diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index 1e7c10f..95233ca 100644 --- a/.gitignore +++ b/.gitignore @@ -1,100 +1,2 @@ -/annobin-2.0.tar.xz -/annobin-2.1.tar.xz -/annobin-2.2.tar.xz -/annobin-2.3.tar.lz -/annobin-2.3.tar.xz -/annobin-2.4.tar.xz -/annobin-2.5.tar.xz -/annobin-2.5.1.tar.xz -/annobin-3.0.tar.xz -/annobin-3.1.tar.xz -/annobin-3.2.tar.xz -/annobin-3.3.tar.xz -/annobin-3.4.tar.xz -/annobin-3.5.tar.xz -/annobin-3.6.tar.xz -/annobin-5.0.tar.xz -/annobin-5.1.tar.xz -/annobin-5.2.tar.xz -/annobin-5.3.tar.xz -/annobin-5.4.tar.xz -/annobin-5.5.tar.xz -/annobin-5.6.tar.xz -/annobin-5.7.tar.xz -/annobin-5.8.tar.xz -/annobin-5.9.tar.xz -/annobin-5.10.tar.xz -/annobin-5.11.tar.xz -/annobin-6.0.tar.xz -/annobin-6.1.tar.xz -/annobin-6.2.tar.xz -/annobin-6.3.tar.xz -/annobin-6.4.tar.xz -/annobin-6.5.tar.xz -/annobin-6.6.tar.xz -/annobin-7.0.tar.xz -/annobin-7.1.tar.xz -/annobin-8.0.tar.xz -/annobin-8.1.tar.xz -/annobin-8.2.tar.xz -/annobin-8.3.tar.xz -/annobin-8.4.tar.xz -/annobin-8.5.tar.xz -/annobin-8.6.tar.xz -/annobin-8.7.tar.xz -/annobin-8.8.tar.xz -/annobin-8.9.tar.xz -/annobin-8.10.tar.xz -/annobin-8.11.tar.xz -/annobin-8.12.tar.xz -/annobin-8.13.tar.xz -/annobin-8.14.tar.xz -/annobin-8.15.tar.xz -/annobin-8.16.tar.xz -/annobin-8.17.tar.xz -/annobin-8.18.tar.xz -/annobin-8.19.tar.xz -/annobin-8.20.tar.xz -/annobin-8.21.tar.xz -/annobin-8.22.tar.xz -/annobin-8.23.tar.xz -/annobin-8.24.tar.xz -/annobin-8.25.tar.xz -/annobin-8.26.tar.xz -/annobin-8.27.tar.xz -/annobin-8.29.tar.xz -/annobin-8.30.tar.xz -/annobin-8.31.tar.xz -/annobin-8.32.tar.xz -/annobin-8.33.tar.xz -/annobin-8.34.tar.xz -/annobin-8.35.tar.xz -/annobin-8.36.tar.xz -/annobin-8.37.tar.xz -/annobin-8.38.tar.xz -/annobin-8.39.tar.xz -/annobin-8.41.tar.xz -/annobin-8.44.tar.xz -/annobin-8.45.tar.xz -/annobin-8.48.tar.xz -/annobin-8.49.tar.xz -/annobin-8.50.tar.xz -/annobin-8.51.tar.xz -/annobin-8.52.tar.xz -/annobin-8.53.tar.xz -/annobin-8.55.tar.xz -/annobin-8.56.tar.xz -/annobin-8.57.tar.xz -/annobin-8.58.tar.xz -/annobin-8.59.tar.xz -/annobin-8.60.tar.xz -/annobin-8.61.tar.xz -/annobin-8.62.tar.xz -/annobin-8.63.tar.xz -/annobin-8.64.tar.xz -/annobin-8.65.tar.xz -/annobin-8.66.tar.xz -/annobin-8.67.tar.xz -/annobin-8.68.tar.xz -/annobin-8.69.tar.xz -/annobin-8.70.tar.xz +/annobin-*.tar.xz +/annobin-9.51-1.fc34.src.rpm diff --git a/annobin.spec b/annobin.spec index 13bad94..f2f5ad0 100644 --- a/annobin.spec +++ b/annobin.spec @@ -1,46 +1,208 @@ -# Suppress this for BZ 1630550. -# The problem should now only arise when rebasing to a new major version -# of gcc, in which case the undefine below can be temporarily reinstated. -# -# # Do not build the annobin plugin with annotation enabled. -# # This is because if we are bootstrapping a new build environment we can have -# # a new version of gcc installed, but without a new of annobin installed. -# # (i.e. we are building the new version of annobin to go with the new version -# # of gcc). If the *old* annobin plugin is used whilst building this new -# # version, the old plugin will complain that version of gcc for which it -# # was built is different from the version of gcc that is now being used, and -# # then it will abort. -# %%undefine _annotated_build - Name: annobin -Summary: Binary annotation plugin for GCC -Version: 8.70 -Release: 1%{?dist} +Summary: Annotate and examine compiled binary files +Version: 13.05 +Release: 2%{?dist} +License: GPL-3.0-or-later AND LGPL-2.0-or-later AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND GFDL-1.3-or-later +URL: https://sourceware.org/annobin/ +# Maintainer: nickc@redhat.com +# Web Page: https://sourceware.org/annobin/ +# Watermark Protocol: https://fedoraproject.org/wiki/Toolchain/Watermark -License: GPLv3+ -URL: https://fedoraproject.org/wiki/Toolchain/Watermark +#--------------------------------------------------------------------------------- -# Use "--without tests" to disable the testsuite. The default is to run them. +# Use "--without tests" to disable the testsuite. %bcond_without tests # Use "--without annocheck" to disable the installation of the annocheck program. %bcond_without annocheck +# Use "--with debuginfod" to force support for debuginfod to be compiled into +# the annocheck program. By default the configure script will check for +# availablilty at build time, but this might not match the run time situation. +# FIXME: Add a --without debuginfod option to forcefully disable the configure +# time check for debuginfod support. +%bcond_with debuginfod + +# Use "--without clangplugin" to disable the building of the annobin plugin for Clang. +%bcond_without clangplugin + +# Use "--without gccplugin" to disable the building of the annobin plugin for GCC. +%bcond_without gccplugin + +# Use "--without llvmplugin" to disable the building of the annobin plugin for LLVM. +%bcond_without llvmplugin + # Set this to zero to disable the requirement for a specific version of gcc. # This should only be needed if there is some kind of problem with the version -# checking logic. -%global with_hard_gcc_version_requirement 1 +# checking logic or when building on RHEL-7 or earlier. +# +# Update: now that we have gcc version checking support in redhat-rpm-config +# there is no longer a great need for a hard gcc version check here. Not +# enabling this check greatly simplifies the process of installing a new major +# version of gcc into the buildroot. +%global with_hard_gcc_version_requirement 0 + +%bcond_without plugin_rebuild +# Allow the building of annobin without using annobin itself. +# This is because if we are bootstrapping a new build environment we can have +# a new version of gcc installed, but without a new of annobin installed. +# (i.e. we are building the new version of annobin to go with the new version +# of gcc). If the *old* annobin plugin is used whilst building this new +# version, the old plugin will complain that version of gcc for which it +# was built is different from the version of gcc that is now being used, and +# then it will abort. +# +# The default is to use plugin during rebuilds (cf BZ 1630550) but this can +# be changed because of the need to be able to rebuild annobin when a change +# to gcc breaks the version installed into the buildroot. Note however that +# uncommenting the lines below will result in annocheck not passing the rpminspect +# tests.... +# %%if %%{without plugin_rebuild} +# %%undefine _annotated_build +# %%endif #--------------------------------------------------------------------------------- -Source: https://nickc.fedorapeople.org/annobin-%{version}.tar.xz + +%global annobin_sources annobin-%{version}.tar.xz +Source: https://nickc.fedorapeople.org/%{annobin_sources} # For the latest sources use: git clone git://sourceware.org/git/annobin.git -# Insert patches here, if needed. -# Patch01: annobin-xxx.patch +# This is where a copy of the sources will be installed. +%global annobin_source_dir %{_usrsrc}/annobin + +# Insert patches here, if needed. Eg: +# Patch01: annobin-plugin-default-string-notes.patch #--------------------------------------------------------------------------------- +# Make sure that the necessary sub-packages are built. + +%if %{with gccplugin} +Requires: %{name}-plugin-gcc +%endif + +%if %{with llvmplugin} +Requires: %{name}-plugin-llvm +%endif + +%if %{with clangplugin} +Requires: %{name}-plugin-clang +%endif + +#--------------------------------------------------------------------------------- + +%description +This package contains the tools needed to annotate binary files created by +compilers, and also the tools needed to examine those annotations. + +%if %{with gccplugin} +One of the tools is a plugin for GCC that records information about the +security options that were in effect when the binary was compiled. + +Note - the plugin is automatically enabled in gcc builds via flags +provided by the redhat-rpm-macros package. +%endif + +%if %{with clangplugin} +One of the tools is a plugin for Clang that records information about the +security options that were in effect when the binary was compiled. +%endif + +%if %{with llvmplugin} +One of the tools is a plugin for LLVM that records information about the +security options that were in effect when the binary was compiled. +%endif + +%if %{with annocheck} +One of the tools is a security checker which analyses the notes present in +annotated files and reports on any missing security options. +%endif + +#--------------------------------------------------------------------------- + +# Now that we have sub-packages for all of the plugins and for annocheck, +# there are no executables left to go into the "annobin" rpm. But top-level +# packages cannot have "BuildArch: noarch" if sub-packages do have +# architecture requirements, and rpmlint generates an error if an +# architecture specific rpm does not contain any binaries. So instead all of +# the documentation has been moved into an architecture neutral sub-package, +# and there no longer is a top level annobin rpm at all. + +%package docs +Summary: Documentation and shell scripts for use with annobin +BuildArch: noarch +# The documentation uses pod2man... +BuildRequires: perl-interpreter perl-podlators gawk make sharutils + +%description docs +Provides the documentation files and example shell scripts for use with annobin. + +#---------------------------------------------------------------------------- +%if %{with tests} + +%package tests +Summary: Test scripts and binaries for checking the behaviour and output of the annobin plugin +Requires: %{name}-docs = %{version}-%{release} +BuildRequires: make sharutils +%if %{with debuginfod} +BuildRequires: elfutils-debuginfod-client-devel +%endif + +%description tests +Provides a means to test the generation of annotated binaries and the parsing +of the resulting files. + +%endif + +#---------------------------------------------------------------------------- +%if %{with annocheck} + +%package annocheck +Summary: A tool for checking the security hardening status of binaries + +BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel make + +%if %{with debuginfod} +BuildRequires: elfutils-debuginfod-client-devel +%endif + +Requires: %{name}-docs = %{version}-%{release} +Requires: cpio rpm + +%description annocheck +Installs the annocheck program which uses the notes generated by annobin to +check that the specified files were compiled with the correct security +hardening options. + +%package libannocheck +Summary: A library for checking the security hardening status of binaries + +BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel make + +%if %{with debuginfod} +BuildRequires: elfutils-debuginfod-client-devel +%endif + +Requires: %{name}-docs = %{version}-%{release} + +%description libannocheck +Installs the libannocheck library which uses the notes generated by the +annobin plugins to check that the specified files were compiled with the +correct security hardening options. + +%endif + +#---------------------------------------------------------------------------- +%if %{with gccplugin} + +%package plugin-gcc +Summary: annobin gcc plugin + +Requires: %{name}-docs = %{version}-%{release} +Conflicts: %{name} <= 9.60-1 +BuildRequires: gcc-c++ gcc-plugin-devel + # [Stolen from gcc-python-plugin] # GCC will only load plugins that were built against exactly that build of GCC # We thus need to embed the exact GCC version as a requirement within the @@ -85,7 +247,7 @@ Source: https://nickc.fedorapeople.org/annobin-%{version}.tar.xz %global gcc_major 0 %endif -# This is a gcc plugin, hence gcc is required. +# For a gcc plugin gcc is required. %if %{with_hard_gcc_version_requirement} # BZ 1607430 - There is an exact requirement on the major version of gcc. Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next}) @@ -93,46 +255,54 @@ Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next}) Requires: gcc %endif -BuildRequires: gcc gcc-plugin-devel gcc-c++ +# Information about the gcc plugin is recorded in this file. +%global aver annobin-plugin-version-info -%description -Provides a plugin for GCC that records extra information in the files -that it compiles and a set of scripts that can analyze the recorded -information. - -Note - the plugin is automatically enabled in gcc builds via flags -provided by the redhat-rpm-macros package. - -#--------------------------------------------------------------------------------- -%if %{with tests} - -%package tests -Summary: Test scripts and binaries for checking the behaviour and output of the annobin plugin - -%description tests -Provides a means to test the generation of annotated binaries and the parsing -of the resulting files. +%description plugin-gcc +Installs an annobin plugin that can be used by gcc. %endif #--------------------------------------------------------------------------------- -%if %{with annocheck} +%if %{with llvmplugin} -%package annocheck -Summary: A tool for checking the security hardening status of binaries +%package plugin-llvm +Summary: annobin llvm plugin -BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel +Requires: %{name}-docs = %{version}-%{release} +Requires: llvm-libs +Conflicts: %{name} <= 9.60-1 +BuildRequires: clang clang-devel llvm llvm-devel compiler-rt -%description annocheck -Installs the annocheck program which uses the notes generated by annobin to -check that the specified files were compiled with the correct security -hardening options. +%description plugin-llvm +Installs an annobin plugin that can be used by LLVM tools. + +%endif + +#--------------------------------------------------------------------------------- +%if %{with clangplugin} + +%package plugin-clang +Summary: annobin clang plugin + +Requires: %{name}-docs = %{version}-%{release} +Requires: llvm-libs +Conflicts: %{name} <= 9.60-1 +BuildRequires: clang clang-devel llvm llvm-devel compiler-rt + +%description plugin-clang +Installs an annobin plugin that can be used by Clang. %endif #--------------------------------------------------------------------------------- -%global ANNOBIN_PLUGIN_DIR %(gcc --print-file-name=plugin) +# Decide where the plugins will live. Change if necessary. + +%global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin) + +%{!?llvm_plugin_dir:%global llvm_plugin_dir %{_libdir}/llvm/plugins} +%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/plugins} #--------------------------------------------------------------------------------- @@ -142,74 +312,1540 @@ if [ -z "%{gcc_vr}" ]; then exit 1 fi -echo "Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next})" +echo "Requires: (gcc >= %{gcc_major} and gcc < %{gcc_next})" %autosetup -p1 # The plugin has to be configured with the same arcane configure # scripts used by gcc. Hence we must not allow the Fedora build # system to regenerate any of the configure files. -touch aclocal.m4 plugin/config.h.in +touch aclocal.m4 gcc-plugin/config.h.in touch configure */configure Makefile.in */Makefile.in # Similarly we do not want to rebuild the documentation. touch doc/annobin.info +# Generate a source tarball for installation later with all the patches +# applied. This must be the last step in the prep section. +tar -C ../ -cJf ../latest-annobin.tar.xz %{name}-%{version} + #--------------------------------------------------------------------------------- %build -%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_PLUGIN_DIR} + +CONFIG_ARGS="--quiet" + +%if %{with debuginfod} +CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod" +%else +# Note - we explicitly disable debuginfod support if it was not configured. +# This is because by default annobin's configue script will assume --with-debuginfod=auto +# and then run a build time test to see if debugingfod is available. It +# may well be, but the build time environment may not match the run time +# environment, and the rpm will not have a Requirement on the debuginfod +# client. +CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod" +%endif + +%if %{without clangplugin} +CONFIG_ARGS="$CONFIG_ARGS --without-clang-plugin" +%endif + +%if %{without gccplugin} +CONFIG_ARGS="$CONFIG_ARGS --without-gcc-plugin" +%else +CONFIG_ARGS="$CONFIG_ARGS --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}" +%endif + +%if %{without llvmplugin} +CONFIG_ARGS="$CONFIG_ARGS --without-llvm-plugin" +%endif + +%if %{without tests} +CONFIG_ARGS="$CONFIG_ARGS --without-tests" +%endif + +%if %{without annocheck} +CONFIG_ARGS="$CONFIG_ARGS --without-annocheck" +%else +export CFLAGS="$CFLAGS -DAARCH64_BRANCH_PROTECTION_SUPPORTED=1" +%endif + +%set_build_flags + +export CFLAGS="$CFLAGS $RPM_OPT_FLAGS %build_cflags" +export LDFLAGS="$LDFLAGS %build_ldflags" + +# Set target-specific options to be used when building the Clang and LLVM plugins. +# FIXME: There should be a better way to do this. +%ifarch %{ix86} x86_64 +export CLANG_TARGET_OPTIONS="-fcf-protection" +%endif +%ifarch aarch64 +export CLANG_TARGET_OPTIONS="-mbranch-protection=standard" +%endif +%ifnarch riscv64 +export CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS -flto" +%endif + +# Override the default fortification level used by the Clang and LLVM plugins. +export PLUGIN_FORTIFY_OPTION="-D_FORTIFY_SOURCE=3" + +CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" CXXFLAGS="$CFLAGS" %configure ${CONFIG_ARGS} || cat config.log + %make_build -# Rebuild the plugin, this time using the plugin itself! This + +%if %{with plugin_rebuild} +# Rebuild the plugin(s), this time using the plugin itself! This # ensures that the plugin works, and that it contains annotations -# of its own. This could mean that we end up with a plugin with -# double annotations in it. (If the build system enables annotations -# for plugins by default). I have not tested this yet, but I think -# that it should be OK. -cp plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so -make -C plugin clean -make -C plugin CXXFLAGS="%{optflags} -fplugin=%{_tmppath}/tmp_annobin.so -fplugin-arg-tmp_annobin-rename" +# of its own. + +%if %{with gccplugin} +cp gcc-plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so +make -C gcc-plugin clean +BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so" + +# Disable the standard annobin plugin so that we do get conflicts. +# Note - rpm-4.10 uses a different way of evaluating macros. +%if 0%{?rhel} && 0%{?rhel} < 7 +OPTS="$(rpm --eval '%undefine _annotated_build %build_cflags %build_ldflags')" +%else +OPTS="$(rpm --undefine=_annotated_build --eval '%build_cflags %build_ldflags')" +%endif + +# If building on systems with an assembler that does not support the +# .attach_to_group pseudo op (eg RHEL-7) then enable the next line. +# BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach" + +make -C gcc-plugin CXXFLAGS="$OPTS $BUILD_FLAGS" rm %{_tmppath}/tmp_annobin.so +%endif + +%if %{with clangplugin} +cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so +# To enable verbose more in the plugin append the following: ANNOBIN="verbose" +make -C clang-plugin clean all CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS $BUILD_FLAGS" PLUGIN_INSTALL_DIR=%{clang_plugin_dir} +%endif + +%if %{with llvmplugin} +cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so +# To enable verbose more in the plugin append the following: ANNOBIN_VERBOSE="true" +make -C llvm-plugin clean all CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS $BUILD_FLAGS" PLUGIN_INSTALL_DIR=%{llvm_plugin_dir} +%endif + +# endif for %%if {with_plugin_rebuild} +%endif #--------------------------------------------------------------------------------- %install -%make_install -%{__rm} -f %{buildroot}%{_infodir}/dir + +# PLUGIN_INSTALL_DIR is used by the Clang and LLVM makefiles... +%make_install PLUGIN_INSTALL_DIR=%{buildroot}/%{llvm_plugin_dir} + +%if %{with clangplugin} +# Move the clang plugin to a seperate directory. +mkdir -p %{buildroot}/%{clang_plugin_dir} +mv %{buildroot}/%{llvm_plugin_dir}/annobin-for-clang.so %{buildroot}/%{clang_plugin_dir} +%endif + +%if %{with gccplugin} +# Record the version of gcc that built this plugin. +# Note - we cannot just store %%{gcc_vr} as sometimes the gcc rpm version changes +# without the NVR being altered. See BZ #2030671 for more discussion on this. +mkdir -p %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR} +cat `gcc --print-file-name=rpmver` > %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver} + +# Also install a copy of the sources into the build tree. +mkdir -p %{buildroot}%{annobin_source_dir} +cp ../latest-annobin.tar.xz %{buildroot}%{annobin_source_dir}/latest-annobin.tar.xz +%endif + +rm -f %{buildroot}%{_infodir}/dir + +# When annocheck is disabled, annocheck.1.gz will still be generated, remove it. +%if %{without annocheck} +rm -f %{_mandir}/man1/annocheck.1.gz +%endif #--------------------------------------------------------------------------------- %if %{with tests} %check +# The first "make check" is run with "|| :" so that we can capture any logs +# from failed tests. The second "make check" is there so that the build +# will fail if any of the tests fail. +make check || : +if [ -f tests/test-suite.log ]; then + cat tests/test-suite.log +fi +# If necessary use uuencode to preserve test binaries here. For example: +# uuencode tests/tmp_atexit/atexit.strip atexit.strip + make check %endif #--------------------------------------------------------------------------------- -%files -%{ANNOBIN_PLUGIN_DIR} -%{_bindir}/built-by -%{_bindir}/check-abi -%{_bindir}/hardened -%{_bindir}/run-on-binaries-in +%files docs %license COPYING3 LICENSE +%dir %{_datadir}/doc/annobin-plugin %exclude %{_datadir}/doc/annobin-plugin/COPYING3 %exclude %{_datadir}/doc/annobin-plugin/LICENSE %doc %{_datadir}/doc/annobin-plugin/annotation.proposal.txt -%doc %{_infodir}/annobin.info.gz -%doc %{_mandir}/man1/annobin.1.gz -%doc %{_mandir}/man1/built-by.1.gz -%doc %{_mandir}/man1/check-abi.1.gz -%doc %{_mandir}/man1/hardened.1.gz -%doc %{_mandir}/man1/run-on-binaries-in.1.gz +%{_infodir}/annobin.info* +%{_mandir}/man1/annobin.1* +%exclude %{_mandir}/man1/built-by.1* +%exclude %{_mandir}/man1/check-abi.1* +%exclude %{_mandir}/man1/hardened.1* +%exclude %{_mandir}/man1/run-on-binaries-in.1* + +%if %{with llvmplugin} +%files plugin-llvm +%dir %{llvm_plugin_dir} +%{llvm_plugin_dir}/annobin-for-llvm.so +%endif + +%if %{with clangplugin} +%files plugin-clang +%dir %{clang_plugin_dir} +%{clang_plugin_dir}/annobin-for-clang.so +%endif + +%if %{with gccplugin} +%files plugin-gcc +%dir %{ANNOBIN_GCC_PLUGIN_DIR} +%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so +%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0 +%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0.0.0 +%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver} +%dir %{annobin_source_dir} +%{annobin_source_dir}/latest-annobin.tar.xz +%endif %if %{with annocheck} +%files annocheck %{_bindir}/annocheck -%doc %{_mandir}/man1/annocheck.1.gz +%{_mandir}/man1/annocheck.1* + +%files libannocheck +%{_includedir}/libannocheck.h +%{_libdir}/libannocheck.* +%{_libdir}/pkgconfig/libannocheck.pc %endif #--------------------------------------------------------------------------------- %changelog +* Fri Jan 16 2026 Fedora Release Engineering - 13.05-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild + +* Thu Jan 15 2026 Nick Clifton - 13.05-1 +- Annocheck: Add .fc44 to list of known rpm file extensions. + +* Sat Dec 20 2025 Jakub Jelinek - 13.04-3 +- NVR bump to allow rebuild for new GCC in a side-tag. + +* Sat Dec 20 2025 Jakub Jelinek - 13.04-2 +- NVR bump to allow rebuild for new GCC in a side-tag. + +* Thu Dec 18 2025 Nick Clifton - 13.04-1 +- Annocheck: Fix compile time warnings from GCC-15 re: strchr returning a const char *. + +* Wed Nov 05 2025 Nick Clifton - 13.03-1 +- Annocheck: Skip production test for gcc libraries. (RHEL-123175) + +* Fri Oct 31 2025 Nick Clifton - 13.02-1 +- Annocheck: Update heuristic to detect gcc libraries. (RHEL-124869) + +* Thu Oct 23 2025 Nick Clifton - 13.01-1 +- Annocheck: Change FAIL for binaries built by a cross compiler to a MAYBE. (RHEL-123175) + +* Wed Aug 06 2025 Nick Clifton - 12.99-1 +- Annocheck: Improve detection of glibc static maths libraries. (RHEL-107470) + +* Wed Jul 23 2025 Fedora Release Engineering - 12.98-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Fri Jul 04 2025 Tulio Magno Quites Machado Filho - 12.98-1 +- Improve configure and meson files for consistent builds. + +* Thu Jun 19 2025 Nick Clifton - 12.97-1 +- Annocheck: Delete the temporary debug info directory after the tests have finished. + +* Wed Jun 04 2025 Nick Clifton - 12.96-1 +- Annocheck: Fix bugs in debug rpm location code. Add more glibc exceptions. (RHEL-95216) + +* Thu May 15 2025 Nick Clifton - 12.95-1 +- Annocheck: Improve performance with multiple debug info files and multiple files to scan. (#2366180) + +* Tue May 13 2025 Nick Clifton - 12.94-1 +- Annocheck: Update heuristic for detecting gcc files to cope with gcc 15. (#2365824) + +* Mon Mar 17 2025 Nick Clifton - 12.93-1 +- Annocheck: Fix test for GO revision. (RHEL-56031) + +* Fri Feb 14 2025 Nick Clifton - 12.92-1 +- Annocheck: Do not rely upon libelf's ability to detect links to separate debuginfo files. (RHEL-79264) + +* Thu Feb 13 2025 Nick Clifton - 12.91-1 +- Annocheck: Fix resource leak. (RHEL-79253) + +* Wed Feb 12 2025 Nick Clifton - 12.90-1 +- Annocheck: Fix double free. Add special handling for COMBOOT modules. + +* Tue Feb 11 2025 Nick Clifton - 12.89-1 +- Annocheck: Improve diagnostics when a separate debug info file cannot be found. + +* Mon Feb 03 2025 Nick Clifton - 12.88-1 +- Annocheck: Look for -fstack-clash-protection in DW_AT_producer string. (RHEL-77328) + +* Tue Jan 28 2025 Nick Clifton - 12.87-1 +- Annocheck: Fix locating string notes (again). Add exception for glibc benchmark tests. (RHEL-76456) + +* Mon Jan 27 2025 Nick Clifton - 12.86-1 +- Annocheck: Add crtoffloadtableS.o to list of known gcc binaries. (RHEL-760404) + +* Mon Jan 27 2025 Nick Clifton - 12.85-1 +- Annocheck: Fix the --debug-dir option. + +* Thu Jan 23 2025 Nick Clifton - 12.84-1 +- Annocheck: Fix corrupt warning message when unable to locate separate debug info files. + +* Wed Jan 22 2025 Nick Clifton - 12.83-1 +- Annocheck: Remove spurious debugging messages. + +* Wed Jan 22 2025 Nick Clifton - 12.82-1 +- Annocheck: Always look for annobin notes in separate debug info files. (RHEL-75778) + +* Thu Jan 16 2025 Nick Clifton - 12.81-1 +- Annocheck: Support multiple --debug-rpm and --debug-file options. (RHEL-73349) + +* Sat Jan 11 2025 Jakub Jelinek - 12.80-2 +- NVR bump to allow rebuild for new GCC in a side-tag. + +* Fri Dec 13 2024 Nick Clifton - 12.80-1 +- Annocheck: Add support for sys-root'ed glibc packages. (RHEL-71296) + +* Tue Dec 10 2024 Nick Clifton - 12.79-1 +- GCC Plugin: Tidy up use of gcc's diagnoatic headers. (#32429) +- Testsuite: Use configured compiler when running tests. + +* Mon Dec 09 2024 Nick Clifton - 12.78-1 +- GCC Plugin: Fix building with gcc 15. (#32429) + +* Fri Nov 15 2024 Nick Clifton - 12.77-1 +- Annocheck: Fix overly long debug messages. + +* Fri Nov 15 2024 Nick Clifton - 12.76-1 +- Annocheck: Rename rwx-seg test to load-segments. Add more checks. Add check for gaps as a future fail. +- Annocheck: Add --no-allow-excpetions to disable exceptions for known special binaries. +- Annocheck: Add --enable-future to enable future fail components in normal tests. +- Annocheck: Fix bug preventing the inclusion of the rpm name in reports. + +* Tue Nov 12 2024 Nick Clifton - 12.75-1 +- Annocheck: Add more exceptions for gcc binaries. (RHEL-33365) +- Annocheck: Add --skip-passes option. + +* Wed Nov 06 2024 Nick Clifton - 12.74-1 +- Annocheck: Add exceptions for gcc binaries. (RHEL-33365) + +* Tue Nov 05 2024 Nick Clifton - 12.73-1 +- Annocheck: Skip property note test for i386 binaries created by LLVM. (#2323797) + +* Fri Nov 01 2024 Nick Clifton - 12.72-1 +- Annocheck: Skip FORTIFY and GLIBC_ASSERTIONS tests for LLVM produced binaries with unparseable DW_AT_producer attributes in their DWARF debug info. (RHEL-65411) + +* Mon Oct 14 2024 Nick Clifton - 12.71-1 +- GCC Plugin: Change type of the .annobin.notes section from SHT_STRTAB to SHT_PROGBITS. + +* Tue Aug 13 2024 Nick Clifton - 12.70-1 +- Clang & LLVM Plugins: Include install directory in binary. (RHEL-54069) + +* Mon Aug 12 2024 Nick Clifton - 12.69-1 +- BuiltBy: Fix seg-fault when comparing language version strings. (RHEL-53497) + +* Wed Aug 07 2024 Nick Clifton - 12.67-1 +- Annocheck: Stop spurious assembler warnings. (RHEL-53213) +- Annocheck: Stop warnings about known gaps. (RHEL-53218) + +* Fri Aug 02 2024 Nick Clifton - 12.66-1 +- Annocheck: Fix stack realign test. (#2302427) + +* Mon Jul 29 2024 Nick Clifton - 12.65-1 +- Annocheck: Fix recording arguments for later re-use. (RHEL-50802) + +* Fri Jul 26 2024 Nick Clifton - 12.64-1 +- GCC Plugin: Fix building AArch64 components with gcc earlier than 11.3. + +* Mon Jul 22 2024 Nick Clifton - 12.63-1 +- Annocheck: Add improvements to the builtby utility. + +* Wed Jul 17 2024 Fedora Release Engineering - 12.62-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Mon Jul 08 2024 Nick Clifton - 12.62-1 +- Annocheck: Add support for ADA binaries. +- Annocheck: Add support for binaries built from more than two high level source languages. +- Annocheck: Add support for object files containing no executable code. +- Annocheck: Do not FAIL LLVM compiled binaries that have not been built with sanitize-cfi and/or sanitize-safe-stack. + +* Wed Jun 26 2024 Nick Clifton - 12.60-1 +- Annocheck: Add support for Fortran binaries. + +* Tue Jun 11 2024 Nick Clifton - 12.59-1 +- Annocheck: Add heuristic for detecting parts of the CGO runtime library. + +* Mon Jun 10 2024 Nick Clifton - 12.58-1 +- Annocheck: Add improvements for handling Clang runtime binaries. + +* Tue Jun 04 2024 Nick Clifton - 12.57-1 +- Annocheck: Add tweaks for mixed Rust/C binaries. (#2284605) +- Annocheck: Add more glibc source file names. + +* Mon May 20 2024 Nick Clifton - 12.55-1 +- Annocheck: Skip GAPS test for GO binaries. (RHEL-36308) + +* Mon May 20 2024 Nick Clifton - 12.54-2 +- Spec File: Add annobin plugin document directory to the files section. (#2279779) + +* Tue May 14 2024 Nick Clifton - 12.54-1 +- Annocheck: Remove some false positives for Rust binaries. (#2280239) + +* Thu May 09 2024 Nick Clifton - 12.53-2 +- Spec File: Add the annobin source directory to the files section. (#2279779) + +* Thu May 09 2024 Nick Clifton - 12.53-1 +- Annocheck: Defer passing the branch protection test until all notes have been checked. +- GCC Plugin: Add extra code for detecting the branch protection setting. (RHEL-35958) + +* Thu Apr 25 2024 Nick Clifton - 12.52-1 +- Annocheck: Add OpenSSL Engine test. (PTG-319) + +* Tue Apr 23 2024 Nick Clifton - 12.51-1 +- Annocheck: Test for gaps even when only one note is present. + +* Mon Apr 22 2024 Nick Clifton - 12.50-1 +- Annocheck: Skip AArch64 branch protection test for GO binaries. + +* Thu Apr 18 2024 Nick Clifton - 12.49-1 +- GCC Plugin: Disable active check for -Wimplicit-int for non-C sources. (#2275884) +- Annocheck: Ignore stack checks for AMD GPU binaries. +- Annocheck: Do not produce FAIL result for i686 binaries in the RHEL-10 profile. +- Annocheck: Test for __stack_chk_guard being writeable. + +* Tue Apr 02 2024 Nick Clifton - 12.48-1 +- Annocheck: Update heuristics for detecting glibc code in executables. (RHEL-30579) + +* Wed Mar 27 2024 Nick Clifton - 12.47-1 +- Clang & LLVM Plugins: Allow environment to override fortification level. (RHEL-30579) +- Spec File: Override fortification level and set it to 3. + +* Mon Mar 25 2024 Tulio Magno Quites Machado Filho - 12.46-1 +- Annocheck: Improve detection of -mbranch-protection option. +- Clang Plugin: Add global-file-syms option. +- LLVM Plugin: Add global-file-syms option. +- Plugins: Add support for ANNOBIN environment variable. + +* Thu Mar 21 2024 Nick Clifton - 12.45-1 +- GCC Plugin: Fix bug extracing the value of target specific command line options. + +* Wed Mar 06 2024 Nick Clifton - 12.44-1 +- Configure: Remove check for FrontendPluginRegistry.h header as it is stored in a non-standard location on Debian systems. +- Debuginfod test: Allow for the libdwfl library silently contacting the debuginfod server. + +* Tue Mar 05 2024 Nick Clifton - 12.43-1 +- LLVM Plugin: Use llvm-config to get the correct paths and options for building executables. +- Clang Plugin: Likewise. +- Enable silent rules for most building. +- Annocheck: Correctly extract DWARF attributes from DT_REL files. + +* Fri Mar 01 2024 Nick Clifton - 12.42-1 +- Annocheck: Improve heuristics for locating debug info files. (#2267097) +- Configure: Harmonize configure options. + +* Tue Feb 27 2024 Nick Clifton - 12.41-1 +- Clang Plugin: Fix building with Clang 18. (#31414) +- GCC Plugin: Add support for MIPS specific target functions. +- GCC Plugin: Use .dc.a for address expressions in 64-bit ELF format notes. + +* Tue Feb 20 2024 Tulio Magno Quites Machado Filho - 12.40-2 +- Spec File: Remove a workaround for ppc64le. + +* Tue Feb 13 2024 Nick Clifton - 12.40-1 +- Annocheck: Improve heuristic for skipping LTO and FORTIFY tests. (#2264000) + +* Fri Feb 09 2024 Nick Clifton - 12.39-1 +- Annocheck: Also skip property note test for i686 binaries. (#2258571) + +* Tue Jan 23 2024 Nick Clifton - 12.38-1 +- Annocheck: Also skip the entry point test for i686 binaries. (#2258571) + +* Mon Jan 22 2024 Fedora Release Engineering - 12.37-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 12.37-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jan 17 2024 Nick Clifton - 12.37-1 +- GCC Plugin: Do not use section groups with string format notes. + +* Tue Jan 16 2024 Nick Clifton - 12.36-2 +- Spec File: NVR bump in order to allow building in side tag. + +* Tue Jan 16 2024 Nick Clifton - 12.36-1 +- Annocheck: Disable cf-protection test for i686 architecture. (#2258571) + +* Mon Jan 15 2024 Nick Clifton - 12.35-4 +- Spec File: NVR bump in order to allow building in side tag. + +* Mon Jan 15 2024 Nick Clifton - 12.35-3 +- Spec File: Disable hard gcc check in order to allow builds with new version of gcc. + +* Thu Jan 11 2024 Songsong Zhang - 12.35-2 +- Spec File: Do not install annocheck.1.gz when annocheck is disabled. + +* Thu Jan 04 2024 Nick Clifton - 12.35-1 +- Annocheck: Improve detection of FIPS compliant GO binaries. + +* Fri Dec 15 2023 Nick Clifton - 12.34-1 +- GCC Plugin: Fix recording of the -Wimplicit-int and -Wimplicit-function-declaration warnings. Add active checks for when they are deliberately disabled. + +* Mon Dec 11 2023 Nick Clifton - 12.33-1 +- Tests: Fix implicit-values test so that it will compile with gcc 14+. + +* Fri Nov 24 2023 Nick Clifton - 12.32-1 +- GCC Plugin: Add support for -fhardended. + +* Wed Nov 15 2023 Nick Clifton - 12.31-1 +- Update glibc detection heuristics for PPC64. (RHEL-16453) + +* Wed Nov 01 2023 Nick Clifton - 12.30-1 +- Fix another atexit test failure. (#2247481) + +* Mon Oct 30 2023 Nick Clifton - 12.29-1 +- Fix atexit test failure. +- Notes: Add support for string format notes. + +* Fri Oct 06 2023 Nick Clifton - 12.28-1 +- GCC Plugin: Record settings of -Wstrict-flex-arrays and -fstrict-flex-arrays +- Annobin: Add future test of these options. + +* Tue Sep 26 2023 Nick Clifton - 12.27-1 +- GCC Plugin: Record settings of -Wimplicit-int and -Wimplicit-function-declaration. +- Annobin: Add test for these warnings. + +* Wed Sep 06 2023 Nick Clifton - 12.26-1 +- LLVM Plugin: Fix building with LLVM version 17. + +* Wed Aug 30 2023 Nick Clifton - 12.25-1 +- GCC Plugin: Enable string note format by default. + +* Fri Aug 04 2023 Nick Clifton - 12.24-1 +- Annocheck: Change GO FIPS test to look for CGO_ENABLED markers. + +* Mon Jul 31 2023 Nick Clifton - 12.23-1 +- Annocheck: Add test for FIPS compliant GO binaries. + +* Wed Jul 26 2023 Nick Clifton - 12.22-1 +- Annocheck: Fix double free. (#2226749) + +* Wed Jul 19 2023 Fedora Release Engineering - 12.21-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Jul 18 2023 Nick Clifton - 12.21-1 +- Spec File: migrated to SPDX license. (#2222112) + +* Mon Jul 17 2023 Nick Clifton - 12.20-2 +- Spec File: Change License field to use SPDX notation. (#2222112) + +* Mon Jul 17 2023 Nick Clifton - 12.20-1 +- Annocheck: Ignore AArch64 $x and $d symbols. (#2221192) + +* Wed Jul 05 2023 Nick Clifton - 12.19-1 +- GCC Plugin: Suppress active checks for fortran sources. Improve scanning of COLLECT_GCC_OPTIONS. + +* Thu Jun 29 2023 Nick Clifton - 12.18-1 +- Annocheck: Remove dependency upon binutils-devel. + +* Thu Jun 29 2023 Nick Clifton - 12.17-1 +- Annocheck: Add detection of known parts of libstdc++-nonshared.a that contain gaps. (#2217864) + +* Tue Jun 27 2023 Nick Clifton - 12.16-1 +- Annocheck: Ignore weak/undef function symbols when checking to see if a binary contains code. (#2217840) + +* Mon Jun 26 2023 Nick Clifton - 12.15-1 +- Annocheck: Add --suppress-version-warnings option. + +* Thu Jun 22 2023 Nick Clifton - 12.14-1 +- Annocheck: Do not ignore separate debuginfo files that do not contain any DWARF. (#2144553) + +* Tue Jun 20 2023 Nick Clifton - 12.13-1 +- Annocheck: Ignore /dev/null filename in string notes. +- Annocheck: More tweaks to glibc detection heuristics. (#2215968) + +* Thu Jun 01 2023 Nick Clifton - 12.12-1 +- Annocheck: Check for string notes in separate debug info files. (#2211694) + +* Fri May 26 2023 Petr Pisar - 12.11-1 +- Annocheck: Add support for el10 and rhel-10 profiles. (RHEL-526) + +* Mon May 22 2023 Petr Pisar - 12.10-3 +- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19) + +* Fri May 05 2023 Nick Clifton - 12.10-2 +- GCC Plugin: Default to generating string format notes. (Experimental) + +* Fri Apr 28 2023 Nick Clifton - 12.10-1 +- Annocheck: Suppress more tests for Rust binaries. + +* Tue Apr 25 2023 Nick Clifton - 12.09-1 +- Annocheck: Fix detection of missing plugin options. (#2189492) + +* Tue Apr 25 2023 Nick Clifton - 12.08-1 +- Fix generation of auto-generated files. +- Fix covscan reported errors. + +* Fri Apr 21 2023 Nick Clifton - 12.07-1 +- gcc-plugin: generate warnings about misspelt -D_FORTIFY_SOURCE and/or -D_GLIBCXX_ASSERTIONS options. + +* Thu Apr 20 2023 Nick Clifton - 12.06-1 +- gcc-plugin: use a bigger buffer for constructing notes. + +* Wed Apr 19 2023 Nick Clifton - 12.05-1 +- llvm-plugin: Fix detection of optimization level. Improve test. +- clang-plugin: Improve test. + +* Mon Apr 17 2023 Nick Clifton - 12.04-1 +- configure: More improvements. +- annocheck: Fix seg-fault when checking for glibc components in string format notes. + +* Thu Apr 13 2023 Nick Clifton - 12.03-1 +- configure: Simplify. + +* Tue Apr 11 2023 Nick Clifton - 12.02-1 +- gcc plugin: Add filenames to string notes. Allow use of ANNOBIN environment variable. +- llvm plugin: Add workaround for building with LLVM-16. +- clang plugin: Fix for building with Clang-16. + +* Thu Mar 30 2023 Nick Clifton - 12.01-1 +- gcc plugin: Keep ELF notes at protocol version 3. + +* Tue Mar 28 2023 Nick Clifton - 12.00-1 +- Protocol Version 4: String format notes. + +* Mon Mar 13 2023 Nick Clifton - 11.14-1 +- Annocheck: Update message for LTO tests. (#2177140) + +* Wed Mar 08 2023 Nick Clifton - 11.13-1 +- Annocheck: Add even more code to handle another glibc function built without LTO. + +* Fri Mar 03 2023 Nick Clifton - 11.12-1 +- Annocheck: Add code to handle another glibc function built without LTO. + +* Tue Feb 28 2023 Nick Clifton - 11.11-1 +- GCC Plugin: Do not run if other plugins are active. (#2162746) + +* Thu Feb 23 2023 Nick Clifton - 11.10-1 +- Annocheck: Add code to handle glibc functions built without LTO. + +* Thu Feb 02 2023 Nick Clifton - 11.09-1 +- Libannocheck: Fix thinko in debugging code. +- Annocheck: Fix LTO test. +- Notes: Display notes held in separate dbeuginfo files. + +* Tue Jan 31 2023 Nick Clifton - 11.08-1 +- Annocheck: Fix atexit test. Fix recording of version numbers. (#2165528) + +* Wed Jan 25 2023 Nick Clifton - 11.07-2 +- LLVM & Clang Plugins: Build with branch protection on AArch64. (#2164364) +- Fix gating tests. + +* Fri Jan 20 2023 Nick Clifton - 11.07-1 +- Libannocheck: Fix bug causing infinite looping when running tests. + +* Wed Jan 18 2023 Fedora Release Engineering - 11.06-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Jan 16 2023 Jakub Jelinek - 11.06-2 +- Rebuilt against GCC 13. + +* Fri Jan 13 2023 Nick Clifton - 11.06-1 +- Annocheck: Fix handling of file built by multiple versions of gcc. (#2160700) + +* Mon Jan 09 2023 Nick Clifton - 11.05-1 +- Annocheck: Fix handling of empty files. (#2159292) + +* Fri Jan 06 2023 Nick Clifton - 11.04-1 +- Annocheck: Add crti.o and crtn.o to the list of known glibc special files. (#2158740) + +* Fri Jan 06 2023 Nick Clifton - 11.03-1 +- Annocheck: Fix memory leaks. + +* Wed Jan 04 2023 Nick Clifton - 11.02-1 +- Annocheck: Do not assume that object files contain no code simply because they do not have an executable segment. (#2158182) + +* Wed Jan 04 2023 Nick Clifton - 11.01-1 +- Annocheck: Add more special glibc filenames. (#2158100) + +* Wed Dec 21 2022 Nick Clifton - 10.99-1 +- Annocheck: Improve handling of tool versions. + +* Tue Dec 20 2022 Nick Clifton - 10.98-3 +- Spec File: Fix building with plugin_rebuild enabled. + +* Fri Dec 16 2022 Nick Clifton - 10.98-1 +- GCC plugin: Fix building with gcc-13. + +* Fri Dec 16 2022 Nick Clifton - 10.97-1 +- Annocheck: Add test for binaries built by cross compilers. + +* Thu Dec 15 2022 Nick Clifton - 10.96-1 +- Annocheck: Improve heuristic used to detect binaries without code. (#2144533) + +* Mon Dec 12 2022 Nick Clifton - 10.95-1 +- Annocheck: Avoid using debug filename when parsing notes in a debuginfo file. (#2152280) + +* Wed Nov 30 2022 Nick Clifton - 10.94-1 +- Annocheck: Better detection of binaries which do not contain code. (#2144533) + +* Wed Nov 23 2022 Nick Clifton - 10.93-1 +- Annocheck: Provide more information when a test is skipped because the file being tested was not compiled. + +* Mon Nov 07 2022 Nick Clifton - 10.92-1 +- Annocheck: Try harder not to run mutually exclusive tests. + +* Fri Oct 21 2022 Nick Clifton - 10.91-1 +- Tests: Fix future-test so that it properly handles the situation where the compiler does not support the new options. + +* Wed Oct 19 2022 Nick Clifton - 10.90-1 +- Libannocheck: Actually set result fields after tests are run. + +* Tue Oct 11 2022 Nick Clifton - 10.89-1 +- Libannocheck: Replace libannocheck_version variable with LIBANNOCHECK_VERSION define. + +* Tue Oct 11 2022 Nick Clifton - 10.88-1 +- Libannocheck: Remove 'Requires binutils-devel' from libannocheck.pc. + +* Wed Oct 05 2022 Nick Clifton - 10.87-2 +- Libannocheck: Move into separate sub-package. + +* Fri Sep 30 2022 Nick Clifton - 10.87-1 +- Libannocheck: Add libannocheck.pc pkgconfig file. + +* Fri Sep 30 2022 Nick Clifton - 10.86-1 +- Libannocheck: Add libannocheck_reinit(). + +* Thu Sep 22 2022 Nick Clifton - 10.85-1 +- GCC Plugin: Record -ftrivial-auto-var-init and -fzero-call-used-regs. +- Annocheck: Add future tests for -ftrivial-auto-var-init and -fzero-call-used-regs. + +* Tue Sep 20 2022 Serge Guelton - 10.84-1 +- Clang Plugin: Fix for building with Clang-15. (#2125875) + +* Fri Sep 09 2022 Nick Clifton - 10.83-1 +- Annocheck: Add a test for the inconsistent use of -Ofast. (#1248744) + +* Tue Sep 06 2022 Nick Clifton - 10.81-2 +- NVR Bump in order to trigger a rebuild for ELN. (#2124562) + +* Thu Aug 11 2022 Nick Clifton - 10.81-1 +- Plugin: Fix top level configuration support for RiscV. + +* Tue Aug 09 2022 Nick Clifton - 10.80-1 +- Annocheck: Improvements to the size tool. + +* Mon Jul 25 2022 Nick Clifton - 10.79-1 +- Annocheck: Fixes for libannocheck.h. + +* Wed Jul 20 2022 Fedora Release Engineering - 10.78-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue Jul 05 2022 Nick Clifton - 10.78-1 +- Annocheck: Add automatic profile selection. + +* Mon Jul 04 2022 Nick Clifton - 10.77-1 +- Annocheck: Improve gap detection and reporting. + +* Wed Jun 29 2022 Nick Clifton - 10.76-3 +- Spec File: Use the %%dir directive in the %%files section to ensure that +- plugin directories are useable. (#2080454) + +* Fri Jun 24 2022 Nick Clifton - 10.76-2 +- Spec File: Remove bogus Provides from annobin-docs subpackage. + +* Tue Jun 14 2022 Nick Clifton - 10.76-1 +- Annocheck: Check build-id of separate debuginfo files. +- Annocheck: Add GAPS test replacing --ignore-gaps. + +* Thu Jun 09 2022 Nick Clifton - 10.75-1 +- Annocheck: Fix covscan detected race condition between stat() and open(). + +* Tue Jun 07 2022 Nick Clifton - 10.74-1 +- Annocheck: Handle binaries created by Rust 1.18. (#2094420) +- Annocheck: Add optional function name to --skip arguments. (PR 29229) + +* Tue May 17 2022 Nick Clifton - 10.73-1 +- Annocheck: Fix handling of command line options that take arguments. (#2086850) + +* Mon May 16 2022 Nick Clifton - 10.72-1 +- Annocheck: Do not complain about unenabled -mbranch-protection option in AArch64 binaries. (#2078909) + +* Wed May 11 2022 Nick Clifton - 10.71-1 +- gcc-plugin: Fix typo in configure.ac. + +* Tue May 10 2022 Nianqing Yao - 10.70-2 +- Add support for RISC-V. + +* Mon May 09 2022 Nick Clifton - 10.70-1 +- Annocheck: Add another special case for glibc rpms. (#2083070) + +* Fri May 06 2022 Nick Clifton - 10.69-1 +- Annocheck: Do not complain about unenabled -mbranch-protection option in AArch64 binaries if compiled using LTO. (#2082146) + +* Tue May 03 2022 Nick Clifton - 10.68-1 +- Annocheck: Add more glibc exceptions + check PT_TLS segments. (#2081131) + +* Fri Apr 22 2022 Nick Clifton - 10.67-1 +- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled by golang. + +* Wed Apr 13 2022 Nick Clifton - 10.66-1 +- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled in LTO mode. + +* Tue Apr 12 2022 Nick Clifton - 10.65-1 +- gcc-plugin: Add support for CLVC_INTEGER options. + +* Wed Apr 06 2022 Nick Clifton - 10.64-1 +- Annocheck: Even more special cases for AArch64 glibc on RHEL-8. (#2072082) + +* Wed Apr 06 2022 Nick Clifton - 10.63-1 +- Annocheck: Add more special cases for AArch64 glibc on RHEL-8. (#2072082) + +* Tue Apr 05 2022 Nick Clifton - 10.62-1 +- llvm-plugin: Fix a thinko in the sources. + +* Sat Apr 02 2022 Nick Clifton - 10.61-1 +- gcc-plugin: Add remap of OPT_Wall. +- configure: Fix typo in top level configure.ac. + +* Thu Mar 31 2022 Timm Bäder redhat.com> - 10.60-1 +- Add support for building using meson+ninja. + +* Wed Mar 30 2022 Serge Guelton - 10.59-2 +- Rebuilt against new LLVM release, with patch. + +* Wed Mar 30 2022 Nick Clifton - 10.59-1 +- Annocheck: Fix test for AArch64 property notes. (#2068657) + +* Mon Mar 14 2022 Nick Clifton - 10.58-1 +- gcc-plugin: Do not issue warning messages for autoconf generated source files. (#2009958) + +* Wed Mar 09 2022 Jakub Jelinek - 10.57-3 +- NVR bump to allow rebuild for new GCC. + +* Wed Mar 09 2022 Jakub Jelinek - 10.57-2 +- NVR bump to allow rebuild for new GCC. + +* Mon Mar 07 2022 Nick Clifton - 10.57-1 +- Annocheck: Update documentation and fix typo in annocheck. (#2061291) + +* Fri Mar 04 2022 Nick Clifton - 10.56-1 +- Annocheck: Add option to enable/disable following symbolic links. + +* Mon Feb 28 2022 Nick Clifton - 10.55-1 +- Always identify Rust binaries, even if built on a host that does not know about Rust. (#2057737) + +* Thu Feb 24 2022 Jakub Jelinek - 10.54-4 +- NVR bump to allow rebuild for new GCC. + +* Wed Feb 16 2022 Nick Clifton - 10.54-3 +- Spec File: Use a different method to disable the annobin plugin (#2054571) + +* Mon Feb 14 2022 Jakub Jelinek - 10.54-2 +- NVR bump to allow rebuild for new GCC. + +* Fri Feb 11 2022 Nick Clifton - 10.54-1 +- Annocheck: Skip PIE anf PIC tests for GO binaries. + +* Sun Feb 06 2022 Jakub Jelinek - 10.53-2 +- NVR bump to allow rebuild in yet another side tag. + +* Thu Jan 27 2022 Nick Clifton - 10.53-1 +- gcc-plugin: Fix libtool so that extraneous runpaths are not added to the plugin. (#2030667) + +* Thu Jan 27 2022 Nick Clifton - 10.52-1 +- gcc-plugin: Use canonical_option field of save_decoded_options array. (#2047148) + +* Thu Jan 27 2022 Florian Weimer - 10.51-2 +- Rebuild for new gcc version + +* Tue Jan 25 2022 Nick Clifton - 10.51-1 +- Annocheck: Add an option to disable the use of debuginfod (if available). +- Annocheck: Add more glibc special file names. +- Annocheck: Skip some tests for BPF binaries. + +* Thu Jan 20 2022 Nick Clifton - 10.50-1 +- Annocheck: Add another glibc static library symbol. (#2043047) + +* Thu Jan 20 2022 Nick Clifton - 10.49-1 +- Annocheck: Skip property note test for GO binaries. (#204300) + +* Wed Jan 19 2022 Fedora Release Engineering - 10.48-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Jan 19 2022 Nick Clifton - 10.48-5 +- NVR bump to allow rebuild in another side tag. + +* Wed Jan 19 2022 Jakub Jelinek - 10.48-4 +- NVR bump to allow rebuild in yet another side tag. + +* Wed Jan 19 2022 Nick Clifton - 10.48-3 +- NVR bump to allow rebuild in another side tag. + +* Wed Jan 19 2022 Nick Clifton - 10.48-2 +- NVR bump to allow rebuild in a side tag. + +* Mon Jan 17 2022 Nick Clifton - 10.48-1 +- GCC Plugin: Do not fail if a section cannot be attached to a group. + +* Fri Jan 14 2022 Nick Clifton - 10.47-2 +- NVR bump to allow rebuild in a side tag. + +* Fri Jan 14 2022 Nick Clifton - 10.47-1 +- Annocheck: Improve detection of kernel modules. +- GCC Plugin: Only default to link-once when using gcc-12 or later. (#2039297) + +* Tue Jan 11 2022 Nick Clifton - 10.46-1 +- Annocheck: Add option to disable instrumentation test. + +* Mon Jan 10 2022 Nick Clifton - 10.45-1 +- GCC Plugin: Replace CLVC_BOOLEAN with CLVC_BIT_SET/CLVC_BIT_CLEAR. + +* Sun Jan 09 2022 Jakub Jelinek - 10.44-4 +- Rebuild against new GCC. + +* Sun Jan 09 2022 Jakub Jelinek - 10.44-3 +- Rebuild against new GCC. + +* Sun Jan 09 2022 Jakub Jelinek - 10.44-2 +- Rebuild against new GCC. + +* Fri Jan 07 2022 Nick Clifton - 10.44-1 +- Annocheck: Add even more glibc function names. (#2037333) + +* Fri Jan 07 2022 Nick Clifton - 10.43-1 +- Annocheck: ARM: Do not fail tests that rely upon annobin notes. + +* Wed Jan 05 2022 Nick Clifton - 10.42-1 +- Annocheck: Extend list of known glibc functions. (#2037333) + +* Wed Jan 05 2022 Nick Clifton - 10.41-1 +- Annocheck: Ignore gaps that contain the _start symbol (for AArch64). (#1995224) +- Annocheck: Ignore more glibc special binaries. (#2037220) + +* Tue Jan 04 2022 Nick Clifton - 10.40-1 +- Annocheck: Do not complaining about missing stack clash notes if the compilation used LTO. (#2034946) + +* Fri Dec 17 2021 Nick Clifton - 10.39-1 +- Annocheck: Add /usr/lib/ld-linux-aarch64.so.1 to the list of known glibc binaries. (#2033255) +- Doc: Note that ENDBR is only needed as the landing pad for indirect branches/calls. (#28705) +- Spec File: Store full gcc version release string in plugin info file. (#2030671) + +* Tue Dec 14 2021 Nick Clifton - 10.38-1 +- Annocheck: Add special case for x86_64 RHEL-7 gaps. (#2031133) + +* Tue Dec 14 2021 Nick Clifton - 10.37-1 +- Annocheck: Do not complaining about missing -mstackrealign notes in LTO mode. (#2030298) + +* Mon Dec 13 2021 Nick Clifton - 10.36-1 +- GCC Plugin: Do not record missing -mstackrealign in LTO mode. (#2030298) + +* Mon Dec 13 2021 Nick Clifton - 10.35-1 +- Tests: Fix fortify and debuginfod tests to use newly built annobin plugin. + +* Mon Dec 06 2021 Nick Clifton - 10.34-1 +- Tests: Fix gaps and stat tests to use newly built annobin plugin. (#2028063) + +* Mon Dec 06 2021 Nick Clifton - 10.32-1 +- Annocheck: Ignore gaps in binaries at least partial built by golang. (#2028583) + +* Thu Dec 02 2021 Nick Clifton - 10.31-1 +- Annocheck: Allow spaces in golang symbols. + +* Wed Dec 01 2021 Nick Clifton - 10.30-1 +- Annocheck: Initial deployment of libannocheck. + +* Wed Nov 24 2021 Nick Clifton - 10.29-1 +- gcc-plugin: Fix bug creating empty attachments. +- Annocheck: Change MAYB result to SKIP for DT_RPATH. (#2026300) + +* Fri Nov 19 2021 Nick Clifton - 10.27-1 +- Annocheck: Skip missing fortify/warning notes for ARM32. + +* Thu Nov 18 2021 Nick Clifton - 10.26-1 +- gcc-plugin: Try another fix for ppc64le section grouping. (#2023437) + +* Tue Nov 16 2021 Nick Clifton - 10.25-1 +- gcc-plugin: Revert 10.22 change. (#2023437) + +* Mon Nov 15 2021 Nick Clifton - 10.24-1 +- Annocheck: Add exception for /usr/sbin/ldconfig. (#2022973) + +* Mon Nov 08 2021 Nick Clifton - 10.23-1 +- Annocheck: Add a test for unicode characters in identifiers. + +* Wed Oct 27 2021 Nick Clifton - 10.22-1 +- gcc-plugin: Default to link-order grouping for PPC64LE. (#2016458) + +* Tue Oct 26 2021 Nick Clifton - 10.21-1 +- Annocheck: Do not fail if a --skip- option does not match a known test. +- ldconfig-test: Skip the LTO check. + +* Tue Oct 26 2021 Nick Clifton - 10.20-1 +- Annocheck: Add more glibc function names. + +* Thu Oct 21 2021 Nick Clifton - 10.19-1 +- gcc-plugin: Fix attaching the .text section to the .text.group section. + +* Wed Oct 20 2021 Nick Clifton - 10.18-1 +- Complain about DT_RPATH for Fedora binaries. + +* Mon Oct 18 2021 Nick Clifton - 10.17-1 +- Better reporting of problems in object files. (#2013708) + +* Mon Oct 18 2021 Nick Clifton - 10.16-2 +- Add a requirement on llvm-libs for clang and llvm plugins. (#2014573) + +* Thu Oct 14 2021 Nick Clifton - 10.16-1 +- Fix configuring annocheck without gcc-plugin. +- Annocheck: Better reporting of debuginfod problems. +- Tests: Fix bugs in debuginfod test. + +* Wed Oct 13 2021 Nick Clifton - 10.15-1 +- Annocheck: Add tests based upon recent bug fixes. + +* Tue Oct 12 2021 Nick Clifton - 10.14-1 +- Annocheck: Another tweak to glibc detection code. + +* Tue Oct 12 2021 Tom Stellard - 10.13-2 +- Rebuild for llvm-13.0.0 + +* Fri Oct 08 2021 Nick Clifton - 10.13-1 +- Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found. (#20011438) + +* Fri Oct 08 2021 Nick Clifton - 10.12-1 +- Annocheck: Fix MAYB results for mixed GO/C files. +- Annocheck: Move some messages from VERBOSE to VERBOSE2. +- Annocheck: Scan zero-length tool notes. + +* Tue Oct 05 2021 Nick Clifton - 10.11-1 +- Annocheck: Fix covscan detected flaws. +- plugins: Add more required build options. + +* Tue Oct 05 2021 Nick Clifton - 10.10-1 +- Annocheck: Fix cf-prot test to fail if the CET notes are missing. +- Annocheck: Skip gaps in the .plt section. +- Plugins: Add -g option when building LLVM and Clang. + +* Mon Oct 04 2021 Nick Clifton - 10.09-1 +- Annocheck: Add more cases of glibc startup functions. + +* Fri Oct 01 2021 Nick Clifton - 10.08-1 +- Annocheck: Fix covscan detected problems. +- Annocheck: Add --profile=el8. +- gcc-plugin: Conditionalize generation of branch protection note. + +* Wed Sep 29 2021 Nick Clifton - 10.07-1 +- Annocheck: Ignore gaps containing NOP instructions. + +* Thu Sep 16 2021 Nick Clifton - 10.06-1 +- GCC Plugin: Fix detection of running inside the LTO compiler. (#2004917) + +* Wed Sep 15 2021 Nick Clifton - 10.05-1 +- Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries. + +* Wed Sep 15 2021 Nick Clifton - 10.04-1 +- Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result. + +* Wed Sep 15 2021 Nick Clifton - 10.03-1 +- Annocheck: Do not set CFLAGS/LDFLAGS when building. Take from environment instead. + +* Fri Sep 10 2021 Nick Clifton - 10.02-1 +- Annocheck: Fix exit code when tests PASS. + +* Thu Sep 09 2021 Nick Clifton - 10.01-1 +- Documentation: Add node for each hardening test. +- Documentation: Install online. +- Annocheck: Annote FAIL and MAYB results with URL to documentation +- Annocheck: Add --no-urls and --provide-urls options +- Annocheck: Add --help- option. + +* Fri Sep 03 2021 Nick Clifton - 9.95-1 +- Annocheck: Fix fuzzing detected failures. +- Annocheck: Add --profile option. +- Docs: Document --profile option and rpminspect.yaml. + +* Tue Aug 31 2021 Nick Clifton - 9.94-1 +- Annocheck: Skip GO/CET checks. Fix fuzzing detected failures. + +* Wed Aug 25 2021 Nick Clifton - 9.93-1 +- LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. (#1997444) +- spec file: Add the installation of the annobon sources into /usr/src/annobin. + +* Tue Aug 24 2021 Nick Clifton - 9.92-1 +- Annocheck: Fix memory corruption. (#1996963) +- spec file: Add the creation of a gcc-plugin version info file in /usr/lib/rpm/redhat. + +* Wed Aug 18 2021 Nick Clifton - 9.91-1 +- Annocheck: Fix conditionalization of AArch64's PAC+BTI detection. + +* Wed Aug 18 2021 Nick Clifton - 9.90-1 +- Annocheck: Add linker generated function for ppc64le exceptions. (#1981410) +- LLVM Plugin: Allow checks to be selected from the command line. +- Annocheck: Examine DW_AT_producer for -flto. + +* Tue Aug 17 2021 Nick Clifton - 9.89-1 +- Annocheck: Conditionalize detection of AArch64's PAC+BTI protection. +- Annocheck: Add linker generated function for s390x exceptions. (#1981410) + +* Tue Aug 17 2021 Nick Clifton - 9.88-1 +- Annocheck: Generate MAYB results for gaps in notes covering the .text section. (#1991943) +- Annocheck: Close DWARF file descriptors once the debug info is no longer needed. (#1981410) +- LLVM Plugin: Update to build with Clang v13. (Thanks to: Tom Stellard ) + +* Mon Aug 16 2021 Tom Stellard - 9.87-2 +- Rebuild for LLVM 13.0.0-rc1 + +* Mon Aug 16 2021 Nick Clifton - 9.87-1 +- Annocheck: Fix memory corruption. (#1988715) + +* Wed Aug 11 2021 Nick Clifton - 9.86-1 +- Annocheck: Skip certain tests for kernel modules. + +* Tue Aug 10 2021 Nick Clifton - 9.85-1 +- Annocheck: Detect a missing CET note. (#1991931) +- Annocheck: Do not report future fails for AArch64 notes. +- Annocheck: Warn about multiple --debug-file, --debug-rpm and --debug-dir options. + +* Mon Aug 09 2021 Nick Clifton - 9.84-1 +- Annocheck: Process files in command line order. (#1988714) + +* Fri Jul 23 2021 Nick Clifton - 9.83-1 +- Annocheck: Reverse AArch64 PAC+BTI check, ie fail if they are enabled. (#1984995) + +* Wed Jul 21 2021 Fedora Release Engineering - 9.82-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jul 13 2021 Nick Clifton - 9.82-1 +- Annocheck: Add another test exceptions. + +* Tue Jul 13 2021 Nick Clifton - 9.81-1 +- Annocheck: Add some more test exceptions. + +* Mon Jul 05 2021 Nick Clifton - 9.80-1 +- Tests: Skip glibc-notes test if the assembler does not support --generate-missing-build-notes. (#1978573) +- Tests: Skip objcopy test if objcopy does not support --merge-notes. + +* Tue Jun 29 2021 Nick Clifton - 9.79-1 +- Annocheck: Fix spelling mistake in -mstack-realign failure message. (#1977349) + +* Mon Jun 21 2021 Nick Clifton - 9.78-1 +- gcc-plugin: Do not record global versions of stack protection settings in LTO mode, if not set. (#1958954) + +* Mon Jun 21 2021 Nick Clifton - 9.77-1 +- Annocheck: Remove limit on number of input files. + +* Tue Jun 15 2021 Nick Clifton - 9.76-1 +- clang/llvm plugins: Build with correct security options. + +* Tue Jun 15 2021 Nick Clifton - 9.75-1 +- Annocheck: Better detection of GO compiler version. + +* Wed Jun 09 2021 Nick Clifton - 9.74-1 +- Annocheck: Better support for symbolic links. +- Annocheck: In verbose mode, report the reason for skipping specific tests. (#1969584) + +* Fri Jun 04 2021 Tom Stellard - 9.73-3 +- Rebuild for LLVM 12.0.1 + +* Thu Jun 03 2021 Nick Clifton - 9.73-2 +- Obsolete all previous versions of annobin. (#1967339) + +* Tue May 25 2021 Nick Clifton - 9.73-1 +- Annocheck: Improve detection of shared libraries. (#1958954) + +* Wed May 19 2021 Nick Clifton - 9.72-2 +- Tidy up spec file. + +* Thu May 13 2021 Nick Clifton - 9.72-1 +- Annocheck: Accept 0 as a valid number for gcc minor versions and release numbers. +- gcc-plugin: Add support for ARM and RISCV targets. + +* Tue May 04 2021 Nick Clifton - 9.71-1 +- timing: do not initialise the clock if the timing tool is disabled. + +* Fri Apr 30 2021 Nick Clifton - 9.70-1 +- gcc-plugin: Replace ICE messsages with verbose messages. + +* Thu Apr 22 2021 Nick Clifton - 9.69-1 +- Fix the testsuite so that it can be run in parallel. + +* Wed Apr 21 2021 Nick Clifton - 9.68-1 +- Annocheck: WARN if the annobin plugin was built for a newer version of the compiler than the one on which it was run. (#1950657) + +* Tue Apr 20 2021 Petr Pisar - 9.67-2 +- Obsolete annobin < 9.66-1 (bug #1949570) + +* Tue Apr 20 2021 Nick Clifton - 9.67-1 +- Annocheck: Improve detection of missing GNU-stack support. + +* Mon Apr 19 2021 Petr Pisar - 9.66-4 +- Bump a release + +* Fri Apr 16 2021 Petr Pisar - 9.66-3 +- Correct a package rename (bug #1949570) +- Require docs subpackage by the other ones because of a license +- Build-requiring perl-interpreter is enough + +* Thu Apr 15 2021 Martin Cermak - 9.66-2 +- Fix bz1949570 + +* Fri Apr 09 2021 Nick Clifton - 9.66-1 +- Fix anomolies reported by covscan. +- Move documentation into a sub-package. + +* Sat Mar 20 2021 Jakub Jelinek - 9.65-2 +- NVR bump to rebuild against GCC 11.0.1 + +* Tue Mar 09 2021 Nick Clifton - 9.65-1 +- gcc-plugin: Use a fixed filename when running in LTO mode. + +* Wed Mar 03 2021 Nick Clifton - 9.64-1 +- Annocheck: Fix detection of special function names. (#1934189) + +* Fri Feb 26 2021 Nick Clifton - 9.63-1 +- Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc. (#1923439) + +* Thu Feb 25 2021 Nick Clifton - 9.62-1 +- Annocheck: Add colour to some messages. Skip the deliberate use of -fno-stack-protector. (#1923439) + +* Mon Feb 22 2021 Nick Clifton - 9.61-1 +- Annocheck: Fix some problems with tests for missing notes. + +* Wed Feb 10 2021 Tom Stellard = 9.60-2 +- Split plugins into separate sub-packages + +* Fri Feb 05 2021 Nick Clifton - 9.60-1 +- Add some GO tests to annocheck. + +* Tue Jan 26 2021 Fedora Release Engineering - 9.59-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 20 2021 Nick Clifton - 9.59-1 +- Add a future fail for the presence of RPATH in the dynamic tags. + +* Mon Jan 18 2021 Nick Clifton - 9.58-1 +- Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing. + +* Wed Jan 13 2021 Nick Clifton - 9.57-1 +- Workaround for elflint problems with PPC compiled files. (#1880634) + +* Wed Jan 13 2021 Nick Clifton - 9.56-1 +- Fix bogus AArch64 test failures. + +* Tue Jan 12 2021 Nick Clifton - 9.55-1 +- Improved testing by annocheck. Add fixed format message mode. + +* Mon Jan 04 2021 Nick Clifton - 9.54-1 +- Fix inconsistency reporting -fcf-protection and -fstack-clash-protection results. + +* Mon Jan 04 2021 Nick Clifton - 9.53-1 +- Add support for -D_FORTIFY_SOURCE=3. + +* Fri Dec 11 2020 Nick Clifton - 9.52-2 +- NVR bump in order to allow the new gating tests to be run. + +* Fri Dec 11 2020 Nick Clifton - 9.52-1 +- annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer. (#1906171) + +* Thu Dec 10 2020 Nick Clifton - 9.51-1 +- annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations. (#1906171) + +* Wed Dec 09 2020 Nick Clifton - 9.50-1 +- annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL. + +* Tue Dec 08 2020 Nick Clifton - 9.49-1 +- annocheck: Fix notes analyzer to accept empty PPC64 notes. + +* Mon Dec 07 2020 Jakub Jelinek - 9.48-5 +- NVR bump for another ELN sidetag rebuild. + +* Sun Dec 06 2020 Jakub Jelinek - 9.48-4 +- Revert back to previous settings. + +* Sun Dec 06 2020 Jakub Jelinek - 9.48-3 +- Another NVR bump for GCC 11 rebuild. + +* Sun Dec 06 2020 Jakub Jelinek - 9.48-2 +- NVR bump for GCC 11 rebuild. + +* Wed Dec 02 2020 Nick Clifton - 9.48-1 +- gcc plugin: Tweak generation of end symbols for PPC64 when LTO is active. (#1898075) + +* Tue Dec 01 2020 Nick Clifton - 9.47-1 +- gcc plugin: Add support for GCC 11's cl_vars array. + +* Fri Nov 27 2020 Jakub Jelinek - 9.46-2 +- NVR bump for another ELN sidetag rebuild. + +* Tue Nov 24 2020 Nick Clifton - 9.46-1 +- Annocheck: Support enabling/disabling future fails. + +* Wed Nov 18 2020 Nick Clifton - 9.45-1 +- GCC plugin: Always record global notes for the .text.startup, + .text.exit, .text.hot and .text.cold sections. + +* Tue Nov 17 2020 Nick Clifton - 9.44-1 +- Clang plugin: Add -lLLVM to the build command line. + +* Mon Nov 16 2020 Nick Clifton - 9.43-1 +- Annocheck: Improve reporting of missing -D_FORTIFY_SOURCE option. (#1898075) + +* Mon Nov 16 2020 Nick Clifton - 9.42-1 +- Annocheck: Improve reporting of missing LTO option. + +* Tue Nov 10 2020 Nick Clifton - 9.41-1 +- Add detecting of gimple compiled binaries. + +* Mon Nov 09 2020 Nick Clifton - 9.40-1 +- Add --without-gcc-plugin option. + +* Fri Nov 06 2020 Nick Clifton - 9.38-1 +- Annocheck: Fix bug parsing DW_AT_producer. + +* Wed Nov 04 2020 Nick Clifton - 9.37-1 +- Add test of .note.gnu.property section for PowerPC. +- Add test of objcopy's ability to merge notes. + +* Fri Oct 30 2020 Jakub Jelinek - 9.36-2 +- NVR bump for another ELN sidetag rebuild. + +* Wed Oct 21 2020 Nick Clifton - 9.36-1 +- Record the -flto setting and produce a soft warning if it is absent. +- Suppress warnings about _D_GLIBCXX_ASSERTIONS if the source code is known to be something other than C++. + +* Wed Oct 21 2020 Nick Clifton - 9.35-3 +- NVR bump to allow building on ELN sidetag. + +* Mon Oct 05 2020 Nick Clifton - 9.35-2 +- Correct the directory chosen for 32-bit LLVM and Clang plugins. (#1884951) + +* Thu Oct 01 2020 Nick Clifton - 9.35-1 +- Allow the use of the SHF_LINK_ORDER section flag to discard unused notes. (Experimental). + +* Mon Sep 28 2020 Nick Clifton - 9.34-1 +- Enable the build and installation of the LLVM and Clang plugins. (Experimental). + +* Mon Sep 21 2020 Nick Clifton - 9.33-1 +- gcc-plugin: Fix test for empty PowerPC sections. (#1880634) + +* Thu Sep 17 2020 Nick Clifton - 9.32-2 +- NVR bump to allow rebuild against f34-build-side-30319. + +* Tue Sep 15 2020 Nick Clifton - 9.32-1 +- annocheck: Add tests for the AArch64 BTI and PAC security features. (#1862478) + +* Thu Sep 10 2020 Nick Clifton - 9.31-1 +- gcc plugin: Use a 4 byte offset for PowerPC start symbols, so that they do not break disassemblies. + +* Thu Sep 10 2020 Nick Clifton - 9.30-1 +- gcc plugin: Correct the detection of 32-bit x86 builds. (#1876197) + +* Mon Aug 17 2020 Nick Clifton - 9.29-1 +- gcc plugin: Detect any attempt to access the global_options array. + +* Tue Aug 11 2020 Nick Clifton - 9.28-1 +- gcc plugin: Do not complain about missing pre-processor options when examining a preprocessed input file. (#1862718) + +* Thu Jul 30 2020 Nick Clifton - 9.27-1 +- Use more robust checks for AArch64 options. + +* Thu Jul 30 2020 Nick Clifton - 9.26-1 +- Detect CLANG compiled assembler that is missing IBT support. + +* Wed Jul 29 2020 Nick Clifton - 9.25-1 +- Improved target pointer size discovery. + +* Mon Jul 27 2020 Fedora Release Engineering - 9.24-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Sun Jul 26 2020 Nick Clifton - 9.24-2 +- Rebuild with plugin enabled to check that suppression works. + +* Sun Jul 26 2020 Nick Clifton - 9.24-1 +- Add support for installing clang and llvm plugins. +- Temporary suppression of aarch64 pointer size check. (#1860549) + +* Sat Jul 25 2020 Peter Robinson - 9.23-2 +- Rebuild for gcc 10.2 + +* Wed Jul 01 2020 Nick Clifton - 9.23-1 +- Annocheck: Do not skip tests of the short-enums notes. (#1743635) + +* Mon Jun 15 2020 Nick Clifton - 9.22-1 +- Add (optional) llvm plugin. + +* Wed Apr 22 2020 Nick Clifton - 9.21-1 +- Annobin: Fall back on using the flags if the option cannot be found in cl_options. (#1817659) + +* Thu Apr 16 2020 Nick Clifton - 9.20-1 +- Annocheck: Detect Fortran compiled programs. (#1824393) + +* Wed Apr 01 2020 Nick Clifton - 9.19-1 +- Annobin: If option name mismatch occurs, seach for the real option. (#1817452) + +* Mon Mar 30 2020 Nick Clifton - 9.18-1 +- Annocheck: Fix a division by zero error when parsing GO binaries. (#1818863) + +* Fri Mar 27 2020 Nick Clifton - 9.16-1 +- Annobin: Fix access to the -flto and -fsanitize flags. + +* Thu Mar 26 2020 Nick Clifton - 9.14-1 +- Annobin: Use offsets stored in gcc's cl_option structure to access the global_options array, thus removing the need to check for changes in the size of this structure. + +* Thu Mar 26 2020 Nick Clifton - 9.13-2 +- NVR bump to allow rebuilding against new gcc. + +* Thu Mar 12 2020 Nick Clifton - 9.13-1 +- Rename gcc plugin directory to gcc-plugin. +- Stop annocheck from complaining about missing options when the binary has been built in a mixed environment. + +* Thu Mar 12 2020 Nick Clifton - 9.12-3 +- And again, this time with annotation enabled. (#1810941) + +* Thu Mar 12 2020 Nick Clifton - 9.12-2 +- NVR bump to enable rebuild against updated gcc. (#1810941) + +* Wed Mar 04 2020 Nick Clifton - 9.12-1 +- Improve builtby tool. +- Stop annocheck complaining about missing notes when the binary is not compiled by either gcc or clang. +- Skip the check of the ENTRY instruction for binaries not compiled by gcc or clang. (#1809656) + +* Fri Feb 28 2020 Nick Clifton - 9.11-1 +- Fix infinite loop hangup in annocheck. +- Disable debuginfod support by default. +- Improve parsing of .comment section. + +* Thu Feb 27 2020 Nick Clifton - 9.10-1 +- Fix clang plugin to use hidden symbols. + +* Tue Feb 25 2020 Nick Clifton - 9.09-1 +- Add ability to build clang plugin (disabled by default). + +* Mon Feb 17 2020 Nick Clifton - 9.08-1 +- Annocheck: Fix error printing out the version number. + +* Fri Feb 14 2020 Nick Clifton - 9.07-1 +- Annobin: Add checks of the exact location of the examined switches. + +* Tue Feb 11 2020 Nick Clifton - 9.06-1 +- Annobin: Note when stack clash notes are generated. +- Annocheck: Handle multiple builder IDs in the .comment section. + +* Fri Jan 31 2020 Nick Clifton - 9.05-1 +- Add configure option to suppress building annocheck. + +* Fri Jan 31 2020 Nick Clifton - 9.04-1 +- Fix debuginfod test. + +* Thu Jan 30 2020 Nick Clifton - 9.03-2 +- Correct the build requirement for building with debuginfod support. + +* Thu Jan 30 2020 Nick Clifton - 9.03-1 +- Add debuginfod support. + +* Tue Jan 28 2020 Fedora Release Engineering - 9.01-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Jan 20 2020 Nick Clifton - 9.01-2 +- Rebuild againt latest gcc-10. + +* Mon Jan 20 2020 Nick Clifton - 9.01-1 +- Add clang plugin (experimental). + +* Fri Dec 06 2019 Nick Clifton - 8.92-1 +- Have annocheck ignore notes with an end address of 0. + +* Mon Nov 18 2019 Nick Clifton - 8.91-1 +- Improve checking of gcc versions. + +* Fri Nov 15 2019 Nick Clifton - 8.90-1 +- Do not skip positive results. + +* Fri Nov 01 2019 Nick Clifton - 8.88-1 +- Generate a WARN result for code compiled with instrumentation enabled. (#1753918) + +* Tue Oct 22 2019 Nick Clifton - 8.87-1 +- Replace address checks with dladdr1. + +* Mon Oct 21 2019 Nick Clifton - 8.86-1 +- Use libabigail like checking to ensure variable address consistency. + +* Wed Oct 16 2019 Nick Clifton - 8.85-1 +- Skip generation of global notes for hot/cold sections. + +* Thu Oct 10 2019 Nick Clifton - 8.84-1 +- Generate FAIL results if -Wall or -Wformat-security are missing. + +* Thu Oct 03 2019 Nick Clifton - 8.83-1 +- If notes cannot be found in the executable look for them in the debuginfo file, if available. +- Generate a FAIL if notes are missing from the executable/debuginfo file. +- Record and report the setting of the AArcht64 specific -mbranch-protection option. + +* Mon Sep 23 2019 Nick Clifton - 8.81-1 +- Improve detection of GO binaries. +- Add gcc version information to annobin notes. +- Do not complain about missing FORTIFY_SOURCE and GLIBCXX_ASSERTIONS in LTO compilations. + +* Wed Sep 04 2019 Nick Clifton - 8.79-2 +- NVR bump to allow rebuild against latest gcc. (#1748529) + +* Tue Aug 06 2019 Nick Clifton - 8.79-1 +- Allow compiler used to run tests to be specified on the command line. (#1723401) + +* Tue Aug 06 2019 Nick Clifton - 8.78-1 +- Fix a memory allocation error in the annobin plugin. (#1737306) + +* Wed Jul 24 2019 Fedora Release Engineering - 8.77-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jun 24 2019 Nick Clifton - 8.77-1 +- Another attempt at fixing the detection and reporting of missing -D_FORTIFY_SOURCE options. (#1703500) + +* Mon Jun 10 22:13:17 CET 2019 Igor Gnatenko - 8.76-4 +- Rebuild for RPM 4.15 + +* Mon Jun 10 15:42:00 CET 2019 Igor Gnatenko - 8.76-3 +- Rebuild for RPM 4.15 + +* Thu Jun 06 2019 Panu Matilainen - 8.76-2 +- Really enable annocheck sub-package + +* Tue Apr 30 2019 Nick Clifton - 8.76-1 +- Report a missing -D_FORTIFY_SOUCRE option if -D_GLIBCXX_ASSERTIONS was detected. (#1703499) +- Do not report problems with -fstack-protection if the binary was not built by gcc or clang. (#1703788) + +* Fri Apr 26 2019 Nick Clifton - 8.74-1 +- Add tests of clang command line options recorded in the DW_AT_producer attribute. + +* Wed Apr 24 2019 Nick Clifton - 8.73-1 +- Fix test for an executable stack segment. (#1700924) + +* Thu Apr 18 2019 Nick Clifton - 8.72-1 +- Rebuild annobin with the latest rawhide gcc sources. (#1700923) + +* Thu Feb 28 2019 Nick Clifton - 8.71-1 +- Annobin: Suppress more calls to free() which are triggering memory checker errors. (#1684148) + * Fri Feb 01 2019 Nick Clifton - 8.70-1 - Add section flag matching ability to section size tool. diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..84b7773 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,20 @@ +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_stable +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + - !PassingTestCaseRule {test_case_name: baseos-qe.koji-build.scratch-build.validation} +--- !Policy +product_versions: + - rhel-8 +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} +--- !Policy +product_versions: + - rhel-9 +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} diff --git a/plans/ci.fmf b/plans/ci.fmf new file mode 100644 index 0000000..6ae9ce7 --- /dev/null +++ b/plans/ci.fmf @@ -0,0 +1,6 @@ +summary: CI Gating Plan +discover: + how: fmf + url: https://src.fedoraproject.org/tests/annobin.git +execute: + how: tmt diff --git a/sources b/sources index 4496fa0..ae2a779 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (annobin-8.70.tar.xz) = 8a963a82200c3b073290c808f46f076dc73f08c60bbff37f22dd3447bb099d2ef2e05035c4fc90567047cc02dbcd1900b63de32b1596fe1068d36ee6327512c0 +SHA512 (annobin-13.05.tar.xz) = 07bc023018e3f456fae470b271915bde2e1ff367ee8bb58adb74255023ae59e8c45ced8e4bd2130bf8a496966d986bca9866e054019f6ca4660d78c129b6532f