RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1901971 - annobin: annocheck complains about missing -Wall or -Wformat-security flag when -flto is used
Summary: annobin: annocheck complains about missing -Wall or -Wformat-security flag wh...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: annobin
Version: 8.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.0
Assignee: Nick Clifton
QA Contact: Martin Cermak
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-11-26 13:54 UTC by Jiri Danek
Modified: 2021-09-17 14:30 UTC (History)
4 users (show)

Fixed In Version: annobin-9.46-1.el8
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-05-18 15:30:25 UTC
Type: Bug
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
test logs (1.62 KB, application/x-xz)
2020-12-04 13:51 UTC, Martin Cermak
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:1792 0 None None None 2021-05-18 15:30:29 UTC

Description Jiri Danek 2020-11-26 13:54:09 UTC
Description of problem:

This is a followup to bug 1743635. I have a RPMDiff failing on annocheck, at https://rpmdiff.engineering.redhat.com/run/474345/7/.

The "-Wall or -Wformat-security" warning there appears errorneous.

It disappears when I disable LTO in the compilation.

Version-Release number of selected component (if applicable):

# rpm -qa annobin binutils gcc glibc redhat-rpm-config
annobin-9.23-1.el8.x86_64
glibc-2.28-127.el8.x86_64
binutils-2.30-79.el8.x86_64
gcc-8.3.1-5.1.el8.x86_64
redhat-rpm-config-123-1.el8.noarch

Additional info:

https://issues.redhat.com/browse/ENTMQCL-2502

[root@5b71cc9c3af3 yum.repos.d]# annocheck --all --verbose /usr/lib64/libqpid-proton-cpp.so.12.7.2 
annocheck: Version 9.23.
Hardened: /usr/lib64/libqpid-proton-cpp.so.12.7.2: info: Set binary producer to gcc version 8.
Hardened: /usr/lib64/libqpid-proton-cpp.so.12.7.2: FAIL: (component: _ZN6proton17messaging_handler18on_container_startERNS_9containerE): Compiled without either -Wall or -Wformat-security.
Hardened: /usr/lib64/libqpid-proton-cpp.so.12.7.2: FAIL: (component: _ZN6proton17messaging_handler21on_sender_drain_startERNS_6senderE): Compiled without either -Wall or -Wformat-security.
Hardened: /usr/lib64/libqpid-proton-cpp.so.12.7.2: FAIL: (component: _ZNSt6vectorIN6proton9container4impl9scheduledESaIS3_EED2Ev): Compiled without either -Wall or -Wformat-security.
Hardened: /usr/lib64/libqpid-proton-cpp.so.12.7.2: WARN: Unable to determine the binary's producer from its DW_AT_producer string.

If this is something that you are interested in fixing soon, I could try to produce a self-contained reproducer. For now, I expect we'll just waive the RPMDiff check.

Comment 1 Nick Clifton 2020-11-26 14:58:28 UTC
Hi Jiri,

  Short version: 
    Known problem. Will be fixed soon. Please waive the result for now.

  Long version:
    This is a known problem.  The issue is that with LTO compilation there are two compilation stages, and the second one ignores all warning options and preprocessor options.  So things like -Wall or -D_FORTIFY_SOUCRE=2 are dropped.  (These options are processed during the first compilation stage, so their effects are not lost).  Since the annobin plugin works during the second stage compilation, it misses the options.

  I have added a workaround to help with this problem to annobin 9.42.  But unfortunately rpmdiff is using annobin 9.41.  (I do have a JIRA tickets open to rebase rpmdiff's annobin to 9.46).

  Note - even if you are using the latest version of annobin, the problem will still appear if you do not provide the debuginfo rpm along with the binary rpm:

    % annocheck qpid-proton-cpp-0.33.0-3.el8.ppc64le.rpm 
    annocheck: Version 9.46.
    Hardened: libqpid-proton-cpp.so.12.7.2: FAIL: Compiled without using either the -Wall or -Wformat-security options.

    % annocheck qpid-proton-cpp-0.33.0-3.el8.ppc64le.rpm --debugrpm qpid-proton-cpp-debuginfo-0.33.0-3.el8.ppc64le.rpm 
    annocheck: Version 9.46.
    Hardened: libqpid-proton-cpp.so.12.7.2: PASS.

  This is because annocheck now also looks at the DW_AT_producer strings in the debuginfo where it is able to find more information about how the binary was compiled.

  I hope that this helps.

  If you are happy with this explanation I can close this BZ now, or leave it open until rpmdiff's machines are updated and another build of libqpid-proton passes without FAILures.  Your choice.

Cheers
  Nick

Comment 2 Jiri Danek 2020-11-26 19:01:39 UTC
I don't need an open bugzilla for my purposes, so feel free to close this if you like.

Thanks for the explanation. I understand the RPMDiff warning is a false warning and we will waive it.

Comment 4 Nick Clifton 2020-11-30 15:32:12 UTC
Fixed in annobin-9.46-1.el8

Comment 5 Martin Cermak 2020-12-04 13:51:35 UTC
Created attachment 1736419 [details]
test logs

Verified with annobin-9.46-1.el8 and qpid-proton-0.33.0-3.el8.

Comment 8 errata-xmlrpc 2021-05-18 15:30:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (annobin bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1792


Note You need to log in before you can comment on or make changes to this bug.