Hi!
On Mon, 23 Sep 2024, I wrote:
So from my perspective there is some problem with the compile options or hardening in Ubuntu 24.04, which breaks the xymon package, while 4.3.30-1build3 used a different build system (Ubuntu 23.10), which wasn't that strict and didn't run into issues.
Maybe I should compare compiler options between Ubuntu 24.04 and Debian 12 (and/or Debian unstable) and try to reproduce the issue on Debian. Or I should try to find out, where the "buffer overflow detected" messages come from and fix the root cause. But that's a job for another day...
Today I dug a bit deeper and found out that the relevant difference between Debian unstable and Ubuntu 24.04 is, that Ubuntu uses -D_FORTIFY_SOURCE=3 since 24.04, while Debian still uses -D_FORTIFY_SOURCE=2.
dpkg-dpkg-buildflags --get CPPFLAGS shows this difference: Debian unstable: -Wdate-time -D_FORTIFY_SOURCE=2 Ubuntu 24.04: -Wdate-time -D_FORTIFY_SOURCE=3
To change this behavior just set environment variable DEB_CPPFLAGS_MAINT_SET="-Wdate-time -D_FORTIFY_SOURCE=2" on Ubuntu or DEB_CPPFLAGS_MAINT_SET="-Wdate-time -D_FORTIFY_SOURCE=3" on Debian
This doesn't fix the issue bug shows the problem trigger: FORTIFY_SOURCE=3 implements better fortification and more security regarding to buffer overflows, but there seem to be some bugs in xymon sources, that trigger these checks and stop some modules working.
Next step would be digging deeper and finding the root causes of these buffer overflows and to fix them, maybe some upstream xymon developer, since my C skills are quite limited :-(
Greetings Roland