import annobin-9.65-1.el8
This commit is contained in:
parent
f5aa342ba6
commit
b04c9c4f90
@ -1 +1 @@
|
|||||||
a685f1ad709538c60b87a80594b1e19db105642f SOURCES/annobin-9.50.tar.xz
|
8f065c03bd8a5b86e99a66cfc9caa28ea362793f SOURCES/annobin-9.65.tar.xz
|
||||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/annobin-9.50.tar.xz
|
SOURCES/annobin-9.65.tar.xz
|
||||||
|
31
SOURCES/annobin-skip-stack-prot.patch
Normal file
31
SOURCES/annobin-skip-stack-prot.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
diff --git a/annocheck/hardened.c b/annocheck/hardened.c
|
||||||
|
index d41c740..83645a7 100644
|
||||||
|
--- a/annocheck/hardened.c
|
||||||
|
+++ b/annocheck/hardened.c
|
||||||
|
@@ -3523,8 +3523,12 @@ finish (annocheck_data * data)
|
||||||
|
case TEST_STACK_PROT:
|
||||||
|
if (per_file.current_tool == TOOL_GO)
|
||||||
|
skip (data, i, SOURCE_FINAL_SCAN, "GO is stack safe");
|
||||||
|
+ else if (per_file.seen_tools == TOOL_GAS
|
||||||
|
+ || (per_file.gcc_from_comment && per_file.seen_tools == (TOOL_GAS | TOOL_GCC)))
|
||||||
|
+ skip (data, i, SOURCE_FINAL_SCAN, "no compiled code found");
|
||||||
|
else if (is_C_compiler (per_file.seen_tools))
|
||||||
|
- maybe (data, i, SOURCE_FINAL_SCAN, "no valid notes found regarding this test");
|
||||||
|
+ /* The skip is necessary because some glibc code is built this way. */
|
||||||
|
+ skip (data, i, SOURCE_FINAL_SCAN, "no notes found regarding this feature");
|
||||||
|
else
|
||||||
|
skip (data, i, SOURCE_FINAL_SCAN, "not compiled code");
|
||||||
|
break;
|
||||||
|
diff --git a/tests/glibc-notes-test b/tests/glibc-notes-test
|
||||||
|
index ab9e639..8496af8 100755
|
||||||
|
--- a/tests/glibc-notes-test
|
||||||
|
+++ b/tests/glibc-notes-test
|
||||||
|
@@ -31,7 +31,7 @@ $GCC -pie -Wl,-z,now hello.o hello2.o hello3.o -L. -lhello -o glibc-notes.exe
|
||||||
|
|
||||||
|
# Run annocheck
|
||||||
|
|
||||||
|
-$ANNOCHECK glibc-notes.exe --skip-cf-protection --skip-property-note --ignore-gaps > glibc-notes.out
|
||||||
|
+$ANNOCHECK glibc-notes.exe --skip-cf-protection --skip-property-note --skip-stack-realign --ignore-gaps > glibc-notes.out
|
||||||
|
grep -e "PASS" glibc-notes.out
|
||||||
|
if [ $? != 0 ];
|
||||||
|
then
|
@ -1,7 +1,7 @@
|
|||||||
|
|
||||||
Name: annobin
|
Name: annobin
|
||||||
Summary: Annotate and examine compiled binary files
|
Summary: Annotate and examine compiled binary files
|
||||||
Version: 9.50
|
Version: 9.65
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
# ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark
|
# ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark
|
||||||
@ -55,7 +55,7 @@ Source: annobin-%{version}.tar.xz
|
|||||||
# For the latest sources use: git clone git://sourceware.org/git/annobin.git
|
# For the latest sources use: git clone git://sourceware.org/git/annobin.git
|
||||||
|
|
||||||
# Insert patches here, if needed.
|
# Insert patches here, if needed.
|
||||||
# Patch01: annobin-xxx.patch
|
Patch01: annobin-skip-stack-prot.patch
|
||||||
|
|
||||||
#---------------------------------------------------------------------------------
|
#---------------------------------------------------------------------------------
|
||||||
|
|
||||||
@ -157,6 +157,7 @@ Summary: A tool for checking the security hardening status of binaries
|
|||||||
BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel
|
BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel
|
||||||
%if %{with debuginfod}
|
%if %{with debuginfod}
|
||||||
BuildRequires: elfutils-debuginfod-client-devel
|
BuildRequires: elfutils-debuginfod-client-devel
|
||||||
|
BuildRequires: make
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%description annocheck
|
%description annocheck
|
||||||
@ -280,6 +281,9 @@ make check
|
|||||||
if [ -f tests/test-suite.log ]; then
|
if [ -f tests/test-suite.log ]; then
|
||||||
cat tests/test-suite.log
|
cat tests/test-suite.log
|
||||||
fi
|
fi
|
||||||
|
if [ -f tests/glibc-notes.log ]; then
|
||||||
|
cat tests/glibc-notes.log
|
||||||
|
fi
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
#---------------------------------------------------------------------------------
|
#---------------------------------------------------------------------------------
|
||||||
@ -313,6 +317,25 @@ fi
|
|||||||
#---------------------------------------------------------------------------------
|
#---------------------------------------------------------------------------------
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Mar 17 2021 Nick Clifton <nickc@redhat.com> - 9.65-1
|
||||||
|
- gcc-plugin: Use a fixed filename when running in LTO mode.
|
||||||
|
|
||||||
|
* Wed Mar 03 2021 Nick Clifton <nickc@redhat.com> - 9.64-1
|
||||||
|
- Annocheck: Fix detection of special function names. (#1934189)
|
||||||
|
- Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc. (#1923439)
|
||||||
|
- Annocheck: Add colour to some messages. Skip the deliberate use of -fno-stack-protector. (#1923439)
|
||||||
|
- Annocheck: Fix some problems with tests for missing notes.
|
||||||
|
- Add some GO tests to annocheck.
|
||||||
|
- Add a future fail for the presence of RPATH in the dynamic tags.
|
||||||
|
- Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing.
|
||||||
|
- Workaround for elflint problems with PPC compiled files. (#1880634)
|
||||||
|
- Fix bogus AArch64 test failures.
|
||||||
|
- Improved testing by annocheck. Add fixed format message mode.
|
||||||
|
- Fix inconsistency reporting -fcf-protection and -fstack-clash-protection results.
|
||||||
|
- Add support for -D_FORTIFY_SOURCE=3.
|
||||||
|
- annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer. (#1906171)
|
||||||
|
- annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations. (#1906171)
|
||||||
|
|
||||||
* Wed Dec 09 2020 Nick Clifton <nickc@redhat.com> - 9.50-1
|
* Wed Dec 09 2020 Nick Clifton <nickc@redhat.com> - 9.50-1
|
||||||
- annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL.
|
- annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user