Complete | eworm | |
x86_64 | Core | systemd-libs | 255.5-4 | eworm | Complete | kpcyrd | |
x86_64 | Extra | thunderbird | 115.10.1-1 | anthraxx, artafinde | Complete | artafinde | |
x86_64 | Extra | warzone2100 | 4.4.2-2 | lcarlier | Complete | kpcyrd | |
x86_64 | Extra | waylock | 1.0.0-1 | dvzrv, daurnimator | Complete | kpcyrd | |
x86_64 | Extra | z3 | 4.13.0-2 | anthraxx | Complete | kpcyrd |