Task Todo List Prepare packages for -D_FORTIFY_SOURCE=3

2023-09-05 - kpcyrd

As specified in the RFC[1] we need to check packages that make use of `malloc_usable_size`:

> Some applications use malloc_usable_size (despite the glibc manual stating it is for diagnostic purposes only). This is currently incompatible with _FORTIFY_SOURCE=3, so these packages will need to continue using level 2 by modifying C{,XX}FLAGS in the PKGBUILD. A TODO list will be created for all such packages on adoption of this proposal.

This list was generated using a scanner[2] that runs `readelf -Ws <path>` on all ELF binaries and checks the output for mentions of `malloc_usable_size@GLIBC`.

A possible fix looks like this:
```
# this uses malloc_usable_size, which is incompatible with fortification level 3
export CFLAGS="${CFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
export CXXFLAGS="${CXXFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
```

[1]: https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0017-increase-fortification-level.rst
[2]: https://github.com/kpcyrd/archlinux-scan-malloc-usable-size
[3]: https://gitlab.archlinux.org/archlinux/devtools/-/merge_requests/191

Link to lists of pkgbase values:

Filter Todo List Packages

Select filter criteria
67 packages displayed out of 67 total packages.
Arch Repository Name Current Version Staging Version Maintainers Status Last Touched By
x86_64 Extra 0ad a26-12 svenstaro Complete kpcyrd
any Extra aarch64-linux-gnu-glibc 2.38-1 anatolik Complete kpcyrd
x86_64 Extra anura 4.0.2-1 svenstaro Complete kpcyrd
x86_64 Extra bcachefs-tools 3:1.6.4-1 freswa Complete kpcyrd
x86_64 Extra blender 17:4.0.2-14 svenstaro, FFY00, freswa Complete kpcyrd
x86_64 Extra cardinal-clap 23.10-1 dvzrv Complete kpcyrd
x86_64 Extra cardinal-lv2 23.10-1 dvzrv Complete kpcyrd
x86_64 Extra cardinal-standalone 23.10-1 dvzrv Complete kpcyrd
x86_64 Extra cardinal-vst 23.10-1 dvzrv Complete kpcyrd
x86_64 Extra cardinal-vst3 23.10-1 dvzrv Complete kpcyrd
x86_64 Extra cuda-tools 12.3.2-1 svenstaro, felixonmars, Lahwaacz, kgizdov Complete kpcyrd
x86_64 Extra cuneiform 1.1.0-22 Complete kpcyrd
x86_64 Extra deno 1.40.4-1 felixonmars Complete kpcyrd
x86_64 Extra dotnet-runtime 8.0.1.sdk101-1 alucryd Complete kpcyrd
x86_64 Extra dotnet-runtime-6.0 6.0.26.sdk126-1 alucryd Complete kpcyrd
x86_64 Extra dotnet-runtime-7.0 7.0.15.sdk115-1 alucryd Complete kpcyrd
x86_64 Extra dotnet-targeting-pack 8.0.1.sdk101-1 alucryd Complete kpcyrd
x86_64 Extra dotnet-targeting-pack-6.0 6.0.26.sdk126-1 alucryd Complete kpcyrd
x86_64 Extra dotnet-targeting-pack-7.0 7.0.15.sdk115-1 alucryd Complete kpcyrd
x86_64 Extra dovecot 2.3.20-4 demize, foxxx0 Complete blakkheim
x86_64 Extra emptyepsilon 2023.06.17-2 anthraxx Complete blakkheim
x86_64 Extra firefox 123.0-1 heftig Complete heftig
x86_64 Extra firefox-developer-edition 124.0b3-1 andrewSC Complete blakkheim
x86_64 Extra giac 1.9.0.93-1 arojas Complete kpcyrd
x86_64 Core glibc 2.39-1 grazzolini, freswa Complete freswa
x86_64 Extra gnustep-base 1.29.0-3 Complete kpcyrd
x86_64 Extra goxel 0.14.0-1 arodseth Complete arodseth
x86_64 Extra intel-oneapi-basekit 2024.0.0.49564-2 kgizdov, tpkessler Complete tpkessler
x86_64 Extra js102 102.15.0-1 heftig Complete heftig
x86_64 Extra js115 115.8.0-1 heftig Complete heftig
x86_64 Extra js91 91.13.0-1 heftig Complete heftig
x86_64 Core lib32-glibc 2.39-1 grazzolini, freswa Complete freswa
x86_64 Multilib lib32-nvidia-utils 545.29.06-1 svenstaro, felixonmars Complete kpcyrd
x86_64 Multilib lib32-sqlite 3.45.0-1 lcarlier Complete kpcyrd
x86_64 Multilib lib32-systemd 255.3-1 eworm Complete eworm
x86_64 Extra libreoffice-fresh 24.2.0-2 andyrtr Complete andyrtr
x86_64 Extra libreoffice-still 7.6.5-1 andyrtr Complete kpcyrd
x86_64 Extra libtorrent-rasterbar 1:2.0.9-3 felixonmars Complete kpcyrd
x86_64 Extra libwebsockets 4.3.3-1 jelle, dvzrv Complete kpcyrd
x86_64 Extra mariadb 11.3.2-1 eworm Complete eworm
x86_64 Extra mosquitto 2.0.18-1 jelle, grawlinson Complete kpcyrd
x86_64 Extra ncdu 2.3-1 anthraxx, daurnimator, Segaja Complete daurnimator
x86_64 Extra neovide 0.12.2-1 alerque Complete alerque
x86_64 Extra networkmanager 1.46.0-2 heftig Complete heftig
x86_64 Extra nodejs 21.6.2-1 felixonmars Complete kpcyrd
x86_64 Extra nodejs-lts-iron 20.11.1-1 jelle Complete kpcyrd
x86_64 Extra nvidia-utils 545.29.06-4 svenstaro, felixonmars, daurnimator Complete kpcyrd
x86_64 Extra nvme-cli 2.8-1 Foxboron, coderobe Complete kpcyrd
x86_64 Extra openucx 1.15.0-2 Lahwaacz Complete kpcyrd
x86_64 Extra osquery 5.7.0-1 anatolik Complete kpcyrd
x86_64 Extra qbs 2.2.2-1 arojas Complete kpcyrd
x86_64 Extra qt5-webengine 5.15.16-3 felixonmars, arojas Complete kpcyrd
x86_64 KDE-Unstable qt6-webengine 6.6.2-1 arojas Complete kpcyrd
any Extra riscv64-linux-gnu-glibc 2.36-1 felixonmars, FFY00, kpcyrd Complete kpcyrd
x86_64 Extra river 0.2.6-1 daurnimator Complete daurnimator
x86_64 Extra ruby 3.0.6-1 anatolik, bastelfreak, Segaja Complete kpcyrd
x86_64 Extra ruby2.7 2.7.8-1 anatolik Complete kpcyrd
x86_64 Extra singular 4.3.2.p15-1 arojas Complete kpcyrd
x86_64 Extra sqlcipher 4.5.5-1 jlichtblau Complete kpcyrd
x86_64 Core sqlite 3.45.1-1 andyrtr Complete blakkheim
x86_64 Core sqlite-analyzer 3.45.1-1 andyrtr Complete andyrtr
x86_64 Core systemd 255.3-1 eworm Complete eworm
x86_64 Core systemd-libs 255.3-1 eworm Complete kpcyrd
x86_64 Extra thunderbird 115.8.0-1 anthraxx, artafinde Complete artafinde
x86_64 Extra warzone2100 4.4.2-2 lcarlier Complete kpcyrd
x86_64 Extra waylock 0.6.5-1 dvzrv, daurnimator Complete kpcyrd
x86_64 Extra z3 4.12.5-1 anthraxx Complete kpcyrd