Hi Skia, Thank you for your patch.
2025年11月22日(土) 2:21 Florent 'Skia' Jacquet <[email protected]>: > > Source: mmc-utils > Severity: wishlist > X-Debbugs-Cc: [email protected] > > Hello there, dear maintainer! > > Ubuntu currently carries multiple weird patches, all mostly due to the use of > _FORTIFY_SOURCE=3 there. > The upstream package already sets _FORTIFY_SOURCE=2, which doesn't conflict > with Debian, so everything is fine here. > Still, it's not very idiomatic in the sense that if one day Debian changes > its value, there will be a conflict, because specifying multiple time > _FORTIFY_SOURCE with different values is not allowed. > > The version currently in Debian (1.0-1) doesn't build with _FORTIFY_SOURCE=3, > so keeping upstream's value kinda make sense, but also prevents catching more > issues with stronger checks. > I've no idea how upstream would consider removing that definition to let > distros free to choose, and/or bumping the value to 3 with some code changes > to build with that, so I'll leave that to you. > > In the meantime, would you consider the following debdiff to make the package > more friendly to downstream distros that set a different value for > _FORTIFY_SOURCE? > ``` > diff -Nru mmc-utils-1.0/debian/rules mmc-utils-1.0/debian/rules > --- mmc-utils-1.0/debian/rules 2025-08-16 23:44:39.000000000 +0200 > +++ mmc-utils-1.0/debian/rules 2025-11-21 17:34:23.000000000 +0100 > @@ -1,6 +1,7 @@ > #!/usr/bin/make -f > > export DEB_BUILD_MAINT_OPTIONS = hardening=+all > +DEB_CPPFLAGS_MAINT_APPEND=-U_FORTIFY_SOURCE > DPKG_EXPORT_BUILDFLAGS = 1 > include /usr/share/dpkg/buildflags.mk > include /usr/share/dpkg/pkg-info.mk > ``` > As you pointed out, handling 'FORTIFY_SOURCE' records requires specific measures. However, I think this patch won't function correctly. In this patch, after ‘-U_FORTIFY_SOURCE’ disables it, ‘-D_FORTIFY_SOURCE=2’ becomes active. Consequently, ‘-D_FORTIFY_SOURCE=2’ remains in effect instead of ‘-D_FORTIFY_SOURCE=3’. I reviewed the Ubuntu build log, and it follows the same processing as described above. https://launchpadlibrarian.net/832860814/buildlog_ubuntu-resolute-amd64v3.mmc-utils_1.0-1ubuntu1_BUILDING.txt.gz ``` cc -Wdate-time -D_FORTIFY_SOURCE=3 -U_FORTIFY_SOURCE -Wall -Werror -Wuninitialized -Wundef -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2 -DVERSION=\"1.0\" -g -O2 -Werror=implicit-function-declaration -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -march=x86-64-v3 -fdebug-prefix-map=/<<PKGBUILDDIR>>=/usr/src/mmc-utils-1.0-1ubuntu1 -Wp,-MMD,./.mmc.o.d,-MT,mmc.o -c mmc.c -o mmc.o ``` This appears to be working correctly, but it will cause FTBFS with other issues, when ‘-D_FORTIFY_SOURCE=3’ is enabled. Therefore, if my understanding is correct, the fix would involve removing ‘-D_FORTIFY_SOURCE=2’ from the Makefile rather than modifying debian/rules. > Thanks > Skia > > Best regards, Nobuhiro -- Nobuhiro Iwamatsu iwamatsu at {nigauri.org / debian.org / kernel.org} GPG ID: 32247FBB40AD1FA6
