Description of problem: Latest tbb build is stuck in gating: https://bodhi.fedoraproject.org/updates/FEDORA-2023-4acfa3bbcc While the reason is the tier0 test, there are other failures worth considering. One of them is fedora-ci.koji-build.rpminspect.static-analysis More specifically, annocheck reports: Hardened: /usr/lib/libtbb.so.2: FAIL: fortify test because -D_FORTIFY_SOURCE=[2|3] was not present on the command line (function: _ZN3tbb4task7destroyERS0_). Hardened: /usr/lib/libtbbmalloc.so.2: FAIL: fortify test because -D_FORTIFY_SOURCE=[2|3] was not present on the command line (function: scalable_allocation_command). Hardened: /usr/lib/python3.11/site-packages/tbb/_api.cpython-311-i386-linux-gnu.so: FAIL: fortify test because -D_FORTIFY_SOURCE=[2|3] was not present on the command line (function: PyInit__api). Another way to reproduce the problem is downloading and checking the build's RPMs: koji download-build --arch={x86_64,i686,noarch} tbb-2020.3-16.fc39 annocheck --ignore-unknown --profile=rawhide *.rpm Version-Release number of selected component (if applicable): tbb-2020.3-16.fc39
tbb.spec has: # Insert --as-needed before the libraries to be linked. sed -i "s/-fPIC/& -Wl,--as-needed/" build/linux.gcc.inc This should probably be adding all the RPM_OPT_FLAGS not just this tweak. It probably also makes sense to backport https://github.com/oneapi-src/oneTBB/pull/1017 and stop sed'ing the python files in the spec's %prep.
Just adding some context. The predecessor to tbb-2020.3-16.fc39 in Rawhide was tbb-2020.3-15.fc38. I'm using annobin-annocheck-11.11-1.fc39.x86_64. While annocheck --ignore-unknown --profile=rawhide *.rpm passes on the RPMs of tbb-2020.3-15.fc38, it fails on tbb-2020.3-16.fc39. From the rpminspect's POV, it looks like a regression. If it's a genuine false positive then we can try to find a way of making an exception the rpminspect's configuration.
Nothing changed in the sources or the build system between -15.fc38 and -16.fc39 so I'm unsure how it can have regressed. scalable_allocation_command is defined in this translation unit: g++ -c -MMD -O2 -g -DDO_ITT_NOTIFY -DUSE_PTHREAD -pthread -m64 -mrtm -Wall -Wextra -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -DUSE_PTHREAD -DTBB_SUPPRESS_DEPRECATED_MESSAGES=1 -fno-rtti -fno-exceptions -fno-strict-aliasing -D__TBBMALLOC_BUILD=1 -Wno-parentheses -Wno-sized-deallocation -fPIC -Wl,--as-needed -flifetime-dse=1 -I../../src -I../../src/rml/include -I../../include -I../../src/tbbmalloc -I../../src/tbbmalloc -I. ../../src/tbbmalloc/frontend.cpp tbb::task::destroy is defined in this translation unit: g++ -o task_v2.o -c -MMD -O2 -g -DDO_ITT_NOTIFY -DUSE_PTHREAD -pthread -m64 -mrtm -fPIC -Wl,--as-needed -flifetime-dse=1 -D__TBB_BUILD=1 -Wall -Wextra -Wno-parentheses -Wno-sized-deallocation -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -DUSE_PTHREAD -DTBB_SUPPRESS_DEPRECATED_MESSAGES=1 -std=c++14 -I../../src -I../../src/rml/include -I../../include ../../src/old/task_v2.cpp They're both built with _FORTIFY_SOURCE=3
That output is taken from https://kojipkgs.fedoraproject.org//packages/tbb/2020.3/16.fc39/data/logs/x86_64/build.log
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle. Changing version to 39.