Red Hat Bugzilla – Bug 464554
open-cobol disables _FORTIFY_SOURCE
Last modified: 2008-10-21 12:05:03 EDT
Description of problem:
The open-cobol package disables the _FORTIFY_SOURCE security checks. This is a very bad idea! The buffer overflows must be fixed instead.
Version-Release number of selected component (if applicable):
Just look at the package...
Steps to Reproduce:
1. Look at the changelog. (I caught this while skimming through the rawhide report.)
"Remove _FORTIFY_SOURCE as adviced by the upstream" is not a valid reason to disable _FORTIFY_SOURCE. Instead, upstream should be hit with a clue-bat!
Ok, I have forwarded your bug report to the upstream author.
Suggest a retest using the latest version ie v1.1 and repost if needed.
Open Cobol has its own bug reporting facility at sourceforge.net/project/opencobol
Build with the current snapshot fails on i86 if _FORTIFY_SOURCE is enabled.
I have reported this bug as BZ #2140608 on sf.net
I have fixed this isse at open-cobol-1.0.95-1