Auto merge of #4670 - daira:update-checksec, r=str4d
Update checksec.sh to slimm609/checksec.sh version 2.3.0 To verify against the upstream signature: ``` git clone https://github.com/slimm609/checksec.sh cd checksec.sh git checkout a6df608ac077689b2160e521db6601abc7b9e26e openssl dgst -sha256 -verify checksec.pub -signature checksec.sig ${ZCASH_SRC}/qa/zcash/checksec.sh ``` This version has more thorough Fortify checking (using `--extended --fortify-file=`) and checks specific to Clang-compiled executables.
This commit is contained in:
commit
70b8aac97a
|
@ -77,7 +77,9 @@ Copyright: 2008, Steven G. Johnson <stevenj@alum.mit.edu>
|
|||
License: GPLv3-or-later-with-Autoconf-exception
|
||||
|
||||
Files: qa/zcash/checksec.sh
|
||||
Copyright: 2009-2011, Tobias Klein
|
||||
Copyright: 2014-2015, Brian Davis
|
||||
2013, Robin David
|
||||
2009-2011, Tobias Klein
|
||||
License: BSD-3clause-Tobias-Klein
|
||||
|
||||
Files: depends/sources/libsodium-*.tar.gz
|
||||
|
|
2267
qa/zcash/checksec.sh
2267
qa/zcash/checksec.sh
File diff suppressed because it is too large
Load Diff
|
@ -32,7 +32,7 @@ RE_FORTIFY_USED = re.compile('Binary compiled with FORTIFY_SOURCE support.*Yes')
|
|||
|
||||
def test_rpath_runpath(filename):
|
||||
output = subprocess.check_output(
|
||||
[repofile('qa/zcash/checksec.sh'), '--file', repofile(filename)]
|
||||
[repofile('qa/zcash/checksec.sh'), '--file=' + repofile(filename)]
|
||||
)
|
||||
if RE_RPATH_RUNPATH.search(output.decode('utf-8')):
|
||||
print('PASS: %s has no RPATH or RUNPATH.' % filename)
|
||||
|
@ -44,7 +44,7 @@ def test_rpath_runpath(filename):
|
|||
|
||||
def test_fortify_source(filename):
|
||||
proc = subprocess.Popen(
|
||||
[repofile('qa/zcash/checksec.sh'), '--fortify-file', repofile(filename)],
|
||||
[repofile('qa/zcash/checksec.sh'), '--fortify-file=' + repofile(filename)],
|
||||
stdout=subprocess.PIPE,
|
||||
)
|
||||
line1 = proc.stdout.readline()
|
||||
|
|
Loading…
Reference in New Issue