3bf68f34bb
Initial checkin of libannocheck
2021-12-01 15:53:49 +00:00
14b9ff320e
gcc-plugin: Fix bug creating empty attachments.
...
Annocheck: Change MAYB result to SKIP for DT_RPATH. (#2026300 )
2021-11-24 14:03:50 +00:00
9fd7a9a7dc
Annocheck: Skip missing fortify/warning notes for ARM32.
2021-11-19 12:25:11 +00:00
ddf58cca97
gcc-plugin: Try another fix for ppc64le section grouping. ( #2023437 )
2021-11-18 13:29:22 +00:00
cfbdb08f28
gcc-plugin: Revert 10.22 change. ( #2023437 )
2021-11-16 17:01:20 +00:00
5faade2ad7
Add support for more special glibc functions.
...
Fix building LLVM and Clang plugins for the ARM architecture.
2021-11-16 11:14:14 +00:00
92c34892f6
Annocheck: Add a test for unicode characters in identifiers.
2021-11-08 13:47:26 +00:00
18219884f1
gcc-plugin: Default to link-order grouping for PPC64LE. ( #2016458 )
2021-10-27 11:10:47 +01:00
ee53f9336e
Annocheck: Do not fail if a --skip-<name> option does not match a known test.
...
ldconfig-test: Skip the LTO check.
2021-10-26 15:58:02 +01:00
7add09b73e
Annocheck: Add more glibc function names.
2021-10-26 08:28:59 +01:00
7f58204567
gcc-plugin: Fix attaching the .text section to the .text.group section.
2021-10-21 13:48:54 +01:00
0bd26e8615
Complain about DT_RPATH for Fedora binaries.
2021-10-20 17:49:04 +01:00
3f7c00bf57
Better reporting of problems in object files.
...
Resolves : #2013708
2021-10-18 16:17:25 +01:00
0c5b1fec47
Fix configuring annocheck without gcc-plugin.
...
- Annocheck: Better reporting of debuginfod problems.
- Tests: Fix bugs in debuginfod test.
2021-10-14 20:04:48 +01:00
8477e1751d
Annocheck: Add tests based upon recent bug fixes.
2021-10-13 11:55:02 +01:00
f1b2a85f11
Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found.
...
Resolves : #2011438
2021-10-08 16:25:13 +01:00
f25c7c2336
Annocheck: Fix MAYB results for mixed GO/C files.
...
Annocheck: Move some messages from VERBOSE to VERBOSE2.
Annocheck: Scan zero-length tool notes.
2021-10-08 14:15:39 +01:00
efe8b5622b
Annocheck: Fix covscan detected flaws.
...
plugins: Add more required build options.
2021-10-06 10:59:43 +01:00
c27947f871
Annocheck: Fix cf-prot test to fail if the CET notes are missing.
...
Annocheck: Skip gaps in the .plt section.
Plugins: Add -g option when building LLVM and Clang.
2021-10-05 14:28:09 +01:00
37b5de8c9b
Annocheck: Add more cases of glibc startup functions.
2021-10-04 15:26:35 +01:00
5f79645f58
- Annocheck: Fix covscan detected problems.
...
- Annocheck: Add --profile=el8.
- gcc-plugin: Conditionalize generation of branch protection note.
2021-10-01 13:11:12 +01:00
da3ba09492
Annocheck: Ignore gaps containing NOP instructions.
2021-09-29 13:12:12 +01:00
c62bd663ec
GCC Plugin: Fix detection of running inside the LTO compiler. ( #2004917 )
2021-09-16 15:06:57 +01:00
ee93527317
Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries.
2021-09-15 15:00:18 +01:00
0aa5d1ce55
Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result.
2021-09-15 12:09:38 +01:00
a99d618d38
Annocheck: Do not set CFLAGS/LDFLAGS when building. Take from environment instead.
2021-09-15 10:43:42 +01:00
92cb681581
Annocheck: Fix exit code when tests PASS.
2021-09-10 11:08:17 +01:00
fe496281b3
- Documentation: Add node for each hardening test.
...
- Documentation: Install online.
- Annocheck: Annote FAIL and MAYB results with URL to documentation
- Annocheck: Add --no-urls and --provide-urls options
- Annocheck: Add --help-<tool> option.
2021-09-09 14:18:24 +01:00
9d82370d42
- Annocheck: Fix fuzzing detected failures.
...
- Annocheck: Added --profile option.
- Docs: Documented --profile option and rpminspect.yaml.
2021-09-03 17:55:06 +01:00
ba44d58e22
Annocheck: Skip GO/CET checks. Fix fuzzing detected failures.
2021-08-31 15:18:09 +01:00
29d70de971
LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. ( #1997444 )
...
spec file: Add the installation of the annobon sources into /usr/src/annobin.
2021-08-25 13:38:58 +01:00
1d5918a750
Annocheck: Fix memory corruption. ( #1996963 )
...
spec file: Add the creation of a gcc-plugin version info file in /usr/lib/rpm/redhat.
2021-08-24 17:16:30 +01:00
7a0769e513
Annocheck: Add linker generated function for ppc64le exceptions. ( #1981410 )
...
LLVM Plugin: Allow checks to be selected from the command line.
Annocheck: Examine DW_AT_producer for -flto.
2021-08-18 11:28:24 +01:00
5d4d27dda9
Annocheck: Conditionalize detection of AArch64's PAC+BTI protection.
...
Annocheck: Add linker generated function for s390x exceptions. (#1981410 )
2021-08-17 15:03:42 +01:00
6d69597433
Annocheck: Generate MAYB results for gaps in notes covering the .text section. ( #1991943 )
...
Annocheck: Close DWARF file descriptors once the debug info is no longer needed. (#1981410 )
LLVM Plugin: Update to build with Clang v13. (Thanks to: Tom Stellard <tstellar@redhat.com>)
2021-08-17 12:10:03 +01:00
c76d8664da
Annocheck: Fix memory corruption. ( #1988715 )
2021-08-16 12:41:17 +01:00
75a23fb883
Annocheck: Skip certain tests for kernel modules.
2021-08-11 17:23:33 +01:00
71f8485e39
Annocheck: Detect a missing CET note. ( #1991931 )
...
Annocheck: Do not report future fails for AArch64 notes.
Annocheck: Warn about multiple --debug-file, --debug-rpm and --debug-dir options.
2021-08-10 15:14:48 +01:00
4af05b1261
Annocheck: Process files in command line order. ( #1988714 )
2021-08-09 11:14:43 +01:00
0394c1d928
Annocheck: Reverse AArch64 PAC+BTI check, ie fail if they are enabled.
...
Resolves : #1984995
2021-07-23 13:36:44 +01:00
8adc17e68b
Annocheck: Add another test exceptions.
2021-07-13 17:15:00 +01:00
5bbd4f5f31
Annocheck: Add some more test exceptions.
2021-07-13 15:39:21 +01:00
a978ea49fa
Tests: Skip glibc-notes test if the assembler does not support --generate-missing-build-notes.
...
Resolves : #1978573
2021-07-05 12:49:37 +01:00
dfddf61cdd
Annocheck: Fix spelling mistake in -,stack-realign failure message. ( #1977349 )
2021-06-29 16:06:16 +01:00
76947e83c2
gcc-plugin: Do not record global versions of stack protection settings in LTO mode, if not set. ( #1958954 )
2021-06-22 16:05:21 +01:00
14c8067c11
annocheck: Remove limit on number of input files.
2021-06-21 16:16:26 +01:00
f1a1007e43
clang/llvm plugins: Build with correct security options.
2021-06-15 14:48:49 +01:00
96f1a8a19f
Annocheck: Better detection of GO compiler version.
2021-06-15 12:10:19 +01:00
55304ea386
Annocheck: Better support for symbolic links. In verbose mode, report the reason for skipping specific tests.
...
Resolves : #1969584
2021-06-09 16:49:05 +01:00
1c617b1ec0
annocheck: Improve detection of shared libraries.
...
Resolves : #1958954
2021-05-25 14:54:34 +01:00
81adad3f31
annocheck: Accept 0 as a valid number for gcc minor versions and release numbers.
...
gcc-plugin: Add support for ARM and RISCV targets.
2021-05-13 12:41:45 +01:00
394bd0083f
timing: do not initialise the clock if the timing tool is disabled.
2021-05-04 15:15:25 +01:00
689a7f6f54
gcc-plugin: Replace ICE messsages with verbose messages.
2021-04-30 09:50:06 +01:00
e5cf20e0a3
Fix the testsuite so that it can be run in parallel.
2021-04-22 14:15:51 +01:00
9e62aa8ed8
Annocheck: WARN if the annobin plugin was built for a newer version of the compiler than the one on which it was run.
...
Related: #1950657
2021-04-21 12:56:16 +01:00
1622358fc1
Annocheck: Improve detection of missing GNU-stack support.
2021-04-20 12:35:20 +01:00
1d6e1bf892
Add new sources
2021-04-09 14:58:04 +01:00
4a7311622e
gcc-plugin: Use a fixed filename when running in LTO mode.
2021-03-09 13:38:59 +00:00
60c8169066
Annocheck: Fix detection of special function names.
...
Resolves : #1934189
2021-03-03 10:10:12 +00:00
1720e01afe
Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc.
...
Resolves : #1923439
2021-02-26 10:09:08 +00:00
891fad1c0c
Annocheck: Add colour to some messages. Skip the deliberate use of -fno-stack-protector.
...
Resolves : #1923439
2021-02-25 11:22:54 +00:00
a35ca900df
Annocheck: Fix some problems with tests for missing notes.
2021-02-22 13:02:23 +00:00
2cfdfdf4f4
Add some GO tests to annocheck.
2021-02-05 11:21:57 +00:00
3a4181e531
Add a future fail for the presence of RPATH in the dynamic tags.
2021-01-20 11:15:10 +00:00
df15f450f0
Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing.
2021-01-18 18:09:39 +00:00
1874eab6f1
Workaround for elflint problems with PPC compiled files.
...
Resolves : #1880634
2021-01-14 10:37:21 +00:00
8b182011da
Fix bogus AArch64 test failures.
2021-01-13 10:30:18 +00:00
d119c7a74a
Improved testing by annocheck. Add fixed format message mode.
2021-01-12 17:19:21 +00:00
3bac683d82
Add support for -D_FORTIFY_SOURCE=3.
2021-01-04 16:18:52 +00:00
4a3a6f104e
annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer. ( #1906171 )
2020-12-11 14:53:32 +00:00
409120aa01
annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations. ( #1906171 )
2020-12-10 11:48:06 +00:00
d7a90f1991
annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL.
2020-12-09 17:15:19 +00:00
46640ca3dc
9.49: annocheck: Fix the note analyzer's handling of empty PowerPC64 notes.
2020-12-08 12:58:44 +00:00
62931e922e
9.48: gcc plugin: Tweak generation of end symbols for PPC64 when LTO is active. ( #1898075 )
2020-12-02 12:12:12 +00:00
24fe187a8d
9.47: gcc plugin: Add support for GCC 11's cl_vars array.
2020-12-01 13:39:47 +00:00
ea02dafc1f
Annocheck: Support enabling/disable future fail tests.
2020-11-24 10:39:50 +00:00
b333964fd5
GCC plugin: Always record global notes for the .text.startup, .text.exit, .text.hot and .text.cold sections.
2020-11-23 12:12:25 +00:00
62e7074ffd
Clang plugin: Add -lLLVM to the build command line.
2020-11-17 16:30:19 +00:00
5b0e474e77
Annocheck: Improve reporting of missing -D_FORTIFY_SOURCE option. ( #1898075 )
2020-11-16 14:26:06 +00:00
3cff478cb4
Annocheck: Improve reporting of missing LTO option.
2020-11-16 11:40:56 +00:00
33cfa7d0eb
annocheck: Add handling of gimple compiled files
2020-11-10 16:41:31 +00:00
c0eabbb63f
Add --without-gcc-plugin option.
2020-11-09 13:55:03 +00:00
e6e8317766
Annocheck: Fix bug parsing DW_AT_producer.
2020-11-06 12:30:46 +00:00
34a622f99e
Add reporting of GNU Property notes for PowerPC.
...
Add test of objcopy's note merging abilities.
2020-11-04 14:17:42 +00:00
a707c7d43e
Record the -flto setting and produce a soft warning if it is absent.
...
Suppress warnings about _D_GLIBCXX_ASSERTIONS if the source code is known to be something other than C++.
2020-10-21 15:18:44 +01:00
d94f0f89ce
gcc-plugin: Allow the use of the SHF_LINK_ORDER section flag to discard unused notes. (Experimental).
2020-10-02 13:29:31 +01:00
ad2a3b8d06
Enable the Clang and LLVM plugins by default. (Experimental).
2020-09-28 11:41:09 +01:00
5a05a4d64e
gcc-plugin: Fix test for empty PowerPC sections.
...
Resolves : #1880634
2020-09-21 13:13:34 +01:00
087486d90e
annocheck: Add tests for the AArch64 BTI and PAC security features.
...
Resolves : #1862478
2020-09-16 07:47:41 +01:00
353a681587
gcc plugin: Use a 4 byte offset for PowerPC start symbols, so that they do not break disassemblies.
2020-09-10 13:42:30 +01:00
397174a269
gcc plugin: Correct the detection of 32-bit x86 builds.
...
Resolves : #1876197
2020-09-10 11:06:24 +01:00
d9c1db450f
gcc plugin: Detect any attempt to access the global_options array.
2020-08-17 10:51:27 +01:00
057676c5e3
gcc plugin: Do not complain about missing pre-processor options when examining a preprocessed input file.
...
Resolves : #1862718
2020-08-11 16:24:55 +01:00
16d8c4b5fe
Use more robust checks for AArch64 options
2020-07-30 17:01:07 +01:00
1c15fe568b
Fix bug testing CLANG compiler assembler sources
2020-07-30 08:40:49 +01:00
43a0359804
Bring in better fix for AArch64 pointer size bug
2020-07-29 16:37:50 +01:00
3ab9323c0b
Temporary suppression of aarch64 pointer size check
2020-07-26 09:31:57 +01:00
6fd2366132
Annocheck: Do not skip tests of the short-enums notes.
2020-07-01 16:59:51 +01:00
9f46ccb4ce
Add (optional) llvm plugin.
2020-06-15 17:33:58 +01:00
225ffdc722
Annobin: Fall back on using the flags if the option cannot be found in cl_options.
...
Resolves : #1817659
2020-04-22 13:01:20 +01:00
Nick Clifton