Task Todo List Prepare packages for -D_FORTIFY_SOURCE=3

2023-09-05 - kpcyrd

As specified in the RFC[1] we need to check packages that make use of `malloc_usable_size`:

> Some applications use malloc_usable_size (despite the glibc manual stating it is for diagnostic purposes only). This is currently incompatible with _FORTIFY_SOURCE=3, so these packages will need to continue using level 2 by modifying C{,XX}FLAGS in the PKGBUILD. A TODO list will be created for all such packages on adoption of this proposal.

This list was generated using a scanner[2] that runs `readelf -Ws <path>` on all ELF binaries and checks the output for mentions of `malloc_usable_size@GLIBC`.

A possible fix looks like this:
```
# this uses malloc_usable_size, which is incompatible with fortification level 3
export CFLAGS="${CFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
export CXXFLAGS="${CXXFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
```

[1]: https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0017-increase-fortification-level.rst
[2]: https://github.com/kpcyrd/archlinux-scan-malloc-usable-size
[3]: https://gitlab.archlinux.org/archlinux/devtools/-/merge_requests/191

Link to lists of pkgbase values:

Filter Todo List Packages

Select filter criteria
55 packages displayed out of 55 total packages.
Arch Repository Name Current Version Staging Version Maintainers Status Last Touched By
x86_64 Extra 0ad a26-10 svenstaro Incomplete
any Extra aarch64-linux-gnu-glibc 2.38-1 anatolik Incomplete
x86_64 Extra anura 4.0.0-3 svenstaro Incomplete
x86_64 Extra blender 17:3.6.2-6 svenstaro, FFY00, freswa Incomplete
x86_64 Extra cardinal-clap 23.09-1 dvzrv Complete kpcyrd
x86_64 Extra cardinal-lv2 23.09-1 dvzrv Complete kpcyrd
x86_64 Extra cardinal-standalone 23.09-1 dvzrv Complete kpcyrd
x86_64 Extra cardinal-vst 23.09-1 dvzrv Complete kpcyrd
x86_64 Extra cardinal-vst3 23.09-1 dvzrv Complete kpcyrd
x86_64 Extra cuneiform 1.1.0-22 Complete kpcyrd
x86_64 Extra deno 1.36.4-1 felixonmars Incomplete
x86_64 Extra dotnet-runtime 7.0.11.sdk111-1 alucryd Incomplete
x86_64 Extra dotnet-runtime-6.0 6.0.22.sdk122-1 alucryd Incomplete
x86_64 Extra dotnet-targeting-pack 7.0.11.sdk111-1 alucryd Incomplete
x86_64 Extra dotnet-targeting-pack-6.0 6.0.22.sdk122-1 alucryd Incomplete
x86_64 Extra dovecot 2.3.20-2 demize, foxxx0 Incomplete
x86_64 Extra emptyepsilon 2023.06.17-1 anthraxx Incomplete
x86_64 Extra firefox 117.0.1-1 heftig Complete heftig
x86_64 Extra firefox-developer-edition 118.0b9-1 andrewSC Incomplete
x86_64 Extra giac 1.9.0.61-1 arojas Incomplete
x86_64 Core glibc 2.38-4 grazzolini, freswa Complete freswa
x86_64 Extra gnustep-base 1.29.0-2 Complete kpcyrd
x86_64 Extra goxel 0.12.0-1 arodseth Incomplete
x86_64 Extra intel-oneapi-basekit 2023.2.0.49397-1 kgizdov, tpkessler Complete tpkessler
x86_64 Extra js102 102.15.0-1 heftig Complete heftig
x86_64 Extra js115 115.2.0-1 heftig Complete heftig
x86_64 Extra js91 91.13.0-1 heftig Complete heftig
x86_64 Core lib32-glibc 2.38-4 grazzolini, freswa Complete freswa
x86_64 Multilib lib32-sqlite 3.43.1-1 lcarlier Incomplete
x86_64 Multilib lib32-systemd 254.4-1 eworm Complete eworm
x86_64 Extra libreoffice-fresh 7.6.1-1 andyrtr Complete andyrtr
x86_64 Extra libtorrent-rasterbar 1:2.0.9-3 felixonmars Complete kpcyrd
x86_64 Extra libwebsockets 4.3.2-3 jelle, dvzrv Incomplete
x86_64 Extra mariadb 11.1.2-1 eworm Complete eworm
x86_64 Extra mosquitto 2.0.18-1 jelle Incomplete
x86_64 Extra ncdu 2.3-1 anthraxx, daurnimator, Segaja Complete daurnimator
x86_64 Extra neovide 0.11.2-3 alerque Incomplete
x86_64 Extra networkmanager 1.44.0-1 heftig Complete heftig
x86_64 Extra nodejs 20.6.1-1 felixonmars Incomplete
x86_64 Extra osquery 5.7.0-1 anatolik Incomplete
x86_64 Extra qbs 2.1.1-1 arojas Incomplete
x86_64 Extra qt5-webengine 5.15.15-1 felixonmars, arojas Incomplete
x86_64 KDE-Unstable qt6-webengine 6.5.2-3 arojas Incomplete
any Extra riscv64-linux-gnu-glibc 2.36-1 felixonmars, FFY00 Incomplete
x86_64 Extra river 0.2.4-1 daurnimator Complete daurnimator
x86_64 Extra ruby 3.0.6-1 anatolik, bastelfreak, Segaja Incomplete
x86_64 Extra ruby2.7 2.7.8-1 anatolik Incomplete
x86_64 Extra singular 4.3.2.p7-2 arojas Incomplete
x86_64 Extra sqlcipher 4.5.4-1 jlichtblau Incomplete
x86_64 Core sqlite 3.43.1-1 andyrtr Incomplete alerque
x86_64 Core sqlite-analyzer 3.43.1-1 andyrtr Complete andyrtr
x86_64 Core systemd 254.4-2 eworm Complete eworm
x86_64 Extra thunderbird 115.2.2-1 anthraxx, artafinde Complete artafinde
x86_64 Extra warzone2100 4.3.5-1 lcarlier Incomplete
x86_64 Extra z3 4.12.2-1 felixonmars, anthraxx Incomplete