NB/ Keep this value in sync with LIBANNOCHECK_VERSION defined in
annocheck/libannocheck.h and with 'version' defined in meson.build,
and with ANNOBIN_VERSION defined in configure.ac. */
-#define ANNOBIN_VERSION 1091
+#define ANNOBIN_VERSION 1092
/* The version of the annotation specification supported. */
#define SPEC_VERSION 3
const char * do_newline;
char c;
size_t len = strlen (format);
+
if (len < 1)
fatal ("einfo called without a valid format string");
c = format[len - 1];
if (type != PARTIAL)
fprintf (file, "%s", do_newline);
+
return res;
#endif
}
}
static void
-print_version (void)
+print_version (int level)
{
- einfo (INFO, "Version %d.%02d", ANNOBIN_VERSION / 100, ANNOBIN_VERSION % 100);
+ if (level < 1)
+ einfo (INFO, "Version %d.%02d", ANNOBIN_VERSION / 100, ANNOBIN_VERSION % 100);
checker * tool;
for (tool = first_checker; tool != NULL; tool = ((checker_internal *)(tool->internal))->next)
if (tool->version)
{
push_component (tool);
- einfo (PARTIAL, " ");
- tool->version ();
+ tool->version (level);
pop_component ();
}
}
}
else if (streq (arg, "version"))
{
- print_version ();
+ print_version (-1);
exit (EXIT_SUCCESS);
}
else
if (! process_command_line (argc, argv))
return EXIT_FAILURE;
- if (level == 0)
- einfo (INFO, "Version %d.%02d", ANNOBIN_VERSION / 100, ANNOBIN_VERSION % 100);
+ print_version (level);
for (tool = first_checker; tool != NULL; tool = ((checker_internal *)(tool->internal))->next)
if (tool->start_scan != NULL)
/* Annocheck - A tool for checking security features of binares.
- Copyright (c) 2018 - 2019 Red Hat.
+ Copyright (c) 2018 - 2022 Red Hat.
This is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published
Should use einfo to display its information. */
void (* usage) (void);
- /* Called to display the version of the checker.
+ /* Called to display the version of the checker. Called after command line arguments
+ have been processed, but before start_scan is called.
Can be NULL.
- Should use einfo to display its information. */
- void (* version) (void);
+ Should use einfo to display its information.
+ LEVEL is the recursion level. A level of -1 indicates that the function is
+ being called in response to the --version option on the command line. */
+ void (* version) (int level);
/* Called at the start of a scan of a set of input files for a given recursion depth.
Called after PROCESS_ARG has been invoked, if that function is not NULL.
/* Checks the builder of the binary file.
- Copyright (c) 2018 - 2020 Red Hat.
+ Copyright (c) 2018 - 2022 Red Hat.
This is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published
}
static void
-builtby_version (void)
+builtby_version (int level)
{
- einfo (INFO, "Version 1.1");
+ if (level == -1)
+ einfo (INFO, "Version 1.1");
}
struct checker builtby_checker =
static const struct profiles
{
- const char * name[MAX_NAMES];
+ const char * name[MAX_NAMES]; /* Note: name[0] is used as the name of the profile in output statements. */
const char * file_suffix[MAX_NAMES];
enum test_index disabled_tests[MAX_DISABLED];
enum test_index enabled_tests[MAX_DISABLED];
}
profiles [PROFILE_MAX] =
{
+ [ PROFILE_NONE ] = { { "none" } },
+
[ PROFILE_EL7 ] = { { "el7", "rhel-7" },
{".el7" },
{ TEST_BRANCH_PROTECTION, TEST_DYNAMIC_TAGS, TEST_PIE, TEST_BIND_NOW, TEST_FORTIFY, TEST_STACK_CLASH, TEST_LTO, TEST_ENTRY, TEST_PROPERTY_NOTE, TEST_CF_PROTECTION },
{ TEST_BRANCH_PROTECTION, TEST_DYNAMIC_TAGS },
{ TEST_NOT_BRANCH_PROTECTION, TEST_NOT_DYNAMIC_TAGS } },
- [ PROFILE_RAWHIDE ] = { { "rawhide", "f37" },
+ [ PROFILE_RAWHIDE ] = { { "rawhide", "f37", "fedora" },
{ ".fc38", ".fc37" },
{ TEST_NOT_BRANCH_PROTECTION, TEST_NOT_DYNAMIC_TAGS },
{ TEST_BRANCH_PROTECTION, TEST_DYNAMIC_TAGS } },
break;
}
}
-
- /* Handle mutually exclusive tests. */
- if (tests [TEST_BRANCH_PROTECTION].enabled && tests [TEST_NOT_BRANCH_PROTECTION].enabled)
- {
-#ifdef AARCH64_BRANCH_PROTECTION_SUPPORTED
- tests [TEST_NOT_BRANCH_PROTECTION].enabled = false;
-#else
- tests [TEST_BRANCH_PROTECTION].enabled = false;
-#endif
- }
-
- if (tests [TEST_DYNAMIC_TAGS].enabled && tests [TEST_NOT_DYNAMIC_TAGS].enabled)
- {
-#ifdef AARCH64_BRANCH_PROTECTION_SUPPORTED
- tests [TEST_NOT_DYNAMIC_TAGS].enabled = false;
-#else
- tests [TEST_DYNAMIC_TAGS].enabled = false;
-#endif
- }
}
static enum profile
if (strstr (filename, suffix) != NULL)
{
- einfo (VERBOSE, "%s: info: selecting profile %s",
+ einfo (VERBOSE, "%s: info: selecting profile '%s' based upon filename",
get_filename (data), profiles[i].name[0]);
return i;
}
tests [i].skipped = false;
}
+ /* Handle mutually exclusive tests. */
+ if (tests [TEST_BRANCH_PROTECTION].enabled && tests [TEST_NOT_BRANCH_PROTECTION].enabled)
+ {
+#ifdef AARCH64_BRANCH_PROTECTION_SUPPORTED
+ tests [TEST_NOT_BRANCH_PROTECTION].enabled = false;
+#else
+ tests [TEST_BRANCH_PROTECTION].enabled = false;
+#endif
+ }
+
+ if (tests [TEST_DYNAMIC_TAGS].enabled && tests [TEST_NOT_DYNAMIC_TAGS].enabled)
+ {
+#ifdef AARCH64_BRANCH_PROTECTION_SUPPORTED
+ tests [TEST_NOT_DYNAMIC_TAGS].enabled = false;
+#else
+ tests [TEST_DYNAMIC_TAGS].enabled = false;
+#endif
+ }
+
/* Initialise other per-file variables. */
memset (& per_file, 0, sizeof per_file);
}
static void
-version (void)
+version (int level)
{
- einfo (INFO, "Version 1.5");
+ if (level == -1)
+ einfo (INFO, "Version 1.6");
+ else if (level == 0)
+ {
+ if (selected_profile >= PROFILE_NONE && selected_profile < PROFILE_MAX)
+ einfo (INFO, "using profile: %s", profiles [selected_profile].name[0]);
+ }
}
static void
}
}
- einfo (ERROR, "Argument to --profile- option not recognised");
+ einfo (ERROR, "Argument to --profile option not recognised");
}
/* Consume the argument so that the annocheck framework does not mistake it for the -p option. */
unsigned int i;
for (i = 0; i < TEST_MAX; i++)
- handle->tests[i].enabled = true;
+ {
+ // Do not enable the negative tests.
+ if (i == TEST_NOT_BRANCH_PROTECTION
+ || i == TEST_NOT_DYNAMIC_TAGS)
+ continue;
+
+ handle->tests[i].enabled = true;
+ }
return libannocheck_error_none;
}
/* NB/ Keep this value in sync with ANNOBIN_VERSION defined in
annobin-global.h. */
-#define LIBANNOCHECK_VERSION 1091
+#define LIBANNOCHECK_VERSION 1092
typedef enum libannocheck_error
{
/* Displays the Annobin notes in binary files.
- Copyright (c) 2019-2021 Red Hat.
+ Copyright (c) 2019-2022 Red Hat.
This is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published
}
static void
-notes_version (void)
+notes_version (int level)
{
- einfo (INFO, "Version 1.0");
+ if (level == -1)
+ einfo (INFO, "Version 1.0");
}
struct checker notes_checker =
}
static void
-size_version (void)
+size_version (int level)
{
- einfo (INFO, "Version 1.3");
+ if (level == -1)
+ einfo (INFO, "Version 1.3");
}
struct checker size_checker =
/* Monitors the time annocheck takes running its tools.
- Copyright (c) 2018 - 2021 Red Hat.
+ Copyright (c) 2018 - 2022 Red Hat.
This is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published
}
static void
-timing_version (void)
+timing_version (int level)
{
- einfo (INFO, "Version 1.0");
+ if (level == -1)
+ einfo (INFO, "Version 1.0");
}
struct checker timing_checker =
-ANNOBIN_VERSION=10.90
+ANNOBIN_VERSION=10.92
# Make sure we can run config.sub.
AC_CONFIG_AUX_DIR([config])
AC_CONFIG_SRCDIR([annobin-global.h])
-ANNOBIN_VERSION=10.91
+ANNOBIN_VERSION=10.92
AC_SUBST(ANNOBIN_VERSION)
AC_CANONICAL_SYSTEM
project(
'annobin',
['c', 'cpp'],
- version: '10.91',
+ version: '10.92',
meson_version: '>=0.59'
)
git://sourceware.org / annobin.git / commitdiff