We received guidance that all programs installed by glibc should be linked with BIND_NOW and should be PIE. memusagestat will only be fixed by the general program changes for --enable-bind-now if this patch is backported as well: commit f9b645b4b0a10c43753296ce3fa40053fa44606a Author: Mike Frysinger <vapier> Date: Wed Apr 24 13:32:22 2019 +0200 memusagestat: use local glibc when linking [BZ #18465] The memusagestat is the only binary that has its own link line which causes it to be linked against the existing installed C library. It has been this way since it was originally committed in 1999, but I don't see any reason as to why. Since we want all the programs we build locally to be against the new copy of glibc, change the build to be like all other programs.
I posted upstream patches for review which should address this: Extend BIND_NOW to installed programs with --enable-bind-now https://sourceware.org/ml/libc-alpha/2019-04/msg00528.html benchtests: Enable BIND_NOW if configured with --enable-bind-now https://sourceware.org/ml/libc-alpha/2019-04/msg00525.html This bug is now blocked on upstream acceptance. I don't think we should carry downstream-specific patches for this, based on the guidance on downstream security changes.
(In reply to Florian Weimer from comment #0) > commit f9b645b4b0a10c43753296ce3fa40053fa44606a > Author: Mike Frysinger <vapier> > Date: Wed Apr 24 13:32:22 2019 +0200 > > memusagestat: use local glibc when linking [BZ #18465] > > The memusagestat is the only binary that has its own link line which > causes it to be linked against the existing installed C library. It > has been this way since it was originally committed in 1999, but I > don't see any reason as to why. Since we want all the programs we > build locally to be against the new copy of glibc, change the build > to be like all other programs. This patch needs more upstream work to correct the usage of -Wl,-rpath-link: Makeconfig: Move $(CC) to +link command variables https://sourceware.org/ml/libc-alpha/2019-04/msg00548.html Makeconfig: Move -Wl,-rpath-link options before library references https://sourceware.org/ml/libc-alpha/2019-04/msg00549.html
glibc-2.29-12.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-f82f6f0c87
glibc-2.28-30.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-73917d2c1c
glibc-2.29-12.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-f82f6f0c87
glibc-2.28-30.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-73917d2c1c
glibc-2.29-12.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
glibc-2.28-30.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.