gcc-toolset-11-annobin/SOURCES/annobin.unicode.patch

diff -rup annobin.orig/Makefile.in annobin-9.85/Makefile.in
--- annobin.orig/Makefile.in	2021-10-26 17:10:33.392288827 +0100
+++ annobin-9.85/Makefile.in	2021-10-26 17:15:05.325273986 +0100
@@ -323,6 +323,7 @@ plugindir = @plugindir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
+runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
Only in annobin-9.85: Makefile.in.orig
Only in annobin.orig/: annobin-9.85
diff -rup annobin.orig/annocheck/Makefile.in annobin-9.85/annocheck/Makefile.in
--- annobin.orig/annocheck/Makefile.in	2021-10-26 17:10:33.394288820 +0100
+++ annobin-9.85/annocheck/Makefile.in	2021-10-26 17:15:05.326273983 +0100
@@ -314,6 +314,7 @@ plugindir = @plugindir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
+runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
Only in annobin-9.85/annocheck: Makefile.in.orig
diff -rup annobin.orig/annocheck/hardened.c annobin-9.85/annocheck/hardened.c
--- annobin.orig/annocheck/hardened.c	2021-10-26 17:10:33.395288816 +0100
+++ annobin-9.85/annocheck/hardened.c	2021-10-26 17:45:44.193418342 +0100
@@ -39,6 +39,7 @@
 #define SOURCE_SKIP_CHECKS      "special case exceptions"
 #define SOURCE_STRING_SECTION   "string section"
 #define SOURCE_COMMENT_SECTION  "comment section"
+#define SOURCE_SYMBOL_SECTION   "symbol section"
 #define SOURCE_RODATA_SECTION   ".rodata section"
 
 #define GOLD_COLOUR     "\e[33;40m"
@@ -206,6 +207,7 @@ enum test_index
   TEST_STACK_REALIGN,
   TEST_TEXTREL,
   TEST_THREADS,
+  TEST_UNICODE,
   TEST_WARNINGS,
   TEST_WRITEABLE_GOT,
 
@@ -250,6 +252,7 @@ static test tests [TEST_MAX] =
   TEST (stack-realign,      STACK_REALIGN,      "Compiled with -mstackrealign (i686 only)"),
   TEST (textrel,            TEXTREL,            "There are no text relocations in the binary"),
   TEST (threads,            THREADS,            "Compiled with -fexceptions"),
+  TEST (unicode,            UNICODE,            "No unicode symbol names"),
   TEST (warnings,           WARNINGS,           "Compiled with -Wall"),
   TEST (writeable-got,      WRITEABLE_GOT,      "The .got section is not writeable"),
 };
@@ -1053,6 +1056,11 @@ interesting_sec (annocheck_data *     da
   if (streq (sec->secname, ".gdb_index"))
     per_file.debuginfo_file = true;
 
+  if (tests[TEST_UNICODE].enabled
+      && (sec->shdr.sh_type == SHT_SYMTAB
+	  || sec->shdr.sh_type == SHT_DYNSYM))	  
+    return true;
+
   if (streq (sec->secname, ".text"))
     {
       /* Separate debuginfo files have a .text section with a non-zero
@@ -3066,6 +3074,64 @@ check_code_section (annocheck_data *
 }
 
 static bool
+contains_suspicious_characters (const unsigned char * name)
+{
+  uint i;
+  uint len = strlen ((const char *) name);
+
+  /* FIXME: Test that locale is UTF-8.  */
+
+  for (i = 0; i < len; i++)
+    {
+      unsigned char c = name[i];
+
+      if (isgraph (c))
+	continue;
+
+      /* Control characters are always suspect.  So are spaces and DEL  */
+      if (iscntrl (c) || c == ' ' || c == 0x7f)
+	return true;
+
+      if (c < 0x7f) /* This test is probably redundant.  */
+	continue;
+
+      return true;
+    }
+
+  return false;
+}
+
+static bool
+check_symbol_section (annocheck_data * data, annocheck_section * sec)
+{
+  if (! tests[TEST_UNICODE].enabled)
+    return true;
+
+  /* Scan the symbols looking for non-ASCII characters in their names
+     that might cause problems.  Note - we do not examine the string
+     tables directly as there are perfectly legitimate reasons why these
+     characters might appear in strings.  But when they are used for
+     identifier names, their use is ... problematic.  */
+  GElf_Sym  sym;
+  uint      symndx;
+
+  for (symndx = 1; gelf_getsym (sec->data, symndx, & sym) != NULL; symndx++)
+    {
+      const char * symname = elf_strptr (data->elf, sec->shdr.sh_link, sym.st_name);
+
+      if (contains_suspicious_characters ((const unsigned char *) symname))
+	{
+	  fail (data, TEST_UNICODE, SOURCE_SYMBOL_SECTION, "suspicious characters were found in a symbol name");
+	  einfo (VERBOSE, "%s: info: symname: '%s', (%lu bytes long) in section: %s",
+		 get_filename (data), symname, (unsigned long) strlen (symname), sec->secname);
+	  if (!BE_VERBOSE)
+	    break;
+	}
+    }
+  return true;
+}
+
+static bool
 check_sec (annocheck_data *     data,
 	   annocheck_section *  sec)
 {
@@ -3076,6 +3142,8 @@ check_sec (annocheck_data *     data,
      selected in interesting_sec().  */
   switch (sec->shdr.sh_type)
     {
+    case SHT_SYMTAB:
+    case SHT_DYNSYM:   return check_symbol_section (data, sec);
     case SHT_NOTE:     return check_note_section (data, sec);
     case SHT_STRTAB:   return check_string_section (data, sec);
     case SHT_DYNAMIC:  return check_dynamic_section (data, sec);
@@ -3801,6 +3869,7 @@ finish (annocheck_data * data)
 	    case TEST_RWX_SEG:
 	    case TEST_TEXTREL:
 	    case TEST_THREADS:
+	    case TEST_UNICODE:
 	    case TEST_WRITEABLE_GOT:
 	      /* The absence of a result for these tests actually means that they have passed.  */
 	      pass (data, i, SOURCE_FINAL_SCAN, NULL);
Only in annobin-9.85/annocheck: hardened.c.orig
Only in annobin-9.85/annocheck: hardened.c.rej
Only in annobin-9.85: autom4te.cache
diff -rup annobin.orig/configure annobin-9.85/configure
--- annobin.orig/configure	2021-10-26 17:10:33.391288831 +0100
+++ annobin-9.85/configure	2021-10-26 17:15:05.328273975 +0100
@@ -765,6 +765,7 @@ infodir
 docdir
 oldincludedir
 includedir
+runstatedir
 localstatedir
 sharedstatedir
 sysconfdir
@@ -863,6 +864,7 @@ datadir='${datarootdir}'
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1115,6 +1117,15 @@ do
   | -silent | --silent | --silen | --sile | --sil)
     silent=yes ;;
 
+  -runstatedir | --runstatedir | --runstatedi | --runstated \
+  | --runstate | --runstat | --runsta | --runst | --runs \
+  | --run | --ru | --r)
+    ac_prev=runstatedir ;;
+  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+  | --run=* | --ru=* | --r=*)
+    runstatedir=$ac_optarg ;;
+
   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
     ac_prev=sbindir ;;
   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1252,7 +1263,7 @@ fi
 for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
 		datadir sysconfdir sharedstatedir localstatedir includedir \
 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-		libdir localedir mandir
+		libdir localedir mandir runstatedir
 do
   eval ac_val=\$$ac_var
   # Remove trailing slashes.
@@ -1405,6 +1416,7 @@ Fine tuning of the installation director
   --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
   --libdir=DIR            object code libraries [EPREFIX/lib]
   --includedir=DIR        C header files [PREFIX/include]
   --oldincludedir=DIR     C header files for non-gcc [/usr/include]
Only in annobin-9.85: configure.orig
diff -rup annobin.orig/doc/Makefile.in annobin-9.85/doc/Makefile.in
--- annobin.orig/doc/Makefile.in	2021-10-26 17:10:33.392288827 +0100
+++ annobin-9.85/doc/Makefile.in	2021-10-26 17:15:05.328273975 +0100
@@ -329,6 +329,7 @@ plugindir = @plugindir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
+runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
Only in annobin-9.85/doc: Makefile.in.orig
diff -rup annobin.orig/doc/annobin.info annobin-9.85/doc/annobin.info
--- annobin.orig/doc/annobin.info	2021-10-26 17:10:33.392288827 +0100
+++ annobin-9.85/doc/annobin.info	2021-10-26 17:45:01.856580284 +0100
@@ -751,6 +751,7 @@ File: annobin.info,  Node: Hardened,  Ne
        [-skip-stack-realign]
        [-skip-textrel]
        [-skip-threads]
+       [-skip-unicode]
        [-skip-warnings]
        [-skip-writeable-got]
        [-test-NAME]
@@ -877,6 +878,10 @@ code to support the test.
      Check that the program was built by a production-ready compiler.
      Disabled by '--skip-production'.
 
+'Unicode'
+     This test checks for the presence of multibyte characters in symbol
+     names, which are unusual and potentially dangerous.
+
    The tool does support a couple of other command line options as well:
 
 '--skip-future'
@@ -2023,16 +2028,16 @@ Node: The INSTRUMENT Encoding20418
 Node: Annocheck21792
 Node: Built-By25082
 Node: Hardened26612
-Node: Notes33626
-Node: Section-Size34270
-Node: Timing36424
-Node: Configure Options37071
-Node: Legacy Scripts39411
-Node: Who Built Me40186
-Node: ABI Checking42946
-Node: Hardening Checks45060
-Node: Checking Archives49146
-Node: GNU FDL51568
+Node: Notes33790
+Node: Section-Size34434
+Node: Timing36588
+Node: Configure Options37235
+Node: Legacy Scripts39575
+Node: Who Built Me40350
+Node: ABI Checking43110
+Node: Hardening Checks45224
+Node: Checking Archives49310
+Node: GNU FDL51732
 
 End Tag Table
 
Only in annobin-9.85/doc: annobin.info.rej
diff -rup annobin.orig/doc/annobin.texi annobin-9.85/doc/annobin.texi
--- annobin.orig/doc/annobin.texi	2021-10-26 17:10:33.392288827 +0100
+++ annobin-9.85/doc/annobin.texi	2021-10-26 17:43:47.567864465 +0100
@@ -855,6 +855,7 @@ annocheck
   [@b{--skip-stack-realign}]
   [@b{--skip-textrel}]
   [@b{--skip-threads}]
+  [@b{--skip-unicode}]
   [@b{--skip-warnings}]
   [@b{--skip-writeable-got}]
   [@b{--test-@var{name}}]
@@ -996,6 +997,11 @@ Check that the program makes consistent
 @item Production Ready Compiler
 Check that the program was built by a production-ready compiler.
 Disabled by @option{--skip-production}.
+
+@item Unicode
+This test checks for the presence of multibyte characters in symbol
+names, which are unusual and potentially dangerous.
+
 @end table
 
 The tool does support a couple of other command line options as well:
Only in annobin-9.85/doc: annobin.texi.orig
Only in annobin-9.85/doc: annobin.texi.rej
diff -rup annobin.orig/gcc-plugin/Makefile.in annobin-9.85/gcc-plugin/Makefile.in
--- annobin.orig/gcc-plugin/Makefile.in	2021-10-26 17:10:33.394288820 +0100
+++ annobin-9.85/gcc-plugin/Makefile.in	2021-10-26 17:15:25.800197574 +0100
@@ -333,6 +333,7 @@ plugindir = @plugindir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
+runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
Only in annobin-9.85/gcc-plugin: Makefile.in.orig
diff -rup annobin.orig/scripts/Makefile.in annobin-9.85/scripts/Makefile.in
--- annobin.orig/scripts/Makefile.in	2021-10-26 17:10:33.392288827 +0100
+++ annobin-9.85/scripts/Makefile.in	2021-10-26 17:15:25.801197570 +0100
@@ -284,6 +284,7 @@ plugindir = @plugindir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
+runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
Only in annobin-9.85/scripts: Makefile.in.orig
diff -rup annobin.orig/tests/Makefile.am annobin-9.85/tests/Makefile.am
--- annobin.orig/tests/Makefile.am	2021-10-26 17:10:33.395288816 +0100
+++ annobin-9.85/tests/Makefile.am	2021-10-26 17:44:30.365700747 +0100
@@ -22,6 +22,7 @@ TESTS=compile-test \
       missing-notes-test \
       active-checks-test \
       property-note-test \
+      unicode-test \
       hardening-fail-test
 
 if HAVE_DEBUGINFOD
Only in annobin-9.85/tests: Makefile.am.orig
Only in annobin-9.85/tests: Makefile.am.rej
diff -rup annobin.orig/tests/Makefile.in annobin-9.85/tests/Makefile.in
--- annobin.orig/tests/Makefile.in	2021-10-26 17:10:33.395288816 +0100
+++ annobin-9.85/tests/Makefile.in	2021-10-26 17:45:48.673401205 +0100
@@ -459,6 +459,7 @@ plugindir = @plugindir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
+runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
@@ -479,7 +480,7 @@ TESTS = compile-test abi-test active-che
 	hardening-test instrumentation-test lto-test \
 	missing-notes-test objcopy-test section-size-test \
 	missing-notes-test active-checks-test property-note-test \
-	hardening-fail-test $(am__append_1)
+	unicode-test hardening-fail-test $(am__append_1)
 all: all-am
 
 .SUFFIXES:
@@ -764,6 +765,13 @@ property-note-test.log: property-note-te
 	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+unicode-test.log: unicode-test
+	@p='unicode-test'; \
+	b='unicode-test'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
 debuginfod-test.log: debuginfod-test
 	@p='debuginfod-test'; \
Only in annobin-9.85/tests: Makefile.in.orig
Only in annobin-9.85/tests: Makefile.in.rej
Only in annobin-9.85/tests: trick-hello.s
Only in annobin-9.85/tests: unicode-test
--- /dev/null	2021-10-25 08:23:06.499675237 +0100
+++ annobin-9.85/tests/unicode-test	2021-10-26 17:50:14.620383879 +0100
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# Copyright (c) 2021 Red Hat.
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published
+# by the Free Software Foundation; either version 3, or (at your
+# option) any later version.
+#
+# It is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+TEST_NAME=unicode
+. $srcdir/common.sh
+
+OPTS="-O2 -g -Wl,-z,now -pie -fpie"
+
+start_test
+
+$GCC $OPTS $srcdir/trick-hello.s -o trick-hello.exe
+if [ $? != 0 ];
+then
+    echo "unicode-test: FAIL: Could not compile test source file"
+    end_test
+    exit 1
+fi
+
+# Run annocheck
+
+OPTS="--ignore-gaps --skip-all --test-unicode"
+
+$ANNOCHECK trick-hello.exe $OPTS > unicode.out
+grep -e "FAIL: unicode" unicode.out
+if [ $? != 0 ];
+then
+    echo "unicode-test: FAIL: annocheck did not detect suspicious symbol names"
+    $ANNOCHECK trick-hello.exe $OPTS --verbose
+    end_test
+    exit 1
+fi
+
+end_test
+
--- /dev/null	2021-10-25 08:23:06.499675237 +0100
+++ annobin-9.85/tests/trick-hello.s	2021-10-26 17:15:25.803197562 +0100
@@ -0,0 +1,33 @@
+	.file	"trick-hello.c"
+	.text
+	.section	.rodata
+.LC0:
+	.string	"hah, gotcha!"
+	.text
+	.globl	he‮oll‬
+	.type	he‮oll‬, @function
+he‮oll‬:
+.LFB0:
+	nop
+.LFE0:
+	.size	he‮oll‬, .-he‮oll‬
+	.section	.rodata
+.LC1:
+	.string	"Hello world"
+	.text
+	.globl	hello
+	.type	hello, @function
+hello:
+.LFB1:
+	nop
+.LFE1:
+	.size	hello, .-hello
+	.globl	main
+	.type	main, @function
+main:
+.LFB2:
+	nop
+.LFE2:
+	.size	main, .-main
+	.ident	"GCC: (GNU) 11.2.1 20210728 (Red Hat 11.2.1-1)"
+	.section	.note.GNU-stack,"",@progbits