Package Details: kalu-kde 4.5.2-2

Git Clone URL: https://aur.archlinux.org/kalu-kde.git (read-only, click to copy)
Package Base: kalu-kde
Description: Upgrade notifier w/ AUR support, watched (AUR) packages, news; supports autohide in KDE Plasma's panel
Upstream URL: https://github.com/Thulinma/kalu
Licenses: GPL3+
Conflicts: kalu
Provides: kalu
Submitter: Rhinoceros
Maintainer: Rhinoceros (Thulinma, jghodd)
Last Packager: Rhinoceros
Votes: 14
Popularity: 0.000004
First Submitted: 2014-12-30 12:30 (UTC)
Last Updated: 2024-09-14 14:24 (UTC)

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 .. 14 Next › Last »

Rhinoceros commented on 2024-03-31 01:35 (UTC)

I can't comment on the authentication issues, as I don't use the updater. Probably better to report it upstream, since it's presumably not a packaging error.

Thanks for the info with CFLAGS. However, in theory I don't really like explicitly listing all the options, because unrelated flags in the users' defaults will potentially be overwritten. Instead, I'm fairly sure I can just add additional flags that will overrule the previous flags. So instead of writing out the whole set of flags and omitting -O2, I could just append to the users' current flags with

CFLAGS+=' -O0'

This is the default -O value, i.e. equivalent to having no flag.

However, I'm not sure how to overrule -Wp,-D_FORTIFY_SOURCE=2, and my Googling turns up nothing. Any ideas?

jghodd commented on 2024-03-30 21:43 (UTC)

I'd still like to know why I have to authenticate every time, despite my username having been added to the kalu group.

jghodd commented on 2024-03-30 21:42 (UTC)

You can leave makepkg.conf alone. Here's the change to PKGBUILD that works:


build() {
  export CFLAGS="-march=x86-64 -mtune=generic -pipe -fno-plt -fexceptions \
        -Wformat -Werror=format-security \
        -fstack-clash-protection -fcf-protection \
        -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"

  cd "${_pkgname}-${pkgver}"
  ./autogen.sh
  ./configure --prefix=/usr --enable-status-notifier
  make
}

The options that are not needed are both "-O2" and "-Wp,-D_FORTIFY_SOURCE=2".

jghodd commented on 2024-03-30 20:56 (UTC)

One other issue is that despite adding my user name to group and gshadow, kalu is now throwing up an authentication window every time i want to do an update. didn't used to do that if your username was in the kalu group.

simona commented on 2024-03-30 20:20 (UTC)

the only consolation is that removing optimizations from makepkg.conf only affects AURs and not all packages. at least I hope so.

jghodd commented on 2024-03-30 20:18 (UTC) (edited on 2024-03-30 20:54 (UTC) by jghodd)

@Thulima + @Rhinoceros - OK. figured it out. optimization needs to be removed from CFLAGS in /etc/makepkg.conf. in other words, edit makepkg.conf, find CFLAGS, and delete "-O2" from it. the obvious issue with this is that we don't really want to permanently remove optimization from makepkg.conf. is there some way to remove that optimization with some setting in PKGBUILD? i'm guessing we can set CFLAGS in the build function, just not sure where would be appropriate...

Edit: btw, -D_FORTIFY_SOURCE=2 throws warnings when -O2 is removed. not sure how to resolve this. also, tried setting CFLAGS in build(), but it didn't take, so i'm guessing we need some other solution to get rid of the -O option from CFLAGS.

jghodd commented on 2024-03-30 18:40 (UTC) (edited on 2024-03-30 19:01 (UTC) by jghodd)

@Thulima - rebuilt and installed 4.5.1 twice and both times got this error:


*** buffer overflow detected ***: terminated
Aborted (core dumped)

And I'm still seeing the same build warning.

Edit: just adding that it's crashing in basically the same place. It does appear to be getting a hair further in that it's now also reporting a cyclical dependency right after Checking inter-conflict - but it crashes right at that point with the buffer overflow.

Edit2: I ran gdb against kalu and got this backtrace:


[Thread 0x7fffeb4006c0 (LWP 227211) exited]
*** buffer overflow detected ***: terminated

Thread 1 "kalu" received signal SIGABRT, Aborted.
0x00007ffff6b3f32c in ?? () from /usr/lib/libc.so.6
(gdb) where
#0  0x00007ffff6b3f32c in ??? () at /usr/lib/libc.so.6
#1  0x00007ffff6aee6c8 in raise () at /usr/lib/libc.so.6
#2  0x00007ffff6ad64b8 in abort () at /usr/lib/libc.so.6
#3  0x00007ffff6ad7395 in ??? () at /usr/lib/libc.so.6
#4  0x00007ffff6bc673b in __fortify_fail () at /usr/lib/libc.so.6
#5  0x00007ffff6bc60e6 in __chk_fail () at /usr/lib/libc.so.6
#6  0x00007ffff6bc7945 in __snprintf_chk () at /usr/lib/libc.so.6
#7  0x0000555555584da5 in snprintf (__fmt=<optimized out>, __n=255, __s=0x7fffffffbbd0 "\260\020\226UUU", __s=<optimized out>, __n=<optimized out>, __fmt=<optimized out>)
    at /usr/include/bits/stdio2.h:54
#8  snprint_size (unit=<optimized out>, size=<optimized out>, buflen=255, buf=0x7fffffffbbd0 "\260\020\226UUU") at src/kalu/util.c:410
#9  updater_get_packages_cb (kupdater=<optimized out>, errmsg=<optimized out>, pkgs=<optimized out>, data=<optimized out>) at src/kalu/updater.c:2123
#10 0x000055555557bb32 in kalu_updater_g_signal (proxy=0x5555558da170, sender_name=<optimized out>, signal_name=<optimized out>, parameters=<optimized out>) at src/kalu/kalu-updater.c:494
#11 0x00007ffff72ea730 in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#12 0x00007ffff7319f4a in ??? () at /usr/lib/libgobject-2.0.so.0
#13 0x00007ffff730a7a2 in ??? () at /usr/lib/libgobject-2.0.so.0
#14 0x00007ffff730a9d7 in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#15 0x00007ffff730aa94 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#16 0x00007ffff75400d6 in ??? () at /usr/lib/libgio-2.0.so.0
#17 0x00007ffff752af08 in ??? () at /usr/lib/libgio-2.0.so.0
#18 0x00007ffff6dda199 in ??? () at /usr/lib/libglib-2.0.so.0
#19 0x00007ffff6e393bf in ??? () at /usr/lib/libglib-2.0.so.0
#20 0x00007ffff6ddadc7 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#21 0x00007ffff77ed2bf in gtk_main () at /usr/lib/libgtk-3.so.0
#22 0x000055555555fbd5 in main (argc=<optimized out>, argv=<optimized out>) at src/kalu/main.c:1703
(gdb)

Hope this helps. Do note that there appears to be a lot that's being "optimized out".

Rhinoceros commented on 2024-03-30 02:38 (UTC)

Thanks for the quick fix @Thulinma, and that sounds great looking forward!

The package has been updated.

Thulinma commented on 2024-03-30 01:50 (UTC)

Took me a while to get around to this, but I just pushed version 4.5.1 live that should resolve the buffer overflow issue (and also fixes a bunch of other compile warnings).

On a related note: It looks like the original maintainer of Kalu is alive again! I exchanged a few emails with him and it looks like he prefers I keep maintaining it for now as he hasn't touched it for years. So... I might actually put some time in to properly clean it up and modernize it (it's using a bunch of deprecated function calls still...) as well as getting more familiar with the source code so I can hopefully do more than just keeping it functional. 🤞

jghodd commented on 2024-03-29 22:05 (UTC) (edited on 2024-03-29 22:19 (UTC) by jghodd)

@Rhinoceros - tried your suggestion, same result: buffer overflow

I'm seeing this in the build:


In function 'snprintf',
    inlined from 'snprint_size' at src/kalu/util.c:410:5,
    inlined from 'updater_get_packages_cb' at src/kalu/updater.c:2062:9:
/usr/include/bits/stdio2.h:54:10: warning: '__builtin___snprintf_chk' specified bound 255 exceeds destination size 23 [-Wstringop-overflow=]
   54 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
      |          ^

This seems to correspond with when it's crashing. And I'm not the only person reporting a buffer overflow - see @JansuX2 below.

Edit: interestingly, despite the use of snprintf throughout the code, this is the only place a build warning is thrown for it (yes, I understand that snprint_size is used everywhere too). Does this help pinpoint the issue?

« First ‹ Previous 1 2 3 4 5 6 7 .. 14 Next › Last »