909093 – media-libs/svt-av1 redefines _FORTIFY_SOURCE (HARDENED-SYSTEM)

Bug 909093 - media-libs/svt-av1 redefines _FORTIFY_SOURCE (HARDENED-SYSTEM)

Summary: media-libs/svt-av1 redefines _FORTIFY_SOURCE (HARDENED-SYSTEM)

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal with 1 vote (vote)
Assignee:	Gentoo Media-video project

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-06-24 19:49 UTC by genBTC
Modified:	2024-01-28 21:01 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
svt-av1 build.log (svt-av1-141.log,621.67 KB, text/x-log) 2023-06-24 19:50 UTC, genBTC	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description genBTC 2023-06-24 19:49:22 UTC

Issue: media-libs/svt-av1-1.4.1 overwrites CFLAGS/CXXFLAGS (HARDENED-SYSTEM).

NOTE:
(HARDENED-SYSTEM) in the summary means that the bug was found on a machine that runs an hardened profile with -D_FORTIFY_SOURCE=3 and -D_GLIBCXX_ASSERTIONS (https://www.gentoo.org/support/news-items/2023-01-01-hardening-fortify-assertions.html) but this bug MAY or MAY NOT BE related to the changes related to 

the package likely has _F_S=2 hardcoded internally:
that flag should be stripped so _F_S=3 can take effect from the gcc spec profile without conflict.

Reproducible: Always

Comment 1 genBTC 2023-06-24 19:50:04 UTC

Created attachment 864584 [details]
svt-av1 build.log

 FORTIFY_SOURCE redefined

Comment 2 genBTC 2023-06-24 19:52:32 UTC

additional info: this has been fixed in 1.5.0-r1
warning exists in 1.4.1 and 1.1.0