From 75808db17caf8b960b351e3408e74142f4c85aac Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 14 Apr 2024 15:42:30 +0200 Subject: Adding upstream version 2.117.0. Signed-off-by: Daniel Baumann --- .../build-spec/debian/install | 1 + .../build-spec/fill-values | 4 +++ .../build-spec/orig/Makefile | 33 +++++++++++++++++++++ .../build-spec/orig/hello.c | 26 ++++++++++++++++ .../pe/missing-security-features-32-bit/eval/desc | 2 ++ .../pe/missing-security-features-32-bit/eval/hints | 3 ++ .../build-spec/debian/install | 1 + .../build-spec/fill-values | 4 +++ .../build-spec/orig/Makefile | 33 +++++++++++++++++++++ .../build-spec/orig/hello.c | 26 ++++++++++++++++ .../pe/missing-security-features-64-bit/eval/desc | 2 ++ .../pe/missing-security-features-64-bit/eval/hints | 3 ++ .../build-spec/debian/install | 1 + .../build-spec/fill-values | 3 ++ .../build-spec/orig/.coverage | 0 .../build-spec/orig/gdbreplay-pe32+.exe | Bin 0 -> 628741 bytes .../build-spec/orig/gdbreplay-pe32.exe | Bin 0 -> 592899 bytes .../pe/missing-security-features-fp/eval/desc | 4 +++ .../pe/missing-security-features-fp/eval/hints | 1 + 19 files changed, 147 insertions(+) create mode 100644 t/recipes/checks/pe/missing-security-features-32-bit/build-spec/debian/install create mode 100644 t/recipes/checks/pe/missing-security-features-32-bit/build-spec/fill-values create mode 100644 t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/Makefile create mode 100644 t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/hello.c create mode 100644 t/recipes/checks/pe/missing-security-features-32-bit/eval/desc create mode 100644 t/recipes/checks/pe/missing-security-features-32-bit/eval/hints create mode 100644 t/recipes/checks/pe/missing-security-features-64-bit/build-spec/debian/install create mode 100644 t/recipes/checks/pe/missing-security-features-64-bit/build-spec/fill-values create mode 100644 t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/Makefile create mode 100644 t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/hello.c create mode 100644 t/recipes/checks/pe/missing-security-features-64-bit/eval/desc create mode 100644 t/recipes/checks/pe/missing-security-features-64-bit/eval/hints create mode 100644 t/recipes/checks/pe/missing-security-features-fp/build-spec/debian/install create mode 100644 t/recipes/checks/pe/missing-security-features-fp/build-spec/fill-values create mode 100644 t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/.coverage create mode 100644 t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32+.exe create mode 100644 t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32.exe create mode 100644 t/recipes/checks/pe/missing-security-features-fp/eval/desc create mode 100644 t/recipes/checks/pe/missing-security-features-fp/eval/hints (limited to 't/recipes/checks/pe') diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/debian/install b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/debian/install new file mode 100644 index 0000000..b2551e6 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/debian/install @@ -0,0 +1 @@ +*.exe usr/share/win32 diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/fill-values b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/fill-values new file mode 100644 index 0000000..cc065dd --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/fill-values @@ -0,0 +1,4 @@ +Testname: missing-security-features-32-bit +Skeleton: upload-native +Extra-Build-Depends: gcc-mingw-w64-i686, mingw-w64-tools +Description: Test with 32-bit PE binaries (PE32) missing recommended security features diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/Makefile b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/Makefile new file mode 100644 index 0000000..c4e03e9 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/Makefile @@ -0,0 +1,33 @@ +MINGWCC = i686-w64-mingw32-gcc + +sources = hello.c +safe = hello32.exe + +staticbase = $(patsubst %.exe,%-static-base.exe,$(safe)) +dataexecution = $(patsubst %.exe,%-data-execution.exe,$(safe)) +unsafeseh = $(patsubst %.exe,%-unsafe-seh.exe,$(safe)) + +all: $(safe) $(staticbase) $(dataexecution) $(unsafeseh) + +$(safe): $(sources) + $(MINGWCC) -o $@ $^ + genpeimg -d +d $@ + genpeimg -d +n $@ + genpeimg -d -s $@ + +$(staticbase): $(safe) + cp $< $@ + genpeimg -d -d $@ + +$(dataexecution): $(safe) + cp $< $@ + genpeimg -d -n $@ + +$(unsafeseh): $(safe) + cp $< $@ + # SEH is inverted + genpeimg -d +s $@ + +.PHONY: clean +clean: + rm -f $(safe) $(staticbase) $(dataexecution) $(unsafeseh) diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/hello.c b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/hello.c new file mode 100644 index 0000000..7085b1e --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-32-bit/build-spec/orig/hello.c @@ -0,0 +1,26 @@ +/* Copyright (C) 2019 Felix Lechner + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, you can find it on the World Wide + Web at https://www.gnu.org/copyleft/gpl.html, or write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301, USA +*/ + +#include + +int main(void){ + + printf("Hello, Lintian!\n"); + return 0; +} diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/eval/desc b/t/recipes/checks/pe/missing-security-features-32-bit/eval/desc new file mode 100644 index 0000000..db88ae6 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-32-bit/eval/desc @@ -0,0 +1,2 @@ +Testname: missing-security-features-32-bit +Check: pe diff --git a/t/recipes/checks/pe/missing-security-features-32-bit/eval/hints b/t/recipes/checks/pe/missing-security-features-32-bit/eval/hints new file mode 100644 index 0000000..c7cb89b --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-32-bit/eval/hints @@ -0,0 +1,3 @@ +missing-security-features-32-bit (binary): portable-executable-missing-security-features SafeSEH [usr/share/win32/hello32-unsafe-seh.exe] +missing-security-features-32-bit (binary): portable-executable-missing-security-features DEP/NX [usr/share/win32/hello32-data-execution.exe] +missing-security-features-32-bit (binary): portable-executable-missing-security-features ASLR [usr/share/win32/hello32-static-base.exe] diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/debian/install b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/debian/install new file mode 100644 index 0000000..b2551e6 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/debian/install @@ -0,0 +1 @@ +*.exe usr/share/win32 diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/fill-values b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/fill-values new file mode 100644 index 0000000..da2ab70 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/fill-values @@ -0,0 +1,4 @@ +Testname: missing-security-features-64-bit +Skeleton: upload-native +Extra-Build-Depends: gcc-mingw-w64-x86-64, mingw-w64-tools +Description: Test with 64-bit PE binaries (PE32+) missing recommended security features diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/Makefile b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/Makefile new file mode 100644 index 0000000..ddd8290 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/Makefile @@ -0,0 +1,33 @@ +MINGWCC = x86_64-w64-mingw32-gcc + +sources = hello.c +safe = hello64.exe + +staticbase = $(patsubst %.exe,%-static-base.exe,$(safe)) +dataexecution = $(patsubst %.exe,%-data-execution.exe,$(safe)) +unsafeseh = $(patsubst %.exe,%-unsafe-seh.exe,$(safe)) + +all: $(safe) $(staticbase) $(dataexecution) $(unsafeseh) + +$(safe): $(sources) + $(MINGWCC) -o $@ $^ + genpeimg -d +d $@ + genpeimg -d +n $@ + genpeimg -d -s $@ + +$(staticbase): $(safe) + cp $< $@ + genpeimg -d -d $@ + +$(dataexecution): $(safe) + cp $< $@ + genpeimg -d -n $@ + +$(unsafeseh): $(safe) + cp $< $@ + # SEH is inverted + genpeimg -d +s $@ + +.PHONY: clean +clean: + rm -f $(safe) $(staticbase) $(dataexecution) $(unsafeseh) diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/hello.c b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/hello.c new file mode 100644 index 0000000..7085b1e --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-64-bit/build-spec/orig/hello.c @@ -0,0 +1,26 @@ +/* Copyright (C) 2019 Felix Lechner + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, you can find it on the World Wide + Web at https://www.gnu.org/copyleft/gpl.html, or write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301, USA +*/ + +#include + +int main(void){ + + printf("Hello, Lintian!\n"); + return 0; +} diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/eval/desc b/t/recipes/checks/pe/missing-security-features-64-bit/eval/desc new file mode 100644 index 0000000..a72b1e0 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-64-bit/eval/desc @@ -0,0 +1,2 @@ +Testname: missing-security-features-64-bit +Check: pe diff --git a/t/recipes/checks/pe/missing-security-features-64-bit/eval/hints b/t/recipes/checks/pe/missing-security-features-64-bit/eval/hints new file mode 100644 index 0000000..56fb3ce --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-64-bit/eval/hints @@ -0,0 +1,3 @@ +missing-security-features-64-bit (binary): portable-executable-missing-security-features SafeSEH [usr/share/win32/hello64-unsafe-seh.exe] +missing-security-features-64-bit (binary): portable-executable-missing-security-features DEP/NX [usr/share/win32/hello64-data-execution.exe] +missing-security-features-64-bit (binary): portable-executable-missing-security-features ASLR [usr/share/win32/hello64-static-base.exe] diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/debian/install b/t/recipes/checks/pe/missing-security-features-fp/build-spec/debian/install new file mode 100644 index 0000000..b2551e6 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-fp/build-spec/debian/install @@ -0,0 +1 @@ +*.exe usr/share/win32 diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/fill-values b/t/recipes/checks/pe/missing-security-features-fp/build-spec/fill-values new file mode 100644 index 0000000..5707c9a --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-fp/build-spec/fill-values @@ -0,0 +1,3 @@ +Skeleton: upload-native +Testname: missing-security-features-fp +Description: Test with hardened PE binaries not missing any security features diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/.coverage b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/.coverage new file mode 100644 index 0000000..e69de29 diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32+.exe b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32+.exe new file mode 100644 index 0000000..9ba57fb Binary files /dev/null and b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32+.exe differ diff --git a/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32.exe b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32.exe new file mode 100644 index 0000000..0f50468 Binary files /dev/null and b/t/recipes/checks/pe/missing-security-features-fp/build-spec/orig/gdbreplay-pe32.exe differ diff --git a/t/recipes/checks/pe/missing-security-features-fp/eval/desc b/t/recipes/checks/pe/missing-security-features-fp/eval/desc new file mode 100644 index 0000000..5a754e7 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-fp/eval/desc @@ -0,0 +1,4 @@ +Testname: missing-security-features-fp +Check: pe +Test-Against: + portable-executable-missing-security-features diff --git a/t/recipes/checks/pe/missing-security-features-fp/eval/hints b/t/recipes/checks/pe/missing-security-features-fp/eval/hints new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/t/recipes/checks/pe/missing-security-features-fp/eval/hints @@ -0,0 +1 @@ + -- cgit v1.2.3