This bug was initially created as a copy of Bug #2350935 When compiling Python with the --with-dtrace configure flag during RPM build on aarch64 with the -mbranch-protection=standard flag, for applying the Branch Target Identification(BTI) protections, the resulting object file (pydtrace.o) doesn't contain the protections and the associated elf note, resulting in the final shared library missing the note. Using python3.11, as later versions contain assembly sources that interfere with the results. Everything looks good when compiling on a non-rpmbuild environment: ./configure --with-dtrace && make -j $ readelf -n libpython3.11.so.1.0 Properties: AArch64 feature: BTI, PAC, GCS $ objdump -d Python/pydtrace.o 0000000000000000 <__dtrace>: 0: d503245f bti c 4: d503201f nop 8: d65f03c0 ret However when building Python as an RPM the aarch64 protection flags are not there for libpython or pydtrace.o $ objdump -d Python/pydtrace.o 0000000000000000 <__dtrace>: 0: d503201f nop 4: d65f03c0 ret I wasn't able to replicate the results by simulating the rpm build on the upstream sources, aka using all our configure options and CFLAGS. The commands from the Makefile that initiate this: /usr/bin/dtrace -o Include/pydtrace_probes.h -h -s /builddir/build/BUILD/python3.11-3.11.11-build/Python-3.11.11/Include/pydtrace.d sed 's/PYTHON_/PyDTrace_/' Include/pydtrace_probes.h > Include/pydtrace_probes.h.tmp mv Include/pydtrace_probes.h.tmp Include/pydtrace_probes.h /usr/bin/dtrace -o Python/pydtrace.o -G -s /builddir/build/BUILD/python3.11-3.11.11-build/Python-3.11.11/Include/pydtrace.d Python/ceval.o Python/import.o Python/sysmodule.o Modules/gcmodule.o At the same time the equivalent protection for x86_64 get applied properly for both rpm and non-rpm builds. Filing for systemtap for now if folks have any insight on that. Reproducible: Always
PRs: https://src.fedoraproject.org/rpms/python3.6/pull-request/130 https://src.fedoraproject.org/rpms/python3.6/pull-request/131 https://src.fedoraproject.org/rpms/python3.6/pull-request/132 https://src.fedoraproject.org/rpms/python3.6/pull-request/133
FEDORA-2025-72d5f5db52 (python3.6-3.6.15-44.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2025-72d5f5db52
FEDORA-2025-72d5f5db52 (python3.6-3.6.15-44.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-ac3242de8d (python3.6-3.6.15-44.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-ac3242de8d
FEDORA-2025-31880f69c8 (python3.6-3.6.15-44.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2025-31880f69c8
FEDORA-2025-d4c74d9bd5 (python3.6-3.6.15-44.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2025-d4c74d9bd5
FEDORA-2025-d4c74d9bd5 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-d4c74d9bd5` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-d4c74d9bd5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-ac3242de8d has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-ac3242de8d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-ac3242de8d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-31880f69c8 has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-31880f69c8` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-31880f69c8 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-d4c74d9bd5 (python3.6-3.6.15-44.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.
We need to rebuild this again with the new redhat-rpm-config. Also, we plan to skip test_ftplib to avoid the flakiness.
FEDORA-2025-ac3242de8d (python3.6-3.6.15-44.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-31880f69c8 (python3.6-3.6.15-44.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.