Bug 464554 - open-cobol disables _FORTIFY_SOURCE
open-cobol disables _FORTIFY_SOURCE
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: open-cobol (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jochen Schmitt
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-29 11:22 EDT by Kevin Kofler
Modified: 2008-10-21 12:05 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-21 12:05:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kevin Kofler 2008-09-29 11:22:47 EDT
Description of problem:
The open-cobol package disables the _FORTIFY_SOURCE security checks. This is a very bad idea! The buffer overflows must be fixed instead.

Version-Release number of selected component (if applicable):
open-cobol-1.0.90-4

How reproducible:
Just look at the package...

Steps to Reproduce:
1. Look at the changelog. (I caught this while skimming through the rawhide report.)
  
Actual results:
_FORTIFY_SOURCE disabled.

Expected results:
_FORTIFY_SOURCE used.

Additional info:
"Remove _FORTIFY_SOURCE as adviced by the upstream" is not a valid reason to disable _FORTIFY_SOURCE. Instead, upstream should be hit with a clue-bat!
Comment 1 Jochen Schmitt 2008-09-29 13:07:32 EDT
Ok, I have forwarded your bug report to the upstream author.
Comment 2 Vince Coen 2008-09-30 19:55:22 EDT
Suggest a retest using the latest version ie v1.1 and repost if needed.
Open Cobol has its own bug reporting facility at sourceforge.net/project/opencobol
Comment 3 Jochen Schmitt 2008-10-01 11:51:01 EDT
Build with the current snapshot fails on i86 if _FORTIFY_SOURCE is enabled.

I have reported this bug as BZ #2140608 on sf.net
Comment 4 Jochen Schmitt 2008-10-21 12:05:03 EDT
I have fixed this isse at open-cobol-1.0.95-1

Note You need to log in before you can comment on or make changes to this bug.