Bug 2062265

Summary: annocheck FAIL: bind-now test (conntrack-tools)
Product: [Fedora] Fedora Reporter: Phil Sutter <psutter>
Component: conntrack-toolsAssignee: Paul P Komkoff Jr <i>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: bperkins, fberat, fweimer, i, jiji, orion, paul.wouters, psutter, rlemosor, shuali, travier
Target Milestone: ---Keywords: Triaged, Upstream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: conntrack-tools-1.4.6-3.fc37 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2044850 Environment:
Last Closed: 2022-05-11 10:31:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2044387    

Description Phil Sutter 2022-03-09 13:10:42 UTC 
+++ This bug was initially created as a clone of Bug #2044850 +++

--- Additional comment from Phil Sutter on 2022-03-09 13:07:20 UTC ---

Upstream commit to backport:

commit dc454a657f57a5cf143fddc5c1dd87a510c1790a (HEAD -> master, origin/master, origin/HEAD)
Author: Pablo Neira Ayuso <pablo>
Date:   Tue Mar 8 23:05:39 2022 +0100

    nfct: remove lazy binding
    
    Since cd5135377ac4 ("conntrackd: cthelper: Set up userspace helpers when
    daemon starts"), userspace conntrack helpers do not depend on a previous
    invocation of nfct to set up the userspace helpers.
    
    Move helper definitions to nfct-extensions/helper.c since existing
    deployments might still invoke nfct, even if not required anymore.
    
    This patch was motivated by the removal of the lazy binding.
    
    Phil Sutter says:
    
    "For security purposes, distributions might want to pass -Wl,-z,now
    linker flags to all builds, thereby disabling lazy binding globally.
    
    In the past, nfct relied upon lazy binding: It uses the helper objects'
    parsing functions without but doesn't provide all symbols the objects
    use."
    
    Acked-by: Phil Sutter <phil>
    Signed-off-by: Pablo Neira Ayuso <pablo>
Comment 1 Phil Sutter 2022-03-09 14:42:44 UTC 
Created attachment 1864920 [details]
dist-git patch resolving the BZ

Attached patch resolves this BZ, please apply.
Comment 2 Timothée Ravier 2022-04-21 14:12:16 UTC 
Can you make a PR with that change at https://src.fedoraproject.org/rpms/conntrack-tools ?
This is also Red Hat only. Can we make this public?
Thanks
Comment 3 Phil Sutter 2022-04-26 11:17:49 UTC 
Sure: https://src.fedoraproject.org/rpms/conntrack-tools/pull-request/1
Comment 4 Fedora Update System 2022-05-11 10:30:34 UTC 
FEDORA-2022-b782c4067e has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-b782c4067e
Comment 5 Fedora Update System 2022-05-11 10:31:59 UTC 
FEDORA-2022-b782c4067e has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.