--- /dev/null	2021-10-25 08:23:06.499675237 +0100

+++ annobin-9.85/tests/unicode-test	2021-10-26 17:50:14.620383879 +0100

@@ -0,0 +1,45 @@

+#!/bin/bash

+

+# Copyright (c) 2021 Red Hat.

+#

+# This is free software; you can redistribute it and/or modify it

+# under the terms of the GNU General Public License as published

+# by the Free Software Foundation; either version 3, or (at your

+# option) any later version.

+#

+# It is distributed in the hope that it will be useful, but

+# WITHOUT ANY WARRANTY; without even the implied warranty of

+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+# GNU General Public License for more details.

+

+TEST_NAME=unicode

+. $srcdir/common.sh

+

+OPTS="-O2 -g -Wl,-z,now -pie -fpie"

+

+start_test

+

+$GCC $OPTS $srcdir/trick-hello.s -o trick-hello.exe

+if [ $? != 0 ];

+then

+    echo "unicode-test: FAIL: Could not compile test source file"

+    end_test

+    exit 1

+fi

+

+# Run annocheck

+

+OPTS="--ignore-gaps --skip-all --test-unicode"

+

+$ANNOCHECK trick-hello.exe $OPTS > unicode.out

+grep -e "FAIL: unicode" unicode.out

+if [ $? != 0 ];

+then

+    echo "unicode-test: FAIL: annocheck did not detect suspicious symbol names"

+    $ANNOCHECK trick-hello.exe $OPTS --verbose

+    end_test

+    exit 1

+fi

+

+end_test

+

--- /dev/null	2021-10-25 08:23:06.499675237 +0100

+++ annobin-9.85/tests/trick-hello.s	2021-10-26 17:15:25.803197562 +0100

@@ -0,0 +1,33 @@

+	.file	"trick-hello.c"

+	.text

+	.section	.rodata

+.LC0:

+	.string	"hah, gotcha!"

+	.text

+	.globl	he‮oll‬

+	.type	he‮oll‬, @function

+he‮oll‬:

+.LFB0:

+	nop

+.LFE0:

+	.size	he‮oll‬, .-he‮oll‬

+	.section	.rodata

+.LC1:

+	.string	"Hello world"

+	.text

+	.globl	hello

+	.type	hello, @function

+hello:

+.LFB1:

+	nop

+.LFE1:

+	.size	hello, .-hello

+	.globl	main

+	.type	main, @function

+main:

+.LFB2:

+	nop

+.LFE2:

+	.size	main, .-main

+	.ident	"GCC: (GNU) 11.2.1 20210728 (Red Hat 11.2.1-1)"

+	.section	.note.GNU-stack,"",@progbits

diff -rup annobin.orig/Makefile.in annobin-9.72/Makefile.in

--- annobin.orig/Makefile.in	2021-10-27 17:34:09.438721166 +0100

+++ annobin-9.72/Makefile.in	2021-10-27 17:34:19.226658425 +0100

@@ -323,6 +323,7 @@ plugindir = @plugindir@

 prefix = @prefix@

 program_transform_name = @program_transform_name@

 psdir = @psdir@

+runstatedir = @runstatedir@

 sbindir = @sbindir@

 sharedstatedir = @sharedstatedir@

 srcdir = @srcdir@

diff -rup annobin.orig/annocheck/Makefile.in annobin-9.72/annocheck/Makefile.in

--- annobin.orig/annocheck/Makefile.in	2021-10-27 17:34:09.443721134 +0100

+++ annobin-9.72/annocheck/Makefile.in	2021-10-27 17:34:19.227658419 +0100

@@ -314,6 +314,7 @@ plugindir = @plugindir@

 prefix = @prefix@

 program_transform_name = @program_transform_name@

 psdir = @psdir@

+runstatedir = @runstatedir@

 sbindir = @sbindir@

 sharedstatedir = @sharedstatedir@

 srcdir = @srcdir@

diff -rup annobin.orig/annocheck/hardened.c annobin-9.72/annocheck/hardened.c

--- annobin.orig/annocheck/hardened.c	2021-10-27 17:34:09.443721134 +0100

+++ annobin-9.72/annocheck/hardened.c	2021-10-27 17:35:14.200306024 +0100

@@ -37,7 +37,8 @@

 #define SOURCE_SEGMENT_CONTENTS "segment contents"

 #define SOURCE_SEGMENT_HEADERS  "segment headers"

 #define SOURCE_STRING_SECTION   "string section"

-#define SOURCE_COMMENT_SECTION   "comment section"

+#define SOURCE_COMMENT_SECTION  "comment section"

+#define SOURCE_SYMBOL_SECTION   "symbol section"

 #define GOLD_COLOUR     "\e[33;40m"

 #define RED_COLOUR      "\x1B[31;47m"

@@ -199,6 +200,7 @@ enum test_index

   TEST_STACK_REALIGN,

   TEST_TEXTREL,

   TEST_THREADS,

+  TEST_UNICODE,

   TEST_WARNINGS,

   TEST_WRITEABLE_GOT,

@@ -243,6 +245,7 @@ static test tests [TEST_MAX] =

   TEST (stack-realign,      STACK_REALIGN,      "Compiled with -mstackrealign (i686 only)"),

   TEST (textrel,            TEXTREL,            "There are no text relocations in the binary"),

   TEST (threads,            THREADS,            "Compiled with -fexceptions"),

+  TEST (unicode,            UNICODE,            "No unicode symbol names"),

   TEST (warnings,           WARNINGS,           "Compiled with -Wall"),

   TEST (writeable-got,      WRITEABLE_GOT,      "The .got section is not writeable"),

 };

@@ -1099,6 +1102,11 @@ interesting_sec (annocheck_data *     da

   if (streq (sec->secname, ".gdb_index"))

     per_file.debuginfo_file = true;

+  if (tests[TEST_UNICODE].enabled

+      && (sec->shdr.sh_type == SHT_SYMTAB

+	  || sec->shdr.sh_type == SHT_DYNSYM))	  

+    return true;

+

   if (streq (sec->secname, ".text"))

     {

       /* Separate debuginfo files have a .text section with a non-zero

@@ -2829,6 +2837,64 @@ check_code_section (annocheck_data *

 }

 static bool

+contains_suspicious_characters (const unsigned char * name)

+{

+  uint i;

+  uint len = strlen ((const char *) name);

+

+  /* FIXME: Test that locale is UTF-8.  */

+

+  for (i = 0; i < len; i++)

+    {

+      unsigned char c = name[i];

+

+      if (isgraph (c))

+	continue;

+

+      /* Control characters are always suspect.  So are spaces and DEL  */

+      if (iscntrl (c) || c == ' ' || c == 0x7f)

+	return true;

+

+      if (c < 0x7f) /* This test is probably redundant.  */

+	continue;

+

+      return true;

+    }

+

+  return false;

+}

+

+static bool

+check_symbol_section (annocheck_data * data, annocheck_section * sec)

+{

+  if (! tests[TEST_UNICODE].enabled)

+    return true;

+

+  /* Scan the symbols looking for non-ASCII characters in their names

+     that might cause problems.  Note - we do not examine the string

+     tables directly as there are perfectly legitimate reasons why these

+     characters might appear in strings.  But when they are used for

+     identifier names, their use is ... problematic.  */

+  GElf_Sym  sym;

+  uint      symndx;

+

+  for (symndx = 1; gelf_getsym (sec->data, symndx, & sym) != NULL; symndx++)

+    {

+      const char * symname = elf_strptr (data->elf, sec->shdr.sh_link, sym.st_name);

+

+      if (contains_suspicious_characters ((const unsigned char *) symname))

+	{

+	  fail (data, TEST_UNICODE, SOURCE_SYMBOL_SECTION, "suspicious characters were found in a symbol name");

+	  einfo (VERBOSE, "%s: info: symname: '%s', (%lu bytes long) in section: %s",

+		 get_filename (data), symname, (unsigned long) strlen (symname), sec->secname);

+	  if (!BE_VERBOSE)

+	    break;

+	}

+    }

+  return true;

+}

+

+static bool

 check_sec (annocheck_data *     data,

 	   annocheck_section *  sec)

 {

@@ -2839,6 +2905,8 @@ check_sec (annocheck_data *     data,

      selected in interesting_sec().  */

   switch (sec->shdr.sh_type)

     {

+    case SHT_SYMTAB:

+    case SHT_DYNSYM:   return check_symbol_section (data, sec);

     case SHT_NOTE:     return check_note_section (data, sec);

     case SHT_STRTAB:   return check_string_section (data, sec);

     case SHT_DYNAMIC:  return check_dynamic_section (data, sec);

@@ -3526,6 +3594,7 @@ finish (annocheck_data * data)

 	    case TEST_RWX_SEG:

 	    case TEST_TEXTREL:

 	    case TEST_THREADS:

+	    case TEST_UNICODE:

 	    case TEST_WRITEABLE_GOT:

 	      /* The absence of a result for these tests actually means that they have passed.  */

 	      pass (data, i, SOURCE_FINAL_SCAN, NULL);

Only in annobin-9.72/annocheck: hardened.c.orig

Only in annobin-9.72/annocheck: hardened.c.rej

diff -rup annobin.orig/configure annobin-9.72/configure

--- annobin.orig/configure	2021-10-27 17:34:09.438721166 +0100

+++ annobin-9.72/configure	2021-10-27 17:34:19.229658406 +0100

@@ -763,6 +763,7 @@ infodir

 docdir

 oldincludedir

 includedir

+runstatedir

 localstatedir

 sharedstatedir

 sysconfdir

@@ -860,6 +861,7 @@ datadir='${datarootdir}'

 sysconfdir='${prefix}/etc'

 sharedstatedir='${prefix}/com'

 localstatedir='${prefix}/var'

+runstatedir='${localstatedir}/run'

 includedir='${prefix}/include'

 oldincludedir='/usr/include'

 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'

@@ -1112,6 +1114,15 @@ do

   | -silent | --silent | --silen | --sile | --sil)

     silent=yes ;;

+  -runstatedir | --runstatedir | --runstatedi | --runstated \

+  | --runstate | --runstat | --runsta | --runst | --runs \

+  | --run | --ru | --r)

+    ac_prev=runstatedir ;;

+  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \

+  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \

+  | --run=* | --ru=* | --r=*)

+    runstatedir=$ac_optarg ;;

+

   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)

     ac_prev=sbindir ;;

   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \

@@ -1249,7 +1260,7 @@ fi

 for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \

 		datadir sysconfdir sharedstatedir localstatedir includedir \

 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \

-		libdir localedir mandir

+		libdir localedir mandir runstatedir

 do

   eval ac_val=\$$ac_var

   # Remove trailing slashes.

@@ -1402,6 +1413,7 @@ Fine tuning of the installation director

   --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]

   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]

   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]

+  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]

   --libdir=DIR            object code libraries [EPREFIX/lib]

   --includedir=DIR        C header files [PREFIX/include]

   --oldincludedir=DIR     C header files for non-gcc [/usr/include]

Only in annobin-9.72: configure.orig

diff -rup annobin.orig/doc/Makefile.in annobin-9.72/doc/Makefile.in

--- annobin.orig/doc/Makefile.in	2021-10-27 17:34:09.439721160 +0100

+++ annobin-9.72/doc/Makefile.in	2021-10-27 17:34:19.229658406 +0100

@@ -329,6 +329,7 @@ plugindir = @plugindir@

 prefix = @prefix@

 program_transform_name = @program_transform_name@

 psdir = @psdir@

+runstatedir = @runstatedir@

 sbindir = @sbindir@

 sharedstatedir = @sharedstatedir@

 srcdir = @srcdir@

diff -rup annobin.orig/doc/annobin.info annobin-9.72/doc/annobin.info

--- annobin.orig/doc/annobin.info	2021-10-27 17:34:09.440721153 +0100

+++ annobin-9.72/doc/annobin.info	2021-10-27 17:34:19.230658399 +0100

@@ -737,6 +737,7 @@ File: annobin.info,  Node: Hardened,  Ne

        [-skip-stack-realign]

        [-skip-textrel]

        [-skip-threads]

+       [-skip-unicode]

        [-skip-warnings]

        [-skip-writeable-got]

        [-test-NAME]

@@ -863,6 +864,10 @@ code to support the test.

      Check that the program was built by a production-ready compiler.

      Disabled by '--skip-production'.

+'Unicode'

+     This test checks for the presence of multibyte characters in symbol

+     names, which are unusual and potentially dangerous.

+

    The tool does support a couple of other command line options as well:

 '--skip-future'

Only in annobin-9.72/doc: annobin.info.orig

Only in annobin-9.72/doc: annobin.info.rej

diff -rup annobin.orig/doc/annobin.texi annobin-9.72/doc/annobin.texi

--- annobin.orig/doc/annobin.texi	2021-10-27 17:34:09.439721160 +0100

+++ annobin-9.72/doc/annobin.texi	2021-10-27 17:34:19.230658399 +0100

@@ -842,6 +842,7 @@ annocheck

   [@b{--skip-stack-realign}]

   [@b{--skip-textrel}]

   [@b{--skip-threads}]

+  [@b{--skip-unicode}]

   [@b{--skip-warnings}]

   [@b{--skip-writeable-got}]

   [@b{--test-@var{name}}]

@@ -983,6 +984,11 @@ Check that the program makes consistent

 @item Production Ready Compiler

 Check that the program was built by a production-ready compiler.

 Disabled by @option{--skip-production}.

+

+@item Unicode

+This test checks for the presence of multibyte characters in symbol

+names, which are unusual and potentially dangerous.

+

 @end table

 The tool does support a couple of other command line options as well:

Only in annobin-9.72/doc: annobin.texi.orig

diff -rup annobin.orig/gcc-plugin/Makefile.in annobin-9.72/gcc-plugin/Makefile.in

--- annobin.orig/gcc-plugin/Makefile.in	2021-10-27 17:34:09.443721134 +0100

+++ annobin-9.72/gcc-plugin/Makefile.in	2021-10-27 17:34:19.230658399 +0100

@@ -333,6 +333,7 @@ plugindir = @plugindir@

 prefix = @prefix@

 program_transform_name = @program_transform_name@

 psdir = @psdir@

+runstatedir = @runstatedir@

 sbindir = @sbindir@

 sharedstatedir = @sharedstatedir@

 srcdir = @srcdir@

diff -rup annobin.orig/scripts/Makefile.in annobin-9.72/scripts/Makefile.in

--- annobin.orig/scripts/Makefile.in	2021-10-27 17:34:09.441721146 +0100

+++ annobin-9.72/scripts/Makefile.in	2021-10-27 17:34:19.230658399 +0100

@@ -284,6 +284,7 @@ plugindir = @plugindir@

 prefix = @prefix@

 program_transform_name = @program_transform_name@

 psdir = @psdir@

+runstatedir = @runstatedir@

 sbindir = @sbindir@

 sharedstatedir = @sharedstatedir@

 srcdir = @srcdir@

diff -rup annobin.orig/tests/Makefile.am annobin-9.72/tests/Makefile.am

--- annobin.orig/tests/Makefile.am	2021-10-27 17:34:09.444721127 +0100

+++ annobin-9.72/tests/Makefile.am	2021-10-27 17:34:19.230658399 +0100

@@ -22,6 +22,7 @@ TESTS=compile-test \

       missing-notes-test \

       active-checks-test \

       property-note-test \

+      unicode-test \

       hardening-fail-test

 if HAVE_DEBUGINFOD

diff -rup annobin.orig/tests/Makefile.in annobin-9.72/tests/Makefile.in

--- annobin.orig/tests/Makefile.in	2021-10-27 17:34:09.444721127 +0100

+++ annobin-9.72/tests/Makefile.in	2021-10-27 17:34:19.230658399 +0100

@@ -459,6 +459,7 @@ plugindir = @plugindir@

 prefix = @prefix@

 program_transform_name = @program_transform_name@

 psdir = @psdir@

+runstatedir = @runstatedir@

 sbindir = @sbindir@

 sharedstatedir = @sharedstatedir@

 srcdir = @srcdir@

@@ -479,7 +480,7 @@ TESTS = compile-test abi-test active-che

 	hardening-test instrumentation-test lto-test \

 	missing-notes-test objcopy-test section-size-test \

 	missing-notes-test active-checks-test property-note-test \

-	hardening-fail-test $(am__append_1)

+	unicode-test hardening-fail-test $(am__append_1)

 all: all-am

 .SUFFIXES:

@@ -764,6 +765,13 @@ property-note-test.log: property-note-te

 	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \

 	--log-file $$b.log --trs-file $$b.trs \

 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \

+	"$$tst" $(AM_TESTS_FD_REDIRECT)

+unicode-test.log: unicode-test

+	@p='unicode-test'; \

+	b='unicode-test'; \

+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \

+	--log-file $$b.log --trs-file $$b.trs \

+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \

 	"$$tst" $(AM_TESTS_FD_REDIRECT)

 debuginfod-test.log: debuginfod-test

 	@p='debuginfod-test'; \

Only in annobin-9.72/tests: trick-hello.s

Only in annobin-9.72/tests: unicode-test