Task Todo List Prepare packages for -D_FORTIFY_SOURCE=3
As specified in the RFC[1] we need to check packages that make use of `malloc_usable_size`:
> Some applications use malloc_usable_size (despite the glibc manual stating it is for diagnostic purposes only). This is currently incompatible with _FORTIFY_SOURCE=3, so these packages will need to continue using level 2 by modifying C{,XX}FLAGS in the PKGBUILD. A TODO list will be created for all such packages on adoption of this proposal.
This list was generated using a scanner[2] that runs `readelf -Ws <path>` on all ELF binaries and checks the output for mentions of `malloc_usable_size@GLIBC`.
A possible fix looks like this:
```
# this uses malloc_usable_size, which is incompatible with fortification level 3
export CFLAGS="${CFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
export CXXFLAGS="${CXXFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
```
[1]: https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0017-increase-fortification-level.rst
[2]: https://github.com/kpcyrd/archlinux-scan-malloc-usable-size
[3]: https://gitlab.archlinux.org/archlinux/devtools/-/merge_requests/191
Filter Todo List Packages
Arch | Repository | Name | Current Version | Staging Version | Maintainers | Status | Last Touched By |
---|---|---|---|---|---|---|---|
x86_64 | Extra | 0ad | a26-10 | svenstaro | Incomplete | ||
any | Extra | aarch64-linux-gnu-glibc | 2.38-1 | anatolik | Incomplete | ||
x86_64 | Extra | anura | 4.0.0-3 | svenstaro | Incomplete | ||
x86_64 | Extra | blender | 17:3.6.2-6 | svenstaro, FFY00, freswa | Incomplete | ||
x86_64 | Extra | cardinal-clap | 23.09-1 | dvzrv | Complete | kpcyrd | |
x86_64 | Extra | cardinal-lv2 | 23.09-1 | dvzrv | Complete | kpcyrd | |
x86_64 | Extra | cardinal-standalone | 23.09-1 | dvzrv | Complete | kpcyrd | |
x86_64 | Extra | cardinal-vst | 23.09-1 | dvzrv | Complete | kpcyrd | |
x86_64 | Extra | cardinal-vst3 | 23.09-1 | dvzrv | Complete | kpcyrd | |
x86_64 | Extra | cuneiform | 1.1.0-22 | Complete | kpcyrd | ||
x86_64 | Extra | deno | 1.36.4-1 | felixonmars | Incomplete | ||
x86_64 | Extra | dotnet-runtime | 7.0.11.sdk111-1 | alucryd | Incomplete | ||
x86_64 | Extra | dotnet-runtime-6.0 | 6.0.22.sdk122-1 | alucryd | Incomplete | ||
x86_64 | Extra | dotnet-targeting-pack | 7.0.11.sdk111-1 | alucryd | Incomplete | ||
x86_64 | Extra | dotnet-targeting-pack-6.0 | 6.0.22.sdk122-1 | alucryd | Incomplete | ||
x86_64 | Extra | dovecot | 2.3.20-2 | demize, foxxx0 | Incomplete | ||
x86_64 | Extra | emptyepsilon | 2023.06.17-1 | anthraxx | Incomplete | ||
x86_64 | Extra | firefox | 117.0.1-1 | heftig | Complete | heftig | |
x86_64 | Extra | firefox-developer-edition | 118.0b9-1 | andrewSC | Incomplete | ||
x86_64 | Extra | giac | 1.9.0.61-1 | arojas | Incomplete | ||
x86_64 | Core | glibc | 2.38-4 | grazzolini, freswa | Complete | freswa | |
x86_64 | Extra | gnustep-base | 1.29.0-2 | Complete | kpcyrd | ||
x86_64 | Extra | goxel | 0.12.0-1 | arodseth | Incomplete | ||
x86_64 | Extra | intel-oneapi-basekit | 2023.2.0.49397-1 | kgizdov, tpkessler | Complete | tpkessler | |
x86_64 | Extra | js102 | 102.15.0-1 | heftig | Complete | heftig | |
x86_64 | Extra | js115 | 115.2.0-1 | heftig | Complete | heftig | |
x86_64 | Extra | js91 | 91.13.0-1 | heftig | Complete | heftig | |
x86_64 | Core | lib32-glibc | 2.38-4 | grazzolini, freswa | Complete | freswa | |
x86_64 | Multilib | lib32-sqlite | 3.43.1-1 | lcarlier | Incomplete | ||
x86_64 | Multilib | lib32-systemd | 254.4-1 | eworm | Complete | eworm | |
x86_64 | Extra | libreoffice-fresh | 7.6.1-1 | andyrtr | Complete | andyrtr | |
x86_64 | Extra | libtorrent-rasterbar | 1:2.0.9-3 | felixonmars | Complete | kpcyrd | |
x86_64 | Extra | libwebsockets | 4.3.2-3 | jelle, dvzrv | Incomplete | ||
x86_64 | Extra | mariadb | 11.1.2-1 | eworm | Complete | eworm | |
x86_64 | Extra | mosquitto | 2.0.18-1 | jelle | Incomplete | ||
x86_64 | Extra | ncdu | 2.3-1 | anthraxx, daurnimator, Segaja | Complete | daurnimator | |
x86_64 | Extra | neovide | 0.11.2-3 | alerque | Incomplete | ||
x86_64 | Extra | networkmanager | 1.44.0-1 | heftig | Complete | heftig | |
x86_64 | Extra | nodejs | 20.6.1-1 | felixonmars | Incomplete | ||
x86_64 | Extra | osquery | 5.7.0-1 | anatolik | Incomplete | ||
x86_64 | Extra | qbs | 2.1.1-1 | arojas | Incomplete | ||
x86_64 | Extra | qt5-webengine | 5.15.15-1 | felixonmars, arojas | Incomplete | ||
x86_64 | KDE-Unstable | qt6-webengine | 6.5.2-3 | arojas | Incomplete | ||
any | Extra | riscv64-linux-gnu-glibc | 2.36-1 | felixonmars, FFY00 | Incomplete | ||
x86_64 | Extra | river | 0.2.4-1 | daurnimator | Complete | daurnimator | |
x86_64 | Extra | ruby | 3.0.6-1 | anatolik, bastelfreak, Segaja | Incomplete | ||
x86_64 | Extra | ruby2.7 | 2.7.8-1 | anatolik | Incomplete | ||
x86_64 | Extra | singular | 4.3.2.p7-2 | arojas | Incomplete | ||
x86_64 | Extra | sqlcipher | 4.5.4-1 | jlichtblau | Incomplete | ||
x86_64 | Core | sqlite | 3.43.1-1 | andyrtr | Incomplete | alerque | |
x86_64 | Core | sqlite-analyzer | 3.43.1-1 | andyrtr | Complete | andyrtr | |
x86_64 | Core | systemd | 254.4-2 | eworm | Complete | eworm | |
x86_64 | Extra | thunderbird | 115.2.2-1 | anthraxx, artafinde | Complete | artafinde | |
x86_64 | Extra | warzone2100 | 4.3.5-1 | lcarlier | Incomplete | ||
x86_64 | Extra | z3 | 4.12.2-1 | felixonmars, anthraxx | Incomplete |