Bug 464554 - open-cobol disables _FORTIFY_SOURCE
Summary: open-cobol disables _FORTIFY_SOURCE
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: open-cobol
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jochen Schmitt
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-09-29 15:22 UTC by Kevin Kofler
Modified: 2008-10-21 16:05 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-10-21 16:05:03 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Kevin Kofler 2008-09-29 15:22:47 UTC 
Description of problem:
The open-cobol package disables the _FORTIFY_SOURCE security checks. This is a very bad idea! The buffer overflows must be fixed instead.

Version-Release number of selected component (if applicable):
open-cobol-1.0.90-4

How reproducible:
Just look at the package...

Steps to Reproduce:
1. Look at the changelog. (I caught this while skimming through the rawhide report.)
  
Actual results:
_FORTIFY_SOURCE disabled.

Expected results:
_FORTIFY_SOURCE used.

Additional info:
"Remove _FORTIFY_SOURCE as adviced by the upstream" is not a valid reason to disable _FORTIFY_SOURCE. Instead, upstream should be hit with a clue-bat!
Comment 1 Jochen Schmitt 2008-09-29 17:07:32 UTC 
Ok, I have forwarded your bug report to the upstream author.
Comment 2 Vince Coen 2008-09-30 23:55:22 UTC 
Suggest a retest using the latest version ie v1.1 and repost if needed.
Open Cobol has its own bug reporting facility at sourceforge.net/project/opencobol
Comment 3 Jochen Schmitt 2008-10-01 15:51:01 UTC 
Build with the current snapshot fails on i86 if _FORTIFY_SOURCE is enabled.

I have reported this bug as BZ #2140608 on sf.net
Comment 4 Jochen Schmitt 2008-10-21 16:05:03 UTC 
I have fixed this isse at open-cobol-1.0.95-1
Note You need to log in before you can comment on or make changes to this bug.