import annobin-10.21-3.el8

2021-11-02 04:20:04 +00:00 · 2021-11-02 04:20:04 +00:00 · c8b3932ddb
commit c8b3932ddb
parent 6bbd992f2e
4 changed files with 126 additions and 4 deletions
--- a/.annobin.metadata
+++ b/.annobin.metadata
@ -1 +1 @@
-ea07144ebf221728339143b378c3a73ce99e767b SOURCES/annobin-10.15.tar.xz
+e86729286e7277e6e0983074175b5362c0d1dae6 SOURCES/annobin-10.21.tar.xz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/annobin-10.15.tar.xz
+SOURCES/annobin-10.21.tar.xz
--- a/SOURCES/annobin.ldconfig.patch
+++ b/SOURCES/annobin.ldconfig.patch
@ -0,0 +1,102 @@
 diff -rup annobin.orig/annocheck/hardened.c annobin-10.21/annocheck/hardened.c
 --- annobin.orig/annocheck/hardened.c	2021-10-26 16:27:58.353141848 +0100
 +++ annobin-10.21/annocheck/hardened.c	2021-10-26 16:28:24.527040025 +0100
@@ -1479,7 +1479,7 @@ skip_fortify_checks_for_function (annoch
     {
       /* NB. KEEP THIS ARRAY ALPHA-SORTED  */
       "_GLOBAL__sub_I_main",
 -      "_Unwind_Resume",              /* In /sbin/ldconfig.  */
 +      "_Unwind_Resume",
       "__b64_ntop",  	             /* Found in ppc64le, RHEL-9, /lib64/libresolv.so.2.  */
       "__b64_pton",	             /* Found in ppc64le, RHEL-9, /lib64/libresolv.so.2.  */
       "__ctype_get_mb_cur_max",
@@ -1490,17 +1490,13 @@ skip_fortify_checks_for_function (annoch
       "__td_ta_rtld_global",         /* Found in ppc64le, RHEL-9, /lib64/libthread_db.so.1.  */
       "_dl_start_user", 	     /* Found in ppc64le, RHEL-9, /lib64/ld64.so.2.  */
       "_dl_tunable_set_arena_max",   /* Found in ppc64le, RHEL-9, /lib64/libc_malloc_debug.so.0.  */
 -      "_nl_archive_subfreeres",      /* Found in x86_64, RHEL-8.6 /sbin/ldconfig.  */
       "_start",
       "blacklist_store_name",
       "dlmopen_doit",                /* Found in ppc64le, RHEL-9, /lib64/ld64.so.2.  */
 -      "free_category",               /* Found in x86_64, RHEL-8.6 /sbin/ldconfig.  */
       "free_derivation",
       "free_mem",
 -      "insert_to_aux_cache.cold.6",  /* Found in x86_64, RHEL-8.6 /sbin/ldconfig.  */
       "install_handler",
       "internal_setgrent",
 -      "print_entry",                 /* In /sbin/ldconfig.  */
       "td_init",	             /* Found in ppc64le, RHEL-9, /lib64/libthread_db.so.1.  */
       "unlink_blk" 	             /* Found in ppc64le, RHEL-9, /lib64/libc_malloc_debug.so.0.  */
     };
@@ -1524,11 +1520,9 @@ skip_pic_checks_for_function (annocheck_
     {
       /* NB. KEEP THIS ARRAY ALPHA-SORTED  */
       "_GLOBAL__sub_I_main",
 -      "_Unwind_Resume",         /* In /sbin/ldconfig.  */
 -      "_nl_archive_subfreeres", /* In /sbin/ldconfig.  */
 +      "_Unwind_Resume",
       "_start",
 -      "atexit",        /* The atexit function in libiberty is only compiled with -fPIC not -fPIE.  */
 -      "print_entry"    /* In /sbin/ldconfig.  */
 +      "atexit"                  /* The atexit function in libiberty is only compiled with -fPIC not -fPIE.  */
     };
   if (skip_this_func (non_pie_funcs, ARRAY_SIZE (non_pie_funcs), component_name))
@@ -1566,15 +1560,12 @@ skip_stack_checks_for_function (annochec
       "_dl_start",
       "_dl_start_user", /* Found in ppc64le, RHEL-9 /lib64/ld64.so.2.  */
       "_dl_sysinfo_int80", /* In /lib/ld-linux.so.2.  */
 -      "_dl_tls_static_surplus_init", /* In /sbin/ldconfig.  */
       "_fini",
       "_init",
       "_start",
 -      "allocate_dtv",   /* Found in AArch64, RHEL-8, /sbin/ldconfig.  */
       "check_match", 	/* Found in AArch64, RHEL-8, /lib64/ld-2.28.so.  */
       "check_one_fd",
       "dlmopen_doit", 
 -      "generic_start_main", /* Found in PPC64LE, RHEL-8, /sbin/ldconfig.  */
       "get_common_indices.constprop.0",
       "is_dst",
       "notify_audit_modules_of_loaded_object",
@@ -1665,6 +1656,10 @@ function %s is part of the C library's s
       return true;
     }
 +  /* The ldconfig binary is known to be compiled with most security features.  */
 +  if (streq (data->full_filename, "/sbin/ldconfig"))
 +    return true;
 +  
   switch (check)
     {
     case TEST_STACK_PROT:
@@ -4790,7 +4785,11 @@ process_arg (const char * arg, const cha
 	    }
 	}
 -      return false;
 +      /* Do not fail if we do not recognise the test name.  It may be from a
 +	 future version of annocheck, and it just so happens that a test is
 +	 running this version by mistake.  */
 +      einfo (INFO, "ignoring unrecognized test name in --skip option: %s", arg);
 +      return true;
     }
   if (const_strneq (arg, "test-"))
 diff -rup annobin.orig/annocheck/hardened.c annobin-10.21/annocheck/hardened.c
 --- annobin.orig/annocheck/hardened.c	2021-10-27 11:23:27.161942804 +0100
 +++ annobin-10.21/annocheck/hardened.c	2021-10-27 11:23:59.692741676 +0100
@@ -1658,7 +1658,13 @@ function %s is part of the C library's s
   /* The ldconfig binary is known to be compiled with most security features.  */
   if (streq (data->full_filename, "/sbin/ldconfig"))
 -    return true;
 +    {
 +      sprintf (reason, "\
 +function %s is part of the C library's startup code, which executes before stack protection is established",
 +	       component_name);
 +      skip (data, check, SOURCE_SKIP_CHECKS, reason);
 +      return true;
 +    }
   switch (check)
     {
--- a/SPECS/annobin.spec
+++ b/SPECS/annobin.spec
@ -1,8 +1,8 @@
 Name:    annobin
 Summary: Annotate and examine compiled binary files
-Version: 10.15
+Version: 10.21
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv3+
 # ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark
 # Maintainer: nickc@redhat.com
@ -56,6 +56,7 @@ Source:  annobin-%{version}.tar.xz
 # Insert patches here, if needed.
 Patch01: annobin-nop.patch
 Patch02: annobin.ldconfig.patch
 #---------------------------------------------------------------------------------
@ -318,6 +319,25 @@ fi
 #---------------------------------------------------------------------------------
 %changelog
 * Wed Oct 27 2021 Nick Clifton  <nickc@redhat.com> - 10.21-3
 - annocheck: Disable LTO test when checking ldconfig (attempt 3).  (#2017039)
 * Tue Oct 26 2021 Nick Clifton  <nickc@redhat.com> - 10.21-2
 - annocheck: Disable LTO test when checking ldconfig (attempt 2).  (#2017039)
 * Tue Oct 26 2021 Nick Clifton  <nickc@redhat.com> - 10.21-1
 - annocheck: Disable LTO test when checking ldconfig.  (#2017039)
 * Mon Oct 25 2021 Nick Clifton  <nickc@redhat.com> - 10.20-1
 - annocheck: Add more glibc function names.  (#2017039)
 - gcc-plugin: Fix attaching the .text section to the .text.group section.
 - Complain about DT_RPATH for Fedora binaries.
 - Better reporting of problems in object files.  (#2013708)
 - Add a requirement on llvm-libs for clang and llvm plugins.  (#2014573)
 - Fix configuring annocheck without gcc-plugin.
 - Annocheck: Better reporting of debuginfod problems.
 - Tests: Fix bugs in debuginfod test.
 * Mon Oct 18 2021 Nick Clifton  <nickc@redhat.com> - 10.15-2
 - Exclude man pages for uninstalled scripts.  (#2013565)
`@ -1 +1 @@`
	`ea07144ebf221728339143b378c3a73ce99e767b SOURCES/annobin-10.15.tar.xz`	`e86729286e7277e6e0983074175b5362c0d1dae6 SOURCES/annobin-10.21.tar.xz`
`@ -1 +1 @@`
	`SOURCES/annobin-10.15.tar.xz`	`SOURCES/annobin-10.21.tar.xz`