-
Bug
-
Resolution: Cannot Reproduce
-
Minor
-
None
-
rhel-9.4
-
None
-
None
-
None
-
rhel-sst-security-crypto
-
ssg_security
-
None
-
False
-
-
None
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
Running annocheck stack-prot test against openssl-fips-provider reports a failure for /usr/lib64/ossl-modules/fips.so.
Please provide the package NVR for which bug is seen:
openssl-fips-provider-3.0.7-2.el9
How reproducible:
Deterministic.
Steps to reproduce
- dnf install -y annobin-annocheck
- dnf debuginfo-install -y openssl-fips-provider
- rpm -ql openssl-fips-provider | xargs annocheck --verbose --ignore-unknown --ignore-links --skip-all --test-stack-prot
Actual results
Hardened: /usr/lib64/ossl-modules/fips.so: MAYB: test: stack-prot, reason: could not determine how the code was created Hardened: /usr/lib64/ossl-modules/fips.so: info: For more information visit: https://sourceware.org/annobin/annobin.html/Test-stack-prot.html Hardened: /usr/lib64/ossl-modules/fips.so: WARN: This can happen if the program is compiled from a language unknown to annocheck Hardened: /usr/lib64/ossl-modules/fips.so: WARN: or because there are no annobin build notes (could they be in a separate file ?) Hardened: /usr/lib64/ossl-modules/fips.so: WARN: For more details see https://sourceware.org/annobin/annobin.html/Absence-of-compiled-code.html Hardened: /usr/lib64/ossl-modules/fips.so: Overall: FAIL (due to MAYB results).
Expected results
No failures for the stack-prot test - failures are either fixed or in case the failures are expected they are documented in the rpminspect.yaml file to have the test skipped including a comment explaining why.