Description of problem: Because of bz1997759 annocheck skips the cf-protection test. However it now complains about it in the property-note test. Version-Release number of selected component (if applicable): annobin-annocheck-10.48-1.el9 Steps to Reproduce: 1. annocheck --ignore-unknown --verbose --debug-rpm=/mnt/redhat/brewroot/packages/weldr-client/35.2/2.el9/x86_64/weldr-client-debuginfo-35.2-2.el9.x86_64.rpm /mnt/redhat/brewroot/packages/weldr-client/35.2/2.el9/x86_64/weldr-client-35.2-2.el9.x86_64.rpm |& grep cf-protection Actual results: Hardened: ./usr/bin/composer-cli: skip: cf-protection test because control flow protection is not needed for GO binaries Hardened: ./usr/bin/composer-cli: FAIL: property-note test because a property note was found but it shows that cf-protection is not enabled Expected results: On GO binaries, where the cf-protection isn't expected be present for now and the cf-protection test is intentionally skipped, the property-note test shouldn't fail just because of cf-protection. Additional info: It looks to me that 10.44 our last rpm build that worked fine, we don't have a 10.45 build and then 10.46 broke it.
Fixed in annobin-10.50-1.el9.
pre-verified: annobin-10.50-1.el9
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (new packages: annobin), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2022:2342