From 583cd91144aebea70cddeb647fd74ee046579edb Mon Sep 17 00:00:00 2001 From: James Antill Date: Mon, 27 Feb 2023 13:03:53 -0500 Subject: [PATCH] Import rpm: c8s --- .gitignore | 2 + annobin.spec | 934 ++++++++++++++++++++++++++++++++++++++++++ annobin.unicode.patch | 416 +++++++++++++++++++ sources | 1 + 4 files changed, 1353 insertions(+) create mode 100644 .gitignore create mode 100644 annobin.spec create mode 100644 annobin.unicode.patch create mode 100644 sources diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b80900b --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/annobin-9.29.tar.xz +/annobin-9.29.tar.xz diff --git a/annobin.spec b/annobin.spec new file mode 100644 index 0000000..1e36caf --- /dev/null +++ b/annobin.spec @@ -0,0 +1,934 @@ + +%define __python /opt/rh/gcc-toolset-9/root/usr/bin/python3 +%{?scl:%scl_package annobin} + +Name: %{?scl_prefix}annobin +Summary: Annotate and examine compiled binary files +Version: 9.29 +Release: 2%{?dist}.3 +License: GPLv3+ +# ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark +# Maintainer: nickc@redhat.com + +#--------------------------------------------------------------------------------- + +# Use "--without tests" to disable the testsuite. +%bcond_without tests + +# Use "--without annocheck" to disable the installation of the annocheck program. +%bcond_without annocheck + +# Use "--with debuginfod" to force support for debuginfod to be compiled into +# the annocheck program. By default the configure script will check for +# availablilty at build time, but this might not match the run time situation. +# FIXME: Add a --without debuginfod option to forcefully disable the configure +# time check for debuginfod support. +%bcond_with debuginfod + +# Use "--with clangplugin" to build the annobin plugin for Clang. +%bcond_with clangplugin + +# Use "--with llvmplugin" to build the annobin plugin for LLVM. +%bcond_with llvmplugin + +# Set this to zero to disable the requirement for a specific version of gcc. +# This should only be needed if there is some kind of problem with the version +# checking logic or when building on RHEL-7 or earlier. +%global with_hard_gcc_version_requirement 1 + +# # Do not build the annobin plugin with annotation enabled. +# # This is because if we are bootstrapping a new build environment we can have +# # a new version of gcc installed, but without a new of annobin installed. +# # (i.e. we are building the new version of annobin to go with the new version +# # of gcc). If the *old* annobin plugin is used whilst building this new +# # version, the old plugin will complain that version of gcc for which it +# # was built is different from the version of gcc that is now being used, and +# # then it will abort. +# +# Suppress this for BZ 1630550. +# The problem should now only arise when rebasing to a new major version +# of gcc, in which case the undefine below can be temporarily reinstated. +# +%undefine _annotated_build + +#--------------------------------------------------------------------------------- + +# Source: https://nickc.fedorapeople.org/annobin-%%{version}.tar.xz +Source: annobin-%{version}.tar.xz +# For the latest sources use: git clone git://sourceware.org/git/annobin.git + +# Insert patches here, if needed. +Patch01: annobin.unicode.patch + +#--------------------------------------------------------------------------------- + +%{?scl:Requires:%scl_runtime} +# We need the gcc-toolset-9 to build annobin, as otherwise the versions will not match. +%{?scl:Requires:%scl_require_package %{scl} gcc} + +BuildRequires: %{?scl_prefix}gcc %{?scl_prefix}gcc-plugin-devel %{?scl_prefix}gcc-c++ +%{?scl:BuildRequires:%scl_runtime} +%{?scl:BuildRequires:scl-utils-build} + +%define gcc_for_annobin %{?_scl_root}/usr/bin/gcc +%define gxx_for_annobin %{?_scl_root}/usr/bin/g++ + +# [Stolen from gcc-python-plugin] +# GCC will only load plugins that were built against exactly that build of GCC +# We thus need to embed the exact GCC version as a requirement within the +# metadata. +# +# Define "gcc_vr", a variable to hold the VERSION-RELEASE string for the gcc +# we are being built against. +# +# Unfortunately, we can't simply run: +# rpm -q --qf="%%{version}-%%{release}" +# to determine this, as there's no guarantee of a sane rpm database within +# the chroots created by our build system +# +# So we instead query the version from gcc's output. +# +# gcc.spec has: +# Version: %%{gcc_version} +# Release: %%{gcc_release}%%{?dist} +# ...snip... +# echo 'Red Hat %%{version}-%%{gcc_release}' > gcc/DEV-PHASE +# +# So, given this output: +# +# $ gcc --version +# gcc (GCC) 4.6.1 20110908 (Red Hat 4.6.1-9) +# Copyright (C) 2011 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# we can scrape out the "4.6.1" from the version line. +# +# The following implements the above: + +%global gcc_vr %(%gcc_for_annobin --version | head -n 1 | sed -e 's|.*(Red\ Hat\ ||g' -e 's|)$||g') + +# We need the major version of gcc. +%global gcc_major %(echo "%{gcc_vr}" | cut -f1 -d".") +%global gcc_next %(v="%{gcc_major}"; echo $((++v))) + +# Needed when building the srpm. +%if 0%{?gcc_major} == 0 +%global gcc_major 0 +%endif + +# This is a gcc plugin, hence gcc is required. +%if %{with_hard_gcc_version_requirement} +# BZ 1607430 - There is an exact requirement on the major version of gcc. +Requires: (%{?scl_prefix}gcc >= %{gcc_major} with %{?scl_prefix}gcc < %{gcc_next}) +%else +Requires: %{?scl_prefix}gcc +%endif + +BuildRequires: %{?scl_prefix}gcc %{?scl_prefix}gcc-plugin-devel %{?scl_prefix}gcc-c++ +%if %{with clangplugin} +BuildRequires: %{?scl_prefix}clang %{?scl_prefix}clang-devel %{?scl_prefix}llvm %{?scl_prefix}llvm-devel +%endif +%if %{with llvmplugin} +BuildRequires: %{?scl_prefix}clang %{?scl_prefix}clang-devel %{?scl_prefix}llvm %{?scl_prefix}llvm-devel %{?scl_prefix}compiler-rt +%endif + +%description +Provides a plugin for GCC that records extra information in the files +that it compiles. + +Note - the plugin is automatically enabled in gcc builds via flags +provided by the redhat-rpm-macros package. + +%if %{with clangplugin} +Also provides a plugin for clang which performs a similar function. +%endif + +%if %{with llvmplugin} +Also provides a plugin for LLVM which performs a similar function. +%endif + +#--------------------------------------------------------------------------------- +%if %{with tests} + +%package tests +Summary: Test scripts and binaries for checking the behaviour and output of the annobin plugin + +%description tests +Provides a means to test the generation of annotated binaries and the parsing +of the resulting files. + +%if %{with debuginfod} +BuildRequires: elfutils-debuginfod-client-devel +%endif + +%endif + +#--------------------------------------------------------------------------------- +%if %{with annocheck} + +%package annocheck +Summary: A tool for checking the security hardening status of binaries + +BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel +%if %{with debuginfod} +BuildRequires: elfutils-debuginfod-client-devel +%endif + +%description annocheck +Installs the annocheck program which uses the notes generated by annobin to +check that the specified files were compiled with the correct security +hardening options. + +%endif + +#--------------------------------------------------------------------------------- + +%global ANNOBIN_GCC_PLUGIN_DIR %(%gcc_for_annobin --print-file-name=plugin) + +%if %{with clangplugin} +# FIXME: Clang does not appear to have an official plugin directory. +# Instead it just uses dlopen() with no pathname prefix. So we +# construct a (hopefully good) path and rely upon users of annobin +# knowing about this location. +# FIXME2: Currently this same path is hardcoded into the Makefile.in +# files in the clang-plugin and llvm-plugin source directories... +%global ANNOBIN_CLANG_PLUGIN_DIR %{?scl_prefix}/usr/lib64/clang/%(clang -dumpversion)/lib +%endif + +#--------------------------------------------------------------------------------- + +%prep +if [ -z "%{gcc_vr}" ]; then + echo "*** Missing gcc_vr spec file macro, cannot continue." >&2 + exit 1 +fi + +echo "Requires: (%{?scl_prefix}gcc >= %{gcc_major} and %{?scl_prefix}gcc < %{gcc_next})" + +# Cannot use autosetup as it untar's the sources into annobin- +# but then tries to change directory into -annobin-. +# %%autosetup -p1 +%setup -q -n annobin-%{version} +%patch01 -p1 +chmod +x tests/unicode-test + +# The plugin has to be configured with the same arcane configure +# scripts used by gcc. Hence we must not allow the Fedora build +# system to regenerate any of the configure files. +touch aclocal.m4 gcc-plugin/config.h.in +touch configure */configure Makefile.in */Makefile.in +# Similarly we do not want to rebuild the documentation. +touch doc/annobin.info + +#--------------------------------------------------------------------------------- + +%build + +CONFIG_ARGS= + +%if %{with debuginfod} +CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod" +%else +# Note - we explicitly disable debuginfod support if it was not configured. +# This is because by default annobin's configue script will assume --with-debuginfod=auto +# and then run a build time test to see if debugingfod is available. It +# may well be, but the build time environment may not match the run time +# environment, and the rpm will not have a Requirement on the debuginfod +# client. +CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod" +%endif + +%if %{with clangplugin} +CONFIG_ARGS="$CONFIG_ARGS --with-clang" +%endif + +%if %{with llvmplugin} +CONFIG_ARGS="$CONFIG_ARGS --with-llvm" +%endif + +%if %{without tests} +CONFIG_ARGS="$CONFIG_ARGS --without-test" +%endif + +%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR} CC=%gcc_for_annobin CXX=%gxx_for_annobin ${CONFIG_ARGS} || cat config.log + +%make_build + +# Rebuild the plugin, this time using the plugin itself! This +# ensures that the plugin works, and that it contains annotations +# of its own. This could mean that we end up with a plugin with +# double annotations in it. (If the build system enables annotations +# for plugins by default). I have not tested this yet, but I think +# that it should be OK. +cp gcc-plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so +make -C gcc-plugin clean +BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so -fplugin-arg-tmp_annobin-rename" +# If building on RHEL7, enable the next option as the .attach_to_group assembler pseudo op is not available in the assembler. +# BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach" +make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS" +rm %{_tmppath}/tmp_annobin.so + +%if %{with clangplugin} +# FIXME: The symbolic link should not be needed. +ln -f -s ../annobin-global.h clang-plugin +make -C clang-plugin annobin.so +%endif + +#--------------------------------------------------------------------------------- + +%install +%make_install +rm -f %{buildroot}%{_infodir}/dir + +%if %{with clangplugin} +install -Dpm0755 -t %{buildroot}%{ANNOBIN_CLANG_PLUGIN_DIR} clang-plugin/annobin.so +%endif + +#--------------------------------------------------------------------------------- + +%if %{with tests} +%check +# On RHEL7 the assembler does not support all of the annobin tests. +# With scl the tests are run with the wrong version of gcc. +# Change the following line to "make check GCC=%gcc_for_annobin || :" +# on RHEL7 or if you need to see the test suite logs in order to +# diagnose a test failure. +make check GCC=%gcc_for_annobin +if [ -f tests/test-suite.log ]; then + cat tests/test-suite.log +fi + +%if %{with clangplugin} +# FIXME: RUN CLANG tests +%endif + +%if %{with llvmplugin} +# FIXME: RUN LLVM tests +%endif + +%endif + +#--------------------------------------------------------------------------------- + +%files +%{ANNOBIN_GCC_PLUGIN_DIR} +%license COPYING3 LICENSE +%exclude %{_datadir}/doc/annobin-plugin/COPYING3 +%exclude %{_datadir}/doc/annobin-plugin/LICENSE +%doc %{_datadir}/doc/annobin-plugin/annotation.proposal.txt +%{_infodir}/annobin.info* +%{_mandir}/man1/annobin.1* +%{_mandir}/man1/built-by.1* +%{_mandir}/man1/check-abi.1* +%{_mandir}/man1/hardened.1* +%{_mandir}/man1/run-on-binaries-in.1* + +%if %{with clangplugin} +%{ANNOBIN_CLANG_PLUGIN_DIR} +%endif +%if %{with llvmplugin} +%{ANNOBIN_CLANG_PLUGIN_DIR} +%endif + +%if %{with annocheck} +%files annocheck +%{_bindir}/annocheck +%{_mandir}/man1/annocheck.1* +%endif + +#--------------------------------------------------------------------------------- + +%changelog +* Wed Dec 01 2021 Nick Clifton - 9.29-2.3 +- Bump NVR and rebuild. (#2027436) + +* Tue Nov 2 2021 Siddhesh Poyarekar - 9.29-1.2 +- Bump and rebuild for new gcc. (#2017782) + +* Mon Oct 25 2021 Nick Clifton - 9.29-1.1 +- Annocheck: Add test for multibyte characters in symbol names. (#2009282) + +* Fri Aug 28 2020 Nick Clifton - 9.29-1 +- Fix AArch64 checks in annobin plugin. (#1873416) +- gcc plugin: Detect any attempt to access the global_options array. +- gcc plugin: Do not complain about missing pre-processor options when examining a preprocessed input file. (#1862718) +- Use more robust checks for AArch64 options. +- Detect CLANG compiled assembler that is missing IBT support. +- Improved target pointer size discovery. +- Add support for installing clang and llvm plugins. +- Temporary suppression of aarch64 pointer size check. (#1860549) + +* Mon Jul 13 2020 Nick Clifton - 9.23-2 +- Annocheck: Do not skip tests of the short-enums notes. (#1743635) +- Add (optional) llvm plugin. + +* Wed Jun 10 2020 Nick Clifton - 9.21-3 +- Fix the computations of ANNOBIN_GCC_PLUGIN_DIR and ANNOBIN_CLANG_PLUGIN_DIR. + +* Fri Jun 05 2020 Nick Clifton - 9.21-2 +- NVR bump to allow rebuild. + +* Tue Jun 02 2020 Nick Clifton - 9.21-1 +- Initial check-in for scl-gcc-toolset-10 branch. (#1817171) +- Fix stack clash protection problem. (#1803173) + +* Wed Apr 22 2020 Nick Clifton - 9.21-1 +- Annobin: Fall back on using the flags if the option cannot be found in cl_options. (#1817659) + +* Thu Apr 16 2020 Nick Clifton - 9.20-1 +- Annocheck: Detect Fortran compiled programs. (#1824393) + +* Wed Apr 01 2020 Nick Clifton - 9.19-1 +- Annobin: If option name mismatch occurs, seach for the real option. (#1817452) + +* Mon Mar 30 2020 Nick Clifton - 9.18-1 +- Annocheck: Fix a division by zero error when parsing GO binaries. (#1818863) + +* Fri Mar 27 2020 Nick Clifton - 9.16-1 +- Annobin: Fix access to the -flto and -fsanitize flags. + +* Thu Mar 26 2020 Nick Clifton - 9.14-1 +- Annobin: Use offsets stored in gcc's cl_option structure to access the global_options array, thus removing the need to check for changes in the size of this structure. + +* Thu Mar 26 2020 Nick Clifton - 9.13-2 +- NVR bump to allow rebuilding against new gcc. + +* Thu Mar 12 2020 Nick Clifton - 9.13-1 +- Rename gcc plugin directory to gcc-plugin. +- Stop annocheck from complaining about missing options when the binary has been built in a mixed environment. + +* Thu Mar 12 2020 Nick Clifton - 9.12-3 +- And again, this time with annotation enabled. (#1810941) + +* Thu Mar 12 2020 Nick Clifton - 9.12-2 +- NVR bump to enable rebuild against updated gcc. (#1810941) + +* Wed Mar 04 2020 Nick Clifton - 9.12-1 +- Improve builtby tool. +- Stop annocheck complaining about missing notes when the binary is not compiled by either gcc or clang. +- Skip the check of the ENTRY instruction for binaries not compiled by gcc or clang. (#1809656) + +* Fri Feb 28 2020 Nick Clifton - 9.11-1 +- Fix infinite loop hangup in annocheck. +- Disable debuginfod support by default. +- Improve parsing of .comment section. + +* Thu Feb 27 2020 Nick Clifton - 9.10-1 +- Fix clang plugin to use hidden symbols. + +* Tue Feb 25 2020 Nick Clifton - 9.09-1 +- Add ability to build clang plugin (disabled by default). + +* Mon Feb 17 2020 Nick Clifton - 9.08-1 +- Annocheck: Fix error printing out the version number. + +* Fri Feb 14 2020 Nick Clifton - 9.07-1 +- Annobin: Add checks of the exact location of the examined switches. + +* Tue Feb 11 2020 Nick Clifton - 9.06-1 +- Annobin: Note when stack clash notes are generated. +- Annocheck: Handle multiple builder IDs in the .comment section. + +* Fri Jan 31 2020 Nick Clifton - 9.05-1 +- Add configure option to suppress building annocheck. + +* Fri Jan 31 2020 Nick Clifton - 9.04-1 +- Fix debuginfod test. + +* Thu Jan 30 2020 Nick Clifton - 9.03-2 +- Correct the build requirement for building with debuginfod support. + +* Thu Jan 30 2020 Nick Clifton - 9.03-1 +- Add debuginfod support. + +* Tue Jan 28 2020 Fedora Release Engineering - 9.01-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Jan 20 2020 Nick Clifton - 9.01-2 +- Rebuild againt latest gcc-10. + +* Mon Jan 20 2020 Nick Clifton - 9.01-1 +- Add clang plugin (experimental). + +* Fri Dec 06 2019 Nick Clifton - 8.92-1 +- Have annocheck ignore notes with an end address of 0. + +* Mon Nov 18 2019 Nick Clifton - 8.91-1 +- Improve checking of gcc versions. + +* Fri Nov 15 2019 Nick Clifton - 8.90-1 +- Do not skip positive results. + +* Fri Nov 01 2019 Nick Clifton - 8.88-1 +- Generate a WARN result for code compiled with instrumentation enabled. (#1753918) + +* Tue Oct 22 2019 Nick Clifton - 8.87-1 +- Replace address checks with dladdr1. + +* Mon Oct 21 2019 Nick Clifton - 8.86-1 +- Use libabigail like checking to ensure variable address consistency. + +* Wed Oct 16 2019 Nick Clifton - 8.85-1 +- Skip generation of global notes for hot/cold sections. + +* Thu Oct 10 2019 Nick Clifton - 8.84-1 +- Generate FAIL results if -Wall or -Wformat-security are missing. + +* Thu Oct 03 2019 Nick Clifton - 8.83-1 +- If notes cannot be found in the executable look for them in the debuginfo file, if available. +- Generate a FAIL if notes are missing from the executable/debuginfo file. +- Record and report the setting of the AArcht64 specific -mbranch-protection option. + +* Mon Sep 23 2019 Nick Clifton - 8.81-1 +- Improve detection of GO binaries. +- Add gcc version information to annobin notes. +- Do not complain about missing FORTIFY_SOURCE and GLIBCXX_ASSERTIONS in LTO compilations. + +* Wed Sep 04 2019 Nick Clifton - 8.79-2 +- NVR bump to allow rebuild against latest gcc. (#1748529) + +* Tue Aug 06 2019 Nick Clifton - 8.79-1 +- Allow compiler used to run tests to be specified on the command line. (#1723401) + +* Tue Aug 06 2019 Nick Clifton - 8.78-1 +- Fix a memory allocation error in the annobin plugin. (#1737306) + +* Wed Jul 24 2019 Fedora Release Engineering - 8.77-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jun 24 2019 Nick Clifton - 8.77-1 +- Another attempt at fixing the detection and reporting of missing -D_FORTIFY_SOURCE options. (#1703500) + +* Mon Jun 10 22:13:17 CET 2019 Igor Gnatenko - 8.76-4 +- Rebuild for RPM 4.15 + +* Mon Jun 10 15:42:00 CET 2019 Igor Gnatenko - 8.76-3 +- Rebuild for RPM 4.15 + +* Thu Jun 06 2019 Panu Matilainen - 8.76-2 +- Really enable annocheck sub-package + +* Tue Apr 30 2019 Nick Clifton - 8.76-1 +- Report a missing -D_FORTIFY_SOUCRE option if -D_GLIBCXX_ASSERTIONS was detected. (#1703499) +- Do not report problems with -fstack-protection if the binary was not built by gcc or clang. (#1703788) + +* Fri Apr 26 2019 Nick Clifton - 8.74-1 +- Add tests of clang command line options recorded in the DW_AT_producer attribute. + +* Wed Apr 24 2019 Nick Clifton - 8.73-1 +- Fix test for an executable stack segment. (#1700924) + +* Thu Apr 18 2019 Nick Clifton - 8.72-1 +- Rebuild annobin with the latest rawhide gcc sources. (#1700923) + +* Thu Feb 28 2019 Nick Clifton - 8.71-1 +- Annobin: Suppress more calls to free() which are triggering memory checker errors. (#1684148) + +* Fri Feb 01 2019 Nick Clifton - 8.70-1 +- Add section flag matching ability to section size tool. + +* Thu Jan 31 2019 Fedora Release Engineering - 8.69-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Tue Jan 29 2019 Björn Esser - 8.69-6 +- Use 'with' for rich dependency on gcc + +* Tue Jan 29 2019 Björn Esser - 8.69-5 +- Really fix rhbz#1607430. + +* Mon Jan 28 2019 Björn Esser - 8.69-4 +- Rebuilt with annotations enabled + +* Mon Jan 28 2019 Björn Esser - 8.69-3 +- Fix rpm query for gcc version. + +* Mon Jan 28 2019 Nick Clifton - 8.69-2 +- Add an exact requirement on the major version of gcc. (#1607430) + +* Thu Jan 24 2019 Nick Clifton - 8.69-1 +- Annobin: Add support for .text.startup and .text.exit sections generated by gcc 9. +- Annocheck: Add a note displaying tool. + +* Wed Jan 23 2019 Nick Clifton - 8.68-1 +- Annocheck: Skip checks for -D_FORTIFY_SOURCE and -D_GLIBCXX_ASSERTIONS if there is no compiler generated code in the binary. + +* Mon Jan 21 2019 Björn Esser - 8.67-3 +- Rebuilt with annotations enabled + +* Mon Jan 21 2019 Björn Esser - 8.67-2 +- Rebuilt for GCC 9 + +* Thu Jan 17 2019 Nick Clifton - 8.67-1 +- Annocheck: Only skip specific checks for specific symbols. (#1666823) +- Annobin: Record the setting of the -fomit-frame-pointer option. + +* Wed Jan 02 2019 Nick Clifton - 8.66-1 +- Annocheck: Do not ignore -Og when checking to see if an optimization level has been set. (#1624162) + +* Tue Dec 11 2018 Nick Clifton - 8.65-1 +- Annobin: Fix handling of multiple .text.unlikely sections. + +* Fri Nov 30 2018 Nick Clifton - 8.64-1 +- Annocheck: Skip gaps in PPC64 executables covered by start_bcax_ symbols. (#1630564) + +* Mon Nov 26 2018 Nick Clifton - 8.63-1 +- Annocheck: Disable ENDBR test for shared libraries. (#1652925) + +* Mon Nov 26 2018 Nick Clifton - 8.62-1 +- Annocheck: Add test for ENDBR instruction at entry address of x86/x86_64 executables. (#1652925) + +* Tue Nov 20 2018 David Cantrell - 8.61-2 +- Adjust how the gcc_vr macro is set. + +* Mon Nov 19 2018 Nick Clifton - 8.61-1 +- Fix building with gcc version 4. + +* Tue Nov 13 2018 Nick Clifton - 8.60-1 +- Skip -Wl,-z,now and -Wl,-z,relro checks for non-gcc produced binaries. (#1624421) + +* Mon Nov 05 2018 Nick Clifton - 8.59-1 +- Ensure GNU Property notes are 8-byte aligned in x86_64 binaries. (#1645817) + +* Thu Oct 18 2018 Nick Clifton - 8.58-1 +- Skip PPC64 linker stubs created in the middle of text sections (again). (#1630640) + +* Thu Oct 18 2018 Nick Clifton - 8.57-1 +- Suppress free of invalid pointer. (#1638371) + +* Thu Oct 18 2018 Nick Clifton - 8.56-1 +- Skip PPC64 linker stubs created in the middle of text sections. (#1630640) + +* Tue Oct 16 2018 Nick Clifton - 8.55-1 +- Reset the (PPC64) section start symbol to 0 if its section is empty. (#1638251) + +* Thu Oct 11 2018 Nick Clifton - 8.53-1 +- Also skip virtual thinks created by G++. (#1630619) + +* Wed Oct 10 2018 Nick Clifton - 8.52-1 +- Use uppercase for all fail/mayb/pass results. (#1637706) + +* Wed Oct 10 2018 Nick Clifton - 8.51-1 +- Generate notes for unlikely sections. (#1630620) + +* Mon Oct 08 2018 Nick Clifton - 8.50-1 +- Fix edge case computing section names for end symbols. (#1637039) + +* Mon Oct 08 2018 Nick Clifton - 8.49-1 +- Skip dynamic checks for binaries without a dynamic segment. (#1636606) + +* Fri Oct 05 2018 Nick Clifton - 8.48-1 +- Delay generating attach_to_group directives until the end of the compilation. (#1636265) + +* Mon Oct 01 2018 Nick Clifton - 8.47-1 +- Fix bug introduced in previous delta which would trigger a seg-fault when scanning for gaps. + +* Mon Oct 01 2018 Nick Clifton - 8.46-1 +- Annobin: Fix section name selection for startup sections. +- Annocheck: Improve gap skipping heuristics. (#1630574) + +* Mon Oct 01 2018 Nick Clifton - 8.45-1 +- Fix function section support (again). (#1630574) + +* Fri Sep 28 2018 Nick Clifton - 8.44-1 +- Skip compiler option checks for non-GNU producers. (#1633749) + +* Wed Sep 26 2018 Nick Clifton - 8.43-1 +- Fix function section support (again). (#1630574) + +* Tue Sep 25 2018 Nick Clifton - 8.42-1 +- Ignore ppc64le notes where start = end + 2. (#1632259) + +* Tue Sep 25 2018 Nick Clifton - 8.41-1 +- Make annocheck ignore symbols suffixed with ".end". (#1639618) + +* Mon Sep 24 2018 Nick Clifton - 8.40-1 +- Reinstate building annobin with annobin enabled. (#1630550) + +* Fri Sep 21 2018 Nick Clifton - 8.39-1 +- Tweak tests. + +* Fri Sep 21 2018 Nick Clifton - 8.38-1 +- Generate notes and groups for .text.hot and .text.unlikely sections. +- When -ffunction-sections is active, put notes for startup sections into .text.startup.foo rather than .text.foo. +- Similarly put exit section notes into .text.exit.foo. (#1630574) +- Change annocheck's maybe result for GNU Property note being missing into a PASS if it is not needed and a FAIL if it is needed. + +* Wed Sep 19 2018 Nick Clifton - 8.37-1 +- Make the --skip-* options skip all messages about the specified test. + +* Tue Sep 18 2018 Nick Clifton - 8.36-1 +- Improve error message when an ET_EXEC binary is detected. + +* Mon Sep 17 2018 Nick Clifton - 8.35-1 +- Skip failures for PIC vs PIE. (#1629698) + +* Mon Sep 17 2018 Nick Clifton - 8.34-1 +- Ensure 4 byte alignment of note sub-sections. (#1629671) + +* Wed Sep 12 2018 Nick Clifton - 8.33-1 +- Add timing tool to report on speed of the checks. +- Add check for conflicting use of the -fshort-enum option. +- Add check of the GNU Property notes. +- Skip check for -O2 if compiled with -Og. (#1624162) + +* Mon Sep 03 2018 Nick Clifton - 8.32-1 +- Add test for ET_EXEC binaries. (#1625627) +- Document --report-unknown option. + +* Thu Aug 30 2018 Nick Clifton - 8.31-1 +- Fix bug in hardened tool which would skip gcc compiled files if the notes were too small. +- Fix bugs in section-size tool. +- Fix bug in built-by tool. + +* Wed Aug 29 2018 Nick Clifton - 8.30-1 +- Generate notes for comdat sections. (#1619267) + +* Thu Aug 23 2018 Nick Clifton - 8.29-1 +- Add more names to the gap skip list. (#1619267) + +* Thu Aug 23 2018 Nick Clifton - 8.28-1 +- Skip gaps covered by _x86.get_pc_thunk and _savegpr symbols. (#1619267) +- Merge ranges where one is wholly covered by another. + +* Wed Aug 22 2018 Nick Clifton - 8.27-1 +- Skip gaps at the end of functions. (#1619267) + +* Tue Aug 21 2018 Nick Clifton - 8.26-1 +- Fix thinko in ppc64 gap detection code. (#1619267) + +* Mon Aug 20 2018 Nick Clifton - 8.25-1 +- Skip gaps at the end of the .text section in ppc64 binaries. (#1619267) + +* Wed Aug 15 2018 Nick Clifton - 8.24-1 +- Skip checks in stack_chk_local_fail.c +- Treat gaps as FAIL results rather than MAYBE. + +* Wed Aug 08 2018 Nick Clifton - 8.23-1 +- Skip checks in __stack_chk_local_fail. + +* Wed Aug 08 2018 Nick Clifton - 8.22-1 +- Reduce version check to gcc major version number only. Skip compiler option checks if binary not built with gcc. (#1603089) + +* Tue Aug 07 2018 Nick Clifton - 8.21-1 +- Fix bug in annobin plugin. Add --section-size=NAME option to annocheck. + +* Thu Aug 2 2018 Peter Robinson 8.20-2 +- rebuild for new gcc + +* Thu Aug 02 2018 Nick Clifton - 8.20-1 +- Correct name of man page for run-on-binaries-in script. (#1611155) + +* Wed Jul 25 2018 Nick Clifton - 8.19-1 +- Allow $ORIGIN to be at the start of entries in DT_RPATH and DT_RUNPATH. + +* Mon Jul 23 2018 Nick Clifton - 8.18-1 +- Add support for big endian targets. + +* Mon Jul 23 2018 Nick Clifton - 8.17-1 +- Count passes and failures on a per-component basis and report gaps. + +* Fri Jul 20 2018 Nick Clifton - 8.16-1 +- Use our own copy of the targetm.asm_out.function_section() function. (#159861 comment#17) + +* Fri Jul 20 2018 Nick Clifton - 8.15-1 +- Generate grouped note section name all the time. (#159861 comment#16) + +* Thu Jul 19 2018 Nick Clifton - 8.14-1 +- Fix section conflict problem. (#1603071) + +* Wed Jul 18 2018 Nick Clifton - 8.13-1 +- Fix for building with gcc version 4. +- Fix symbol placement in functions with local assembler. + +* Tue Jul 17 2018 Nick Clifton - 8.12-1 +- Fix assertions in range checking code. Add detection of -U options. + +* Tue Jul 17 2018 Nick Clifton - 8.11-1 +- Handle function sections properly. Handle .text.startup and .text.unlikely sections. Improve gap detection and reporting. (#1601055) + +* Thu Jul 12 2018 Fedora Release Engineering - 8.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Jul 12 2018 Nick Clifton - 8.10-1 +- Fix construction of absolute versions of --dwarf-dir and --debug-rpm options. + +* Tue Jul 10 2018 Nick Clifton - 8.9-1 +- Fix buffer overrun when very long symbol names are encountered. + +* Tue Jul 10 2018 Nick Clifton - 8.8-1 +- Do not force the generation of function notes when -ffunction-sections is active. (#1598961) + +* Mon Jul 09 2018 Nick Clifton - 8.7-1 +- Skip the .annobin_ prfix when reporting symbols. (#1599315) + +* Mon Jul 09 2018 Nick Clifton - 8.6-1 +- Use the assembler (c++ mangled) version of function names when switching sections. (#1598579) + +* Mon Jul 09 2018 Nick Clifton - 8.5-1 +- Do not call function_section. (#1598961) + +* Fri Jul 06 2018 Nick Clifton - 8.4-1 +- Ignore cross-section gaps. (#1598551) + +* Thu Jul 05 2018 Nick Clifton - 8.3-1 +- Do not skip empty range notes in object files. (#1598361) + +* Mon Jul 02 2018 Nick Clifton - 8.2-1 +- Create the start symbol at the start of the function and the end symbol at the end. (#1596823) + +* Mon Jul 02 2018 Nick Clifton - 8.1-1 +- Fix --debug-rpm when used inside a directory. + +* Thu Jun 28 2018 Nick Clifton - 8.0-1 +- Use a prefix for all annobin generated symbols, and make them hidden. +- Only generate weak symbol definitions for linkonce sections. + +* Wed Jun 27 2018 Nick Clifton - 7.1-1 +- Skip some checks for relocatable object files, and dynamic objects. +- Stop bogus complaints about stackrealignment not being enabled. + +* Mon Jun 25 2018 Nick Clifton - 7.0-1 +- Add -debug-rpm= option to annocheck. +- Only use a 2 byte offset for the initial symbol on PowerPC. + +* Fri Jun 22 2018 Nick Clifton - 6.6-1 +- Use --dwarf-path when looking for build-id based debuginfo files. + +* Fri Jun 22 2018 Nick Clifton - 6.5-1 +- Fix premature closing of dwarf handle. + +* Fri Jun 22 2018 Nick Clifton - 6.4-1 +- Fix scoping bug computing the name of a separate debuginfo file. + +* Tue Jun 19 2018 Nick Clifton - 6.3-1 +- Fix file descriptor leak. + +* Tue Jun 19 2018 Nick Clifton - 6.2-1 +- Add command line options to annocheck to disable individual tests. + +* Fri Jun 08 2018 Nick Clifton - 6.1-1 +- Remove C99-ism from annocheck sources. + +* Wed Jun 06 2018 Nick Clifton - 6.0-1 +- Add the annocheck program. + +* Fri Jun 01 2018 Nick Clifton - 5.11-1 +- Do not use the SHF_GNU_BUILD_NOTE section flag. + +* Thu May 31 2018 Nick Clifton - 5.10-1 +- Remove .sh extension from shell scripts. + +* Wed May 30 2018 Nick Clifton - 5.9-1 +- Record the setting of the -mstackrealign option for i686 binaries. + +* Mon May 14 2018 Nick Clifton - 5.8-1 +- Hide the annobin start of file symbol. + +* Tue May 08 2018 Nick Clifton - 5.7-1 +- Fix script bug in hardended.sh. (Thanks to: Stefan Sørensen ) + +* Thu May 03 2018 Nick Clifton - 5.6-3 +- Version number bump so that the plugin can be rebuilt with the latest version of GCC. + +* Mon Apr 30 2018 Nick Clifton - 5.6-2 +- Rebuild the plugin with the newly created plugin enabled. (#1573082) + +* Mon Apr 30 2018 Nick Clifton - 5.6-1 +- Skip the isa_flags check in the ABI test because the crt[in].o files are compiled with different flags from the test files. + +* Fri Apr 20 2018 Nick Clifton - 5.3-1 +- Add manual pages for annobin and the scripts. + +* Tue Apr 03 2018 Nick Clifton - 5.2-1 +- Do not record a stack protection setting of -1. (#1563141) + +* Tue Mar 20 2018 Nick Clifton - 5.1-1 +- Do not complain about a dwarf_version value of -1. (#1557511) + +* Thu Mar 15 2018 Nick Clifton - 5.0-1 +- Bias file start symbols by 2 in order to avoid them confused with function symbols. (#1554332) +- Version jump is to sync the version number with the annobin plugins internal version number. + +* Mon Mar 12 2018 Nick Clifton - 3.6-1 +- Add --ignore-gaps option to check-abi.sh script. +- Use this option in the abi-test check. +- Tweak hardening test to skip pic and stack protection checks. + +* Tue Mar 06 2018 Nick Clifton - 3.5-1 +- Handle functions with specific assembler names. (#1552018) + +* Fri Feb 23 2018 Nick Clifton - 3.4-2 +- Add an explicit requirement on the version of gcc used to built the plugin. (#1547260) + +* Fri Feb 09 2018 Nick Clifton - 3.4-1 +- Change type and size of symbols to STT_NOTYPE/0 so that they do not confuse GDB. (#1539664) +- Add run-on-binaries-in.sh script to allow the other scripts to be run over a repository. + +* Wed Feb 07 2018 Fedora Release Engineering - 3.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Jan 30 2018 Nick Clifton - 3.3-1 +- Rebase on 3.3 release, which adds support for recording -mcet and -fcf-protection. + +* Mon Jan 29 2018 Florian Weimer - 3.2-3 +- Rebuild for GCC 8 + +* Fri Jan 26 2018 Nick Clifton - 3.2-2 +- Fix the installation of the annobin.info file. + +* Fri Jan 26 2018 Nick Clifton - 3.2-1 +- Rebase on 3.2 release, which now contains documentation! + +* Fri Jan 26 2018 Richard W.M. Jones - 3.1-3 +- Rebuild against GCC 7.3.1. + +* Tue Jan 16 2018 Nick Clifton - 3.1-2 +- Add --with-gcc-plugin-dir option to the configure command line. + +* Thu Jan 04 2018 Nick Clifton - 3.1-1 +- Rebase on version 3.1 sources. + +* Mon Dec 11 2017 Nick Clifton - 2.5.1-5 +- Do not generate notes when there is no output file. (#1523875) + +* Fri Dec 08 2017 Nick Clifton - 2.5.1-4 +- Invent an input filename when reading from a pipe. (#1523401) + +* Thu Nov 30 2017 Florian Weimer - 2.5.1-3 +- Use DECL_ASSEMBLER_NAME for symbol references (#1519165) + +* Tue Oct 03 2017 Igor Gnatenko - 2.5.1-2 +- Cleanups in spec + +* Tue Sep 26 2017 Nick Clifton - 2.5.1-1 +- Touch the auto-generated files in order to stop them from being regenerated. + +* Tue Sep 26 2017 Nick Clifton - 2.5-2 +- Stop the plugin complaining about compiler datestamp mismatches. + +* Thu Sep 21 2017 Nick Clifton - 2.4-1 +- Tweak tests so that they will run on older machines. + +* Thu Sep 21 2017 Nick Clifton - 2.3-1 +- Add annobin-tests subpackage containing some preliminary tests. +- Remove link-time test for unsupported targets. + +* Wed Aug 02 2017 Fedora Release Engineering - 2.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Mon Jul 31 2017 Florian Weimer - 2.0-2 +- Rebuild with binutils fix for ppc64le (#1475636) + +* Wed Jun 28 2017 Nick Clifton - 2.0-1 +- Fixes for problems reported by the package submission review: + * Add %%license entry to %%file section. + * Update License and BuildRequires tags. + * Add Requires tag. + * Remove %%clean. + * Add %%check. + * Clean up the %%changelog. +- Update to use version 2 of the specification and sources. + +* Thu May 11 2017 Nick Clifton - 1.0-1 +- Initial submission. diff --git a/annobin.unicode.patch b/annobin.unicode.patch new file mode 100644 index 0000000..3e6b005 --- /dev/null +++ b/annobin.unicode.patch @@ -0,0 +1,416 @@ +--- /dev/null 2021-10-25 08:23:06.499675237 +0100 ++++ annobin-8.79/tests/unicode-test 2021-10-25 12:37:55.699238393 +0100 +@@ -0,0 +1,41 @@ ++#!/bin/bash ++ ++# Copyright (c) 2021 Red Hat. ++# ++# This is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published ++# by the Free Software Foundation; either version 3, or (at your ++# option) any later version. ++# ++# It is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++ ++ANNOCHECK=${ANNOCHECK:-../annocheck/annocheck} ++GCC=${GCC:-gcc} ++ ++# Mimics how glibc builds C sources without annotation. ++ ++OPTS="-O2 -g -Wl,-z,now -pie -fpie" ++ ++$GCC $OPTS $srcdir/trick-hello.s -o trick-hello.exe ++if [ $? != 0 ]; ++then ++ echo "unicode-test: FAIL: Could not compile test source file" ++ exit 1 ++fi ++ ++# Run annocheck ++ ++OPTS="--ignore-gaps --skip-cf-protection --skip-glibcxx-assertions --skip-short-enum --skip-optimization --skip-stack-prot" ++ ++$ANNOCHECK trick-hello.exe $OPTS > unicode.out ++grep -e "FAIL: Symbol names containing multibyte characters" unicode.out ++if [ $? != 0 ]; ++then ++ echo "unicode-test: FAIL: annocheck did not detect suspicious symbol names" ++ $ANNOCHECK trick-hello.exe $OPTS --verbose ++ exit 1 ++fi ++ +--- /dev/null 2021-10-25 08:23:06.499675237 +0100 ++++ annobin-8.79/tests/trick-hello.s 2021-10-25 15:10:39.722116284 +0100 +@@ -0,0 +1,33 @@ ++ .file "trick-hello.c" ++ .text ++ .section .rodata ++.LC0: ++ .string "hah, gotcha!" ++ .text ++ .globl he‮oll‬ ++ .type he‮oll‬, @function ++he‮oll‬: ++.LFB0: ++ nop ++.LFE0: ++ .size he‮oll‬, .-he‮oll‬ ++ .section .rodata ++.LC1: ++ .string "Hello world" ++ .text ++ .globl hello ++ .type hello, @function ++hello: ++.LFB1: ++ nop ++.LFE1: ++ .size hello, .-hello ++ .globl main ++ .type main, @function ++main: ++.LFB2: ++ nop ++.LFE2: ++ .size main, .-main ++ .ident "GCC: (GNU) 11.2.1 20210728 (Red Hat 11.2.1-1)" ++ .section .note.GNU-stack,"",@progbits +diff -rup annobin.orig/Makefile.in annobin-9.29/Makefile.in +--- annobin.orig/Makefile.in 2021-10-28 10:31:57.060267035 +0100 ++++ annobin-9.29/Makefile.in 2021-10-28 10:32:06.211206161 +0100 +@@ -323,6 +323,7 @@ plugindir = @plugindir@ + prefix = @prefix@ + program_transform_name = @program_transform_name@ + psdir = @psdir@ ++runstatedir = @runstatedir@ + sbindir = @sbindir@ + sharedstatedir = @sharedstatedir@ + srcdir = @srcdir@ +Only in annobin-9.29: Makefile.in.orig +diff -rup annobin.orig/annocheck/Makefile.in annobin-9.29/annocheck/Makefile.in +--- annobin.orig/annocheck/Makefile.in 2021-10-28 10:31:57.088266849 +0100 ++++ annobin-9.29/annocheck/Makefile.in 2021-10-28 10:32:06.212206154 +0100 +@@ -314,6 +314,7 @@ plugindir = @plugindir@ + prefix = @prefix@ + program_transform_name = @program_transform_name@ + psdir = @psdir@ ++runstatedir = @runstatedir@ + sbindir = @sbindir@ + sharedstatedir = @sharedstatedir@ + srcdir = @srcdir@ +Only in annobin-9.29/annocheck: Makefile.in.orig +diff -rup annobin.orig/annocheck/hardened.c annobin-9.29/annocheck/hardened.c +--- annobin.orig/annocheck/hardened.c 2021-10-28 10:31:57.088266849 +0100 ++++ annobin-9.29/annocheck/hardened.c 2021-10-28 10:33:13.936755663 +0100 +@@ -119,6 +119,7 @@ enum test_index + TEST_STACK_REALIGN, + TEST_TEXTREL, + TEST_THREADS, ++ TEST_UNICODE, + TEST_WARNINGS, + TEST_WRITEABLE_GOT, + +@@ -146,6 +147,7 @@ static void show_STACK_PROT (ann + static void show_STACK_REALIGN (annocheck_data *, test *); + static void show_TEXTREL (annocheck_data *, test *); + static void show_THREADS (annocheck_data *, test *); ++static void show_UNICODE (annocheck_data *, test *); + static void show_WARNINGS (annocheck_data *, test *); + static void show_WRITEABLE_GOT (annocheck_data *, test *); + +@@ -177,6 +179,7 @@ static test tests [TEST_MAX] = + TEST (stack-realign, STACK_REALIGN, "Compiled with -mstackrealign (i686 only)"), + TEST (textrel, TEXTREL, "There are no text relocations in the binary"), + TEST (threads, THREADS, "Compiled with -fexceptions"), ++ TEST (unicode, UNICODE, "No unicode symbol names"), + TEST (warnings, WARNINGS, "Compiled with -Wall"), + TEST (writeable-got, WRITEABLE_GOT, "The .got section is not writeable"), + }; +@@ -288,6 +291,11 @@ interesting_sec (annocheck_data * da + if (streq (sec->secname, ".gdb_index")) + per_file.debuginfo_file = true; + ++ if (tests[TEST_UNICODE].enabled ++ && (sec->shdr.sh_type == SHT_SYMTAB ++ || sec->shdr.sh_type == SHT_DYNSYM)) ++ return true; ++ + if (streq (sec->secname, ".text")) + { + /* Separate debuginfo files have a .text section with a non-zero +@@ -1830,6 +1838,64 @@ check_comment_section (annocheck_data * + } + + static bool ++contains_suspicious_characters (const unsigned char * name) ++{ ++ uint i; ++ uint len = strlen ((const char *) name); ++ ++ /* FIXME: Test that locale is UTF-8. */ ++ ++ for (i = 0; i < len; i++) ++ { ++ unsigned char c = name[i]; ++ ++ if (isgraph (c)) ++ continue; ++ ++ /* Control characters are always suspect. So are spaces and DEL */ ++ if (iscntrl (c) || c == ' ' || c == 0x7f) ++ return true; ++ ++ if (c < 0x7f) /* This test is probably redundant. */ ++ continue; ++ ++ return true; ++ } ++ ++ return false; ++} ++ ++static bool ++check_symbol_section (annocheck_data * data, annocheck_section * sec) ++{ ++ if (! tests[TEST_UNICODE].enabled) ++ return true; ++ ++ /* Scan the symbols looking for non-ASCII characters in their names ++ that might cause problems. Note - we do not examine the string ++ tables directly as there are perfectly legitimate reasons why these ++ characters might appear in strings. But when they are used for ++ identifier names, their use is ... problematic. */ ++ GElf_Sym sym; ++ uint symndx; ++ ++ for (symndx = 1; gelf_getsym (sec->data, symndx, & sym) != NULL; symndx++) ++ { ++ const char * symname = elf_strptr (data->elf, sec->shdr.sh_link, sym.st_name); ++ ++ if (contains_suspicious_characters ((const unsigned char *) symname)) ++ { ++ tests[TEST_UNICODE].num_fail ++; ++ einfo (VERBOSE, "%s: info: multibyte symname: '%s', (%lu bytes long) in section: %s", ++ data->filename, symname, (unsigned long) strlen (symname), sec->secname); ++ if (!BE_VERBOSE) ++ break; ++ } ++ } ++ return true; ++} ++ ++static bool + check_sec (annocheck_data * data, + annocheck_section * sec) + { +@@ -1837,6 +1903,8 @@ check_sec (annocheck_data * data, + selected in interesting_sec(). */ + switch (sec->shdr.sh_type) + { ++ case SHT_SYMTAB: ++ case SHT_DYNSYM: return check_symbol_section (data, sec); + case SHT_NOTE: return check_note_section (data, sec); + case SHT_STRTAB: return check_string_section (data, sec); + case SHT_DYNAMIC: return check_dynamic_section (data, sec); +@@ -2617,6 +2685,19 @@ show_BRANCH_PROTECTION (annocheck_data + } + } + ++static void ++show_UNICODE (annocheck_data * data, test * results) ++{ ++ if (results->num_fail > 0) ++ { ++ fail (data, "Symbol names containing multibyte characters detected"); ++ } ++ else ++ { ++ pass (data, "No symbol names containing multibyte characters detected"); ++ } ++} ++ + static void + show_ENTRY (annocheck_data * data, test * results) + { +Only in annobin-9.29/annocheck: hardened.c.orig +Only in annobin-9.29/annocheck: hardened.c.rej +Only in annobin-9.29: autom4te.cache +diff -rup annobin.orig/configure annobin-9.29/configure +--- annobin.orig/configure 2021-10-28 10:31:57.060267035 +0100 ++++ annobin-9.29/configure 2021-10-28 10:32:06.215206134 +0100 +@@ -761,6 +761,7 @@ infodir + docdir + oldincludedir + includedir ++runstatedir + localstatedir + sharedstatedir + sysconfdir +@@ -857,6 +858,7 @@ datadir='${datarootdir}' + sysconfdir='${prefix}/etc' + sharedstatedir='${prefix}/com' + localstatedir='${prefix}/var' ++runstatedir='${localstatedir}/run' + includedir='${prefix}/include' + oldincludedir='/usr/include' + docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +@@ -1109,6 +1111,15 @@ do + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + ++ -runstatedir | --runstatedir | --runstatedi | --runstated \ ++ | --runstate | --runstat | --runsta | --runst | --runs \ ++ | --run | --ru | --r) ++ ac_prev=runstatedir ;; ++ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ ++ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ ++ | --run=* | --ru=* | --r=*) ++ runstatedir=$ac_optarg ;; ++ + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ +@@ -1246,7 +1257,7 @@ fi + for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ +- libdir localedir mandir ++ libdir localedir mandir runstatedir + do + eval ac_val=\$$ac_var + # Remove trailing slashes. +@@ -1399,6 +1410,7 @@ Fine tuning of the installation director + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] ++ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] +Only in annobin-9.29: configure.orig +diff -rup annobin.orig/doc/Makefile.in annobin-9.29/doc/Makefile.in +--- annobin.orig/doc/Makefile.in 2021-10-28 10:31:57.061267029 +0100 ++++ annobin-9.29/doc/Makefile.in 2021-10-28 10:32:06.215206134 +0100 +@@ -329,6 +329,7 @@ plugindir = @plugindir@ + prefix = @prefix@ + program_transform_name = @program_transform_name@ + psdir = @psdir@ ++runstatedir = @runstatedir@ + sbindir = @sbindir@ + sharedstatedir = @sharedstatedir@ + srcdir = @srcdir@ +Only in annobin-9.29/doc: Makefile.in.orig +diff -rup annobin.orig/doc/annobin.info annobin-9.29/doc/annobin.info +--- annobin.orig/doc/annobin.info 2021-10-28 10:31:57.061267029 +0100 ++++ annobin-9.29/doc/annobin.info 2021-10-28 10:32:06.215206134 +0100 +@@ -609,6 +609,7 @@ File: annobin.info, Node: Hardened, Ne + [-skip-stack-realign] + [-skip-textrel] + [-skip-threads] ++ [-skip-unicode] + [-skip-writeable-got] + [-ignore-gaps] + [-disable-hardened] +@@ -718,6 +719,10 @@ code to support the test. + Check that the program makes consistent use of the '-fshort-enum' + option. + ++'Unicode' ++ This test checks for the presence of multibyte characters in symbol ++ names, which are unusual and potentially dangerous. ++ + The tool does support a couple of other command line options as well: + + '--enable-hardened' +Only in annobin-9.29/doc: annobin.info.orig +Only in annobin-9.29/doc: annobin.info.rej +diff -rup annobin.orig/doc/annobin.texi annobin-9.29/doc/annobin.texi +--- annobin.orig/doc/annobin.texi 2021-10-28 10:31:57.061267029 +0100 ++++ annobin-9.29/doc/annobin.texi 2021-10-28 10:32:06.215206134 +0100 +@@ -706,6 +706,7 @@ annocheck + [@b{--skip-stack-realign}] + [@b{--skip-textrel}] + [@b{--skip-threads}] ++ [@b{--skip-unicode}] + [@b{--skip-writeable-got}] + [@b{--ignore-gaps}] + [@b{--disable-hardened}] +@@ -831,6 +832,10 @@ enabled then this test will be skipped a + Check that the program makes consistent use of the + @option{-fshort-enum} option. + ++@item Unicode ++This test checks for the presence of multibyte characters in symbol ++names, which are unusual and potentially dangerous. ++ + @end table + + The tool does support a couple of other command line options as well: +Only in annobin-9.29/doc: annobin.texi.orig +diff -rup annobin.orig/scripts/Makefile.in annobin-9.29/scripts/Makefile.in +--- annobin.orig/scripts/Makefile.in 2021-10-28 10:31:57.061267029 +0100 ++++ annobin-9.29/scripts/Makefile.in 2021-10-28 10:32:08.111193522 +0100 +@@ -284,6 +284,7 @@ plugindir = @plugindir@ + prefix = @prefix@ + program_transform_name = @program_transform_name@ + psdir = @psdir@ ++runstatedir = @runstatedir@ + sbindir = @sbindir@ + sharedstatedir = @sharedstatedir@ + srcdir = @srcdir@ +Only in annobin-9.29/scripts: Makefile.in.orig +diff -rup annobin.orig/tests/Makefile.am annobin-9.29/tests/Makefile.am +--- annobin.orig/tests/Makefile.am 2021-10-28 10:31:57.089266843 +0100 ++++ annobin-9.29/tests/Makefile.am 2021-10-28 10:33:47.008535672 +0100 +@@ -16,6 +16,7 @@ TESTS=compile-test \ + assembler-gap-test \ + dynamic-notes-test \ + instrumentation-test \ ++ unicode-test \ + section-size-test + + if HAVE_DEBUGINFOD +Only in annobin-9.29/tests: Makefile.am.orig +Only in annobin-9.29/tests: Makefile.am.rej +diff -rup annobin.orig/tests/Makefile.in annobin-9.29/tests/Makefile.in +--- annobin.orig/tests/Makefile.in 2021-10-28 10:31:57.089266843 +0100 ++++ annobin-9.29/tests/Makefile.in 2021-10-28 10:34:15.803344120 +0100 +@@ -459,6 +459,7 @@ plugindir = @plugindir@ + prefix = @prefix@ + program_transform_name = @program_transform_name@ + psdir = @psdir@ ++runstatedir = @runstatedir@ + sbindir = @sbindir@ + sharedstatedir = @sharedstatedir@ + srcdir = @srcdir@ +@@ -477,7 +478,8 @@ top_srcdir = @top_srcdir@ + TESTS = compile-test hardening-test hardening-fail-test \ + missing-notes-test active-checks-test abi-test \ + function-sections-test assembler-gap-test dynamic-notes-test \ +- instrumentation-test section-size-test $(am__append_1) ++ instrumentation-test unicode-test section-size-test \ ++ $(am__append_1) + XFAIL_TESTS = hardening-fail-test \ + missing-notes-test \ + active-checks-test \ +@@ -739,6 +741,13 @@ instrumentation-test.log: instrumentatio + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++unicode-test.log: unicode-test ++ @p='unicode-test'; \ ++ b='unicode-test'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) + section-size-test.log: section-size-test + @p='section-size-test'; \ +Only in annobin-9.29/tests: Makefile.in.orig +Only in annobin-9.29/tests: Makefile.in.rej +Only in annobin-9.29/tests: trick-hello.s +Only in annobin-9.29/tests: unicode-test diff --git a/sources b/sources new file mode 100644 index 0000000..ddb0608 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (annobin-9.29.tar.xz) = 1a710921c3b95b02e0e836f4589db51b1d0830a29dc2c0d47f8f9ec202726c7b3d6e38eb97bf48aa8f479356c28a755a8cfff2beb912c97bfdc81681fb972d59