this is a bug, the rest of liboprf was already using level 3. thank you for pointing this out.
fixed upstream: https://github.com/stef/liboprf/commit/ce3f2aa7bb113dc2ca385e602344e0db3925c09c On Sun, Dec 29, 2024 at 03:28:03PM +0100, Joost van Baal-Ilić wrote: > Hi Gianfranco, > > Thank you for this report + patch! > > Stefan: what do you think about it? Would you like to apply it upstream? > Or would you prefer to keep the default on FORTIFY_SOURCE=2? > > Gianfranco: I'll wait on Stefan's reply and then decide on how to tackle this > in the Debian packaging. > > Bye, > > Joost > > > On Sun, Dec 29, 2024 at 03:12:34PM +0100, Gianfranco Costamagna wrote: > > Package: liboprf > > Version: 0.4.0-1 > > Severity: normal > > Tags: patch > > > > > > > > Hello, looks like the code is setting FORTIFY_SOURCE=2 directly from > > makefile, not allowing to override > > it from outside. > > This is a build issue when people defaults e.g. to 3, something already > > done by some distros, e.g. Ubuntu. > > > > I took the liberty to patch the code and commit the patch on git > > > > Description: Don't force fortify_source, we default to 3 in some > > architectures > > Author: Gianfranco Costamagna <[email protected]> > > Last-Update: 2024-12-11 > > > > --- liboprf-0.4.0.orig/src/noise_xk/example/makefile > > +++ liboprf-0.4.0/src/noise_xk/example/makefile > > @@ -6,7 +6,7 @@ CFLAGS += -I../.. -I../include -I ../in > > -Wno-unknown-warning-option > > -Wno-unused-but-set-variable \ > > -Wno-unused-parameter -Wno-infinite-recursion > > -fPIC \ > > -g -fwrapv -D_BSD_SOURCE -D_DEFAULT_SOURCE > > -DWITH_SODIUM \ > > - -O2 -fstack-protector-strong > > -D_FORTIFY_SOURCE=2 \ > > + -O2 -fstack-protector-strong \ > > -fasynchronous-unwind-tables -fpic > > -Werror=format-security \ > > -Werror=implicit-function-declaration > > -Wl,-z,defs -Wl,-z,relro \ > > -ftrapv -Wl,-z,noexecstack > > --- liboprf-0.4.0.orig/src/noise_xk/makefile > > +++ liboprf-0.4.0/src/noise_xk/makefile > > @@ -7,7 +7,7 @@ CFLAGS += -Iinclude -I include/karmel - > > -Wno-unknown-warning-option > > -Wno-unused-but-set-variable \ > > -Wno-unused-parameter -Wno-infinite-recursion > > -fpic \ > > -g -fwrapv -D_BSD_SOURCE -D_DEFAULT_SOURCE > > -DWITH_SODIUM \ > > - -O2 -fstack-protector-strong > > -D_FORTIFY_SOURCE=2 \ > > + -O2 -fstack-protector-strong \ > > -fasynchronous-unwind-tables -fpic \ > > -Werror=format-security > > -Werror=implicit-function-declaration \ > > -ftrapv > > > > > > Thanks, > > > > Gianfranco > ---end quoted text---
