From 527a2f2cf6f22737f7d57470e7e03d6ba8d3b68e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 26 2022 10:16:55 +0000 Subject: import annobin-10.58-1.el8 --- diff --git a/.annobin.metadata b/.annobin.metadata index 9cbd4e4..1e70d14 100644 --- a/.annobin.metadata +++ b/.annobin.metadata @@ -1 +1 @@ -cb5a3c922fa3018c7df177d27357a04cfc9085e5 SOURCES/annobin-10.29.tar.xz +4984e9dfea53ef0c5519851d07fe830203a72e0a SOURCES/annobin-10.58.tar.xz diff --git a/.gitignore b/.gitignore index 913d4cc..02a886b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/annobin-10.29.tar.xz +SOURCES/annobin-10.58.tar.xz diff --git a/SOURCES/annobin-annocheck-no-debuginfod.patch b/SOURCES/annobin-annocheck-no-debuginfod.patch new file mode 100644 index 0000000..19f0d39 --- /dev/null +++ b/SOURCES/annobin-annocheck-no-debuginfod.patch @@ -0,0 +1,11 @@ +--- annobin.orig/annocheck/annocheck.c 2022-03-24 11:58:57.549279537 +0000 ++++ annobin-10.58/annocheck/annocheck.c 2022-03-24 11:59:09.574237612 +0000 +@@ -21,6 +21,8 @@ + #include + #include + #include ++#undef HAVE_LIBDEBUGINFOD ++#define HAVE_LIBDEBUGINFOD 0 + #ifndef LIBANNOCHECK + #if HAVE_LIBDEBUGINFOD + #include diff --git a/SOURCES/annobin-gaps-test.patch b/SOURCES/annobin-gaps-test.patch deleted file mode 100644 index b19ab99..0000000 --- a/SOURCES/annobin-gaps-test.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- annobin.orig/tests/gaps-test 2021-11-22 16:02:17.449655455 +0000 -+++ annobin-10.27/tests/gaps-test 2021-11-22 16:06:37.296680446 +0000 -@@ -40,12 +40,13 @@ fi - # Run annocheck - - SKIPS="--skip-property-note --skip-dynamic-tags --skip-not-dynamic-tags --skip-branch-protection --skip-not-branch-protection --skip-lto" -+SKIPS+=" --skip-stack-clash --skip-cf-protection --skip-stack-realign" - $ANNOCHECK main.exe $SKIPS > main.out - grep -e "PASS" main.out - if [ $? != 0 ]; - then - echo "gaps-test: FAIL: using rpm build macros did not produce an executable that passes annocheck" -- $ANNOCHECK main.exe $SKIPS --verbose --enable-notes -+ $ANNOCHECK main.exe $SKIPS --verbose - echo $GCC $OPTS $srcdir/main.c -o main.exe - end_test - exit 1 diff --git a/SPECS/annobin.spec b/SPECS/annobin.spec index 45aa502..75c26f1 100644 --- a/SPECS/annobin.spec +++ b/SPECS/annobin.spec @@ -1,11 +1,12 @@ Name: annobin Summary: Annotate and examine compiled binary files -Version: 10.29 -Release: 3%{?dist} +Version: 10.58 +Release: 1%{?dist} License: GPLv3+ -# ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark # Maintainer: nickc@redhat.com +# Web Page: https://sourceware.org/annobin/ +# Watermark Protocol: https://fedoraproject.org/wiki/Toolchain/Watermark #--------------------------------------------------------------------------------- @@ -15,7 +16,7 @@ License: GPLv3+ # Use "--without annocheck" to disable the installation of the annocheck program. %bcond_without annocheck -# Use "--with debuginfod" to force support for debuginfod to be compiled into +# Use "--with debuginfod" to add support for debuginfod to be compiled into # the annocheck program. By default the configure script will check for # availablilty at build time, but this might not match the run time situation. # FIXME: Add a --without debuginfod option to forcefully disable the configure @@ -25,6 +26,9 @@ License: GPLv3+ # Use "--with clangplugin" to build the annobin plugin for Clang. %bcond_with clangplugin +# Use "--without gccplugin" to disable the building of the annobin plugin for GCC. +%bcond_without gccplugin + # Use "--with llvmplugin" to build the annobin plugin for LLVM. %bcond_with llvmplugin @@ -33,7 +37,7 @@ License: GPLv3+ # checking logic or when building on RHEL-7 or earlier. %global with_hard_gcc_version_requirement 1 -%bcond_without annobin_plugin +%bcond_without plugin_rebuild # Allow the building of annobin without using annobin itself. # This is because if we are bootstrapping a new build environment we can have # a new version of gcc installed, but without a new of annobin installed. @@ -44,19 +48,25 @@ License: GPLv3+ # then it will abort. # # The default is to use annobin. cf BZ 1630550. -%if %{without annobin_plugin} +%if %{without plugin_rebuild} %undefine _annotated_build %endif #--------------------------------------------------------------------------------- -# Source: https://nickc.fedorapeople.org/annobin-%%{version}.tar.xz -Source: annobin-%{version}.tar.xz +%global annobin_sources annobin-%{version}.tar.xz +Source: https://nickc.fedorapeople.org/%{annobin_sources} +# Source: %%{annobin_sources} # For the latest sources use: git clone git://sourceware.org/git/annobin.git +# This is where a copy of the sources will be installed. +%global annobin_source_dir %{_usrsrc}/annobin + +# Insert patches here, if needed. Eg: +# Patch01: annobin-foo.patch # Insert patches here, if needed. Patch01: annobin-nop.patch -Patch02: annobin-gaps-test.patch +Patch02: annobin-annocheck-no-debuginfod.patch #--------------------------------------------------------------------------------- @@ -172,14 +182,12 @@ hardening options. %global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin) -%if %{with clangplugin} || %{with llvmplugin} -# FIXME: We currently assume that the first directory listed in clang's -# search directory output is the one that we should use for plugins. -# This might not be correct. -# The gensub() below is because without it $2 would look like: -# " =/usr/lib64/clang/8.0.0" -# Note - we install LLVM plugins into the same directory as Clang plugins. -%global ANNOBIN_CLANG_PLUGIN_DIR %(clang --print-search-dirs | gawk -e'BEGIN { FS = ":" } /libraries/ { print gensub(" =","",1,$2) } END { }') +%{!?llvm_plugin_dir:%global llvm_plugin_dir %{_libdir}/llvm/plugins} +%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/plugins} + +%if %{with gccplugin} +# Information about the gcc plugin is recorded in this file. +%global aver annobin-plugin-version-info %endif #--------------------------------------------------------------------------------- @@ -206,7 +214,7 @@ touch doc/annobin.info %build -CONFIG_ARGS= +CONFIG_ARGS="--quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}" %if %{with debuginfod} CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod" @@ -218,6 +226,10 @@ CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod" CONFIG_ARGS="$CONFIG_ARGS --with-clang" %endif +%if %{without gccplugin} +CONFIG_ARGS="$CONFIG_ARGS --without-gcc-plugin" +%endif + %if %{with llvmplugin} CONFIG_ARGS="$CONFIG_ARGS --with-llvm" %endif @@ -226,51 +238,82 @@ CONFIG_ARGS="$CONFIG_ARGS --with-llvm" CONFIG_ARGS="$CONFIG_ARGS --without-test" %endif -%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR} ${CONFIG_ARGS} || cat config.log +%set_build_flags + +# Fedora supports AArch64's -mbranch-protection=bti, RHEL does not. +%if 0%{?fedora} != 0 +export CFLAGS="$CFLAGS -DAARCh64_BRANCH_PROTECTION_SUPPORTED=1" +%endif + +CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" CXXFLAGS="$CFLAGS" %configure ${CONFIG_ARGS} || cat config.log + +%ifarch %{ix86} x86_64 +# FIXME: There should be a better way to do this. +export CLANG_TARGET_OPTIONS="-fcf-protection" +%endif %make_build +#--------------------------------------------------------------------------------- + +%if %{with plugin_rebuild} # Rebuild the plugin(s), this time using the plugin itself! This # ensures that the plugin works, and that it contains annotations # of its own. + +%if %{with gccplugin} cp gcc-plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so make -C gcc-plugin clean BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so" -%if %{with annobin_plugin} # Disable the standard annobin plugin so that we do get conflicts. -# Note: the "-fplugin=annobin" is here, despite the fact that it will also -# be automatically added to the gcc command line via -# "-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" because of a bug in gcc's -# plugin command line options handling. GCC will issue an error saying that -# there is no plugin called "annobin" matching the -fplugin-arg-annobin-disable -# option, despite the fact that there patently is. -BUILD_FLAGS="$BUILD_FLAGS -fplugin=annobin -fplugin-arg-annobin-disable" -%endif +OPTS="$(rpm --eval '%undefine _annotated_build %build_cflags %build_ldflags')" # If building on RHEL7, enable the next option as the .attach_to_group # assembler pseudo op is not available in the assembler. # BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach" -make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS" +make -C gcc-plugin CXXFLAGS="$OPTS $BUILD_FLAGS" rm %{_tmppath}/tmp_annobin.so +%endif %if %{with clangplugin} cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so -make -C clang-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS" +make -C clang-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS" %endif %if %{with llvmplugin} cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so -make -C llvm-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS" +make -C llvm-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS" +%endif + %endif #--------------------------------------------------------------------------------- # PLUGIN_INSTALL_DIR is used by the Clang and LLVM makefiles... %install -%make_install PLUGIN_INSTALL_DIR=$RPM_BUILD_ROOT%{ANNOBIN_CLANG_PLUGIN_DIR} -%{__rm} -f %{buildroot}%{_infodir}/dir +%make_install PLUGIN_INSTALL_DIR=%{buildroot}/%{llvm_plugin_dir} + +%if %{with clangplugin} +# Move the clang plugin to a seperate directory. +mkdir -p %{buildroot}/%{clang_plugin_dir} +mv %{buildroot}/%{llvm_plugin_dir}/annobin-for-clang.so %{buildroot}/%{clang_plugin_dir} +%endif + +%if %{with gccplugin} +# Record the version of gcc that built this plugin. +# Note - we cannot just store %%{gcc_vr} as sometimes the gcc rpm version changes +# without the NVR being altered. See BZ #2030671 for more discussion on this. +mkdir -p %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR} +cat `gcc --print-file-name=rpmver` > %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver} + +# Also install a copy of the sources into the build tree. +mkdir -p %{buildroot}%{annobin_source_dir} +cp %{_sourcedir}/%{annobin_sources} %{buildroot}%{annobin_source_dir}/latest-annobin.tar.xz +%endif + +rm -f %{buildroot}%{_infodir}/dir #--------------------------------------------------------------------------------- @@ -278,20 +321,16 @@ make -C llvm-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS" %check # Change the following line to "make check || :" on RHEL7 or if you need to see the # test suite logs in order to diagnose a test failure. -make check +make -k check CLANG_TESTS="check-pre-clang-13" if [ -f tests/test-suite.log ]; then - cat tests/test-suite.log -fi -if [ -f tests/glibc-notes.log ]; then - cat tests/glibc-notes.log + cat tests/*.log fi %endif #--------------------------------------------------------------------------------- %files -%{ANNOBIN_GCC_PLUGIN_DIR} %license COPYING3 LICENSE %exclude %{_datadir}/doc/annobin-plugin/COPYING3 %exclude %{_datadir}/doc/annobin-plugin/LICENSE @@ -304,14 +343,25 @@ fi %exclude %{_mandir}/man1/run-on-binaries-in.1* %if %{with clangplugin} -%{ANNOBIN_CLANG_PLUGIN_DIR} +%{clang_plugin_dir}/annobin-for-clang.so %endif + %if %{with llvmplugin} -%{ANNOBIN_CLANG_PLUGIN_DIR} +%{llvm_plugin_dir}/annobin-for-llvm.so +%endif + +%if %{with gccplugin} +%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so +%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0 +%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0.0.0 +%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver} +%{annobin_source_dir}/latest-annobin.tar.xz %endif %if %{with annocheck} %files annocheck +%{_includedir}/libannocheck.h +%{_libdir}/libannocheck.* %{_bindir}/annocheck %doc %{_mandir}/man1/annocheck.1.gz %endif @@ -319,6 +369,48 @@ fi #--------------------------------------------------------------------------------- %changelog +* Thu Mar 24 2022 Nick Clifton - 10.58-1 +- Rebase to 10.58. (#2067148) +- gcc-plugin: Do not issue warning messages for autoconf generated source files. (#2009958) +- Annocheck: Update documentation and fix typo in annocheck. (#2061291) +- Annocheck: Add option to enable/disable following symbolic links. +- Annocheck: Always identify Rust binaries, even if built on a host that does not know about Rust. (#2057737) +- Spec File: Use a different method to disable the annobin plugin (#2054571) +- Annocheck: Accept static GO binaries. (#2053606) +- gcc-plugin: Fix libtool so that extraneous runpaths are not added to the plugin. (#2047356) +- gcc-plugin: Use canonical_option field of save_decoded_options array. (#2047148) +- Annocheck: Add an option to disable the use of debuginfod (if available). +- Annocheck: Add more glibc special file names. +- Annocheck: Skip some tests for BPF binaries. (#2044897) +- Annocheck: Skip property note test for GO binaries. (#204300) +- Annocheck: Add another glibc static library symbol. (#2043047) +- Spec File: Use gcc --print-file-name=rpmver for the gcc version info. +- GCC Plugin: Do not fail if a section cannot be attached to a group. +- Annocheck: Improve detection of kernel modules. +- GCC Plugin: Only default to link-once when using gcc-12 or later. (#2039297) +- Annocheck: Add option to disable instrumentation test. +- GCC Plugin: Fix building with gcc-12. +- Spec file: Add requirement on cpio for annocheck. (#2039747) +- Annocheck: Add even more glibc function names. (#2037333) +- Annocheck: ARM: Do not fail tests that rely upon annobin notes. +- Annocheck: Extend list of known glibc functions. (#2037333) +- Annocheck: Ignore gaps that contain the _start symbol (for AArch64). (#1995224) +- Annocheck: Ignore more glibc special binaries. (#2037220) +- Annocheck: Do not complaining about missing stack clash notes if the compilation used LTO. (#2034946) +- Annocheck: Add /usr/lib/ld-linux-aarch64.so.1 to the list of known glibc binaries. (#2033255) +- Docs: Note that ENDBR is only needed as the landing pad for indirect branches/calls. (#28705) +- Spec File: Store full gcc version release string in plugin info file. (#2030671) +- Annocheck: Add special case for x86_64 RHEL-7 gaps. (#2031133) +- Annocheck: Do not complaining about missing -mstackrealign notes in LTO mode. (#2030298) +- GCC Plugin: Do not record missing -mstackrealign in LTO mode. +- Tests: Fix gaps and stat tests to use newly built annobin plugin. (#2028063) +- Annocheck: Ignore gaps in binaries at least partial built by golang. (#2028583) +- Annocheck: Allow spaces in gloang symbols. (#2028583) +- Annocheck: Initial deployment of libannocheck. (#2028063) +- gcc-plugin: Fix bug creating empty attachments. +- Annocheck: Change MAYB result to SKIP for DT_RPATH. (#2026300) +- Annocheck: Skip missing fortify/warning notes for ARM32. + * Tue Feb 08 2022 Nick Clifton - 10.29-3 - NVR bump in order to allow rebuilding against latest gcc. (#2052060)