Bug#1091671: liboprf: unconditionally sets FORTIFY_SOURCE=2 flag

Sun, 29 Dec 2024 06:39:26 -0800 

Hi Gianfranco,

Thank you for this report + patch!

Stefan: what do you think about it?  Would you like to apply it upstream?
Or would you prefer to keep the default on FORTIFY_SOURCE=2?

Gianfranco: I'll wait on Stefan's reply and then decide on how to tackle this
in the Debian packaging.

Bye,

Joost


On Sun, Dec 29, 2024 at 03:12:34PM +0100, Gianfranco Costamagna wrote:
> Package: liboprf
> Version: 0.4.0-1
> Severity: normal
> Tags: patch
> 
> 
> 
> Hello, looks like the code is setting FORTIFY_SOURCE=2 directly from 
> makefile, not allowing to override
> it from outside.
> This is a build issue when people defaults e.g. to 3, something already done 
> by some distros, e.g. Ubuntu.
> 
> I took the liberty to patch the code and commit the patch on git
> 
> Description: Don't force fortify_source, we default to 3 in some architectures
> Author: Gianfranco Costamagna <locutusofb...@debian.org>
> Last-Update: 2024-12-11
> 
> --- liboprf-0.4.0.orig/src/noise_xk/example/makefile
> +++ liboprf-0.4.0/src/noise_xk/example/makefile
> @@ -6,7 +6,7 @@ CFLAGS        += -I../.. -I../include -I ../in
>                               -Wno-unknown-warning-option 
> -Wno-unused-but-set-variable \
>                               -Wno-unused-parameter -Wno-infinite-recursion 
> -fPIC \
>                               -g -fwrapv -D_BSD_SOURCE -D_DEFAULT_SOURCE 
> -DWITH_SODIUM \
> -                             -O2 -fstack-protector-strong 
> -D_FORTIFY_SOURCE=2 \
> +                             -O2 -fstack-protector-strong \
>                               -fasynchronous-unwind-tables -fpic 
> -Werror=format-security \
>                               -Werror=implicit-function-declaration 
> -Wl,-z,defs -Wl,-z,relro \
>                               -ftrapv -Wl,-z,noexecstack
> --- liboprf-0.4.0.orig/src/noise_xk/makefile
> +++ liboprf-0.4.0/src/noise_xk/makefile
> @@ -7,7 +7,7 @@ CFLAGS        += -Iinclude -I include/karmel -
>                               -Wno-unknown-warning-option 
> -Wno-unused-but-set-variable \
>                               -Wno-unused-parameter -Wno-infinite-recursion 
> -fpic \
>                               -g -fwrapv -D_BSD_SOURCE -D_DEFAULT_SOURCE 
> -DWITH_SODIUM \
> -                             -O2 -fstack-protector-strong 
> -D_FORTIFY_SOURCE=2 \
> +                             -O2 -fstack-protector-strong \
>                               -fasynchronous-unwind-tables -fpic \
>                               -Werror=format-security 
> -Werror=implicit-function-declaration \
>                               -ftrapv
> 
> 
> Thanks,
> 
> Gianfranco

Reply via email to