FS#71372 - [glhack] FTBFS lacks FULL RELRO unsafe printf usage

Attached to Project: Community Packages
Opened by loqs (loqs) - Sunday, 27 June 2021, 13:35 GMT
Last edited by George Rawlinson (rawlinsong) - Wednesday, 09 August 2023, 09:16 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Levente Polyak (anthraxx)
Architecture All
Severity Very Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
glhack fails during package due to the games group not being present because the systemd package which provides sysusers.d is not installed.

glhack's Makefile does not use LDFLAGS leading to a lack of FULL RELRO.

[3] Applies the changes for the issues above as well as applying a patch from Debian [2] for unsafe printf use.

Additional info:
* glhack 1.2-9
*  FS#66762 
[1] glhack-1.2-9-x86_64-package.log.xz
[2] https://sources.debian.org/data/main/g/glhack/1.2-4/debian/patches/07-harden-build-flags.patch
[3] PKGBUILD.diff

Steps to reproduce:
extra-x86_64-build
   glhack-1.2-9-x86_64-package.l... (0.6 KiB)
   PKGBUILD.diff (34.9 KiB)
This task depends upon

Closed by  George Rawlinson (rawlinsong)
Wednesday, 09 August 2023, 09:16 GMT
Reason for closing:  Fixed
Additional comments about closing:  1.2-10
Comment by George Rawlinson (rawlinsong) - Sunday, 27 June 2021, 18:22 GMT
Arch Linux tries to package from upstream without patches, therefore the patch from Debian needs to be submitted to the upstream project.
Comment by loqs (loqs) - Sunday, 27 June 2021, 20:44 GMT
There has been no upstream activity in the last fifteen years, Thu Jun 24 11:17:41 2004 is the most recent revision to the CVS, which is in read only archive mode as sourceforuge decommissioned CVS support [1].
You could contact Debian and ask if they submitted the patch authored eight years after glhack's last commit to upstream.

Alternatively to applying the patch -Wnoerror=format-security can be used to override -Werror=format-security.

[1] https://sourceforge.net/blog/decommissioning-cvs-for-commits/
Comment by Buggy McBugFace (bugbot) - Tuesday, 08 August 2023, 19:11 GMT
This is an automated comment as this bug is open for more then 2 years. Please reply if you still experience this bug otherwise this issue will be closed after 1 month.
Comment by loqs (loqs) - Tuesday, 08 August 2023, 22:17 GMT
Updated PKGBUILD.diff for change to sha256sums and switch to git.
   PKGBUILD.diff (35 KiB)

Loading...