diff --git a/.fmf/version b/.fmf/version deleted file mode 100644 index d00491f..0000000 --- a/.fmf/version +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/.gitignore b/.gitignore index 95233ca..424daae 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,101 @@ -/annobin-*.tar.xz -/annobin-9.51-1.fc34.src.rpm +/annobin-2.0.tar.xz +/annobin-2.1.tar.xz +/annobin-2.2.tar.xz +/annobin-2.3.tar.lz +/annobin-2.3.tar.xz +/annobin-2.4.tar.xz +/annobin-2.5.tar.xz +/annobin-2.5.1.tar.xz +/annobin-3.0.tar.xz +/annobin-3.1.tar.xz +/annobin-3.2.tar.xz +/annobin-3.3.tar.xz +/annobin-3.4.tar.xz +/annobin-3.5.tar.xz +/annobin-3.6.tar.xz +/annobin-5.0.tar.xz +/annobin-5.1.tar.xz +/annobin-5.2.tar.xz +/annobin-5.3.tar.xz +/annobin-5.4.tar.xz +/annobin-5.5.tar.xz +/annobin-5.6.tar.xz +/annobin-5.7.tar.xz +/annobin-5.8.tar.xz +/annobin-5.9.tar.xz +/annobin-5.10.tar.xz +/annobin-5.11.tar.xz +/annobin-6.0.tar.xz +/annobin-6.1.tar.xz +/annobin-6.2.tar.xz +/annobin-6.3.tar.xz +/annobin-6.4.tar.xz +/annobin-6.5.tar.xz +/annobin-6.6.tar.xz +/annobin-7.0.tar.xz +/annobin-7.1.tar.xz +/annobin-8.0.tar.xz +/annobin-8.1.tar.xz +/annobin-8.2.tar.xz +/annobin-8.3.tar.xz +/annobin-8.4.tar.xz +/annobin-8.5.tar.xz +/annobin-8.6.tar.xz +/annobin-8.7.tar.xz +/annobin-8.8.tar.xz +/annobin-8.9.tar.xz +/annobin-8.10.tar.xz +/annobin-8.11.tar.xz +/annobin-8.12.tar.xz +/annobin-8.13.tar.xz +/annobin-8.14.tar.xz +/annobin-8.15.tar.xz +/annobin-8.16.tar.xz +/annobin-8.17.tar.xz +/annobin-8.18.tar.xz +/annobin-8.19.tar.xz +/annobin-8.20.tar.xz +/annobin-8.21.tar.xz +/annobin-8.22.tar.xz +/annobin-8.23.tar.xz +/annobin-8.24.tar.xz +/annobin-8.25.tar.xz +/annobin-8.26.tar.xz +/annobin-8.27.tar.xz +/annobin-8.29.tar.xz +/annobin-8.30.tar.xz +/annobin-8.31.tar.xz +/annobin-8.32.tar.xz +/annobin-8.33.tar.xz +/annobin-8.34.tar.xz +/annobin-8.35.tar.xz +/annobin-8.36.tar.xz +/annobin-8.37.tar.xz +/annobin-8.38.tar.xz +/annobin-8.39.tar.xz +/annobin-8.41.tar.xz +/annobin-8.44.tar.xz +/annobin-8.45.tar.xz +/annobin-8.48.tar.xz +/annobin-8.49.tar.xz +/annobin-8.50.tar.xz +/annobin-8.51.tar.xz +/annobin-8.52.tar.xz +/annobin-8.53.tar.xz +/annobin-8.55.tar.xz +/annobin-8.56.tar.xz +/annobin-8.57.tar.xz +/annobin-8.58.tar.xz +/annobin-8.59.tar.xz +/annobin-8.60.tar.xz +/annobin-8.61.tar.xz +/annobin-8.62.tar.xz +/annobin-8.63.tar.xz +/annobin-8.64.tar.xz +/annobin-8.65.tar.xz +/annobin-8.66.tar.xz +/annobin-8.67.tar.xz +/annobin-8.68.tar.xz +/annobin-8.69.tar.xz +/annobin-8.70.tar.xz +/annobin-8.71.tar.xz diff --git a/annobin.spec b/annobin.spec index f2f5ad0..dab5e0c 100644 --- a/annobin.spec +++ b/annobin.spec @@ -1,208 +1,46 @@ +# Suppress this for BZ 1630550. +# The problem should now only arise when rebasing to a new major version +# of gcc, in which case the undefine below can be temporarily reinstated. +# +# # Do not build the annobin plugin with annotation enabled. +# # This is because if we are bootstrapping a new build environment we can have +# # a new version of gcc installed, but without a new of annobin installed. +# # (i.e. we are building the new version of annobin to go with the new version +# # of gcc). If the *old* annobin plugin is used whilst building this new +# # version, the old plugin will complain that version of gcc for which it +# # was built is different from the version of gcc that is now being used, and +# # then it will abort. +# %%undefine _annotated_build + Name: annobin -Summary: Annotate and examine compiled binary files -Version: 13.05 -Release: 2%{?dist} -License: GPL-3.0-or-later AND LGPL-2.0-or-later AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND GFDL-1.3-or-later -URL: https://sourceware.org/annobin/ -# Maintainer: nickc@redhat.com -# Web Page: https://sourceware.org/annobin/ -# Watermark Protocol: https://fedoraproject.org/wiki/Toolchain/Watermark +Summary: Binary annotation plugin for GCC +Version: 8.71 +Release: 4%{?dist} -#--------------------------------------------------------------------------------- +License: GPLv3+ +URL: https://fedoraproject.org/wiki/Toolchain/Watermark -# Use "--without tests" to disable the testsuite. +# Use "--without tests" to disable the testsuite. The default is to run them. %bcond_without tests # Use "--without annocheck" to disable the installation of the annocheck program. %bcond_without annocheck -# Use "--with debuginfod" to force support for debuginfod to be compiled into -# the annocheck program. By default the configure script will check for -# availablilty at build time, but this might not match the run time situation. -# FIXME: Add a --without debuginfod option to forcefully disable the configure -# time check for debuginfod support. -%bcond_with debuginfod - -# Use "--without clangplugin" to disable the building of the annobin plugin for Clang. -%bcond_without clangplugin - -# Use "--without gccplugin" to disable the building of the annobin plugin for GCC. -%bcond_without gccplugin - -# Use "--without llvmplugin" to disable the building of the annobin plugin for LLVM. -%bcond_without llvmplugin - # Set this to zero to disable the requirement for a specific version of gcc. # This should only be needed if there is some kind of problem with the version -# checking logic or when building on RHEL-7 or earlier. -# -# Update: now that we have gcc version checking support in redhat-rpm-config -# there is no longer a great need for a hard gcc version check here. Not -# enabling this check greatly simplifies the process of installing a new major -# version of gcc into the buildroot. -%global with_hard_gcc_version_requirement 0 - -%bcond_without plugin_rebuild -# Allow the building of annobin without using annobin itself. -# This is because if we are bootstrapping a new build environment we can have -# a new version of gcc installed, but without a new of annobin installed. -# (i.e. we are building the new version of annobin to go with the new version -# of gcc). If the *old* annobin plugin is used whilst building this new -# version, the old plugin will complain that version of gcc for which it -# was built is different from the version of gcc that is now being used, and -# then it will abort. -# -# The default is to use plugin during rebuilds (cf BZ 1630550) but this can -# be changed because of the need to be able to rebuild annobin when a change -# to gcc breaks the version installed into the buildroot. Note however that -# uncommenting the lines below will result in annocheck not passing the rpminspect -# tests.... -# %%if %%{without plugin_rebuild} -# %%undefine _annotated_build -# %%endif +# checking logic. +%global with_hard_gcc_version_requirement 1 #--------------------------------------------------------------------------------- - -%global annobin_sources annobin-%{version}.tar.xz -Source: https://nickc.fedorapeople.org/%{annobin_sources} +Source: https://nickc.fedorapeople.org/annobin-%{version}.tar.xz # For the latest sources use: git clone git://sourceware.org/git/annobin.git -# This is where a copy of the sources will be installed. -%global annobin_source_dir %{_usrsrc}/annobin - -# Insert patches here, if needed. Eg: -# Patch01: annobin-plugin-default-string-notes.patch +# Insert patches here, if needed. +# Patch01: annobin-xxx.patch #--------------------------------------------------------------------------------- -# Make sure that the necessary sub-packages are built. - -%if %{with gccplugin} -Requires: %{name}-plugin-gcc -%endif - -%if %{with llvmplugin} -Requires: %{name}-plugin-llvm -%endif - -%if %{with clangplugin} -Requires: %{name}-plugin-clang -%endif - -#--------------------------------------------------------------------------------- - -%description -This package contains the tools needed to annotate binary files created by -compilers, and also the tools needed to examine those annotations. - -%if %{with gccplugin} -One of the tools is a plugin for GCC that records information about the -security options that were in effect when the binary was compiled. - -Note - the plugin is automatically enabled in gcc builds via flags -provided by the redhat-rpm-macros package. -%endif - -%if %{with clangplugin} -One of the tools is a plugin for Clang that records information about the -security options that were in effect when the binary was compiled. -%endif - -%if %{with llvmplugin} -One of the tools is a plugin for LLVM that records information about the -security options that were in effect when the binary was compiled. -%endif - -%if %{with annocheck} -One of the tools is a security checker which analyses the notes present in -annotated files and reports on any missing security options. -%endif - -#--------------------------------------------------------------------------- - -# Now that we have sub-packages for all of the plugins and for annocheck, -# there are no executables left to go into the "annobin" rpm. But top-level -# packages cannot have "BuildArch: noarch" if sub-packages do have -# architecture requirements, and rpmlint generates an error if an -# architecture specific rpm does not contain any binaries. So instead all of -# the documentation has been moved into an architecture neutral sub-package, -# and there no longer is a top level annobin rpm at all. - -%package docs -Summary: Documentation and shell scripts for use with annobin -BuildArch: noarch -# The documentation uses pod2man... -BuildRequires: perl-interpreter perl-podlators gawk make sharutils - -%description docs -Provides the documentation files and example shell scripts for use with annobin. - -#---------------------------------------------------------------------------- -%if %{with tests} - -%package tests -Summary: Test scripts and binaries for checking the behaviour and output of the annobin plugin -Requires: %{name}-docs = %{version}-%{release} -BuildRequires: make sharutils -%if %{with debuginfod} -BuildRequires: elfutils-debuginfod-client-devel -%endif - -%description tests -Provides a means to test the generation of annotated binaries and the parsing -of the resulting files. - -%endif - -#---------------------------------------------------------------------------- -%if %{with annocheck} - -%package annocheck -Summary: A tool for checking the security hardening status of binaries - -BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel make - -%if %{with debuginfod} -BuildRequires: elfutils-debuginfod-client-devel -%endif - -Requires: %{name}-docs = %{version}-%{release} -Requires: cpio rpm - -%description annocheck -Installs the annocheck program which uses the notes generated by annobin to -check that the specified files were compiled with the correct security -hardening options. - -%package libannocheck -Summary: A library for checking the security hardening status of binaries - -BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel make - -%if %{with debuginfod} -BuildRequires: elfutils-debuginfod-client-devel -%endif - -Requires: %{name}-docs = %{version}-%{release} - -%description libannocheck -Installs the libannocheck library which uses the notes generated by the -annobin plugins to check that the specified files were compiled with the -correct security hardening options. - -%endif - -#---------------------------------------------------------------------------- -%if %{with gccplugin} - -%package plugin-gcc -Summary: annobin gcc plugin - -Requires: %{name}-docs = %{version}-%{release} -Conflicts: %{name} <= 9.60-1 -BuildRequires: gcc-c++ gcc-plugin-devel - # [Stolen from gcc-python-plugin] # GCC will only load plugins that were built against exactly that build of GCC # We thus need to embed the exact GCC version as a requirement within the @@ -247,7 +85,7 @@ BuildRequires: gcc-c++ gcc-plugin-devel %global gcc_major 0 %endif -# For a gcc plugin gcc is required. +# This is a gcc plugin, hence gcc is required. %if %{with_hard_gcc_version_requirement} # BZ 1607430 - There is an exact requirement on the major version of gcc. Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next}) @@ -255,54 +93,46 @@ Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next}) Requires: gcc %endif -# Information about the gcc plugin is recorded in this file. -%global aver annobin-plugin-version-info +BuildRequires: gcc gcc-plugin-devel gcc-c++ -%description plugin-gcc -Installs an annobin plugin that can be used by gcc. +%description +Provides a plugin for GCC that records extra information in the files +that it compiles and a set of scripts that can analyze the recorded +information. + +Note - the plugin is automatically enabled in gcc builds via flags +provided by the redhat-rpm-macros package. + +#--------------------------------------------------------------------------------- +%if %{with tests} + +%package tests +Summary: Test scripts and binaries for checking the behaviour and output of the annobin plugin + +%description tests +Provides a means to test the generation of annotated binaries and the parsing +of the resulting files. %endif #--------------------------------------------------------------------------------- -%if %{with llvmplugin} +%if %{with annocheck} -%package plugin-llvm -Summary: annobin llvm plugin +%package annocheck +Summary: A tool for checking the security hardening status of binaries -Requires: %{name}-docs = %{version}-%{release} -Requires: llvm-libs -Conflicts: %{name} <= 9.60-1 -BuildRequires: clang clang-devel llvm llvm-devel compiler-rt +BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel -%description plugin-llvm -Installs an annobin plugin that can be used by LLVM tools. - -%endif - -#--------------------------------------------------------------------------------- -%if %{with clangplugin} - -%package plugin-clang -Summary: annobin clang plugin - -Requires: %{name}-docs = %{version}-%{release} -Requires: llvm-libs -Conflicts: %{name} <= 9.60-1 -BuildRequires: clang clang-devel llvm llvm-devel compiler-rt - -%description plugin-clang -Installs an annobin plugin that can be used by Clang. +%description annocheck +Installs the annocheck program which uses the notes generated by annobin to +check that the specified files were compiled with the correct security +hardening options. %endif #--------------------------------------------------------------------------------- -# Decide where the plugins will live. Change if necessary. - -%global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin) - -%{!?llvm_plugin_dir:%global llvm_plugin_dir %{_libdir}/llvm/plugins} -%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/plugins} +%global ANNOBIN_PLUGIN_DIR %(gcc --print-file-name=plugin) #--------------------------------------------------------------------------------- @@ -312,1537 +142,84 @@ if [ -z "%{gcc_vr}" ]; then exit 1 fi -echo "Requires: (gcc >= %{gcc_major} and gcc < %{gcc_next})" +echo "Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next})" %autosetup -p1 # The plugin has to be configured with the same arcane configure # scripts used by gcc. Hence we must not allow the Fedora build # system to regenerate any of the configure files. -touch aclocal.m4 gcc-plugin/config.h.in +touch aclocal.m4 plugin/config.h.in touch configure */configure Makefile.in */Makefile.in # Similarly we do not want to rebuild the documentation. touch doc/annobin.info -# Generate a source tarball for installation later with all the patches -# applied. This must be the last step in the prep section. -tar -C ../ -cJf ../latest-annobin.tar.xz %{name}-%{version} - #--------------------------------------------------------------------------------- %build - -CONFIG_ARGS="--quiet" - -%if %{with debuginfod} -CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod" -%else -# Note - we explicitly disable debuginfod support if it was not configured. -# This is because by default annobin's configue script will assume --with-debuginfod=auto -# and then run a build time test to see if debugingfod is available. It -# may well be, but the build time environment may not match the run time -# environment, and the rpm will not have a Requirement on the debuginfod -# client. -CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod" -%endif - -%if %{without clangplugin} -CONFIG_ARGS="$CONFIG_ARGS --without-clang-plugin" -%endif - -%if %{without gccplugin} -CONFIG_ARGS="$CONFIG_ARGS --without-gcc-plugin" -%else -CONFIG_ARGS="$CONFIG_ARGS --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}" -%endif - -%if %{without llvmplugin} -CONFIG_ARGS="$CONFIG_ARGS --without-llvm-plugin" -%endif - -%if %{without tests} -CONFIG_ARGS="$CONFIG_ARGS --without-tests" -%endif - -%if %{without annocheck} -CONFIG_ARGS="$CONFIG_ARGS --without-annocheck" -%else -export CFLAGS="$CFLAGS -DAARCH64_BRANCH_PROTECTION_SUPPORTED=1" -%endif - -%set_build_flags - -export CFLAGS="$CFLAGS $RPM_OPT_FLAGS %build_cflags" -export LDFLAGS="$LDFLAGS %build_ldflags" - -# Set target-specific options to be used when building the Clang and LLVM plugins. -# FIXME: There should be a better way to do this. -%ifarch %{ix86} x86_64 -export CLANG_TARGET_OPTIONS="-fcf-protection" -%endif -%ifarch aarch64 -export CLANG_TARGET_OPTIONS="-mbranch-protection=standard" -%endif -%ifnarch riscv64 -export CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS -flto" -%endif - -# Override the default fortification level used by the Clang and LLVM plugins. -export PLUGIN_FORTIFY_OPTION="-D_FORTIFY_SOURCE=3" - -CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" CXXFLAGS="$CFLAGS" %configure ${CONFIG_ARGS} || cat config.log - +%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_PLUGIN_DIR} %make_build - -%if %{with plugin_rebuild} -# Rebuild the plugin(s), this time using the plugin itself! This +# Rebuild the plugin, this time using the plugin itself! This # ensures that the plugin works, and that it contains annotations -# of its own. - -%if %{with gccplugin} -cp gcc-plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so -make -C gcc-plugin clean -BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so" - -# Disable the standard annobin plugin so that we do get conflicts. -# Note - rpm-4.10 uses a different way of evaluating macros. -%if 0%{?rhel} && 0%{?rhel} < 7 -OPTS="$(rpm --eval '%undefine _annotated_build %build_cflags %build_ldflags')" -%else -OPTS="$(rpm --undefine=_annotated_build --eval '%build_cflags %build_ldflags')" -%endif - -# If building on systems with an assembler that does not support the -# .attach_to_group pseudo op (eg RHEL-7) then enable the next line. -# BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach" - -make -C gcc-plugin CXXFLAGS="$OPTS $BUILD_FLAGS" +# of its own. This could mean that we end up with a plugin with +# double annotations in it. (If the build system enables annotations +# for plugins by default). I have not tested this yet, but I think +# that it should be OK. +cp plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so +make -C plugin clean +make -C plugin CXXFLAGS="%{optflags} -fplugin=%{_tmppath}/tmp_annobin.so -fplugin-arg-tmp_annobin-rename" rm %{_tmppath}/tmp_annobin.so -%endif - -%if %{with clangplugin} -cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so -# To enable verbose more in the plugin append the following: ANNOBIN="verbose" -make -C clang-plugin clean all CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS $BUILD_FLAGS" PLUGIN_INSTALL_DIR=%{clang_plugin_dir} -%endif - -%if %{with llvmplugin} -cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so -# To enable verbose more in the plugin append the following: ANNOBIN_VERBOSE="true" -make -C llvm-plugin clean all CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS $BUILD_FLAGS" PLUGIN_INSTALL_DIR=%{llvm_plugin_dir} -%endif - -# endif for %%if {with_plugin_rebuild} -%endif #--------------------------------------------------------------------------------- %install - -# PLUGIN_INSTALL_DIR is used by the Clang and LLVM makefiles... -%make_install PLUGIN_INSTALL_DIR=%{buildroot}/%{llvm_plugin_dir} - -%if %{with clangplugin} -# Move the clang plugin to a seperate directory. -mkdir -p %{buildroot}/%{clang_plugin_dir} -mv %{buildroot}/%{llvm_plugin_dir}/annobin-for-clang.so %{buildroot}/%{clang_plugin_dir} -%endif - -%if %{with gccplugin} -# Record the version of gcc that built this plugin. -# Note - we cannot just store %%{gcc_vr} as sometimes the gcc rpm version changes -# without the NVR being altered. See BZ #2030671 for more discussion on this. -mkdir -p %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR} -cat `gcc --print-file-name=rpmver` > %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver} - -# Also install a copy of the sources into the build tree. -mkdir -p %{buildroot}%{annobin_source_dir} -cp ../latest-annobin.tar.xz %{buildroot}%{annobin_source_dir}/latest-annobin.tar.xz -%endif - -rm -f %{buildroot}%{_infodir}/dir - -# When annocheck is disabled, annocheck.1.gz will still be generated, remove it. -%if %{without annocheck} -rm -f %{_mandir}/man1/annocheck.1.gz -%endif +%make_install +%{__rm} -f %{buildroot}%{_infodir}/dir #--------------------------------------------------------------------------------- %if %{with tests} %check -# The first "make check" is run with "|| :" so that we can capture any logs -# from failed tests. The second "make check" is there so that the build -# will fail if any of the tests fail. -make check || : -if [ -f tests/test-suite.log ]; then - cat tests/test-suite.log -fi -# If necessary use uuencode to preserve test binaries here. For example: -# uuencode tests/tmp_atexit/atexit.strip atexit.strip - make check %endif #--------------------------------------------------------------------------------- -%files docs +%files +%{ANNOBIN_PLUGIN_DIR} +%{_bindir}/built-by +%{_bindir}/check-abi +%{_bindir}/hardened +%{_bindir}/run-on-binaries-in %license COPYING3 LICENSE -%dir %{_datadir}/doc/annobin-plugin %exclude %{_datadir}/doc/annobin-plugin/COPYING3 %exclude %{_datadir}/doc/annobin-plugin/LICENSE %doc %{_datadir}/doc/annobin-plugin/annotation.proposal.txt -%{_infodir}/annobin.info* -%{_mandir}/man1/annobin.1* -%exclude %{_mandir}/man1/built-by.1* -%exclude %{_mandir}/man1/check-abi.1* -%exclude %{_mandir}/man1/hardened.1* -%exclude %{_mandir}/man1/run-on-binaries-in.1* - -%if %{with llvmplugin} -%files plugin-llvm -%dir %{llvm_plugin_dir} -%{llvm_plugin_dir}/annobin-for-llvm.so -%endif - -%if %{with clangplugin} -%files plugin-clang -%dir %{clang_plugin_dir} -%{clang_plugin_dir}/annobin-for-clang.so -%endif - -%if %{with gccplugin} -%files plugin-gcc -%dir %{ANNOBIN_GCC_PLUGIN_DIR} -%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so -%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0 -%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0.0.0 -%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver} -%dir %{annobin_source_dir} -%{annobin_source_dir}/latest-annobin.tar.xz -%endif +%doc %{_infodir}/annobin.info.gz +%doc %{_mandir}/man1/annobin.1.gz +%doc %{_mandir}/man1/built-by.1.gz +%doc %{_mandir}/man1/check-abi.1.gz +%doc %{_mandir}/man1/hardened.1.gz +%doc %{_mandir}/man1/run-on-binaries-in.1.gz %if %{with annocheck} %files annocheck %{_bindir}/annocheck -%{_mandir}/man1/annocheck.1* - -%files libannocheck -%{_includedir}/libannocheck.h -%{_libdir}/libannocheck.* -%{_libdir}/pkgconfig/libannocheck.pc +%doc %{_mandir}/man1/annocheck.1.gz %endif #--------------------------------------------------------------------------------- %changelog -* Fri Jan 16 2026 Fedora Release Engineering - 13.05-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild +* Thu Apr 09 2020 Nick Clifton - 8.71-4 +- NVR bump to allow rebuild against new gcc. -* Thu Jan 15 2026 Nick Clifton - 13.05-1 -- Annocheck: Add .fc44 to list of known rpm file extensions. +* Wed Sep 04 2019 Nick Clifton - 8.71-3 +- NVR bump in order to allow rebuild against latest F30 gcc. -* Sat Dec 20 2025 Jakub Jelinek - 13.04-3 -- NVR bump to allow rebuild for new GCC in a side-tag. - -* Sat Dec 20 2025 Jakub Jelinek - 13.04-2 -- NVR bump to allow rebuild for new GCC in a side-tag. - -* Thu Dec 18 2025 Nick Clifton - 13.04-1 -- Annocheck: Fix compile time warnings from GCC-15 re: strchr returning a const char *. - -* Wed Nov 05 2025 Nick Clifton - 13.03-1 -- Annocheck: Skip production test for gcc libraries. (RHEL-123175) - -* Fri Oct 31 2025 Nick Clifton - 13.02-1 -- Annocheck: Update heuristic to detect gcc libraries. (RHEL-124869) - -* Thu Oct 23 2025 Nick Clifton - 13.01-1 -- Annocheck: Change FAIL for binaries built by a cross compiler to a MAYBE. (RHEL-123175) - -* Wed Aug 06 2025 Nick Clifton - 12.99-1 -- Annocheck: Improve detection of glibc static maths libraries. (RHEL-107470) - -* Wed Jul 23 2025 Fedora Release Engineering - 12.98-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild - -* Fri Jul 04 2025 Tulio Magno Quites Machado Filho - 12.98-1 -- Improve configure and meson files for consistent builds. - -* Thu Jun 19 2025 Nick Clifton - 12.97-1 -- Annocheck: Delete the temporary debug info directory after the tests have finished. - -* Wed Jun 04 2025 Nick Clifton - 12.96-1 -- Annocheck: Fix bugs in debug rpm location code. Add more glibc exceptions. (RHEL-95216) - -* Thu May 15 2025 Nick Clifton - 12.95-1 -- Annocheck: Improve performance with multiple debug info files and multiple files to scan. (#2366180) - -* Tue May 13 2025 Nick Clifton - 12.94-1 -- Annocheck: Update heuristic for detecting gcc files to cope with gcc 15. (#2365824) - -* Mon Mar 17 2025 Nick Clifton - 12.93-1 -- Annocheck: Fix test for GO revision. (RHEL-56031) - -* Fri Feb 14 2025 Nick Clifton - 12.92-1 -- Annocheck: Do not rely upon libelf's ability to detect links to separate debuginfo files. (RHEL-79264) - -* Thu Feb 13 2025 Nick Clifton - 12.91-1 -- Annocheck: Fix resource leak. (RHEL-79253) - -* Wed Feb 12 2025 Nick Clifton - 12.90-1 -- Annocheck: Fix double free. Add special handling for COMBOOT modules. - -* Tue Feb 11 2025 Nick Clifton - 12.89-1 -- Annocheck: Improve diagnostics when a separate debug info file cannot be found. - -* Mon Feb 03 2025 Nick Clifton - 12.88-1 -- Annocheck: Look for -fstack-clash-protection in DW_AT_producer string. (RHEL-77328) - -* Tue Jan 28 2025 Nick Clifton - 12.87-1 -- Annocheck: Fix locating string notes (again). Add exception for glibc benchmark tests. (RHEL-76456) - -* Mon Jan 27 2025 Nick Clifton - 12.86-1 -- Annocheck: Add crtoffloadtableS.o to list of known gcc binaries. (RHEL-760404) - -* Mon Jan 27 2025 Nick Clifton - 12.85-1 -- Annocheck: Fix the --debug-dir option. - -* Thu Jan 23 2025 Nick Clifton - 12.84-1 -- Annocheck: Fix corrupt warning message when unable to locate separate debug info files. - -* Wed Jan 22 2025 Nick Clifton - 12.83-1 -- Annocheck: Remove spurious debugging messages. - -* Wed Jan 22 2025 Nick Clifton - 12.82-1 -- Annocheck: Always look for annobin notes in separate debug info files. (RHEL-75778) - -* Thu Jan 16 2025 Nick Clifton - 12.81-1 -- Annocheck: Support multiple --debug-rpm and --debug-file options. (RHEL-73349) - -* Sat Jan 11 2025 Jakub Jelinek - 12.80-2 -- NVR bump to allow rebuild for new GCC in a side-tag. - -* Fri Dec 13 2024 Nick Clifton - 12.80-1 -- Annocheck: Add support for sys-root'ed glibc packages. (RHEL-71296) - -* Tue Dec 10 2024 Nick Clifton - 12.79-1 -- GCC Plugin: Tidy up use of gcc's diagnoatic headers. (#32429) -- Testsuite: Use configured compiler when running tests. - -* Mon Dec 09 2024 Nick Clifton - 12.78-1 -- GCC Plugin: Fix building with gcc 15. (#32429) - -* Fri Nov 15 2024 Nick Clifton - 12.77-1 -- Annocheck: Fix overly long debug messages. - -* Fri Nov 15 2024 Nick Clifton - 12.76-1 -- Annocheck: Rename rwx-seg test to load-segments. Add more checks. Add check for gaps as a future fail. -- Annocheck: Add --no-allow-excpetions to disable exceptions for known special binaries. -- Annocheck: Add --enable-future to enable future fail components in normal tests. -- Annocheck: Fix bug preventing the inclusion of the rpm name in reports. - -* Tue Nov 12 2024 Nick Clifton - 12.75-1 -- Annocheck: Add more exceptions for gcc binaries. (RHEL-33365) -- Annocheck: Add --skip-passes option. - -* Wed Nov 06 2024 Nick Clifton - 12.74-1 -- Annocheck: Add exceptions for gcc binaries. (RHEL-33365) - -* Tue Nov 05 2024 Nick Clifton - 12.73-1 -- Annocheck: Skip property note test for i386 binaries created by LLVM. (#2323797) - -* Fri Nov 01 2024 Nick Clifton - 12.72-1 -- Annocheck: Skip FORTIFY and GLIBC_ASSERTIONS tests for LLVM produced binaries with unparseable DW_AT_producer attributes in their DWARF debug info. (RHEL-65411) - -* Mon Oct 14 2024 Nick Clifton - 12.71-1 -- GCC Plugin: Change type of the .annobin.notes section from SHT_STRTAB to SHT_PROGBITS. - -* Tue Aug 13 2024 Nick Clifton - 12.70-1 -- Clang & LLVM Plugins: Include install directory in binary. (RHEL-54069) - -* Mon Aug 12 2024 Nick Clifton - 12.69-1 -- BuiltBy: Fix seg-fault when comparing language version strings. (RHEL-53497) - -* Wed Aug 07 2024 Nick Clifton - 12.67-1 -- Annocheck: Stop spurious assembler warnings. (RHEL-53213) -- Annocheck: Stop warnings about known gaps. (RHEL-53218) - -* Fri Aug 02 2024 Nick Clifton - 12.66-1 -- Annocheck: Fix stack realign test. (#2302427) - -* Mon Jul 29 2024 Nick Clifton - 12.65-1 -- Annocheck: Fix recording arguments for later re-use. (RHEL-50802) - -* Fri Jul 26 2024 Nick Clifton - 12.64-1 -- GCC Plugin: Fix building AArch64 components with gcc earlier than 11.3. - -* Mon Jul 22 2024 Nick Clifton - 12.63-1 -- Annocheck: Add improvements to the builtby utility. - -* Wed Jul 17 2024 Fedora Release Engineering - 12.62-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Mon Jul 08 2024 Nick Clifton - 12.62-1 -- Annocheck: Add support for ADA binaries. -- Annocheck: Add support for binaries built from more than two high level source languages. -- Annocheck: Add support for object files containing no executable code. -- Annocheck: Do not FAIL LLVM compiled binaries that have not been built with sanitize-cfi and/or sanitize-safe-stack. - -* Wed Jun 26 2024 Nick Clifton - 12.60-1 -- Annocheck: Add support for Fortran binaries. - -* Tue Jun 11 2024 Nick Clifton - 12.59-1 -- Annocheck: Add heuristic for detecting parts of the CGO runtime library. - -* Mon Jun 10 2024 Nick Clifton - 12.58-1 -- Annocheck: Add improvements for handling Clang runtime binaries. - -* Tue Jun 04 2024 Nick Clifton - 12.57-1 -- Annocheck: Add tweaks for mixed Rust/C binaries. (#2284605) -- Annocheck: Add more glibc source file names. - -* Mon May 20 2024 Nick Clifton - 12.55-1 -- Annocheck: Skip GAPS test for GO binaries. (RHEL-36308) - -* Mon May 20 2024 Nick Clifton - 12.54-2 -- Spec File: Add annobin plugin document directory to the files section. (#2279779) - -* Tue May 14 2024 Nick Clifton - 12.54-1 -- Annocheck: Remove some false positives for Rust binaries. (#2280239) - -* Thu May 09 2024 Nick Clifton - 12.53-2 -- Spec File: Add the annobin source directory to the files section. (#2279779) - -* Thu May 09 2024 Nick Clifton - 12.53-1 -- Annocheck: Defer passing the branch protection test until all notes have been checked. -- GCC Plugin: Add extra code for detecting the branch protection setting. (RHEL-35958) - -* Thu Apr 25 2024 Nick Clifton - 12.52-1 -- Annocheck: Add OpenSSL Engine test. (PTG-319) - -* Tue Apr 23 2024 Nick Clifton - 12.51-1 -- Annocheck: Test for gaps even when only one note is present. - -* Mon Apr 22 2024 Nick Clifton - 12.50-1 -- Annocheck: Skip AArch64 branch protection test for GO binaries. - -* Thu Apr 18 2024 Nick Clifton - 12.49-1 -- GCC Plugin: Disable active check for -Wimplicit-int for non-C sources. (#2275884) -- Annocheck: Ignore stack checks for AMD GPU binaries. -- Annocheck: Do not produce FAIL result for i686 binaries in the RHEL-10 profile. -- Annocheck: Test for __stack_chk_guard being writeable. - -* Tue Apr 02 2024 Nick Clifton - 12.48-1 -- Annocheck: Update heuristics for detecting glibc code in executables. (RHEL-30579) - -* Wed Mar 27 2024 Nick Clifton - 12.47-1 -- Clang & LLVM Plugins: Allow environment to override fortification level. (RHEL-30579) -- Spec File: Override fortification level and set it to 3. - -* Mon Mar 25 2024 Tulio Magno Quites Machado Filho - 12.46-1 -- Annocheck: Improve detection of -mbranch-protection option. -- Clang Plugin: Add global-file-syms option. -- LLVM Plugin: Add global-file-syms option. -- Plugins: Add support for ANNOBIN environment variable. - -* Thu Mar 21 2024 Nick Clifton - 12.45-1 -- GCC Plugin: Fix bug extracing the value of target specific command line options. - -* Wed Mar 06 2024 Nick Clifton - 12.44-1 -- Configure: Remove check for FrontendPluginRegistry.h header as it is stored in a non-standard location on Debian systems. -- Debuginfod test: Allow for the libdwfl library silently contacting the debuginfod server. - -* Tue Mar 05 2024 Nick Clifton - 12.43-1 -- LLVM Plugin: Use llvm-config to get the correct paths and options for building executables. -- Clang Plugin: Likewise. -- Enable silent rules for most building. -- Annocheck: Correctly extract DWARF attributes from DT_REL files. - -* Fri Mar 01 2024 Nick Clifton - 12.42-1 -- Annocheck: Improve heuristics for locating debug info files. (#2267097) -- Configure: Harmonize configure options. - -* Tue Feb 27 2024 Nick Clifton - 12.41-1 -- Clang Plugin: Fix building with Clang 18. (#31414) -- GCC Plugin: Add support for MIPS specific target functions. -- GCC Plugin: Use .dc.a for address expressions in 64-bit ELF format notes. - -* Tue Feb 20 2024 Tulio Magno Quites Machado Filho - 12.40-2 -- Spec File: Remove a workaround for ppc64le. - -* Tue Feb 13 2024 Nick Clifton - 12.40-1 -- Annocheck: Improve heuristic for skipping LTO and FORTIFY tests. (#2264000) - -* Fri Feb 09 2024 Nick Clifton - 12.39-1 -- Annocheck: Also skip property note test for i686 binaries. (#2258571) - -* Tue Jan 23 2024 Nick Clifton - 12.38-1 -- Annocheck: Also skip the entry point test for i686 binaries. (#2258571) - -* Mon Jan 22 2024 Fedora Release Engineering - 12.37-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Fri Jan 19 2024 Fedora Release Engineering - 12.37-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Wed Jan 17 2024 Nick Clifton - 12.37-1 -- GCC Plugin: Do not use section groups with string format notes. - -* Tue Jan 16 2024 Nick Clifton - 12.36-2 -- Spec File: NVR bump in order to allow building in side tag. - -* Tue Jan 16 2024 Nick Clifton - 12.36-1 -- Annocheck: Disable cf-protection test for i686 architecture. (#2258571) - -* Mon Jan 15 2024 Nick Clifton - 12.35-4 -- Spec File: NVR bump in order to allow building in side tag. - -* Mon Jan 15 2024 Nick Clifton - 12.35-3 -- Spec File: Disable hard gcc check in order to allow builds with new version of gcc. - -* Thu Jan 11 2024 Songsong Zhang - 12.35-2 -- Spec File: Do not install annocheck.1.gz when annocheck is disabled. - -* Thu Jan 04 2024 Nick Clifton - 12.35-1 -- Annocheck: Improve detection of FIPS compliant GO binaries. - -* Fri Dec 15 2023 Nick Clifton - 12.34-1 -- GCC Plugin: Fix recording of the -Wimplicit-int and -Wimplicit-function-declaration warnings. Add active checks for when they are deliberately disabled. - -* Mon Dec 11 2023 Nick Clifton - 12.33-1 -- Tests: Fix implicit-values test so that it will compile with gcc 14+. - -* Fri Nov 24 2023 Nick Clifton - 12.32-1 -- GCC Plugin: Add support for -fhardended. - -* Wed Nov 15 2023 Nick Clifton - 12.31-1 -- Update glibc detection heuristics for PPC64. (RHEL-16453) - -* Wed Nov 01 2023 Nick Clifton - 12.30-1 -- Fix another atexit test failure. (#2247481) - -* Mon Oct 30 2023 Nick Clifton - 12.29-1 -- Fix atexit test failure. -- Notes: Add support for string format notes. - -* Fri Oct 06 2023 Nick Clifton - 12.28-1 -- GCC Plugin: Record settings of -Wstrict-flex-arrays and -fstrict-flex-arrays -- Annobin: Add future test of these options. - -* Tue Sep 26 2023 Nick Clifton - 12.27-1 -- GCC Plugin: Record settings of -Wimplicit-int and -Wimplicit-function-declaration. -- Annobin: Add test for these warnings. - -* Wed Sep 06 2023 Nick Clifton - 12.26-1 -- LLVM Plugin: Fix building with LLVM version 17. - -* Wed Aug 30 2023 Nick Clifton - 12.25-1 -- GCC Plugin: Enable string note format by default. - -* Fri Aug 04 2023 Nick Clifton - 12.24-1 -- Annocheck: Change GO FIPS test to look for CGO_ENABLED markers. - -* Mon Jul 31 2023 Nick Clifton - 12.23-1 -- Annocheck: Add test for FIPS compliant GO binaries. - -* Wed Jul 26 2023 Nick Clifton - 12.22-1 -- Annocheck: Fix double free. (#2226749) - -* Wed Jul 19 2023 Fedora Release Engineering - 12.21-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Tue Jul 18 2023 Nick Clifton - 12.21-1 -- Spec File: migrated to SPDX license. (#2222112) - -* Mon Jul 17 2023 Nick Clifton - 12.20-2 -- Spec File: Change License field to use SPDX notation. (#2222112) - -* Mon Jul 17 2023 Nick Clifton - 12.20-1 -- Annocheck: Ignore AArch64 $x and $d symbols. (#2221192) - -* Wed Jul 05 2023 Nick Clifton - 12.19-1 -- GCC Plugin: Suppress active checks for fortran sources. Improve scanning of COLLECT_GCC_OPTIONS. - -* Thu Jun 29 2023 Nick Clifton - 12.18-1 -- Annocheck: Remove dependency upon binutils-devel. - -* Thu Jun 29 2023 Nick Clifton - 12.17-1 -- Annocheck: Add detection of known parts of libstdc++-nonshared.a that contain gaps. (#2217864) - -* Tue Jun 27 2023 Nick Clifton - 12.16-1 -- Annocheck: Ignore weak/undef function symbols when checking to see if a binary contains code. (#2217840) - -* Mon Jun 26 2023 Nick Clifton - 12.15-1 -- Annocheck: Add --suppress-version-warnings option. - -* Thu Jun 22 2023 Nick Clifton - 12.14-1 -- Annocheck: Do not ignore separate debuginfo files that do not contain any DWARF. (#2144553) - -* Tue Jun 20 2023 Nick Clifton - 12.13-1 -- Annocheck: Ignore /dev/null filename in string notes. -- Annocheck: More tweaks to glibc detection heuristics. (#2215968) - -* Thu Jun 01 2023 Nick Clifton - 12.12-1 -- Annocheck: Check for string notes in separate debug info files. (#2211694) - -* Fri May 26 2023 Petr Pisar - 12.11-1 -- Annocheck: Add support for el10 and rhel-10 profiles. (RHEL-526) - -* Mon May 22 2023 Petr Pisar - 12.10-3 -- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19) - -* Fri May 05 2023 Nick Clifton - 12.10-2 -- GCC Plugin: Default to generating string format notes. (Experimental) - -* Fri Apr 28 2023 Nick Clifton - 12.10-1 -- Annocheck: Suppress more tests for Rust binaries. - -* Tue Apr 25 2023 Nick Clifton - 12.09-1 -- Annocheck: Fix detection of missing plugin options. (#2189492) - -* Tue Apr 25 2023 Nick Clifton - 12.08-1 -- Fix generation of auto-generated files. -- Fix covscan reported errors. - -* Fri Apr 21 2023 Nick Clifton - 12.07-1 -- gcc-plugin: generate warnings about misspelt -D_FORTIFY_SOURCE and/or -D_GLIBCXX_ASSERTIONS options. - -* Thu Apr 20 2023 Nick Clifton - 12.06-1 -- gcc-plugin: use a bigger buffer for constructing notes. - -* Wed Apr 19 2023 Nick Clifton - 12.05-1 -- llvm-plugin: Fix detection of optimization level. Improve test. -- clang-plugin: Improve test. - -* Mon Apr 17 2023 Nick Clifton - 12.04-1 -- configure: More improvements. -- annocheck: Fix seg-fault when checking for glibc components in string format notes. - -* Thu Apr 13 2023 Nick Clifton - 12.03-1 -- configure: Simplify. - -* Tue Apr 11 2023 Nick Clifton - 12.02-1 -- gcc plugin: Add filenames to string notes. Allow use of ANNOBIN environment variable. -- llvm plugin: Add workaround for building with LLVM-16. -- clang plugin: Fix for building with Clang-16. - -* Thu Mar 30 2023 Nick Clifton - 12.01-1 -- gcc plugin: Keep ELF notes at protocol version 3. - -* Tue Mar 28 2023 Nick Clifton - 12.00-1 -- Protocol Version 4: String format notes. - -* Mon Mar 13 2023 Nick Clifton - 11.14-1 -- Annocheck: Update message for LTO tests. (#2177140) - -* Wed Mar 08 2023 Nick Clifton - 11.13-1 -- Annocheck: Add even more code to handle another glibc function built without LTO. - -* Fri Mar 03 2023 Nick Clifton - 11.12-1 -- Annocheck: Add code to handle another glibc function built without LTO. - -* Tue Feb 28 2023 Nick Clifton - 11.11-1 -- GCC Plugin: Do not run if other plugins are active. (#2162746) - -* Thu Feb 23 2023 Nick Clifton - 11.10-1 -- Annocheck: Add code to handle glibc functions built without LTO. - -* Thu Feb 02 2023 Nick Clifton - 11.09-1 -- Libannocheck: Fix thinko in debugging code. -- Annocheck: Fix LTO test. -- Notes: Display notes held in separate dbeuginfo files. - -* Tue Jan 31 2023 Nick Clifton - 11.08-1 -- Annocheck: Fix atexit test. Fix recording of version numbers. (#2165528) - -* Wed Jan 25 2023 Nick Clifton - 11.07-2 -- LLVM & Clang Plugins: Build with branch protection on AArch64. (#2164364) -- Fix gating tests. - -* Fri Jan 20 2023 Nick Clifton - 11.07-1 -- Libannocheck: Fix bug causing infinite looping when running tests. - -* Wed Jan 18 2023 Fedora Release Engineering - 11.06-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Mon Jan 16 2023 Jakub Jelinek - 11.06-2 -- Rebuilt against GCC 13. - -* Fri Jan 13 2023 Nick Clifton - 11.06-1 -- Annocheck: Fix handling of file built by multiple versions of gcc. (#2160700) - -* Mon Jan 09 2023 Nick Clifton - 11.05-1 -- Annocheck: Fix handling of empty files. (#2159292) - -* Fri Jan 06 2023 Nick Clifton - 11.04-1 -- Annocheck: Add crti.o and crtn.o to the list of known glibc special files. (#2158740) - -* Fri Jan 06 2023 Nick Clifton - 11.03-1 -- Annocheck: Fix memory leaks. - -* Wed Jan 04 2023 Nick Clifton - 11.02-1 -- Annocheck: Do not assume that object files contain no code simply because they do not have an executable segment. (#2158182) - -* Wed Jan 04 2023 Nick Clifton - 11.01-1 -- Annocheck: Add more special glibc filenames. (#2158100) - -* Wed Dec 21 2022 Nick Clifton - 10.99-1 -- Annocheck: Improve handling of tool versions. - -* Tue Dec 20 2022 Nick Clifton - 10.98-3 -- Spec File: Fix building with plugin_rebuild enabled. - -* Fri Dec 16 2022 Nick Clifton - 10.98-1 -- GCC plugin: Fix building with gcc-13. - -* Fri Dec 16 2022 Nick Clifton - 10.97-1 -- Annocheck: Add test for binaries built by cross compilers. - -* Thu Dec 15 2022 Nick Clifton - 10.96-1 -- Annocheck: Improve heuristic used to detect binaries without code. (#2144533) - -* Mon Dec 12 2022 Nick Clifton - 10.95-1 -- Annocheck: Avoid using debug filename when parsing notes in a debuginfo file. (#2152280) - -* Wed Nov 30 2022 Nick Clifton - 10.94-1 -- Annocheck: Better detection of binaries which do not contain code. (#2144533) - -* Wed Nov 23 2022 Nick Clifton - 10.93-1 -- Annocheck: Provide more information when a test is skipped because the file being tested was not compiled. - -* Mon Nov 07 2022 Nick Clifton - 10.92-1 -- Annocheck: Try harder not to run mutually exclusive tests. - -* Fri Oct 21 2022 Nick Clifton - 10.91-1 -- Tests: Fix future-test so that it properly handles the situation where the compiler does not support the new options. - -* Wed Oct 19 2022 Nick Clifton - 10.90-1 -- Libannocheck: Actually set result fields after tests are run. - -* Tue Oct 11 2022 Nick Clifton - 10.89-1 -- Libannocheck: Replace libannocheck_version variable with LIBANNOCHECK_VERSION define. - -* Tue Oct 11 2022 Nick Clifton - 10.88-1 -- Libannocheck: Remove 'Requires binutils-devel' from libannocheck.pc. - -* Wed Oct 05 2022 Nick Clifton - 10.87-2 -- Libannocheck: Move into separate sub-package. - -* Fri Sep 30 2022 Nick Clifton - 10.87-1 -- Libannocheck: Add libannocheck.pc pkgconfig file. - -* Fri Sep 30 2022 Nick Clifton - 10.86-1 -- Libannocheck: Add libannocheck_reinit(). - -* Thu Sep 22 2022 Nick Clifton - 10.85-1 -- GCC Plugin: Record -ftrivial-auto-var-init and -fzero-call-used-regs. -- Annocheck: Add future tests for -ftrivial-auto-var-init and -fzero-call-used-regs. - -* Tue Sep 20 2022 Serge Guelton - 10.84-1 -- Clang Plugin: Fix for building with Clang-15. (#2125875) - -* Fri Sep 09 2022 Nick Clifton - 10.83-1 -- Annocheck: Add a test for the inconsistent use of -Ofast. (#1248744) - -* Tue Sep 06 2022 Nick Clifton - 10.81-2 -- NVR Bump in order to trigger a rebuild for ELN. (#2124562) - -* Thu Aug 11 2022 Nick Clifton - 10.81-1 -- Plugin: Fix top level configuration support for RiscV. - -* Tue Aug 09 2022 Nick Clifton - 10.80-1 -- Annocheck: Improvements to the size tool. - -* Mon Jul 25 2022 Nick Clifton - 10.79-1 -- Annocheck: Fixes for libannocheck.h. - -* Wed Jul 20 2022 Fedora Release Engineering - 10.78-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Tue Jul 05 2022 Nick Clifton - 10.78-1 -- Annocheck: Add automatic profile selection. - -* Mon Jul 04 2022 Nick Clifton - 10.77-1 -- Annocheck: Improve gap detection and reporting. - -* Wed Jun 29 2022 Nick Clifton - 10.76-3 -- Spec File: Use the %%dir directive in the %%files section to ensure that -- plugin directories are useable. (#2080454) - -* Fri Jun 24 2022 Nick Clifton - 10.76-2 -- Spec File: Remove bogus Provides from annobin-docs subpackage. - -* Tue Jun 14 2022 Nick Clifton - 10.76-1 -- Annocheck: Check build-id of separate debuginfo files. -- Annocheck: Add GAPS test replacing --ignore-gaps. - -* Thu Jun 09 2022 Nick Clifton - 10.75-1 -- Annocheck: Fix covscan detected race condition between stat() and open(). - -* Tue Jun 07 2022 Nick Clifton - 10.74-1 -- Annocheck: Handle binaries created by Rust 1.18. (#2094420) -- Annocheck: Add optional function name to --skip arguments. (PR 29229) - -* Tue May 17 2022 Nick Clifton - 10.73-1 -- Annocheck: Fix handling of command line options that take arguments. (#2086850) - -* Mon May 16 2022 Nick Clifton - 10.72-1 -- Annocheck: Do not complain about unenabled -mbranch-protection option in AArch64 binaries. (#2078909) - -* Wed May 11 2022 Nick Clifton - 10.71-1 -- gcc-plugin: Fix typo in configure.ac. - -* Tue May 10 2022 Nianqing Yao - 10.70-2 -- Add support for RISC-V. - -* Mon May 09 2022 Nick Clifton - 10.70-1 -- Annocheck: Add another special case for glibc rpms. (#2083070) - -* Fri May 06 2022 Nick Clifton - 10.69-1 -- Annocheck: Do not complain about unenabled -mbranch-protection option in AArch64 binaries if compiled using LTO. (#2082146) - -* Tue May 03 2022 Nick Clifton - 10.68-1 -- Annocheck: Add more glibc exceptions + check PT_TLS segments. (#2081131) - -* Fri Apr 22 2022 Nick Clifton - 10.67-1 -- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled by golang. - -* Wed Apr 13 2022 Nick Clifton - 10.66-1 -- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled in LTO mode. - -* Tue Apr 12 2022 Nick Clifton - 10.65-1 -- gcc-plugin: Add support for CLVC_INTEGER options. - -* Wed Apr 06 2022 Nick Clifton - 10.64-1 -- Annocheck: Even more special cases for AArch64 glibc on RHEL-8. (#2072082) - -* Wed Apr 06 2022 Nick Clifton - 10.63-1 -- Annocheck: Add more special cases for AArch64 glibc on RHEL-8. (#2072082) - -* Tue Apr 05 2022 Nick Clifton - 10.62-1 -- llvm-plugin: Fix a thinko in the sources. - -* Sat Apr 02 2022 Nick Clifton - 10.61-1 -- gcc-plugin: Add remap of OPT_Wall. -- configure: Fix typo in top level configure.ac. - -* Thu Mar 31 2022 Timm Bäder redhat.com> - 10.60-1 -- Add support for building using meson+ninja. - -* Wed Mar 30 2022 Serge Guelton - 10.59-2 -- Rebuilt against new LLVM release, with patch. - -* Wed Mar 30 2022 Nick Clifton - 10.59-1 -- Annocheck: Fix test for AArch64 property notes. (#2068657) - -* Mon Mar 14 2022 Nick Clifton - 10.58-1 -- gcc-plugin: Do not issue warning messages for autoconf generated source files. (#2009958) - -* Wed Mar 09 2022 Jakub Jelinek - 10.57-3 -- NVR bump to allow rebuild for new GCC. - -* Wed Mar 09 2022 Jakub Jelinek - 10.57-2 -- NVR bump to allow rebuild for new GCC. - -* Mon Mar 07 2022 Nick Clifton - 10.57-1 -- Annocheck: Update documentation and fix typo in annocheck. (#2061291) - -* Fri Mar 04 2022 Nick Clifton - 10.56-1 -- Annocheck: Add option to enable/disable following symbolic links. - -* Mon Feb 28 2022 Nick Clifton - 10.55-1 -- Always identify Rust binaries, even if built on a host that does not know about Rust. (#2057737) - -* Thu Feb 24 2022 Jakub Jelinek - 10.54-4 -- NVR bump to allow rebuild for new GCC. - -* Wed Feb 16 2022 Nick Clifton - 10.54-3 -- Spec File: Use a different method to disable the annobin plugin (#2054571) - -* Mon Feb 14 2022 Jakub Jelinek - 10.54-2 -- NVR bump to allow rebuild for new GCC. - -* Fri Feb 11 2022 Nick Clifton - 10.54-1 -- Annocheck: Skip PIE anf PIC tests for GO binaries. - -* Sun Feb 06 2022 Jakub Jelinek - 10.53-2 -- NVR bump to allow rebuild in yet another side tag. - -* Thu Jan 27 2022 Nick Clifton - 10.53-1 -- gcc-plugin: Fix libtool so that extraneous runpaths are not added to the plugin. (#2030667) - -* Thu Jan 27 2022 Nick Clifton - 10.52-1 -- gcc-plugin: Use canonical_option field of save_decoded_options array. (#2047148) - -* Thu Jan 27 2022 Florian Weimer - 10.51-2 -- Rebuild for new gcc version - -* Tue Jan 25 2022 Nick Clifton - 10.51-1 -- Annocheck: Add an option to disable the use of debuginfod (if available). -- Annocheck: Add more glibc special file names. -- Annocheck: Skip some tests for BPF binaries. - -* Thu Jan 20 2022 Nick Clifton - 10.50-1 -- Annocheck: Add another glibc static library symbol. (#2043047) - -* Thu Jan 20 2022 Nick Clifton - 10.49-1 -- Annocheck: Skip property note test for GO binaries. (#204300) - -* Wed Jan 19 2022 Fedora Release Engineering - 10.48-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Wed Jan 19 2022 Nick Clifton - 10.48-5 -- NVR bump to allow rebuild in another side tag. - -* Wed Jan 19 2022 Jakub Jelinek - 10.48-4 -- NVR bump to allow rebuild in yet another side tag. - -* Wed Jan 19 2022 Nick Clifton - 10.48-3 -- NVR bump to allow rebuild in another side tag. - -* Wed Jan 19 2022 Nick Clifton - 10.48-2 -- NVR bump to allow rebuild in a side tag. - -* Mon Jan 17 2022 Nick Clifton - 10.48-1 -- GCC Plugin: Do not fail if a section cannot be attached to a group. - -* Fri Jan 14 2022 Nick Clifton - 10.47-2 -- NVR bump to allow rebuild in a side tag. - -* Fri Jan 14 2022 Nick Clifton - 10.47-1 -- Annocheck: Improve detection of kernel modules. -- GCC Plugin: Only default to link-once when using gcc-12 or later. (#2039297) - -* Tue Jan 11 2022 Nick Clifton - 10.46-1 -- Annocheck: Add option to disable instrumentation test. - -* Mon Jan 10 2022 Nick Clifton - 10.45-1 -- GCC Plugin: Replace CLVC_BOOLEAN with CLVC_BIT_SET/CLVC_BIT_CLEAR. - -* Sun Jan 09 2022 Jakub Jelinek - 10.44-4 -- Rebuild against new GCC. - -* Sun Jan 09 2022 Jakub Jelinek - 10.44-3 -- Rebuild against new GCC. - -* Sun Jan 09 2022 Jakub Jelinek - 10.44-2 -- Rebuild against new GCC. - -* Fri Jan 07 2022 Nick Clifton - 10.44-1 -- Annocheck: Add even more glibc function names. (#2037333) - -* Fri Jan 07 2022 Nick Clifton - 10.43-1 -- Annocheck: ARM: Do not fail tests that rely upon annobin notes. - -* Wed Jan 05 2022 Nick Clifton - 10.42-1 -- Annocheck: Extend list of known glibc functions. (#2037333) - -* Wed Jan 05 2022 Nick Clifton - 10.41-1 -- Annocheck: Ignore gaps that contain the _start symbol (for AArch64). (#1995224) -- Annocheck: Ignore more glibc special binaries. (#2037220) - -* Tue Jan 04 2022 Nick Clifton - 10.40-1 -- Annocheck: Do not complaining about missing stack clash notes if the compilation used LTO. (#2034946) - -* Fri Dec 17 2021 Nick Clifton - 10.39-1 -- Annocheck: Add /usr/lib/ld-linux-aarch64.so.1 to the list of known glibc binaries. (#2033255) -- Doc: Note that ENDBR is only needed as the landing pad for indirect branches/calls. (#28705) -- Spec File: Store full gcc version release string in plugin info file. (#2030671) - -* Tue Dec 14 2021 Nick Clifton - 10.38-1 -- Annocheck: Add special case for x86_64 RHEL-7 gaps. (#2031133) - -* Tue Dec 14 2021 Nick Clifton - 10.37-1 -- Annocheck: Do not complaining about missing -mstackrealign notes in LTO mode. (#2030298) - -* Mon Dec 13 2021 Nick Clifton - 10.36-1 -- GCC Plugin: Do not record missing -mstackrealign in LTO mode. (#2030298) - -* Mon Dec 13 2021 Nick Clifton - 10.35-1 -- Tests: Fix fortify and debuginfod tests to use newly built annobin plugin. - -* Mon Dec 06 2021 Nick Clifton - 10.34-1 -- Tests: Fix gaps and stat tests to use newly built annobin plugin. (#2028063) - -* Mon Dec 06 2021 Nick Clifton - 10.32-1 -- Annocheck: Ignore gaps in binaries at least partial built by golang. (#2028583) - -* Thu Dec 02 2021 Nick Clifton - 10.31-1 -- Annocheck: Allow spaces in golang symbols. - -* Wed Dec 01 2021 Nick Clifton - 10.30-1 -- Annocheck: Initial deployment of libannocheck. - -* Wed Nov 24 2021 Nick Clifton - 10.29-1 -- gcc-plugin: Fix bug creating empty attachments. -- Annocheck: Change MAYB result to SKIP for DT_RPATH. (#2026300) - -* Fri Nov 19 2021 Nick Clifton - 10.27-1 -- Annocheck: Skip missing fortify/warning notes for ARM32. - -* Thu Nov 18 2021 Nick Clifton - 10.26-1 -- gcc-plugin: Try another fix for ppc64le section grouping. (#2023437) - -* Tue Nov 16 2021 Nick Clifton - 10.25-1 -- gcc-plugin: Revert 10.22 change. (#2023437) - -* Mon Nov 15 2021 Nick Clifton - 10.24-1 -- Annocheck: Add exception for /usr/sbin/ldconfig. (#2022973) - -* Mon Nov 08 2021 Nick Clifton - 10.23-1 -- Annocheck: Add a test for unicode characters in identifiers. - -* Wed Oct 27 2021 Nick Clifton - 10.22-1 -- gcc-plugin: Default to link-order grouping for PPC64LE. (#2016458) - -* Tue Oct 26 2021 Nick Clifton - 10.21-1 -- Annocheck: Do not fail if a --skip- option does not match a known test. -- ldconfig-test: Skip the LTO check. - -* Tue Oct 26 2021 Nick Clifton - 10.20-1 -- Annocheck: Add more glibc function names. - -* Thu Oct 21 2021 Nick Clifton - 10.19-1 -- gcc-plugin: Fix attaching the .text section to the .text.group section. - -* Wed Oct 20 2021 Nick Clifton - 10.18-1 -- Complain about DT_RPATH for Fedora binaries. - -* Mon Oct 18 2021 Nick Clifton - 10.17-1 -- Better reporting of problems in object files. (#2013708) - -* Mon Oct 18 2021 Nick Clifton - 10.16-2 -- Add a requirement on llvm-libs for clang and llvm plugins. (#2014573) - -* Thu Oct 14 2021 Nick Clifton - 10.16-1 -- Fix configuring annocheck without gcc-plugin. -- Annocheck: Better reporting of debuginfod problems. -- Tests: Fix bugs in debuginfod test. - -* Wed Oct 13 2021 Nick Clifton - 10.15-1 -- Annocheck: Add tests based upon recent bug fixes. - -* Tue Oct 12 2021 Nick Clifton - 10.14-1 -- Annocheck: Another tweak to glibc detection code. - -* Tue Oct 12 2021 Tom Stellard - 10.13-2 -- Rebuild for llvm-13.0.0 - -* Fri Oct 08 2021 Nick Clifton - 10.13-1 -- Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found. (#20011438) - -* Fri Oct 08 2021 Nick Clifton - 10.12-1 -- Annocheck: Fix MAYB results for mixed GO/C files. -- Annocheck: Move some messages from VERBOSE to VERBOSE2. -- Annocheck: Scan zero-length tool notes. - -* Tue Oct 05 2021 Nick Clifton - 10.11-1 -- Annocheck: Fix covscan detected flaws. -- plugins: Add more required build options. - -* Tue Oct 05 2021 Nick Clifton - 10.10-1 -- Annocheck: Fix cf-prot test to fail if the CET notes are missing. -- Annocheck: Skip gaps in the .plt section. -- Plugins: Add -g option when building LLVM and Clang. - -* Mon Oct 04 2021 Nick Clifton - 10.09-1 -- Annocheck: Add more cases of glibc startup functions. - -* Fri Oct 01 2021 Nick Clifton - 10.08-1 -- Annocheck: Fix covscan detected problems. -- Annocheck: Add --profile=el8. -- gcc-plugin: Conditionalize generation of branch protection note. - -* Wed Sep 29 2021 Nick Clifton - 10.07-1 -- Annocheck: Ignore gaps containing NOP instructions. - -* Thu Sep 16 2021 Nick Clifton - 10.06-1 -- GCC Plugin: Fix detection of running inside the LTO compiler. (#2004917) - -* Wed Sep 15 2021 Nick Clifton - 10.05-1 -- Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries. - -* Wed Sep 15 2021 Nick Clifton - 10.04-1 -- Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result. - -* Wed Sep 15 2021 Nick Clifton - 10.03-1 -- Annocheck: Do not set CFLAGS/LDFLAGS when building. Take from environment instead. - -* Fri Sep 10 2021 Nick Clifton - 10.02-1 -- Annocheck: Fix exit code when tests PASS. - -* Thu Sep 09 2021 Nick Clifton - 10.01-1 -- Documentation: Add node for each hardening test. -- Documentation: Install online. -- Annocheck: Annote FAIL and MAYB results with URL to documentation -- Annocheck: Add --no-urls and --provide-urls options -- Annocheck: Add --help- option. - -* Fri Sep 03 2021 Nick Clifton - 9.95-1 -- Annocheck: Fix fuzzing detected failures. -- Annocheck: Add --profile option. -- Docs: Document --profile option and rpminspect.yaml. - -* Tue Aug 31 2021 Nick Clifton - 9.94-1 -- Annocheck: Skip GO/CET checks. Fix fuzzing detected failures. - -* Wed Aug 25 2021 Nick Clifton - 9.93-1 -- LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. (#1997444) -- spec file: Add the installation of the annobon sources into /usr/src/annobin. - -* Tue Aug 24 2021 Nick Clifton - 9.92-1 -- Annocheck: Fix memory corruption. (#1996963) -- spec file: Add the creation of a gcc-plugin version info file in /usr/lib/rpm/redhat. - -* Wed Aug 18 2021 Nick Clifton - 9.91-1 -- Annocheck: Fix conditionalization of AArch64's PAC+BTI detection. - -* Wed Aug 18 2021 Nick Clifton - 9.90-1 -- Annocheck: Add linker generated function for ppc64le exceptions. (#1981410) -- LLVM Plugin: Allow checks to be selected from the command line. -- Annocheck: Examine DW_AT_producer for -flto. - -* Tue Aug 17 2021 Nick Clifton - 9.89-1 -- Annocheck: Conditionalize detection of AArch64's PAC+BTI protection. -- Annocheck: Add linker generated function for s390x exceptions. (#1981410) - -* Tue Aug 17 2021 Nick Clifton - 9.88-1 -- Annocheck: Generate MAYB results for gaps in notes covering the .text section. (#1991943) -- Annocheck: Close DWARF file descriptors once the debug info is no longer needed. (#1981410) -- LLVM Plugin: Update to build with Clang v13. (Thanks to: Tom Stellard ) - -* Mon Aug 16 2021 Tom Stellard - 9.87-2 -- Rebuild for LLVM 13.0.0-rc1 - -* Mon Aug 16 2021 Nick Clifton - 9.87-1 -- Annocheck: Fix memory corruption. (#1988715) - -* Wed Aug 11 2021 Nick Clifton - 9.86-1 -- Annocheck: Skip certain tests for kernel modules. - -* Tue Aug 10 2021 Nick Clifton - 9.85-1 -- Annocheck: Detect a missing CET note. (#1991931) -- Annocheck: Do not report future fails for AArch64 notes. -- Annocheck: Warn about multiple --debug-file, --debug-rpm and --debug-dir options. - -* Mon Aug 09 2021 Nick Clifton - 9.84-1 -- Annocheck: Process files in command line order. (#1988714) - -* Fri Jul 23 2021 Nick Clifton - 9.83-1 -- Annocheck: Reverse AArch64 PAC+BTI check, ie fail if they are enabled. (#1984995) - -* Wed Jul 21 2021 Fedora Release Engineering - 9.82-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Tue Jul 13 2021 Nick Clifton - 9.82-1 -- Annocheck: Add another test exceptions. - -* Tue Jul 13 2021 Nick Clifton - 9.81-1 -- Annocheck: Add some more test exceptions. - -* Mon Jul 05 2021 Nick Clifton - 9.80-1 -- Tests: Skip glibc-notes test if the assembler does not support --generate-missing-build-notes. (#1978573) -- Tests: Skip objcopy test if objcopy does not support --merge-notes. - -* Tue Jun 29 2021 Nick Clifton - 9.79-1 -- Annocheck: Fix spelling mistake in -mstack-realign failure message. (#1977349) - -* Mon Jun 21 2021 Nick Clifton - 9.78-1 -- gcc-plugin: Do not record global versions of stack protection settings in LTO mode, if not set. (#1958954) - -* Mon Jun 21 2021 Nick Clifton - 9.77-1 -- Annocheck: Remove limit on number of input files. - -* Tue Jun 15 2021 Nick Clifton - 9.76-1 -- clang/llvm plugins: Build with correct security options. - -* Tue Jun 15 2021 Nick Clifton - 9.75-1 -- Annocheck: Better detection of GO compiler version. - -* Wed Jun 09 2021 Nick Clifton - 9.74-1 -- Annocheck: Better support for symbolic links. -- Annocheck: In verbose mode, report the reason for skipping specific tests. (#1969584) - -* Fri Jun 04 2021 Tom Stellard - 9.73-3 -- Rebuild for LLVM 12.0.1 - -* Thu Jun 03 2021 Nick Clifton - 9.73-2 -- Obsolete all previous versions of annobin. (#1967339) - -* Tue May 25 2021 Nick Clifton - 9.73-1 -- Annocheck: Improve detection of shared libraries. (#1958954) - -* Wed May 19 2021 Nick Clifton - 9.72-2 -- Tidy up spec file. - -* Thu May 13 2021 Nick Clifton - 9.72-1 -- Annocheck: Accept 0 as a valid number for gcc minor versions and release numbers. -- gcc-plugin: Add support for ARM and RISCV targets. - -* Tue May 04 2021 Nick Clifton - 9.71-1 -- timing: do not initialise the clock if the timing tool is disabled. - -* Fri Apr 30 2021 Nick Clifton - 9.70-1 -- gcc-plugin: Replace ICE messsages with verbose messages. - -* Thu Apr 22 2021 Nick Clifton - 9.69-1 -- Fix the testsuite so that it can be run in parallel. - -* Wed Apr 21 2021 Nick Clifton - 9.68-1 -- Annocheck: WARN if the annobin plugin was built for a newer version of the compiler than the one on which it was run. (#1950657) - -* Tue Apr 20 2021 Petr Pisar - 9.67-2 -- Obsolete annobin < 9.66-1 (bug #1949570) - -* Tue Apr 20 2021 Nick Clifton - 9.67-1 -- Annocheck: Improve detection of missing GNU-stack support. - -* Mon Apr 19 2021 Petr Pisar - 9.66-4 -- Bump a release - -* Fri Apr 16 2021 Petr Pisar - 9.66-3 -- Correct a package rename (bug #1949570) -- Require docs subpackage by the other ones because of a license -- Build-requiring perl-interpreter is enough - -* Thu Apr 15 2021 Martin Cermak - 9.66-2 -- Fix bz1949570 - -* Fri Apr 09 2021 Nick Clifton - 9.66-1 -- Fix anomolies reported by covscan. -- Move documentation into a sub-package. - -* Sat Mar 20 2021 Jakub Jelinek - 9.65-2 -- NVR bump to rebuild against GCC 11.0.1 - -* Tue Mar 09 2021 Nick Clifton - 9.65-1 -- gcc-plugin: Use a fixed filename when running in LTO mode. - -* Wed Mar 03 2021 Nick Clifton - 9.64-1 -- Annocheck: Fix detection of special function names. (#1934189) - -* Fri Feb 26 2021 Nick Clifton - 9.63-1 -- Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc. (#1923439) - -* Thu Feb 25 2021 Nick Clifton - 9.62-1 -- Annocheck: Add colour to some messages. Skip the deliberate use of -fno-stack-protector. (#1923439) - -* Mon Feb 22 2021 Nick Clifton - 9.61-1 -- Annocheck: Fix some problems with tests for missing notes. - -* Wed Feb 10 2021 Tom Stellard = 9.60-2 -- Split plugins into separate sub-packages - -* Fri Feb 05 2021 Nick Clifton - 9.60-1 -- Add some GO tests to annocheck. - -* Tue Jan 26 2021 Fedora Release Engineering - 9.59-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Wed Jan 20 2021 Nick Clifton - 9.59-1 -- Add a future fail for the presence of RPATH in the dynamic tags. - -* Mon Jan 18 2021 Nick Clifton - 9.58-1 -- Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing. - -* Wed Jan 13 2021 Nick Clifton - 9.57-1 -- Workaround for elflint problems with PPC compiled files. (#1880634) - -* Wed Jan 13 2021 Nick Clifton - 9.56-1 -- Fix bogus AArch64 test failures. - -* Tue Jan 12 2021 Nick Clifton - 9.55-1 -- Improved testing by annocheck. Add fixed format message mode. - -* Mon Jan 04 2021 Nick Clifton - 9.54-1 -- Fix inconsistency reporting -fcf-protection and -fstack-clash-protection results. - -* Mon Jan 04 2021 Nick Clifton - 9.53-1 -- Add support for -D_FORTIFY_SOURCE=3. - -* Fri Dec 11 2020 Nick Clifton - 9.52-2 -- NVR bump in order to allow the new gating tests to be run. - -* Fri Dec 11 2020 Nick Clifton - 9.52-1 -- annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer. (#1906171) - -* Thu Dec 10 2020 Nick Clifton - 9.51-1 -- annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations. (#1906171) - -* Wed Dec 09 2020 Nick Clifton - 9.50-1 -- annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL. - -* Tue Dec 08 2020 Nick Clifton - 9.49-1 -- annocheck: Fix notes analyzer to accept empty PPC64 notes. - -* Mon Dec 07 2020 Jakub Jelinek - 9.48-5 -- NVR bump for another ELN sidetag rebuild. - -* Sun Dec 06 2020 Jakub Jelinek - 9.48-4 -- Revert back to previous settings. - -* Sun Dec 06 2020 Jakub Jelinek - 9.48-3 -- Another NVR bump for GCC 11 rebuild. - -* Sun Dec 06 2020 Jakub Jelinek - 9.48-2 -- NVR bump for GCC 11 rebuild. - -* Wed Dec 02 2020 Nick Clifton - 9.48-1 -- gcc plugin: Tweak generation of end symbols for PPC64 when LTO is active. (#1898075) - -* Tue Dec 01 2020 Nick Clifton - 9.47-1 -- gcc plugin: Add support for GCC 11's cl_vars array. - -* Fri Nov 27 2020 Jakub Jelinek - 9.46-2 -- NVR bump for another ELN sidetag rebuild. - -* Tue Nov 24 2020 Nick Clifton - 9.46-1 -- Annocheck: Support enabling/disabling future fails. - -* Wed Nov 18 2020 Nick Clifton - 9.45-1 -- GCC plugin: Always record global notes for the .text.startup, - .text.exit, .text.hot and .text.cold sections. - -* Tue Nov 17 2020 Nick Clifton - 9.44-1 -- Clang plugin: Add -lLLVM to the build command line. - -* Mon Nov 16 2020 Nick Clifton - 9.43-1 -- Annocheck: Improve reporting of missing -D_FORTIFY_SOURCE option. (#1898075) - -* Mon Nov 16 2020 Nick Clifton - 9.42-1 -- Annocheck: Improve reporting of missing LTO option. - -* Tue Nov 10 2020 Nick Clifton - 9.41-1 -- Add detecting of gimple compiled binaries. - -* Mon Nov 09 2020 Nick Clifton - 9.40-1 -- Add --without-gcc-plugin option. - -* Fri Nov 06 2020 Nick Clifton - 9.38-1 -- Annocheck: Fix bug parsing DW_AT_producer. - -* Wed Nov 04 2020 Nick Clifton - 9.37-1 -- Add test of .note.gnu.property section for PowerPC. -- Add test of objcopy's ability to merge notes. - -* Fri Oct 30 2020 Jakub Jelinek - 9.36-2 -- NVR bump for another ELN sidetag rebuild. - -* Wed Oct 21 2020 Nick Clifton - 9.36-1 -- Record the -flto setting and produce a soft warning if it is absent. -- Suppress warnings about _D_GLIBCXX_ASSERTIONS if the source code is known to be something other than C++. - -* Wed Oct 21 2020 Nick Clifton - 9.35-3 -- NVR bump to allow building on ELN sidetag. - -* Mon Oct 05 2020 Nick Clifton - 9.35-2 -- Correct the directory chosen for 32-bit LLVM and Clang plugins. (#1884951) - -* Thu Oct 01 2020 Nick Clifton - 9.35-1 -- Allow the use of the SHF_LINK_ORDER section flag to discard unused notes. (Experimental). - -* Mon Sep 28 2020 Nick Clifton - 9.34-1 -- Enable the build and installation of the LLVM and Clang plugins. (Experimental). - -* Mon Sep 21 2020 Nick Clifton - 9.33-1 -- gcc-plugin: Fix test for empty PowerPC sections. (#1880634) - -* Thu Sep 17 2020 Nick Clifton - 9.32-2 -- NVR bump to allow rebuild against f34-build-side-30319. - -* Tue Sep 15 2020 Nick Clifton - 9.32-1 -- annocheck: Add tests for the AArch64 BTI and PAC security features. (#1862478) - -* Thu Sep 10 2020 Nick Clifton - 9.31-1 -- gcc plugin: Use a 4 byte offset for PowerPC start symbols, so that they do not break disassemblies. - -* Thu Sep 10 2020 Nick Clifton - 9.30-1 -- gcc plugin: Correct the detection of 32-bit x86 builds. (#1876197) - -* Mon Aug 17 2020 Nick Clifton - 9.29-1 -- gcc plugin: Detect any attempt to access the global_options array. - -* Tue Aug 11 2020 Nick Clifton - 9.28-1 -- gcc plugin: Do not complain about missing pre-processor options when examining a preprocessed input file. (#1862718) - -* Thu Jul 30 2020 Nick Clifton - 9.27-1 -- Use more robust checks for AArch64 options. - -* Thu Jul 30 2020 Nick Clifton - 9.26-1 -- Detect CLANG compiled assembler that is missing IBT support. - -* Wed Jul 29 2020 Nick Clifton - 9.25-1 -- Improved target pointer size discovery. - -* Mon Jul 27 2020 Fedora Release Engineering - 9.24-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Sun Jul 26 2020 Nick Clifton - 9.24-2 -- Rebuild with plugin enabled to check that suppression works. - -* Sun Jul 26 2020 Nick Clifton - 9.24-1 -- Add support for installing clang and llvm plugins. -- Temporary suppression of aarch64 pointer size check. (#1860549) - -* Sat Jul 25 2020 Peter Robinson - 9.23-2 -- Rebuild for gcc 10.2 - -* Wed Jul 01 2020 Nick Clifton - 9.23-1 -- Annocheck: Do not skip tests of the short-enums notes. (#1743635) - -* Mon Jun 15 2020 Nick Clifton - 9.22-1 -- Add (optional) llvm plugin. - -* Wed Apr 22 2020 Nick Clifton - 9.21-1 -- Annobin: Fall back on using the flags if the option cannot be found in cl_options. (#1817659) - -* Thu Apr 16 2020 Nick Clifton - 9.20-1 -- Annocheck: Detect Fortran compiled programs. (#1824393) - -* Wed Apr 01 2020 Nick Clifton - 9.19-1 -- Annobin: If option name mismatch occurs, seach for the real option. (#1817452) - -* Mon Mar 30 2020 Nick Clifton - 9.18-1 -- Annocheck: Fix a division by zero error when parsing GO binaries. (#1818863) - -* Fri Mar 27 2020 Nick Clifton - 9.16-1 -- Annobin: Fix access to the -flto and -fsanitize flags. - -* Thu Mar 26 2020 Nick Clifton - 9.14-1 -- Annobin: Use offsets stored in gcc's cl_option structure to access the global_options array, thus removing the need to check for changes in the size of this structure. - -* Thu Mar 26 2020 Nick Clifton - 9.13-2 -- NVR bump to allow rebuilding against new gcc. - -* Thu Mar 12 2020 Nick Clifton - 9.13-1 -- Rename gcc plugin directory to gcc-plugin. -- Stop annocheck from complaining about missing options when the binary has been built in a mixed environment. - -* Thu Mar 12 2020 Nick Clifton - 9.12-3 -- And again, this time with annotation enabled. (#1810941) - -* Thu Mar 12 2020 Nick Clifton - 9.12-2 -- NVR bump to enable rebuild against updated gcc. (#1810941) - -* Wed Mar 04 2020 Nick Clifton - 9.12-1 -- Improve builtby tool. -- Stop annocheck complaining about missing notes when the binary is not compiled by either gcc or clang. -- Skip the check of the ENTRY instruction for binaries not compiled by gcc or clang. (#1809656) - -* Fri Feb 28 2020 Nick Clifton - 9.11-1 -- Fix infinite loop hangup in annocheck. -- Disable debuginfod support by default. -- Improve parsing of .comment section. - -* Thu Feb 27 2020 Nick Clifton - 9.10-1 -- Fix clang plugin to use hidden symbols. - -* Tue Feb 25 2020 Nick Clifton - 9.09-1 -- Add ability to build clang plugin (disabled by default). - -* Mon Feb 17 2020 Nick Clifton - 9.08-1 -- Annocheck: Fix error printing out the version number. - -* Fri Feb 14 2020 Nick Clifton - 9.07-1 -- Annobin: Add checks of the exact location of the examined switches. - -* Tue Feb 11 2020 Nick Clifton - 9.06-1 -- Annobin: Note when stack clash notes are generated. -- Annocheck: Handle multiple builder IDs in the .comment section. - -* Fri Jan 31 2020 Nick Clifton - 9.05-1 -- Add configure option to suppress building annocheck. - -* Fri Jan 31 2020 Nick Clifton - 9.04-1 -- Fix debuginfod test. - -* Thu Jan 30 2020 Nick Clifton - 9.03-2 -- Correct the build requirement for building with debuginfod support. - -* Thu Jan 30 2020 Nick Clifton - 9.03-1 -- Add debuginfod support. - -* Tue Jan 28 2020 Fedora Release Engineering - 9.01-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Mon Jan 20 2020 Nick Clifton - 9.01-2 -- Rebuild againt latest gcc-10. - -* Mon Jan 20 2020 Nick Clifton - 9.01-1 -- Add clang plugin (experimental). - -* Fri Dec 06 2019 Nick Clifton - 8.92-1 -- Have annocheck ignore notes with an end address of 0. - -* Mon Nov 18 2019 Nick Clifton - 8.91-1 -- Improve checking of gcc versions. - -* Fri Nov 15 2019 Nick Clifton - 8.90-1 -- Do not skip positive results. - -* Fri Nov 01 2019 Nick Clifton - 8.88-1 -- Generate a WARN result for code compiled with instrumentation enabled. (#1753918) - -* Tue Oct 22 2019 Nick Clifton - 8.87-1 -- Replace address checks with dladdr1. - -* Mon Oct 21 2019 Nick Clifton - 8.86-1 -- Use libabigail like checking to ensure variable address consistency. - -* Wed Oct 16 2019 Nick Clifton - 8.85-1 -- Skip generation of global notes for hot/cold sections. - -* Thu Oct 10 2019 Nick Clifton - 8.84-1 -- Generate FAIL results if -Wall or -Wformat-security are missing. - -* Thu Oct 03 2019 Nick Clifton - 8.83-1 -- If notes cannot be found in the executable look for them in the debuginfo file, if available. -- Generate a FAIL if notes are missing from the executable/debuginfo file. -- Record and report the setting of the AArcht64 specific -mbranch-protection option. - -* Mon Sep 23 2019 Nick Clifton - 8.81-1 -- Improve detection of GO binaries. -- Add gcc version information to annobin notes. -- Do not complain about missing FORTIFY_SOURCE and GLIBCXX_ASSERTIONS in LTO compilations. - -* Wed Sep 04 2019 Nick Clifton - 8.79-2 -- NVR bump to allow rebuild against latest gcc. (#1748529) - -* Tue Aug 06 2019 Nick Clifton - 8.79-1 -- Allow compiler used to run tests to be specified on the command line. (#1723401) - -* Tue Aug 06 2019 Nick Clifton - 8.78-1 -- Fix a memory allocation error in the annobin plugin. (#1737306) - -* Wed Jul 24 2019 Fedora Release Engineering - 8.77-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Mon Jun 24 2019 Nick Clifton - 8.77-1 -- Another attempt at fixing the detection and reporting of missing -D_FORTIFY_SOURCE options. (#1703500) - -* Mon Jun 10 22:13:17 CET 2019 Igor Gnatenko - 8.76-4 -- Rebuild for RPM 4.15 - -* Mon Jun 10 15:42:00 CET 2019 Igor Gnatenko - 8.76-3 -- Rebuild for RPM 4.15 - -* Thu Jun 06 2019 Panu Matilainen - 8.76-2 +* Thu Jun 06 2019 Panu Matilainen - 8.71-2 - Really enable annocheck sub-package -* Tue Apr 30 2019 Nick Clifton - 8.76-1 -- Report a missing -D_FORTIFY_SOUCRE option if -D_GLIBCXX_ASSERTIONS was detected. (#1703499) -- Do not report problems with -fstack-protection if the binary was not built by gcc or clang. (#1703788) - -* Fri Apr 26 2019 Nick Clifton - 8.74-1 -- Add tests of clang command line options recorded in the DW_AT_producer attribute. - -* Wed Apr 24 2019 Nick Clifton - 8.73-1 -- Fix test for an executable stack segment. (#1700924) - -* Thu Apr 18 2019 Nick Clifton - 8.72-1 -- Rebuild annobin with the latest rawhide gcc sources. (#1700923) - * Thu Feb 28 2019 Nick Clifton - 8.71-1 - Annobin: Suppress more calls to free() which are triggering memory checker errors. (#1684148) diff --git a/gating.yaml b/gating.yaml deleted file mode 100644 index 84b7773..0000000 --- a/gating.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- !Policy -product_versions: - - fedora-* -decision_context: bodhi_update_push_stable -subject_type: koji_build -rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} - - !PassingTestCaseRule {test_case_name: baseos-qe.koji-build.scratch-build.validation} ---- !Policy -product_versions: - - rhel-8 -decision_context: osci_compose_gate -rules: - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} ---- !Policy -product_versions: - - rhel-9 -decision_context: osci_compose_gate -rules: - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} diff --git a/plans/ci.fmf b/plans/ci.fmf deleted file mode 100644 index 6ae9ce7..0000000 --- a/plans/ci.fmf +++ /dev/null @@ -1,6 +0,0 @@ -summary: CI Gating Plan -discover: - how: fmf - url: https://src.fedoraproject.org/tests/annobin.git -execute: - how: tmt diff --git a/sources b/sources index ae2a779..8a0e40b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (annobin-13.05.tar.xz) = 07bc023018e3f456fae470b271915bde2e1ff367ee8bb58adb74255023ae59e8c45ced8e4bd2130bf8a496966d986bca9866e054019f6ca4660d78c129b6532f +SHA512 (annobin-8.71.tar.xz) = 32831fafd60cf02c5ae8898e3d6c0343ae8f3891e8e06ef358678093aa4e63740c94fae85c4306f3d6856b3811d81ce34885834ef975fd555dae2e21194b93e3