3.1.0

Changelog

• 3c42e52 Merge pull request #326 from slimm609/release_3.1.0
• ac8576a release 3.1.0
• 27d99c3 Merge pull request #325 from slimm609/fix_file_check_bugs
• 2e7ab15 fix several misc bugs
• ef70215 Merge pull request #324 from slimm609/add_packages
• 8de0ebc add packages format to goreleaser
• 5328c1a Merge pull request #323 from slimm609/dependabot/go_modules/github.com/spf13/cobra-1.10.2
• b962341 chore(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2
• ab40f23 Merge pull request #322 from weidongkl/main
• 90443b6 chore: RPM spec adapted to the latest code.
• 012c57b Merge pull request #319 from slimm609/fix_tests_changelog
• b7ce3b7 chore: adopt keep-a-changelog and refresh deps
• 8d55d4c Merge pull request #318 from weidongkl/main
• 64988cb Merge branch 'main' into main
• f2f1b90 Merge pull request #316 from slimm609/dependabot/go_modules/github.com/opencontainers/selinux-1.13.1
• f33af03 Merge pull request #315 from zhaomaosu/fix-relro-check
• ce28d3f feat: Redirect warnings to stderr
• 5052e02 chore(deps): bump github.com/opencontainers/selinux
• 4110ecb Merge branch 'main' into fix-relro-check
• 9e50d21 Merge pull request #313 from ljxfstorm/f/relro-bitwise-bind-now
• c006501 Merge pull request #314 from slimm609/dependabot/go_modules/github.com/opencontainers/selinux-1.13.0
• 876f882 chore(deps): bump github.com/opencontainers/selinux
• 8c33a7d Merge pull request #311 from slimm609/dependabot/go_modules/github.com/spf13/cobra-1.10.1
• 56443da feat(relro): detect BIND_NOW via DT_FLAGS_1 (DF_1_NOW) and use bitmask for DF_BIND_NOW
• 0a57b02 fix(relro): use bitwise check for DF_BIND_NOW flag
• d24d88d Merge pull request #308 from weidongkl/main
• eb8c20c chore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1
• efbbf47 Merge pull request #307 from slimm609/dependabot/go_modules/github.com/u-root/u-root-0.15.0
• 4a2fd87 feat: improve command usage descriptions and add examples
• c76f66b chore(deps): bump github.com/u-root/u-root from 0.14.0 to 0.15.0
• 5045caa Merge pull request #306 from slimm609/update_tests
• d994a68 update tests to leverage new file
• e057159 Merge pull request #305 from slimm609/add_tests_cursor
• 2c224c9 add tests and make installable
• 71012bf Merge pull request #304 from slimm609/dependabot/go_modules/sigs.k8s.io/yaml-1.6.0
• 163f441 chore(deps): bump sigs.k8s.io/yaml from 1.4.0 to 1.6.0
• 0b1e0a2 Merge pull request #298 from ikmckenz/cfi
• df26e4f Merge pull request #297 from ikmckenz/go-fmt
• 4bfddaa Add support for ARM PAC/BTI and x86 SHSTK/IBT file checks
• 7670511 run go fmt
• 818f867 Merge pull request #295 from slimm609/disable-headers-banners
• 30a736f disable headers and banners via flag
• 35f79c0 Merge pull request #292 from ffontaine/fix-build
• bad10cc Merge pull request #289 from ffontaine/handle-kernel-module
• 2c404b6 Merge pull request #288 from slimm609/dependabot/go_modules/github.com/opencontainers/selinux-1.12.0
• 6025a04 fix failure with static binaries
• 32bee42 Handle kernel modules
• a7ed482 chore(deps): bump github.com/opencontainers/selinux
• 31f2c97 Merge pull request #287 from ffontaine/handle-strip
• 325d53b Handle binaries with no sections
• 77abf06 Merge pull request #286 from ffontaine/main
• 0006c25 pkg/utils/files.go: parse all directories

3.0.2

Changelog

• 72f9da3 Merge pull request #285 from slimm609/update_goreleaser
• b08fffa update goreleaser config

3.0.0

Changelog

• ff76bcf only release mac and linux for 3.0.0
• 81392d7 fix goreleaser duplicate ldflags
• a4a950e Merge pull request #270 from slimm609/remove_old_sources
• b4a6b4a remove 2.x old source
• 0f4b298 Merge pull request #268 from slimm609/additional_3_0_updates
• 96e50ac Merge pull request #267 from slimm609/dependabot/go_modules/github.com/fatih/color-1.18.0
• ed38754 Merge pull request #266 from slimm609/dependabot/go_modules/github.com/opencontainers/selinux-1.11.1
• 6428a63 chore: minor updates and cleanup
• e5ff340 Bump github.com/fatih/color from 1.17.0 to 1.18.0
• 8ca7975 Bump github.com/opencontainers/selinux from 1.11.0 to 1.11.1

3.0.0-alpha

What's Changed

• Feat: add golang checksec intial commit by @slimm609 in #249
• chore: update readme by @slimm609 in #250
• fix: remove golang binary until ready by @slimm609 in #251
• fix: fix relro checks based on gcc and os by @slimm609 in #253
• add additional sysctl checks by @slimm609 in #254
• feat: add selinux check by @slimm609 in #255
• add fortifyProc by @slimm609 in #256
• fix: remove docker-compose by @slimm609 in #257
• fix: disable codeql for cpp by @slimm609 in #262
• Bump github.com/shirou/gopsutil/v3 from 3.24.3 to 3.24.5 by @dependabot in #259
• Bump github.com/fatih/color from 1.16.0 to 1.17.0 by @dependabot in #260
• Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by @dependabot in #261
• fix: rename module to support go install by @slimm609 in #264
• Bump ubuntu from 22.04 to 24.04 by @dependabot in #258
• fix: fix dockerfile for ubuntu:24.04 by @slimm609 in #265

New Contributors

• @dependabot made their first contribution in #259

Full Changelog: 2.7.1...3.0.0-alpha

2.7.1

What's Changed

• checksec FORTIFY detection by @teoberi in #236
• fix: fix duplicate entries by @slimm609 in #238
• feat: add cosign keyless signatures by @slimm609 in #240
• Fix Fortify small typos by @teoberi in #239
• Fix attributions in ChangeLog. by @petervas in #242
• checksec FORTIFY detection (proccheck) last by @teoberi in #245
• Instead of ldd use ldconfig. by @petervas in #247
• fix: fix partial check for fortify by @slimm609 in #248

New Contributors

• @teoberi made their first contribution in #236

Full Changelog: 2.7.0...2.7.1

2.7.0

What's Changed

• libc cleanup by @slimm609 in #194
• Add github page by @slimm609 in #195
• Add kernel check for YAMA by @cgzones in #196
• fix RELRO check and stack_chk by @slimm609 in #197
• fix nx check by @slimm609 in #198
• fix branch name for release by @slimm609 in #199
• gitattributes enforce line endings by @calebTree in #203
• Search libc at user defined place, allow cross plattform analysis by @sreschke80 in #206
• add test for listfile by @ysmaoui in #207
• If no program header is present in the ELF binary return N/A for RELRO and NX check by @petervas in #211
• Improve libc search by @petervas in #213
• Escape special characters and add missing quotes for grep by @petervas in #214
• Rewrite manpage in mdoc(7) and update by @Artoria2e5 in #215
• Fix stack protection check and full relro check by @petervas in #222
• Test suite for all supported checksec file and process hardening checks by @petervas in #224
• FS_comparison: do sorted comparison to get 10x speed up by @Artoria2e5 in #217
• pre-commit-config: only run shellcheck on the final thing by @Artoria2e5 in #220
• debug: fix exit code by @katexochen in #226
• fix: fix docs link by @slimm609 in #227
• Use dynamic section if no symbol table by @ffontaine in #231
• Fix fortify check by checking fortified vs fortifiable instead by @azat in #232
• fix: fix generation by @slimm609 in #234

New Contributors

• @calebTree made their first contribution in #203
• @sreschke80 made their first contribution in #206
• @ysmaoui made their first contribution in #207
• @petervas made their first contribution in #211
• @Artoria2e5 made their first contribution in #215
• @katexochen made their first contribution in #226
• @ffontaine made their first contribution in #231
• @azat made their first contribution in #232

Full Changelog: 2.6.0...2.7.0

2.6.0

Rev-2022052701 Brian Davis slimm609@gmail.com

• update to 2.6.0
• fix missing sysctl on fedora
  Thanks @spdfnet
• remove extra parenthesis
  Thanks @koobs
• add missing libc on LoongArch-64
  Thanks @xiaoxiaoafeifei

2.5.0

Rev-2021101001 Brian Davis slimm609@gmail.com
* update to 2.5.0
* split checksec into multiple files for easier maintenance and debugging
* remove space between options and only support = until refactor can happen
* Add pre-commit-checks
* update License.txt to include BSD license
Thanks @mr-segfault
* Move to new Arch Linux docker images
Thanks @Maryse47
* Add photon support for tests
* Check journalctl -k for NX protection
Thanks @Tatsh
* improve debug formatting
Thanks @bmwiedemann
* Fix shellcheck warnings and style issues
Thanks @a1346054

2.4.0

signed update

2.2.3

Fixed sending errors to STDERR.