From d27a4c5d2389b9d313dd64484b05573a3fd5832c Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 27 Jun 2023 13:11:11 +0100
Subject: [PATCH] 12.16: Annocheck: Ignore weak/undef function symbols when
 checking for binaries that do not contain any code.

---
 annocheck/annocheck.c |  2 +-
 annocheck/hardened.c  | 32 ++++++++++++++----------
 configure             |  2 +-
 configure.ac          |  2 +-
 doc/annobin.info      | 57 +++++++++++++++++++++++--------------------
 doc/annobin.texi      |  8 +++++-
 meson.build           |  2 +-
 7 files changed, 61 insertions(+), 44 deletions(-)

diff --git a/annocheck/annocheck.c b/annocheck/annocheck.c
index e61b999..27056c7 100644
--- a/annocheck/annocheck.c
+++ b/annocheck/annocheck.c
@@ -942,7 +942,7 @@ follow_debuglink (annocheck_data * data)
 	     enabled (eg libpython3.so from the python3-libs package).
 	     Let the user know about this, but do not close the file - we may still want to scan
 	     it for other information, eg annobin notes.  */
-	  einfo (VERBOSE, "%s: Note: Separate debug file '%s' does not contain any actual debug information",
+	  einfo (VERBOSE2, "%s: Note: Separate debug file '%s' does not contain any actual debug information",
 		 data->full_filename, debugfile);
 
 	  data->dwarf_info.fd = fd;
diff --git a/annocheck/hardened.c b/annocheck/hardened.c
index d47c652..18f523a 100644
--- a/annocheck/hardened.c
+++ b/annocheck/hardened.c
@@ -2275,7 +2275,7 @@ dwarf_attribute_checker (annocheck_data *  data,
 static const struct profiles
 {
   const char *      name[MAX_NAMES]; /* Note: name[0] is used as the name of the profile in output statements.  */
-  const char *      file_suffix[MAX_NAMES];
+  const char *      file_infix[MAX_NAMES];
   enum  test_index  disabled_tests[MAX_DISABLED];
   enum  test_index  enabled_tests[MAX_DISABLED];
 }
@@ -2294,12 +2294,12 @@ static const struct profiles
 		      { TEST_NOT_BRANCH_PROTECTION, TEST_NOT_DYNAMIC_TAGS } },
   
   [ PROFILE_EL9 ] = { { "el9", "rhel-9", "rhel-9-devel", "el9_0" },
-		      {".el9", ".el9_0" },
+		      {".el9" },
 		      { TEST_BRANCH_PROTECTION, TEST_DYNAMIC_TAGS },
 		      { TEST_NOT_BRANCH_PROTECTION, TEST_NOT_DYNAMIC_TAGS } },
 
   [ PROFILE_EL10 ] = { { "el10", "rhel-10", "rhel-10-devel", "el10_0" },
-		      {".el10", ".el10_0" },
+		      {".el10" },
 		      { TEST_NOT_BRANCH_PROTECTION, TEST_NOT_DYNAMIC_TAGS },
 		      { TEST_BRANCH_PROTECTION, TEST_DYNAMIC_TAGS } },
 
@@ -2410,7 +2410,7 @@ get_profile_based_upon_filename (annocheck_data * data)
 
       for (j = 0; j < MAX_NAMES; j++)
 	{
-	  const char * suffix = profiles[i].file_suffix[j];
+	  const char * suffix = profiles[i].file_infix[j];
 
 	  if (suffix == NULL)
 	    break;
@@ -4441,7 +4441,7 @@ check_annobin_glibcxx_assert (annocheck_data *    data,
   if (ptr[index + 1] != 0 && ptr[index + 1] != ' ')
     {
       maybe (data, TEST_GLIBCXX_ASSERTIONS, SOURCE_ANNOBIN_STRING_NOTES, "unexpected note value");
-      einfo (VERBOSE, "debug: glibcxxx assertions note value: %s", ptr);
+      einfo (VERBOSE, "debug: glibcxx assertions note value: %s", ptr);
       return;
     }
 
@@ -4457,7 +4457,7 @@ check_annobin_glibcxx_assert (annocheck_data *    data,
 
     default:
       maybe (data, TEST_GLIBCXX_ASSERTIONS, SOURCE_ANNOBIN_STRING_NOTES, "unexpected note value");
-      einfo (VERBOSE, "debug: glibcxxx assertions note value: %s", ptr);
+      einfo (VERBOSE, "debug: glibcxx assertions note value: %s", ptr);
       break;
     }
 }
@@ -5416,10 +5416,10 @@ check_symbol_section (annocheck_data * data, annocheck_section * sec)
      characters might appear in strings.  But when they are used for
      identifier names, their use is ... problematic.  */
 
-  /* In addition we check the symbol types.  If there are no function
-     symbols then we can assume that the file does not contain code.
-     (Such a file might still contain a .text section however.  See
-     libicudata.so for example).  */
+  /* In addition we check the symbol types.  If there are no defined
+     function symbols then we can assume that the file does not
+     contain code.  (Such a file might still contain a .text section
+     however.  See libicudata.so for example).  */
 
   per_file.has_symtab = true;
 
@@ -5428,15 +5428,19 @@ check_symbol_section (annocheck_data * data, annocheck_section * sec)
 
   for (symndx = 1; gelf_getsym (sec->data, symndx, & sym) != NULL; symndx++)
     {
-      int type = GELF_ST_TYPE (sym.st_info);
-
       if (! per_file.seen_function_symbol)
 	{
-	  if (type == STT_FUNC || type == STT_GNU_IFUNC)
+	  int type = GELF_ST_TYPE (sym.st_info);
+	  int bind = GELF_ST_BIND (sym.st_info);
+
+	  if ((type == STT_FUNC || type == STT_GNU_IFUNC)
+	      && bind != STB_WEAK
+	      && sym.st_shndx != SHN_UNDEF)
 	    {
 	      per_file.seen_function_symbol = true;
 
 	      if (! tests[TEST_UNICODE].enabled)
+		/* No need to keep on scanning.  */
 		break;
 	    }
 	}
@@ -7111,7 +7115,9 @@ process_arg (const char * arg, const char ** argv, const uint argc, uint * next)
 	      tests[i].enabled = false;
 	      tests[i].set_by_user = true;
 	    }
+
 	  selected_profile = PROFILE_NONE;
+
 	  return true;
 	}
 
diff --git a/configure b/configure
index 390e9b5..4f14c58 100755
--- a/configure
+++ b/configure
@@ -2723,7 +2723,7 @@ ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
 
 # NB/ When updating the ANNOBIN_VERSION below, remember to
 # also update VERSION in the PROJECT section of meson.build.
-ANNOBIN_VERSION=12.15
+ANNOBIN_VERSION=12.16
 
 
 # Make sure we can run config.sub.
diff --git a/configure.ac b/configure.ac
index e6f77f1..b4b9308 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,7 +9,7 @@ AC_CONFIG_SRCDIR([annobin-global.h.in])
 
 # NB/ When updating the ANNOBIN_VERSION below, remember to
 # also update VERSION in the PROJECT section of meson.build.
-ANNOBIN_VERSION=12.15
+ANNOBIN_VERSION=12.16
 AC_SUBST(ANNOBIN_VERSION)
 
 AC_CANONICAL_SYSTEM
diff --git a/doc/annobin.info b/doc/annobin.info
index 7aff157..c8916ac 100644
--- a/doc/annobin.info
+++ b/doc/annobin.info
@@ -2325,7 +2325,12 @@ File: annobin.info,  Node: Hardened Command Line Options,  Next: Waiving Hardene
      to be skipped for multiple functions.
 
 ‘--skip-all’
-     Disable all tests.  Not really useful unless followed by...
+     Disable all tests.  Not really useful unless followed by one or
+     more options to enable specific tests.
+
+     Note - using this option also sets the ‘profile’ to _none_.  If the
+     enabling of profile specific tests is desired the ‘--profile’
+     option must appear after the ‘--skip-all’ on the command line.
 
 ‘--test-NAME’
      Enable test NAME.
@@ -4096,31 +4101,31 @@ Node: Test warnings92703
 Node: Test writable got93554
 Node: Test zero call used regs94847
 Node: Hardened Command Line Options96166
-Node: Waiving Hardened Results103089
-Node: Absence of compiled code105088
-Node: Notes111473
-Node: Size112119
-Node: Timing114837
-Node: Libannocheck115496
-Node: libannocheck_init117451
-Node: libannocheck_finish118377
-Node: libannocheck_get_version118925
-Node: libannocheck_get_error_message119338
-Node: libannocheck_get_known_tests119978
-Node: libannocheck_enable_all_tests121158
-Node: libannocheck_disable_all_tests121641
-Node: libannocheck_enable_test122201
-Node: libannocheck_disable_test122881
-Node: libannocheck_enable_profile123562
-Node: libannocheck_get_known_profiles124084
-Node: libannocheck_run_tests124787
-Node: Configure Options125636
-Node: Legacy Scripts128074
-Node: Who Built Me128857
-Node: ABI Checking131748
-Node: Hardening Checks133995
-Node: Checking Archives138343
-Node: GNU FDL140896
+Node: Waiving Hardened Results103358
+Node: Absence of compiled code105357
+Node: Notes111742
+Node: Size112388
+Node: Timing115106
+Node: Libannocheck115765
+Node: libannocheck_init117720
+Node: libannocheck_finish118646
+Node: libannocheck_get_version119194
+Node: libannocheck_get_error_message119607
+Node: libannocheck_get_known_tests120247
+Node: libannocheck_enable_all_tests121427
+Node: libannocheck_disable_all_tests121910
+Node: libannocheck_enable_test122470
+Node: libannocheck_disable_test123150
+Node: libannocheck_enable_profile123831
+Node: libannocheck_get_known_profiles124353
+Node: libannocheck_run_tests125056
+Node: Configure Options125905
+Node: Legacy Scripts128343
+Node: Who Built Me129126
+Node: ABI Checking132017
+Node: Hardening Checks134264
+Node: Checking Archives138612
+Node: GNU FDL141165
 
 End Tag Table
 
diff --git a/doc/annobin.texi b/doc/annobin.texi
index 66e66ad..c4fa731 100644
--- a/doc/annobin.texi
+++ b/doc/annobin.texi
@@ -2509,7 +2509,13 @@ extended version of the option can be used multiple times to allow the
 test to be skipped for multiple functions.
 
 @item --skip-all
-Disable all tests.  Not really useful unless followed by...
+Disable all tests.  Not really useful unless followed by one or more
+options to enable specific tests.
+
+Note - using this option also sets the @option{profile} to
+@emph{none}.  If the enabling of profile specific tests is desired the
+@option{--profile} option must appear after the @option{--skip-all} on
+the command line.
 
 @item --test-@var{name}
 Enable test @var{name}.
diff --git a/meson.build b/meson.build
index 96a5f82..4ee0488 100644
--- a/meson.build
+++ b/meson.build
@@ -7,7 +7,7 @@
 project(
   'annobin',
   ['c', 'cpp'],
-  version: '12.15',
+  version: '12.16',
   meson_version: '>=0.59'
 )
 
-- 
2.43.5