Task Todo List Prepare packages for -D_FORTIFY_SOURCE=3
2023-09-05 - kpcyrd
As specified in the RFC[1] we need to check packages that make use of `malloc_usable_size`:
> Some applications use malloc_usable_size (despite the glibc manual stating it is for diagnostic purposes only). This is currently incompatible with _FORTIFY_SOURCE=3, so these packages will need to continue using level 2 by modifying C{,XX}FLAGS in the PKGBUILD. A TODO list will be created for all such packages on adoption of this proposal.
This list was generated using a scanner[2] that runs `readelf -Ws <path>` on all ELF binaries and checks the output for mentions of `malloc_usable_size@GLIBC`.
A possible fix looks like this:
```
# this uses malloc_usable_size, which is incompatible with fortification level 3
export CFLAGS="${CFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
export CXXFLAGS="${CXXFLAGS/_FORTIFY_SOURCE=3/_FORTIFY_SOURCE=2}"
```
[1]: https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0017-increase-fortification-level.rst
[2]: https://github.com/kpcyrd/archlinux-scan-malloc-usable-size
[3]: https://gitlab.archlinux.org/archlinux/devtools/-/merge_requests/191
Filter Todo List Packages
| Arch | Repository | Name | Current Version | Staging Version | Maintainers | Status | Last Touched By |
|---|---|---|---|---|---|---|---|
| x86_64 | Extra | 0ad | a27-4 | svenstaro | Complete | kpcyrd | |
| any | Extra | aarch64-linux-gnu-glibc | 2.41-1 | anatolik | Complete | kpcyrd | |
| x86_64 | Extra | anura | svenstaro | Complete | kpcyrd | ||
| x86_64 | Extra | bcachefs-tools | 3:1.25.2-1 | freswa | Complete | kpcyrd | |
| x86_64 | Extra | blender | 17:4.4.1-1 | svenstaro, alerque | Complete | kpcyrd | |
| x86_64 | Extra | cardinal-clap | 24.12-1 | dvzrv | Complete | kpcyrd | |
| x86_64 | Extra | cardinal-lv2 | 24.12-1 | dvzrv | Complete | kpcyrd | |
| x86_64 | Extra | cardinal-standalone | 24.12-1 | dvzrv | Complete | kpcyrd | |
| x86_64 | Extra | cardinal-vst | 24.12-1 | dvzrv | Complete | kpcyrd | |
| x86_64 | Extra | cardinal-vst3 | 24.12-1 | dvzrv | Complete | kpcyrd | |
| x86_64 | Extra | cuda-tools | 12.8.1-1 | svenstaro, Lahwaacz, kgizdov | Complete | kpcyrd | |
| x86_64 | Extra | cuneiform | Complete | kpcyrd | |||
| x86_64 | Extra | deno | 2.2.7-1 | felixonmars | Complete | kpcyrd | |
| x86_64 | Extra | dotnet-runtime | 9.0.3.sdk104-1 | alucryd | Complete | kpcyrd | |
| x86_64 | Extra | dotnet-runtime-6.0 | 6.0.36.sdk136-2 | alucryd | Complete | kpcyrd | |
| x86_64 | Extra | dotnet-runtime-7.0 | 7.0.20.sdk120-2 | alucryd | Complete | kpcyrd | |
| x86_64 | Extra | dotnet-targeting-pack | 9.0.3.sdk104-1 | alucryd | Complete | kpcyrd | |
| x86_64 | Extra | dotnet-targeting-pack-6.0 | 6.0.36.sdk136-2 | alucryd | Complete | kpcyrd | |
| x86_64 | Extra | dotnet-targeting-pack-7.0 | 7.0.20.sdk120-2 | alucryd | Complete | kpcyrd | |
| x86_64 | Extra | dovecot | 2.3.21.1-3 | demize, foxxx0 | Complete | blakkheim | |
| x86_64 | Extra | emptyepsilon | 2024.08.09-1 | anthraxx | Complete | blakkheim | |
| x86_64 | Extra | firefox | 137.0.2-1 | heftig | Complete | heftig | |
| x86_64 | Extra | firefox-developer-edition | 138.0b9-1 | andrewSC | Complete | blakkheim | |
| x86_64 | Extra | giac | 1.9.0.998-1 | arojas | Complete | kpcyrd | |
| x86_64 | Core | glibc | 2.41+r9+ga900dbaf70f0-1 | grazzolini, freswa | Complete | freswa | |
| x86_64 | Extra | gnustep-base | 1.30.0-2 | Complete | kpcyrd | ||
| x86_64 | Extra | goxel | 0.15.1-1 | arodseth | Complete | arodseth | |
| x86_64 | Extra | intel-oneapi-basekit | 2025.0.1.46-1 | kgizdov, tpkessler | Complete | tpkessler | |
| x86_64 | Extra | js102 | heftig | Complete | heftig | ||
| x86_64 | Extra | js115 | 115.22.0-1 | heftig | Complete | heftig | |
| x86_64 | Extra | js91 | heftig | Complete | heftig | ||
| x86_64 | Core | lib32-glibc | 2.41+r9+ga900dbaf70f0-1 | grazzolini, freswa | Complete | freswa | |
| x86_64 | Multilib | lib32-nvidia-utils | 570.133.07-1 | svenstaro, felixonmars, dbermond, ptr1337 | Complete | kpcyrd | |
| x86_64 | Multilib | lib32-sqlite | 3.49.1-1 | lcarlier | Complete | kpcyrd | |
| x86_64 | Multilib | lib32-systemd | 257.5-1 | eworm | Complete | eworm | |
| x86_64 | Extra | libreoffice-fresh | 25.2.2-2 | andyrtr | Complete | andyrtr | |
| x86_64 | Extra | libreoffice-still | 24.8.6-2 | andyrtr | Complete | kpcyrd | |
| x86_64 | Extra | libtorrent-rasterbar | 1:2.0.11-3 | dbermond | Complete | kpcyrd | |
| x86_64 | Extra | libwebsockets | 4.3.5-1 | jelle, dvzrv | Complete | kpcyrd | |
| x86_64 | Extra | mariadb | 11.7.2-2 | eworm | Complete | eworm | |
| x86_64 | Extra | mosquitto | 2.0.21-1 | jelle, grawlinson | Complete | kpcyrd | |
| x86_64 | Extra | ncdu | 2.7-1 | anthraxx, daurnimator, Segaja | Complete | daurnimator | |
| x86_64 | Extra | neovide | 0.15.0-1 | alerque | Complete | alerque | |
| x86_64 | Extra | networkmanager | 1.52.0-1 | heftig | Complete | heftig | |
| x86_64 | Extra | nodejs | 23.9.0-1 | felixonmars, polyzen | Complete | kpcyrd | |
| x86_64 | Extra | nodejs-lts-iron | 20.19.0-1 | jelle | Complete | kpcyrd | |
| x86_64 | Extra | nvidia-utils | 570.133.07-1 | svenstaro, felixonmars, dbermond, ptr1337 | Complete | kpcyrd | |
| x86_64 | Extra | nvme-cli | 2.12-1 | Foxboron | Complete | kpcyrd | |
| x86_64 | Extra | openucx | 1.18.0-2 | Lahwaacz | Complete | kpcyrd | |
| x86_64 | Extra | osquery | 5.16.0-3 | anatolik, carsme | Complete | kpcyrd | |
| x86_64 | Extra | qbs | 2.6.0-1 | arojas | Complete | kpcyrd | |
| x86_64 | Extra | qt5-webengine | 5.15.18-6 | felixonmars, arojas | Complete | kpcyrd | |
| x86_64 | KDE-Unstable | qt6-webengine | 6.9.0-4 | arojas | Complete | kpcyrd | |
| any | Extra | riscv64-linux-gnu-glibc | 2.40-2 | felixonmars, FFY00, kpcyrd | Complete | kpcyrd | |
| x86_64 | Extra | river | 0.3.7-1 | andyrtr, daurnimator | Complete | daurnimator | |
| x86_64 | Extra | ruby | 3.3.7-2 | 3.4.3-2 | bastelfreak, Segaja | Complete | kpcyrd |
| x86_64 | Extra | ruby2.7 | Complete | kpcyrd | |||
| x86_64 | Extra | singular | 4.4.1-2 | arojas | Complete | kpcyrd | |
| x86_64 | Extra | sqlcipher | 4.6.1-1 | jlichtblau, carsme | Complete | kpcyrd | |
| x86_64 | Core | sqlite | 3.49.1-1 | andyrtr | Complete | blakkheim | |
| x86_64 | Core | sqlite-analyzer | 3.49.1-1 | andyrtr | Complete | andyrtr | |
| x86_64 | Core | systemd | 257.5-2 | eworm | Complete | eworm | |
| x86_64 | Core | systemd-libs | 257.5-2 | eworm | Complete | kpcyrd | |
| x86_64 | Extra | thunderbird | 137.0.1-1 | anthraxx, artafinde | Complete | artafinde | |
| x86_64 | Extra | warzone2100 | 4.5.5-1 | 4.5.5-2 | lcarlier, grawlinson | Complete | kpcyrd |
| x86_64 | Extra | waylock | 1.3.0-1 | dvzrv, daurnimator | Complete | kpcyrd | |
| x86_64 | Extra | z3 | 4.14.1-1 | anthraxx | Complete | kpcyrd |