diff --git a/annobin.spec b/annobin.spec index 4918be7..1abe907 100644 --- a/annobin.spec +++ b/annobin.spec @@ -1,9 +1,9 @@ Name: annobin Summary: Annotate and examine compiled binary files -Version: 12.24 +Version: 12.60 Release: 1%{?dist} -License: GPL-3.0-or-later AND LGPL-2.0-or-later AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND GFDL-1.3-or-later +License: GPL-3.0-or-later AND LGPL-2.0-or-later AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND GFDL-1.3-or-later URL: https://sourceware.org/annobin/ # Maintainer: nickc@redhat.com # Web Page: https://sourceware.org/annobin/ @@ -50,7 +50,7 @@ URL: https://sourceware.org/annobin/ # # The default is to use plugin during rebuilds (cf BZ 1630550) but this can # be changed because of the need to be able to rebuild annobin when a change -# to gcc breaks the version installed into the buildroot. Mote however that +# to gcc breaks the version installed into the buildroot. Note however that # uncommenting the lines below will result in annocheck not passing the rpminspect # tests.... # %%if %%{without plugin_rebuild} @@ -67,7 +67,7 @@ Source: https://nickc.fedorapeople.org/%{annobin_sources} %global annobin_source_dir %{_usrsrc}/annobin # Insert patches here, if needed. Eg: -Patch01: annobin-plugin-default-string-notes.patch +# Patch01: annobin-plugin-default-string-notes.patch #--------------------------------------------------------------------------------- @@ -337,8 +337,8 @@ CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod" CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod" %endif -%if %{with clangplugin} -CONFIG_ARGS="$CONFIG_ARGS --with-clang" +%if %{without clangplugin} +CONFIG_ARGS="$CONFIG_ARGS --without-clang-plugin" %endif %if %{without gccplugin} @@ -347,8 +347,8 @@ CONFIG_ARGS="$CONFIG_ARGS --without-gcc-plugin" CONFIG_ARGS="$CONFIG_ARGS --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}" %endif -%if %{with llvmplugin} -CONFIG_ARGS="$CONFIG_ARGS --with-llvm" +%if %{without llvmplugin} +CONFIG_ARGS="$CONFIG_ARGS --without-llvm-plugin" %endif %if %{without tests} @@ -369,19 +369,19 @@ export CFLAGS="$CFLAGS -DAARCH64_BRANCH_PROTECTION_SUPPORTED=1" export CFLAGS="$CFLAGS $RPM_OPT_FLAGS %build_cflags" export LDFLAGS="$LDFLAGS %build_ldflags" -# Set target-specific security options to be used when building the -# Clang and LLVM plugins. FIXME: There should be a better way to do -# this. +# Set target-specific options to be used when building the Clang and LLVM plugins. +# FIXME: There should be a better way to do this. %ifarch %{ix86} x86_64 export CLANG_TARGET_OPTIONS="-fcf-protection" %endif - %ifarch aarch64 %if 0%{?fedora} != 0 export CLANG_TARGET_OPTIONS="-mbranch-protection=standard" %endif %endif - +%ifnarch riscv64 +export CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS -flto" +%endif %ifarch ppc ppc64 ppc64le # FIXME: This is a workaround for a problem with the Clang C++ headers. It should not be needed. export CLANG_TARGET_OPTIONS="-mabi=ibmlongdouble" @@ -419,12 +419,14 @@ rm %{_tmppath}/tmp_annobin.so %if %{with clangplugin} cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so -make -C clang-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS" +# To enable verbose more in the plugin append the following: ANNOBIN="verbose" +make -C clang-plugin clean all CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS $BUILD_FLAGS" %endif %if %{with llvmplugin} cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so -make -C llvm-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS" +# To enable verbose more in the plugin append the following: ANNOBIN_VERBOSE="true" +make -C llvm-plugin clean all CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS $BUILD_FLAGS" %endif # endif for %%if {with_plugin_rebuild} @@ -457,6 +459,11 @@ cp %{_sourcedir}/%{annobin_sources} %{buildroot}%{annobin_source_dir}/latest-ann rm -f %{buildroot}%{_infodir}/dir +# When annocheck is disabled, annocheck.1.gz will still be generated, remove it. +%if %{without annocheck} +rm -f %{_mandir}/man1/annocheck.1.gz +%endif + #--------------------------------------------------------------------------------- %if %{with tests} @@ -478,6 +485,7 @@ make check %files docs %license COPYING3 LICENSE +%dir %{_datadir}/doc/annobin-plugin %exclude %{_datadir}/doc/annobin-plugin/COPYING3 %exclude %{_datadir}/doc/annobin-plugin/LICENSE %doc %{_datadir}/doc/annobin-plugin/annotation.proposal.txt @@ -507,6 +515,7 @@ make check %{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0 %{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0.0.0 %{ANNOBIN_GCC_PLUGIN_DIR}/%{aver} +%dir %{annobin_source_dir} %{annobin_source_dir}/latest-annobin.tar.xz %endif @@ -524,6 +533,101 @@ make check #--------------------------------------------------------------------------------- %changelog +* Wed Jun 26 2024 Nick Clifton - 12.60-1 +- Annocheck: Add support for Fortran binaries. +- Annocheck: Add heuristic for detecting parts of the CGO runtime library. +- Annocheck: Add improvements for handling Clang runtime binaries. + +* Tue Jun 04 2024 Nick Clifton - 12.57-1 +- Annocheck: Add tweaks for mixed Rust/C binaries. (#2284605) +- Annocheck: Add more glibc source file names. + +* Mon May 20 2024 Nick Clifton - 12.55-1 +- Annocheck: Skip GAPS test for GO binaries. (RHEL-36308) + +* Mon May 20 2024 Nick Clifton - 12.54-2 +- Spec File: Add annobin plugin document directory to the files section. (#2279779) + +* Tue May 14 2024 Nick Clifton - 12.54-1 +- Annocheck: Remove some false positives for Rust binaries. (#2280239) + +* Thu May 09 2024 Nick Clifton - 12.53-2 +- Spec File: Add the annobin source directory to the files section. (#2279779) + +* Thu May 09 2024 Nick Clifton - 12.53-1 +- Annocheck: Defer passing the branch protection test until all notes have been checked. +- GCC Plugin: Add extra code for detecting the branch protection setting. (RHEL-35958) + +* Tue Apr 23 2024 Nick Clifton - 12.51-1 +- Annocheck: Test for gaps even when only one note is present. + +* Mon Apr 22 2024 Nick Clifton - 12.50-1 +- Annocheck: Skip AArch64 branch protection test for GO binaries. + +* Thu Apr 18 2024 Nick Clifton - 12.49-1 +- GCC Plugin: Disable active check for -Wimplicit-int for non-C sources. (#2275884) +- Annocheck: Ignore stack checks for AMD GPU binaries. +- Annocheck: Do not produce FAIL result for i686 binaries in the RHEL-10 profile. +- Annocheck: Test for __stack_chk_guard being writeable. +- Annocheck: Update heuristics for detecting glibc code in executables. (RHEL-30579) +- Clang & LLVM Plugins: Allow environment to override fortification level. (RHEL-30579) + +* Mon Mar 25 2024 Tulio Magno Quites Machado Filho - 12.46-1 +- Annocheck: Improve detection of -mbranch-protection option. +- Clang Plugin: Add global-file-syms option. +- LLVM Plugin: Add global-file-syms option. +- Plugins: Add support for ANNOBIN environment variable. +- Built By: Add more lang types. + +* Thu Mar 21 2024 Nick Clifton - 12.45-1 +- GCC Plugin: Fix bug extracing the value of target specific command line options. +- Configure: Remove check for FrontendPluginRegistry.h header as it is stored in a non-standard location on Debian systems. +- Debuginfod test: Allow for the libdwfl library silently contacting the debuginfod server. +- LLVM Plugin: Use llvm-config to get the correct paths and options for building executables. +- Clang Plugin: Likewise. +- Enable silent rules for most building. +- Annocheck: Correctly extract DWARF attributes from DT_REL files. + +* Fri Mar 01 2024 Nick Clifton - 12.42-1 +- Annocheck: Improve heuristics for locating debug info files. (#2267097) +- Configure: Harmonize configure options. + +* Tue Feb 27 2024 Nick Clifton - 12.41-1 +- Clang Plugin: Fix building with Clang 18. (#31414) +- GCC Plugin: Add support for MIPS specific target functions. +- GCC Plugin: Use .dc.a for address expressions in 64-bit ELF format notes. + +* Tue Feb 13 2024 Nick Clifron - 12.40-1 +- Annocheck: Improve heuristic for skipping LTO and FORTIFY tests. (#2264000) + +* Fri Feb 09 2024 Nick Clifron - 12.39-1 +- Annocheck: Also skip property note test for i686 binaries. (#2258571) + +* Tue Jan 23 2024 Nick Clifron - 12.38-1 +- Annocheck: Also skip the entry point test for i686 binaries. (#2258571) +- GCC Plugin: Do not use section groups with string format notes. + +* Tue Jan 16 2024 Nick Clifron - 12.36-1 +- Annocheck: Disable cf-protection test for i686 architecture. (#2258571) + +* Thu Jan 04 2024 Nick Clifron - 12.35-1 +- Annocheck: Improve detection of FIPS compliant GO binaries. +- GCC Plugin: Fix recording of the -Wimplicit-int and -Wimplicit-function-declaration warnings. Add active checks for when they are deliberately disabled. +- Tests: Fix implicit-values test so that it will compile with gcc 14+. +- GCC Plugin: Add support for -fhardended. +- Update glibc detection heuristics for PPC64. (RHEL-16453) + +* Mon Nov 06 2023 Nick Clifron - 12.30-1 +- Fix another atexit test failure. (#2247481) +- Fix atexit test failure. +- Notes: Add support for string format notes. +- GCC Plugin: Record settings of -Wstrict-flex-arrays and -fstrict-flex-arrays +- Annobin: Add future test of these options. +- GCC Plugin: Record settings of -Wimplicit-int and -Wimplicit-function-declaration. +- Annobin: Add test for these warnings. +- LLVM Plugin: Fix building with LLVM version 17. +- GCC Plugin: Enable string note format by default. + * Fri Aug 04 2023 Nick Clifron - 12.24-1 - Annocheck: Change GO FIPS test to look for CGO_ENABLED markers. diff --git a/sources b/sources index b742234..f63f4c1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (annobin-12.24.tar.xz) = 1f095d6fa2f53fecf25c4c9c0bc9fad35da5c6050c567fa6e5c8cdb42e9948f38f43d8f8136a6eb44bd8e9d1d42e1c26e396895ecec22550a5069f995f376139 +SHA512 (annobin-12.60.tar.xz) = 811393c5278773ab6bea45271e0495a21c518c591cfa25baf29fc160b3d782d74889276772a6123795bb165d6b5e04764cda939585b243371d07d36b5650c81f