Previously, the glibc check section caused major failures for the builds. However, these no longer exisit. To enable these tests, address conflicting gcc flags and turn off the macro which prevents check section for glibc. Note there are still 3 tests which need to be invetigated for failures.
The patch prevents the error
c1: error: '-Wformat-security' ignored without '-Wformat' [-Werror=format-security]
The error occurs when glibc is compiled with -Wformat-security which requires -Wformat and thus conflicts with tests which use -Wno-format
The new results from the check section should be
Summary of test results:
3 FAIL : nptl/tst-cancel1, io/tst-lchmod, nptl/tst-mutex10
5040 PASS
152 UNSUPPORTED
12 XFAIL
8 XPASS
Issue was observed where syslog printouts were no longer being printed
with the latest glibc package.
Error signature was a blank entry in /var/log/messages output. For
example, when running glibc's basic syslog example -
http://www.gnu.org/software/libc/manual/html_node/Syslog-Example.html
2024-08-20T04:46:41.163860+00:00 chrco-dev-vm-3 exampleprog[1545]:
2024-08-20T04:46:41.163698+00:00 chrco-dev-vm-3 exampleprog[1545]:
when we would expect the text "A tree falls in a forest".
The behavior was caused by an incorrect set of backports for
the syslog CVEs CVE-2023-6246, CVE-2023-6779, CVE-2023-6780.
This change fixes the backport and pulls the individual fixes from the
upstream 2.38 stable release branch.
https://sourceware.org/git/?p=glibc.git;a=log;h=refs/heads/release/2.38/master
Signed-off-by: Chris Co <chrco@microsoft.com>
Enabling frame pointers during compilation brings benefits to performance profiling and tracing. See https://www.brendangregg.com/blog/2024-03-17/the-return-of-the-frame-pointers.html for more details.
This change in particular adds a macro to add the -fno-omit-frame-pointer flag to CFLAGS when defining %define _include_frame_pointers 1 in the spec file. This way the packager can control enabling whether to build with frame pointers enabled or not. By default, building with frame pointers is disabled.
This change also enables frame pointers by default in our glibc build, which is one of the hot-spots where fast profiling with frame pointers would be beneficial.
Signed-off-by: Chris Co <chrco@microsoft.com>
* Bump package version to recompile binaries with fixed gcc stack protection (CVE-2023-4039)
* Bump debuginfo versions in toolchain manifests
* Bump kernel headers to match kernel
* Update SPECS/gettext/gettext.spec
Taking suggestion
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
* Update for code review comments
* Fix for code review comment in qt5-qtdeclarative changelog
* Fix dash version for signed spec files
---------
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
* Make `glibc-static` a real package and police its version
* Add version bounds to all mentions of `glibc-static` in spec files
* Bump releases for all affected packages
* Add pipeline job to check static glibc versions
* Release new glibc packages with split out glibc-static
* Include distribution in requirement bounds
* Don't implicitly install glibc-static in pkggen chroot
* Correctly split up the static libraries between devel/static
* Consistent use of f-strings
* Allow libacvp to build without depending on `glibc-static`
* Remove `libhugetlbfs-tests` package
* Update kernel configs to not support static linking
* Declare `glibc-static` dependency for flannel
* Enable `-pie` by default in `clang`
* Rebuild SymCrypt with `-pie` enabled `clang`
* Use `glibc-static` on all platforms for `busybox`
* Tidy up libacvp Source lines
* Clang can't default to `-pie` so move `crt1.o` to `glibc-devel`
* Fix libacvp Source0 syntax
* Don't build static binaries in libhugetlbfs-tests
* Update kernel config signatures
* Kubevirt needs glibc-static too
Rachel Menge
Christopher Co
nicolas guibourge
Mykhailo Bykhovtsev
chalamalasetty
Dan Streetman
CBL-Mariner-Bot
Muhammad Falak R Wani
Andrew Phelps
Minghe Ren
Mandeep Plaha
jslobodzian
Pawel Winogrodzki
Andy Caldwell
Olivia Crain