import annobin-9.65-1.el8
This commit is contained in:
parent
f5aa342ba6
commit
b04c9c4f90
@ -1 +1 @@
|
||||
a685f1ad709538c60b87a80594b1e19db105642f SOURCES/annobin-9.50.tar.xz
|
||||
8f065c03bd8a5b86e99a66cfc9caa28ea362793f SOURCES/annobin-9.65.tar.xz
|
||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/annobin-9.50.tar.xz
|
||||
SOURCES/annobin-9.65.tar.xz
|
||||
|
31
SOURCES/annobin-skip-stack-prot.patch
Normal file
31
SOURCES/annobin-skip-stack-prot.patch
Normal file
@ -0,0 +1,31 @@
|
||||
diff --git a/annocheck/hardened.c b/annocheck/hardened.c
|
||||
index d41c740..83645a7 100644
|
||||
--- a/annocheck/hardened.c
|
||||
+++ b/annocheck/hardened.c
|
||||
@@ -3523,8 +3523,12 @@ finish (annocheck_data * data)
|
||||
case TEST_STACK_PROT:
|
||||
if (per_file.current_tool == TOOL_GO)
|
||||
skip (data, i, SOURCE_FINAL_SCAN, "GO is stack safe");
|
||||
+ else if (per_file.seen_tools == TOOL_GAS
|
||||
+ || (per_file.gcc_from_comment && per_file.seen_tools == (TOOL_GAS | TOOL_GCC)))
|
||||
+ skip (data, i, SOURCE_FINAL_SCAN, "no compiled code found");
|
||||
else if (is_C_compiler (per_file.seen_tools))
|
||||
- maybe (data, i, SOURCE_FINAL_SCAN, "no valid notes found regarding this test");
|
||||
+ /* The skip is necessary because some glibc code is built this way. */
|
||||
+ skip (data, i, SOURCE_FINAL_SCAN, "no notes found regarding this feature");
|
||||
else
|
||||
skip (data, i, SOURCE_FINAL_SCAN, "not compiled code");
|
||||
break;
|
||||
diff --git a/tests/glibc-notes-test b/tests/glibc-notes-test
|
||||
index ab9e639..8496af8 100755
|
||||
--- a/tests/glibc-notes-test
|
||||
+++ b/tests/glibc-notes-test
|
||||
@@ -31,7 +31,7 @@ $GCC -pie -Wl,-z,now hello.o hello2.o hello3.o -L. -lhello -o glibc-notes.exe
|
||||
|
||||
# Run annocheck
|
||||
|
||||
-$ANNOCHECK glibc-notes.exe --skip-cf-protection --skip-property-note --ignore-gaps > glibc-notes.out
|
||||
+$ANNOCHECK glibc-notes.exe --skip-cf-protection --skip-property-note --skip-stack-realign --ignore-gaps > glibc-notes.out
|
||||
grep -e "PASS" glibc-notes.out
|
||||
if [ $? != 0 ];
|
||||
then
|
@ -1,7 +1,7 @@
|
||||
|
||||
Name: annobin
|
||||
Summary: Annotate and examine compiled binary files
|
||||
Version: 9.50
|
||||
Version: 9.65
|
||||
Release: 1%{?dist}
|
||||
License: GPLv3+
|
||||
# ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark
|
||||
@ -55,7 +55,7 @@ Source: annobin-%{version}.tar.xz
|
||||
# For the latest sources use: git clone git://sourceware.org/git/annobin.git
|
||||
|
||||
# Insert patches here, if needed.
|
||||
# Patch01: annobin-xxx.patch
|
||||
Patch01: annobin-skip-stack-prot.patch
|
||||
|
||||
#---------------------------------------------------------------------------------
|
||||
|
||||
@ -157,6 +157,7 @@ Summary: A tool for checking the security hardening status of binaries
|
||||
BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel
|
||||
%if %{with debuginfod}
|
||||
BuildRequires: elfutils-debuginfod-client-devel
|
||||
BuildRequires: make
|
||||
%endif
|
||||
|
||||
%description annocheck
|
||||
@ -280,6 +281,9 @@ make check
|
||||
if [ -f tests/test-suite.log ]; then
|
||||
cat tests/test-suite.log
|
||||
fi
|
||||
if [ -f tests/glibc-notes.log ]; then
|
||||
cat tests/glibc-notes.log
|
||||
fi
|
||||
%endif
|
||||
|
||||
#---------------------------------------------------------------------------------
|
||||
@ -313,6 +317,25 @@ fi
|
||||
#---------------------------------------------------------------------------------
|
||||
|
||||
%changelog
|
||||
* Wed Mar 17 2021 Nick Clifton <nickc@redhat.com> - 9.65-1
|
||||
- gcc-plugin: Use a fixed filename when running in LTO mode.
|
||||
|
||||
* Wed Mar 03 2021 Nick Clifton <nickc@redhat.com> - 9.64-1
|
||||
- Annocheck: Fix detection of special function names. (#1934189)
|
||||
- Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc. (#1923439)
|
||||
- Annocheck: Add colour to some messages. Skip the deliberate use of -fno-stack-protector. (#1923439)
|
||||
- Annocheck: Fix some problems with tests for missing notes.
|
||||
- Add some GO tests to annocheck.
|
||||
- Add a future fail for the presence of RPATH in the dynamic tags.
|
||||
- Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing.
|
||||
- Workaround for elflint problems with PPC compiled files. (#1880634)
|
||||
- Fix bogus AArch64 test failures.
|
||||
- Improved testing by annocheck. Add fixed format message mode.
|
||||
- Fix inconsistency reporting -fcf-protection and -fstack-clash-protection results.
|
||||
- Add support for -D_FORTIFY_SOURCE=3.
|
||||
- annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer. (#1906171)
|
||||
- annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations. (#1906171)
|
||||
|
||||
* Wed Dec 09 2020 Nick Clifton <nickc@redhat.com> - 9.50-1
|
||||
- annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user