|
On 5/8/23 15:50, Aoife Moloney wrote:
https://fedoraproject.org/wiki/Changes/LIBFFI34_static_trampolines This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee. == Summary == Libffi is currently configured to use dynamic trampolines, which require some source of memory which is both writable and executable. This is an obvious security issue, and selinux and system defaults have made it more and more difficult to safely provide this memory to libffi clients. With this change, libffi will be configured to use static trampolines, which do not require such memory, and will not pose those security and administrative risks. == Owner == * Name: [[User:djdelorie| DJ Delorie]] * Email: dj@xxxxxxxxxx == Detailed Description == The change itself is simple - libffi will no longer be configured with --disable-exec-static-tramp, which changes how closures are generated. Closures, and libffi, are used in many interpreted languages. There are about 145 packages that depend, directly or indirectly, on libffi. I ran the Mass Prebuilder. Of those 145, 10 already FTBFS, and 1 saw a new failure. The Mass PreBuilder has indicated that cjs (_javascript_ Bindings for Cinnamon) will fail to build with static trampolines. We debugged this a bit and noted that cjs's upstream seems to be behind the gjs upstream (the gjs package builds OK) it tracks, and is missing at least two closure-related changes (although simply adding those two changes proved nontrivial). Are the libffi/rebuilt packages available anywhere for us to
experiment with? We have a reasonably reliable reproducer in Ruby [0] (also
included in commit message [1]), but it is not executed as part of
test suite, Moreover, rebuild with current Ruby specfiles won't tell you much
as we commented out the tests [2] Jarek Prokop [0] https://bugzilla.redhat.com/show_bug.cgi?id=2040380#c5 [1] https://src.fedoraproject.org/rpms/ruby/c/c2026da1750e6d0cc70c7370a0840628bbbfa965?branch=9e39fd242a58a5ab286d5da0d54130a669c8a9ec [2] https://src.fedoraproject.org/rpms/ruby/blob/9e39fd242a58a5ab286d5da0d54130a669c8a9ec/f/ruby.spec#_998 |
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
