@adamwill The correct build is glibc-2.40-13.fc41 and contains the fix for CVE-2024-12455, so I think that the mistake is that we attached an old build.

@codonell, you still have a few hours to correct that before the next compose.

Ugh, looks like I submitted an older build by mistake without checking NVR. Not sure what happened to the -13 build.

@adamwill @bojan Thanks, Florian and I discussed. I've got the baton to get this sorted shortly and update the errata.

Build is complete and I verified the testing results: https://koji.fedoraproject.org/koji/taskinfo?taskID=126767216 So we have a glibc-2.40-13.fc41 ready, but the update is currently locked so I can't change it.

You can just submit it as a new update, it should obsolete this one.

FWIW I DLed glibc-2.40-13.fc41 off koji and the system is working fine after a reboot.

I edited in the correct build.

Works great! LGTM! =)

Works here.

works for me

works for me

I filed the rpminspect crash as:

• Segmentation fault during analysis of glibc-2.40-14.fc41

Still works here. Admittedly, x86_64 across the board (i.e. no PPC64).

I re-reported the rpminspect segfault here: https://gitlab.com/testing-farm/general/-/issues/94

I'm going to waive the failure, hoping that it's unrelated to the present builds.

Note this little sequence of events:

This update's test gating status has been changed to 'passed'.
5 days ago
This update has been pushed to testing.
4 days ago

This update's test gating status has been changed to 'failed'.
4 days ago

indicates that glibc has a per-package gating policy with different requirements for testing vs. stable. Unfortunately, Bodhi internally doesn't handle this very well. It mostly only considers an update to have a single "gating status" at a time. The status was shown as 'passed' while the update was pending push to testing (as the requirements for testing push were met), then flipped to 'failed' as soon as it reached testing (as the requirements for push to stable were not met).

It should really track the gating statuses for push-to-testing and push-to-stable separately, and display them more clearly, and enforce them correctly. I think right now this situation creates a 'loophole' where you could actually have successfully pushed the update stable before it made it to testing). Also, I'm not sure the push-to-testing policy is ever actually applied.

https://github.com/fedora-infra/bodhi/issues/5660 tracks this stuff. Just something to be aware of...

“indicates that glibc has a per-package gating policy with different requirements for testing vs. stable”

I'm not sure this is intentional. Do we need to add more items here?

decision_contexts:
  - bodhi_update_push_stable
  - bodhi_update_push_stable_critpath

Is this the reason why this update appears stuck?