Arch Linux - Todo: Prepare packages for -D_FORTIFY

Task Todo List Prepare packages for -D_FORTIFY_SOURCE=3

Todo Notes

2023-09-05 - kpcyrd

As specified in the RFC[1] we need to check packages that make use of `malloc_usable_size`:

> Some applications use malloc_usable_size (despite the glibc manual stating it is for diagnostic purposes only). This is currently incompatible with _FORTIFY_SOURCE=3, so these packages will need to continue using level 2 by modifying C{,XX}FLAGS in the PKGBUILD. A TODO list will be created for all such packages on adoption of this proposal.

This list was generated using a scanner[2] that runs `readelf -Ws <path>` on all ELF binaries and checks the output for mentions of `malloc_usable_size@GLIBC`.

A possible fix looks like this:
```
# this uses malloc_usable_size, which is incompatible with fortification level 3
export CFLAGS="${CFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
export CXXFLAGS="${CXXFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
```

[1]: https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0017-increase-fortification-level.rst
[2]: https://github.com/kpcyrd/archlinux-scan-malloc-usable-size
[3]: https://gitlab.archlinux.org/archlinux/devtools/-/merge_requests/191

Link to lists of pkgbase values:

Filter Todo List Packages

Arch	Repository	Name	Current Version	Staging Version	Maintainers	Status	Last Touched By
x86_64	Extra	0ad	a26-12		svenstaro	Complete	kpcyrd
any	Extra	aarch64-linux-gnu-glibc	2.39-1		anatolik	Complete	kpcyrd
x86_64	Extra	anura	4.0.2-1		svenstaro	Complete	kpcyrd
x86_64	Extra	bcachefs-tools	3:1.7.0-1		freswa	Complete	kpcyrd
x86_64	Extra	blender	17:4.1.1-4		svenstaro, FFY00, freswa	Complete	kpcyrd
x86_64	Extra	cardinal-clap	24.04-1		dvzrv	Complete	kpcyrd
x86_64	Extra	cardinal-lv2	24.04-1		dvzrv	Complete	kpcyrd
x86_64	Extra	cardinal-standalone	24.04-1		dvzrv	Complete	kpcyrd
x86_64	Extra	cardinal-vst	24.04-1		dvzrv	Complete	kpcyrd
x86_64	Extra	cardinal-vst3	24.04-1		dvzrv	Complete	kpcyrd
x86_64	Extra	cuda-tools	12.4.1-2		svenstaro, Lahwaacz, kgizdov	Complete	kpcyrd
x86_64	Extra	cuneiform	1.1.0-22			Complete	kpcyrd
x86_64	Extra	deno	1.42.2-1		felixonmars	Complete	kpcyrd
x86_64	Extra	dotnet-runtime	8.0.4.sdk104-1		alucryd	Complete	kpcyrd
x86_64	Extra	dotnet-runtime-6.0	6.0.29.sdk129-1		alucryd	Complete	kpcyrd
x86_64	Extra	dotnet-runtime-7.0	7.0.18.sdk118-1		alucryd	Complete	kpcyrd
x86_64	Extra	dotnet-targeting-pack	8.0.4.sdk104-1		alucryd	Complete	kpcyrd
x86_64	Extra	dotnet-targeting-pack-6.0	6.0.29.sdk129-1		alucryd	Complete	kpcyrd
x86_64	Extra	dotnet-targeting-pack-7.0	7.0.18.sdk118-1		alucryd	Complete	kpcyrd
x86_64	Extra	dovecot	2.3.20-4		demize, foxxx0	Complete	blakkheim
x86_64	Extra	emptyepsilon	2023.06.17-2		anthraxx	Complete	blakkheim
x86_64	Extra	firefox	125.0.3-1		heftig	Complete	heftig
x86_64	Extra	firefox-developer-edition	126.0b8-1		andrewSC	Complete	blakkheim
x86_64	Extra	giac	1.9.0.97-1		arojas	Complete	kpcyrd
x86_64	Core	glibc	2.39-3		grazzolini, freswa	Complete	freswa
x86_64	Extra	gnustep-base	1.29.0-3			Complete	kpcyrd
x86_64	Extra	goxel	0.14.0-1		arodseth	Complete	arodseth
x86_64	Extra	intel-oneapi-basekit	2024.0.0.49564-3	2024.1.0.596-2	kgizdov, tpkessler	Complete	tpkessler
x86_64	Extra	js102	102.15.1-2		heftig	Complete	heftig
x86_64	Extra	js115	115.10.0-1		heftig	Complete	heftig
x86_64	Extra	js91	91.13.0-2		heftig	Complete	heftig
x86_64	Core	lib32-glibc	2.39-3		grazzolini, freswa	Complete	freswa
x86_64	Multilib	lib32-nvidia-utils	550.76-1		svenstaro, felixonmars	Complete	kpcyrd
x86_64	Multilib	lib32-sqlite	3.45.2-1		lcarlier	Complete	kpcyrd
x86_64	Multilib	lib32-systemd	255.5-1		eworm	Complete	eworm
x86_64	Extra	libreoffice-fresh	24.2.3-1		andyrtr	Complete	andyrtr
x86_64	Extra	libreoffice-still	7.6.6-3		andyrtr	Complete	kpcyrd
x86_64	Extra	libtorrent-rasterbar	1:2.0.10-2		felixonmars	Complete	kpcyrd
x86_64	Extra	libwebsockets	4.3.3-1		jelle, dvzrv	Complete	kpcyrd
x86_64	Extra	mariadb	11.3.2-1		eworm	Complete	eworm
x86_64	Extra	mosquitto	2.0.18-1		jelle, grawlinson	Complete	kpcyrd
x86_64	Extra	ncdu	2.4-1		anthraxx, daurnimator, Segaja	Complete	daurnimator
x86_64	Extra	neovide	0.12.2-1		alerque	Complete	alerque
x86_64	Extra	networkmanager	1.46.0-2		heftig	Complete	heftig
x86_64	Extra	nodejs	21.7.3-1		felixonmars	Complete	kpcyrd
x86_64	Extra	nodejs-lts-iron	20.12.2-1		jelle	Complete	kpcyrd
x86_64	Extra	nvidia-utils	550.76-3		svenstaro, felixonmars, daurnimator	Complete	kpcyrd
x86_64	Extra	nvme-cli	2.8-1		Foxboron, coderobe	Complete	kpcyrd
x86_64	Extra	openucx	1.16.0-1		Lahwaacz	Complete	kpcyrd
x86_64	Extra	osquery	5.7.0-1		anatolik	Complete	kpcyrd
x86_64	Extra	qbs	2.3.0-1		arojas	Complete	kpcyrd
x86_64	Extra	qt5-webengine	5.15.16-6		felixonmars, arojas	Complete	kpcyrd
x86_64	KDE-Unstable	qt6-webengine	6.7.0-1		arojas	Complete	kpcyrd
any	Extra	riscv64-linux-gnu-glibc	2.39-3		felixonmars, FFY00, kpcyrd	Complete	kpcyrd
x86_64	Extra	river	0.3.0-2		daurnimator	Complete	daurnimator
x86_64	Extra	ruby	3.0.6-1		anatolik, bastelfreak, Segaja	Complete	kpcyrd
x86_64	Extra	ruby2.7	2.7.8-1		anatolik	Complete	kpcyrd
x86_64	Extra	singular	4.3.2.p16-1		arojas	Complete	kpcyrd
x86_64	Extra	sqlcipher	4.5.5-1		jlichtblau	Complete	kpcyrd
x86_64	Core	sqlite	3.45.3-1		andyrtr	Complete	blakkheim
x86_64	Core	sqlite-analyzer	3.45.3-1		andyrtr	Complete	andyrtr
x86_64	Core	systemd	255.5-4		eworm	Complete	eworm
x86_64	Core	systemd-libs	255.5-4		eworm	Complete	kpcyrd
x86_64	Extra	thunderbird	115.10.1-1		anthraxx, artafinde	Complete	artafinde
x86_64	Extra	warzone2100	4.4.2-2		lcarlier	Complete	kpcyrd
x86_64	Extra	waylock	1.0.0-1		dvzrv, daurnimator	Complete	kpcyrd
x86_64	Extra	z3	4.13.0-2		anthraxx	Complete	kpcyrd