+++ This bug was initially created as a clone of Bug #2044850 +++ --- Additional comment from Phil Sutter on 2022-03-09 13:07:20 UTC --- Upstream commit to backport: commit dc454a657f57a5cf143fddc5c1dd87a510c1790a (HEAD -> master, origin/master, origin/HEAD) Author: Pablo Neira Ayuso <pablo> Date: Tue Mar 8 23:05:39 2022 +0100 nfct: remove lazy binding Since cd5135377ac4 ("conntrackd: cthelper: Set up userspace helpers when daemon starts"), userspace conntrack helpers do not depend on a previous invocation of nfct to set up the userspace helpers. Move helper definitions to nfct-extensions/helper.c since existing deployments might still invoke nfct, even if not required anymore. This patch was motivated by the removal of the lazy binding. Phil Sutter says: "For security purposes, distributions might want to pass -Wl,-z,now linker flags to all builds, thereby disabling lazy binding globally. In the past, nfct relied upon lazy binding: It uses the helper objects' parsing functions without but doesn't provide all symbols the objects use." Acked-by: Phil Sutter <phil> Signed-off-by: Pablo Neira Ayuso <pablo>
Created attachment 1864920 [details] dist-git patch resolving the BZ Attached patch resolves this BZ, please apply.
Can you make a PR with that change at https://src.fedoraproject.org/rpms/conntrack-tools ? This is also Red Hat only. Can we make this public? Thanks
Sure: https://src.fedoraproject.org/rpms/conntrack-tools/pull-request/1
FEDORA-2022-b782c4067e has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-b782c4067e
FEDORA-2022-b782c4067e has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.