Merge #7424: Add security/export checks to gitian and fix current failures

a81c87f release: add security/symbol checks to gitian (Cory Fields)
a8ce872 release: always link librt for glibc back-compat builds (Cory Fields)
f3d3eaf release: add check-symbols and check-security make targets (Cory Fields)
475813b release: add _IO_stdin_used to ignored exports (Cory Fields)
cd27bf5 release: fix parsing of BIND_NOW with older readelf (Cory Fields)

2 files changed, 5 insertions, 2 deletions

diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py
index fe5dc9ad89..0319f739c4 100755
--- a/contrib/devtools/security-check.py
+++ b/contrib/devtools/security-check.py
@@ -94,7 +94,7 @@ def check_ELF_RELRO(executable):
         raise IOError('Error opening file')
     for line in stdout.split('\n'):
         tokens = line.split()
-        if len(tokens)>1 and tokens[1] == '(BIND_NOW)':
+        if len(tokens)>1 and tokens[1] == '(BIND_NOW)' or (len(tokens)>2 and tokens[1] == '(FLAGS)' and 'BIND_NOW' in tokens[2]):
             have_bindnow = True
     return have_gnu_relro and have_bindnow
 
diff --git a/contrib/devtools/symbol-check.py b/contrib/devtools/symbol-check.py
index 93acfcdda4..4ad5136f79 100755
--- a/contrib/devtools/symbol-check.py
+++ b/contrib/devtools/symbol-check.py
@@ -42,9 +42,12 @@ MAX_VERSIONS = {
 'GLIBCXX': (3,4,13),
 'GLIBC':   (2,11)
 }
+# See here for a description of _IO_stdin_used:
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109
+
 # Ignore symbols that are exported as part of every executable
 IGNORE_EXPORTS = {
-'_edata', '_end', '_init', '__bss_start', '_fini'
+'_edata', '_end', '_init', '__bss_start', '_fini', '_IO_stdin_used'
 }
 READELF_CMD = os.getenv('READELF', '/usr/bin/readelf')
 CPPFILT_CMD = os.getenv('CPPFILT', '/usr/bin/c++filt')