Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package checksec for openSUSE:Factory 
checked in at 2026-07-09 22:19:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/checksec (Old)
 and      /work/SRC/openSUSE:Factory/.checksec.new.1991 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "checksec"

Thu Jul  9 22:19:30 2026 rev:11 rq:1364610 version:3.2.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/checksec/checksec.changes        2026-02-12 
19:37:50.281663138 +0100
+++ /work/SRC/openSUSE:Factory/.checksec.new.1991/checksec.changes      
2026-07-09 22:20:24.196213812 +0200
@@ -1,0 +2,30 @@
+Wed Jul  8 15:46:33 UTC 2026 - Andreas Stieger <[email protected]>
+
+- update to 3.2.0 (boo#1271039):
+  * SafeStack detection for ELF binaries.
+  * CFI hardening detection extended to i386 CET and RISC-V
+    cfilp/Zicfiss (Zicfilp landing pads, Zicfiss shadow stack),
+    covering RV32 and RV64.
+  * Sanitizer detection (ASAN, UBSAN, MSAN, TSAN, LSAN) by compiler-rt
+    symbol prefix scan.
+  * Selfrando detection via the .txtrp section (restores a
+    checksec.bash check lost in the v3 port).
+  * W^X segment check (SeparateCode): asserts no PT_LOAD segment
+    is both writable and executable, as guaranteed by ld -z separate-code / 
lld --rosegment.
+  * Stack-clash protection detection via annobin
+  * RPATH/RUNPATH inspection that classifies each entry:
+    relative/empty/world-writable as bad, $ORIGIN or nonexistent as
+    warning, safe absolute as info.
+  * annobin-based FORTIFY/GLIBCXX assertion detection.
+  * CSV output format restored (dropped in the v3 Go port).
+  * Restored listfile, procLibs, per-process Seccomp, and the
+    Fortify breakdown.
+  * --fail-if CI gate: exit non-zero when a required check is not
+    in a good state.
+  * Parallel directory scanning (RunListChecksParallel) over a
+    bounded worker pool (default GOMAXPROCS).
+  * --no-warnings and --color flags; warnings now include filename
+    context.
+  * bug fixes and developer visible changes
+
+-------------------------------------------------------------------

Old:
----
  checksec-3.1.0.tar.gz
  vendor.tar.bz2

New:
----
  _service
  checksec-3.2.0.tar.gz
  vendor.tar.zst

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ checksec.spec ++++++
--- /var/tmp/diff_new_pack.o3dwCe/_old  2026-07-09 22:20:24.952239513 +0200
+++ /var/tmp/diff_new_pack.o3dwCe/_new  2026-07-09 22:20:24.956239649 +0200
@@ -18,17 +18,18 @@
 
 
 Name:           checksec
-Version:        3.1.0
+Version:        3.2.0
 # use the one from the release tag
-%define gitcommit 3c42e52
+%define gitcommit c8afc72
 Release:        0
 Summary:        Utility to check binaries for system hardening
 License:        BSD-3-Clause
 URL:            https://github.com/slimm609/checksec.sh
 Source0:        
https://github.com/slimm609/checksec.sh/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source1:        vendor.tar.bz2
+Source1:        vendor.tar.zst
 BuildRequires:  golang-packaging
 BuildRequires:  golang(API)
+BuildRequires:  zstd
 
 %description
 Checksec is a GO program to check the properties of executables (like PIE,
@@ -45,8 +46,7 @@
 security features are being used.
 
 %prep
-%autosetup -p 1
-tar xf %SOURCE1
+%autosetup -p1 -a1
 
 %build
 mkdir build

++++++ _service ++++++
<services>
 <service name="go_modules" mode="manual">
   <param name="compression">zst</param>
 </service>
</services>

++++++ checksec-3.1.0.tar.gz -> checksec-3.2.0.tar.gz ++++++
++++ 9364 lines of diff (skipped)

Reply via email to