import annobin-9.65-1.el8

This commit is contained in:
CentOS Sources 2021-04-13 20:07:40 +00:00 committed by Andrew Lukoshko
parent f5aa342ba6
commit b04c9c4f90
4 changed files with 58 additions and 4 deletions

View File

@ -1 +1 @@
a685f1ad709538c60b87a80594b1e19db105642f SOURCES/annobin-9.50.tar.xz
8f065c03bd8a5b86e99a66cfc9caa28ea362793f SOURCES/annobin-9.65.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/annobin-9.50.tar.xz
SOURCES/annobin-9.65.tar.xz

View File

@ -0,0 +1,31 @@
diff --git a/annocheck/hardened.c b/annocheck/hardened.c
index d41c740..83645a7 100644
--- a/annocheck/hardened.c
+++ b/annocheck/hardened.c
@@ -3523,8 +3523,12 @@ finish (annocheck_data * data)
case TEST_STACK_PROT:
if (per_file.current_tool == TOOL_GO)
skip (data, i, SOURCE_FINAL_SCAN, "GO is stack safe");
+ else if (per_file.seen_tools == TOOL_GAS
+ || (per_file.gcc_from_comment && per_file.seen_tools == (TOOL_GAS | TOOL_GCC)))
+ skip (data, i, SOURCE_FINAL_SCAN, "no compiled code found");
else if (is_C_compiler (per_file.seen_tools))
- maybe (data, i, SOURCE_FINAL_SCAN, "no valid notes found regarding this test");
+ /* The skip is necessary because some glibc code is built this way. */
+ skip (data, i, SOURCE_FINAL_SCAN, "no notes found regarding this feature");
else
skip (data, i, SOURCE_FINAL_SCAN, "not compiled code");
break;
diff --git a/tests/glibc-notes-test b/tests/glibc-notes-test
index ab9e639..8496af8 100755
--- a/tests/glibc-notes-test
+++ b/tests/glibc-notes-test
@@ -31,7 +31,7 @@ $GCC -pie -Wl,-z,now hello.o hello2.o hello3.o -L. -lhello -o glibc-notes.exe
# Run annocheck
-$ANNOCHECK glibc-notes.exe --skip-cf-protection --skip-property-note --ignore-gaps > glibc-notes.out
+$ANNOCHECK glibc-notes.exe --skip-cf-protection --skip-property-note --skip-stack-realign --ignore-gaps > glibc-notes.out
grep -e "PASS" glibc-notes.out
if [ $? != 0 ];
then

View File

@ -1,7 +1,7 @@
Name: annobin
Summary: Annotate and examine compiled binary files
Version: 9.50
Version: 9.65
Release: 1%{?dist}
License: GPLv3+
# ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark
@ -55,7 +55,7 @@ Source: annobin-%{version}.tar.xz
# For the latest sources use: git clone git://sourceware.org/git/annobin.git
# Insert patches here, if needed.
# Patch01: annobin-xxx.patch
Patch01: annobin-skip-stack-prot.patch
#---------------------------------------------------------------------------------
@ -157,6 +157,7 @@ Summary: A tool for checking the security hardening status of binaries
BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel
%if %{with debuginfod}
BuildRequires: elfutils-debuginfod-client-devel
BuildRequires: make
%endif
%description annocheck
@ -280,6 +281,9 @@ make check
if [ -f tests/test-suite.log ]; then
cat tests/test-suite.log
fi
if [ -f tests/glibc-notes.log ]; then
cat tests/glibc-notes.log
fi
%endif
#---------------------------------------------------------------------------------
@ -313,6 +317,25 @@ fi
#---------------------------------------------------------------------------------
%changelog
* Wed Mar 17 2021 Nick Clifton <nickc@redhat.com> - 9.65-1
- gcc-plugin: Use a fixed filename when running in LTO mode.
* Wed Mar 03 2021 Nick Clifton <nickc@redhat.com> - 9.64-1
- Annocheck: Fix detection of special function names. (#1934189)
- Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc. (#1923439)
- Annocheck: Add colour to some messages. Skip the deliberate use of -fno-stack-protector. (#1923439)
- Annocheck: Fix some problems with tests for missing notes.
- Add some GO tests to annocheck.
- Add a future fail for the presence of RPATH in the dynamic tags.
- Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing.
- Workaround for elflint problems with PPC compiled files. (#1880634)
- Fix bogus AArch64 test failures.
- Improved testing by annocheck. Add fixed format message mode.
- Fix inconsistency reporting -fcf-protection and -fstack-clash-protection results.
- Add support for -D_FORTIFY_SOURCE=3.
- annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer. (#1906171)
- annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations. (#1906171)
* Wed Dec 09 2020 Nick Clifton <nickc@redhat.com> - 9.50-1
- annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL.