Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package checksec for openSUSE:Factory checked in at 2026-07-09 22:19:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/checksec (Old) and /work/SRC/openSUSE:Factory/.checksec.new.1991 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "checksec" Thu Jul 9 22:19:30 2026 rev:11 rq:1364610 version:3.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/checksec/checksec.changes 2026-02-12 19:37:50.281663138 +0100 +++ /work/SRC/openSUSE:Factory/.checksec.new.1991/checksec.changes 2026-07-09 22:20:24.196213812 +0200 @@ -1,0 +2,30 @@ +Wed Jul 8 15:46:33 UTC 2026 - Andreas Stieger <[email protected]> + +- update to 3.2.0 (boo#1271039): + * SafeStack detection for ELF binaries. + * CFI hardening detection extended to i386 CET and RISC-V + cfilp/Zicfiss (Zicfilp landing pads, Zicfiss shadow stack), + covering RV32 and RV64. + * Sanitizer detection (ASAN, UBSAN, MSAN, TSAN, LSAN) by compiler-rt + symbol prefix scan. + * Selfrando detection via the .txtrp section (restores a + checksec.bash check lost in the v3 port). + * W^X segment check (SeparateCode): asserts no PT_LOAD segment + is both writable and executable, as guaranteed by ld -z separate-code / lld --rosegment. + * Stack-clash protection detection via annobin + * RPATH/RUNPATH inspection that classifies each entry: + relative/empty/world-writable as bad, $ORIGIN or nonexistent as + warning, safe absolute as info. + * annobin-based FORTIFY/GLIBCXX assertion detection. + * CSV output format restored (dropped in the v3 Go port). + * Restored listfile, procLibs, per-process Seccomp, and the + Fortify breakdown. + * --fail-if CI gate: exit non-zero when a required check is not + in a good state. + * Parallel directory scanning (RunListChecksParallel) over a + bounded worker pool (default GOMAXPROCS). + * --no-warnings and --color flags; warnings now include filename + context. + * bug fixes and developer visible changes + +------------------------------------------------------------------- Old: ---- checksec-3.1.0.tar.gz vendor.tar.bz2 New: ---- _service checksec-3.2.0.tar.gz vendor.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ checksec.spec ++++++ --- /var/tmp/diff_new_pack.o3dwCe/_old 2026-07-09 22:20:24.952239513 +0200 +++ /var/tmp/diff_new_pack.o3dwCe/_new 2026-07-09 22:20:24.956239649 +0200 @@ -18,17 +18,18 @@ Name: checksec -Version: 3.1.0 +Version: 3.2.0 # use the one from the release tag -%define gitcommit 3c42e52 +%define gitcommit c8afc72 Release: 0 Summary: Utility to check binaries for system hardening License: BSD-3-Clause URL: https://github.com/slimm609/checksec.sh Source0: https://github.com/slimm609/checksec.sh/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz -Source1: vendor.tar.bz2 +Source1: vendor.tar.zst BuildRequires: golang-packaging BuildRequires: golang(API) +BuildRequires: zstd %description Checksec is a GO program to check the properties of executables (like PIE, @@ -45,8 +46,7 @@ security features are being used. %prep -%autosetup -p 1 -tar xf %SOURCE1 +%autosetup -p1 -a1 %build mkdir build ++++++ _service ++++++ <services> <service name="go_modules" mode="manual"> <param name="compression">zst</param> </service> </services> ++++++ checksec-3.1.0.tar.gz -> checksec-3.2.0.tar.gz ++++++ ++++ 9364 lines of diff (skipped)
