See https://bodhi.fedoraproject.org/updates/FEDORA-2022-d99f313ddd Which reports the following failure: Hardened: /usr/bin/eu-addr2line: FAIL: property-note test because .note.gnu.property section not found (it is needed for branch protection support) And likewise for every aarch64 binary (but not for any other architecture). But fetching the build: https://kojipkgs.fedoraproject.org//packages/elfutils/0.186/3.fc37/aarch64/elfutils-0.186-3.fc37.aarch64.rpm And looking at the binaries (rpm2cpio elfutils-0.186-3.fc37.aarch64.rpm | cpio -iduv) shows there is a .note.gnu.property section (readelf -SnW): [ 2] .note.gnu.property NOTE 00000000000002c8 0002c8 000020 00 A 0 0 8 Displaying notes found in: .note.gnu.property Owner Data size Description GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0 Properties: AArch64 feature: BTI, PAC
Hi Mark, *sigh* Yes - this is a snafu in annocheck. I am testing a fix now. Feel free to waive the result. Cheers Nick PS. I assume that the fact that instrumentation is enabled in the binaries is deliberate ?
Fixed in annobin-10.59-1.fc37
Hi Nick, (In reply to Nick Clifton from comment #1) > *sigh* Yes - this is a snafu in annocheck. I am testing a fix now. > > Feel free to waive the result. Thanks. > PS. I assume that the fact that instrumentation is enabled in the binaries > is deliberate ? I hadn't noticed before. I assume you mean these warnings: Hardened: /usr/bin/eu-elfcompress: WARN: (component: main): Instrumentation enabled - this is probably a mistake for production binaries. Hardened: /usr/bin/eu-elfcompress: info: (component: main): Details: -fsanitize=...: disabled. Hardened: /usr/bin/eu-elfcompress: info: (component: main): Details: -finstrument-functions: enabled. Hardened: /usr/bin/eu-elfcompress: info: (component: main): Details: -p and/or -pg: enabled. Hardened: /usr/bin/eu-elfcompress: info: (component: main): Details: -fprofile-arcs: enabled. I hadn't noticed before. It only occurs for i686 binaries. But I don't see any of those flags in the i686 build logs: https://kojipkgs.fedoraproject.org//packages/elfutils/0.186/3.fc37/data/logs/i686/build.log So I am assuming those are false positives?
(In reply to Mark Wielaard from comment #3) Hi Mark, > > PS. I assume that the fact that instrumentation is enabled in the binaries > > is deliberate ? > > I hadn't noticed before. I assume you mean these warnings: > > Hardened: /usr/bin/eu-elfcompress: WARN: (component: main): Instrumentation > enabled - this is probably a mistake for production binaries. > Hardened: /usr/bin/eu-elfcompress: info: (component: main): Details: > -fsanitize=...: disabled. > Hardened: /usr/bin/eu-elfcompress: info: (component: main): Details: > -finstrument-functions: enabled. > Hardened: /usr/bin/eu-elfcompress: info: (component: main): Details: -p > and/or -pg: enabled. > Hardened: /usr/bin/eu-elfcompress: info: (component: main): Details: > -fprofile-arcs: enabled. Yup... > I hadn't noticed before. It only occurs for i686 binaries. And x86_64. (Maybe other arches too - I have not checked). > But I don't see any of those flags in the i686 build logs: > https://kojipkgs.fedoraproject.org//packages/elfutils/0.186/3.fc37/data/logs/ > i686/build.log > > So I am assuming those are false positives? Yes. It looks like another gcc/annobin sync thing. Although the plugin and compiler do agree on the version of gcc that is being used. Hmmm. I will look into it in my copious free time. (tm). Cheers Nick
FEDORA-2022-b745df25e3 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-b745df25e3
FEDORA-2022-67b135183f has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-67b135183f
FEDORA-2022-b745df25e3 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-b745df25e3` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-b745df25e3 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-67b135183f has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-67b135183f` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-67b135183f See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-c43760a865 has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-c43760a865` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-c43760a865 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-2e4ff85f73 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-2e4ff85f73` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e4ff85f73 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-c43760a865 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-54bb9337da has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-54bb9337da` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-54bb9337da See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-54bb9337da has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.