Re: F36 Change: GNU Toolchain Update (gcc 12, glibc 2.35) (late System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

On Wednesday, January 5, 2022 5:05:26 PM EST Ben Cotton wrote:
> https://fedoraproject.org/wiki/Changes/GNUToolchainF36
> 
> == Summary ==
> Update the Fedora 36 GNU Toolchain to gcc 12 and glibc 2.35.
> 
> The gcc 12 is currently under development and will be included in
> Fedora 36 upon release. The glibc 2.35 change will be tracked in this
> top-level GNU Toolchain system-wide update.

Reading through the GCC 12 changes, there is a significant new feature to GCC 
that would appear to be useful for security. There is a new:

-ftrivial-auto-var-init=zero

flag that initializes all stack variables to zero. Zero being a nice safe 
value that makes programs crash instead of being exploitable.

Are there plans to enable this flag so that all applications, but more 
importantly the kernel, are hardened against uninitialized stack variables? 
This is one of the major classes of security bugs that could potentially be 
eliminated during this mass rebuild.

Cheers,
-Steve


> == Owner ==
> * Name: [[User:submachine| Arjun Shankar]]
> * Email: arjun@xxxxxxxxxx
> 
> 
> == Detailed Description ==
> The GNU Compiler Collection, GNU C Library, GNU Debugger, and GNU
> Binary Utilities make up the core part of the GNU Toolchain and it is
> useful for our users to transition these components as a complete
> implementation when making a new release of Fedora.
> 
> The GNU Compiler Collection is expected to release version 12 in Q2,
> before the Fedora 36 release. It will contain many new features,
> documented here: https://gcc.gnu.org/gcc-12/changes.html. The latest
> point release for gcc 12 will be included in Fedora 36, this will most
> probably be 12.1.
> 
> The GNU C Library version 2.35 is expected to be released in the
> beginning of February 2022; we have started closely tracking the glibc
> 2.35 development code in Fedora Rawhide and are addressing any issues
> as they arise. Given the present schedule Fedora 36 will branch after
> the release of glibc 2.35. However, the mass rebuild schedule means
> Fedora 36 will mass rebuild (if required) before the final release of
> glibc 2.35, but after the ABI is frozen.
> 
> The GNU Binutils version 2.37 and GNU Debugger version 11.1 currently
> included in Fedora 35 will continue to be included in Fedora 36. There
> will be a GNU Binutils version 2.38 released at the end of January,
> but the inclusion will be scheduled for Fedora 37.
> 
> == Benefit to Fedora ==
> Stays up to date with latest features, improvements, security and bug
> fixes from gcc, glibc, binutils, and gdb upstream.
> 
> The goal is to track and transition to the latest components of the
> GNU Toolchain.
> 
> 
> == Scope ==
> * Proposal owners: Fedora Toolchain Team (gcc, glibc, binutils, gdb,
> ...) developers need to ensure that gcc, glibc, binutils, and gdb in
> rawhide are stable and ready for the Fedora 36 branch.
> * Other developers: Given that glibc is backwards compatible and we
> have been testing the new glibc in rawhide it should make very little
> impact when updated, except for the occasional deprecation warnings
> and removal of legacy interfaces from public header files.  An update
> to GCC 12.1 would mean a new major release and could have broad scope
> for change.
> 
> * Release engineering: A mass rebuild is strongly encouraged;
> [https://pagure.io/releng/issue/10515]
> 
> * Policies and guidelines: N/A (not needed for this Change)
> * Trademark approval: N/A (not needed for this Change)
> * Alignment with Objectives: N/A
> 
> 
> == Upgrade/compatibility impact ==
> The compiler, the static linker and the the library are backwards
> compatible with the previous version of Fedora.
> 
> The upgrade to glibc-2.35 coincides with the
> [[Changes/RemoveNSCD|removal of nscd]].
> 
> Some source changes may be required for gcc 12 rebase:
> https://gcc.gnu.org/gcc-12/changes.html
> 
> 
> 
> == How To Test ==
> The GNU Compiler Collection has its own testsuite which is run during
> the package build and examined by the gcc developers before being
> uploaded.
> 
> The GNU C Library has its own testsuite, which is run during the
> package build and examined by the glibc developers before being
> uploaded. This test suite has over 6200 tests that run to verify the
> correct operation of the library. In the future we may also run the
> microbenchmark to look for performance regressions.
> 
> 
> == User Experience ==
> Users will see improved performance, many bugfixes and improvements to
> POSIX compliance, Unicode 14 support, C.UTF-8 locale support, improved
> experimental support for C++20 and C++23, new compiler warnings and
> improvements to existing ones, and more.
> 
> 
> == Dependencies ==
> <!-- What other packages (RPMs) depend on this package?  Are there
> changes outside the developers' control on which completion of this
> change depends?  In other words, completion of another change owned by
> someone else and might cause you to not be able to finish on time or
> that you would need to coordinate?  Other upstream projects like the
> kernel (if this is not a kernel change)? -->
> All packages do not need to be rebuilt due to backwards compatibility.
> However, it is advantageous if a mass rebuild is performed during the
> Fedora 36 cycle. The mass rebuild would ensure all packages can be
> built with the newer compiler and core runtime.
> 
> 
> == Contingency Plan ==
> * Contingency mechanism glibc: If glibc 2.35 proves too disruptive to
> compiling the distribution we could revert to 2.34, but given that
> Rawhide has started tracking glibc 2.35, no show-stopper problems are
> expected.  At this point, we can still revert to upstream version 2.34
> if insurmountable problems appear, but to do so may require a mass
> rebuild to remove new symbols from the ABI/API.
> * Contingency mechanism for gcc: If gcc 12 proves too disruptive to
> compiling the distribution we could revert to gcc 11.
> * Contingency deadline: Fedora mass rebuild on 2022-01-19.
> * Blocks release? Yes, upgrading to the gcc 12 release blocks the
> release. Yes, upgrading to glibc 2.35 does block the release.
> 
> 
> == Documentation ==
> The gcc manual contains the documentation for the release and doesn't
> need any more additional work.
> 
> The glibc manual contains the documentation for the release and
> doesn't need any more additional work.
> 
> 
> 
> == Release Notes ==
> The GNU Compiler Collection version 12 is soon to be released. See
> https://gcc.gnu.org/gcc-12/changes.html.
> 
> The GNU C Library version 2.35 will be released at the beginning of
> August 2021. The current NEWS notes can be seen here as they are
> added: https://sourceware.org/git/?p=glibc.git;a=blob;f=NEWS;hb=HEAD
> 
> 
> -- 
> Ben Cotton
> He / Him / His
> Fedora Program Manager
> Red Hat
> TZ=America/Indiana/Indianapolis
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List
> Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List
> Archives:
> https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxx
> g Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure



_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux