Bug 1808507

Summary: /lib64/libnettle.so.7 isn't CET enabled
Product: [Fedora] Fedora Reporter: H.J. Lu <hongjiu.lu>
Component: nettleAssignee: Anderson Sasaki <ansasaki>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: ansasaki, codonell, crypto-team, dueno, dwmw2, law, nmavrogi, pwouters, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: nettle-3.6-1.fc33 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-15 17:22:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1802674    

Description H.J. Lu 2020-02-28 17:01:52 UTC 
[hjl@gnu-tgl-1 ~]$ readelf -n /lib64/libnettle.so.7 2>&1 | grep IBT
[hjl@gnu-tgl-1 ~]$
Comment 1 H.J. Lu 2020-03-12 16:53:09 UTC 
The CET patch at

https://gitlab.com/cet-software/nettle/-/tree/hjl/cet/master

has been sent to the netttle owner.
Comment 2 Anderson Sasaki 2020-05-15 08:56:44 UTC 
The new version in Fedora Rawhide enables CET support:

# rpm -q nettle
nettle-3.6-1.fc33.x86_64
# readelf -n /lib64/libnettle.so.8 2>&1 | grep IBT
      Properties: x86 feature: IBT, SHSTK

Could you please check if this is sufficient?
Comment 3 H.J. Lu 2020-05-15 13:30:44 UTC 
Since nettle-3.6:

https://git.lysator.liu.se/nettle/nettle/-/commits/nettle_3.6_release_20200429

contains:

https://git.lysator.liu.se/nettle/nettle/-/commit/99118f50b0f6cf695c82f3c2da7b9b5f9d850ef8

which enables CET, /lib64/libnettle.so.8 is good.