Bug 1999006

Summary: rpmdiff's reports hardening issues - bind-now, BuiltBy, GNU_RELRO lost for several llvm binaries
Product: Red Hat Enterprise Linux 8 Reporter: Miloš Prchlík <mprchlik>
Component: llvm-toolsetAssignee: serge_sans_paille <sguelton>
Status: CLOSED ERRATA QA Contact: Miloš Prchlík <mprchlik>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.5CC: lmiksik, mcermak, mnewsome, mprchlik, sguelton, tstellar
Target Milestone: rcKeywords: Bugfix, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: llvm-toolset:rhel8:8050020210903165835:b4937e53 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2001480 (view as bug list) Environment:
Last Closed: 2021-11-09 18:34:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2001480    

Comment 1 serge_sans_paille 2021-08-30 14:16:32 UTC 
I've tracked that down to %cmake macro not expanding to the correct %set_build_flags expansion, which is odd. I can patch the cmake package to fix that behavior, but this implies a rebuild of cmake on rhel 8.5, plus a rebuild of all LLVM-related packages. An alternative is to explicitly call that macro on LLVM-related package, which prevents the cmake package rebuild.
Comment 4 serge_sans_paille 2021-09-02 15:55:11 UTC 
> In either case, are the issues worth seeking exception+ ? Or are the issues not that serious as they may look, safe enough to waive the current build, and defer the fix to the next release?

I think it's worth seeking exception+, it's affecting the link step of all libraries / binaries built from that srpm. I can start the build as soon as release+ is granted
Comment 14 Miloš Prchlík 2021-09-09 12:02:23 UTC 
Verified with llvm-toolset:rhel8:8050020210903165835:b4937e53, based on clear Execshield rpmdiff result.
Comment 17 errata-xmlrpc 2021-11-09 18:34:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (llvm-toolset:rhel8 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2021:4233
Comment 18 Red Hat Bugzilla 2023-09-15 01:14:22 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days