|
|
163901 |
|
|
|
163901 |
%define __python /opt/rh/gcc-toolset-10/root/usr/bin/python3
|
|
|
163901 |
%{?scl:%scl_package annobin}
|
|
|
163901 |
|
|
|
163901 |
Name: %{?scl_prefix}annobin
|
|
|
163901 |
Summary: Annotate and examine compiled binary files
|
|
|
2380dd |
Version: 11.08
|
|
|
163901 |
Release: 1%{?dist}
|
|
|
163901 |
License: GPLv3+
|
|
|
163901 |
# Maintainer: nickc@redhat.com
|
|
|
163901 |
# Web Page: https://sourceware.org/annobin/
|
|
|
163901 |
# Watermark Protocol: https://fedoraproject.org/wiki/Toolchain/Watermark
|
|
|
163901 |
|
|
|
163901 |
#---------------------------------------------------------------------------------
|
|
|
163901 |
|
|
|
163901 |
# Use "--without tests" to disable the testsuite.
|
|
|
163901 |
%bcond_without tests
|
|
|
163901 |
|
|
|
163901 |
# Use "--without annocheck" to disable the installation of the annocheck program.
|
|
|
163901 |
%bcond_without annocheck
|
|
|
163901 |
|
|
|
163901 |
# Use "--with debuginfod" to force support for debuginfod to be compiled into
|
|
|
163901 |
# the annocheck program. By default the configure script will check for
|
|
|
163901 |
# availablilty at build time, but this might not match the run time situation.
|
|
|
163901 |
# FIXME: Add a --without debuginfod option to forcefully disable the configure
|
|
|
163901 |
# time check for debuginfod support.
|
|
|
163901 |
%bcond_with debuginfod
|
|
|
163901 |
|
|
|
163901 |
# Use "--with clangplugin" to enable the building of the annobin plugin for Clang.
|
|
|
163901 |
%bcond_with clangplugin
|
|
|
163901 |
|
|
|
163901 |
# Use "--without gccplugin" to disable the building of the annobin plugin for GCC.
|
|
|
163901 |
%bcond_without gccplugin
|
|
|
163901 |
|
|
|
163901 |
# Use "--with llvmplugin" to enable the building of the annobin plugin for LLVM.
|
|
|
163901 |
%bcond_with llvmplugin
|
|
|
163901 |
|
|
|
163901 |
# Set this to zero to disable the requirement for a specific version of gcc.
|
|
|
163901 |
# This should only be needed if there is some kind of problem with the version
|
|
|
163901 |
# checking logic or when building on RHEL-7 or earlier.
|
|
|
163901 |
%global with_hard_gcc_version_requirement 1
|
|
|
163901 |
|
|
|
163901 |
%bcond_with plugin_rebuild
|
|
|
163901 |
# Allow the building of annobin without using annobin itself.
|
|
|
163901 |
# This is because if we are bootstrapping a new build environment we can have
|
|
|
163901 |
# a new version of gcc installed, but without a new of annobin installed.
|
|
|
163901 |
# (i.e. we are building the new version of annobin to go with the new version
|
|
|
163901 |
# of gcc). If the *old* annobin plugin is used whilst building this new
|
|
|
163901 |
# version, the old plugin will complain that version of gcc for which it
|
|
|
163901 |
# was built is different from the version of gcc that is now being used, and
|
|
|
163901 |
# then it will abort.
|
|
|
163901 |
#
|
|
|
163901 |
# The default was to use plugin during rebuilds (cf BZ 1630550) but this has
|
|
|
163901 |
# been changed because of the need to be able to rebuild annobin when a change
|
|
|
163901 |
# to gcc breaks the version installed into the buildroot.
|
|
|
163901 |
%if %{without plugin_rebuild}
|
|
|
163901 |
%undefine _annotated_build
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%{!?llvm_version:%global llvm_version 11.1.0}
|
|
|
163901 |
%{!?llvm_plugin_dir:%global llvm_plugin_dir %{_libdir}/llvm/%{llvm_version}}
|
|
|
163901 |
%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/%{llvm_version}}
|
|
|
163901 |
|
|
|
163901 |
#---------------------------------------------------------------------------------
|
|
|
163901 |
|
|
|
2380dd |
%global annobin_sources annobin-%{version}.tar.xz
|
|
|
163901 |
# Source: https://nickc.fedorapeople.org/annobin-%%{version}.tar.xz
|
|
|
2380dd |
Source: %{annobin_sources}
|
|
|
163901 |
# For the latest sources use: git clone git://sourceware.org/git/annobin.git
|
|
|
163901 |
|
|
|
2380dd |
# This is where a copy of the sources will be installed.
|
|
|
2380dd |
%global annobin_source_dir %{?_scl_root}/%{_usrsrc}/annobin
|
|
|
2380dd |
|
|
|
163901 |
# Insert patches here, if needed.
|
|
|
2380dd |
# Patch01: annobin-atexit-test-fix.patch
|
|
|
163901 |
# Remember to add %%patchNN -p1 directives after the %%setup command.
|
|
|
163901 |
|
|
|
163901 |
# For RHEL-7 we do not build for the AArch64 target.
|
|
|
163901 |
%if 0%{?rhel} == 7
|
|
|
163901 |
ExcludeArch: aarch64
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
#---------------------------------------------------------------------------------
|
|
|
163901 |
|
|
|
163901 |
%{?scl:Requires:%scl_runtime}
|
|
|
163901 |
%{?scl:BuildRequires:%scl_runtime}
|
|
|
163901 |
%{?scl:BuildRequires:scl-utils-build}
|
|
|
2380dd |
# We need the devtoolset-12 version of gcc to build annobin, as otherwise the versions will not match.
|
|
|
163901 |
%{?scl:Requires:%scl_require_package %{scl} gcc}
|
|
|
163901 |
|
|
|
163901 |
BuildRequires: %{?scl_prefix}gcc
|
|
|
163901 |
%define gcc_for_annobin %{?_scl_root}/usr/bin/gcc
|
|
|
163901 |
%define gxx_for_annobin %{?_scl_root}/usr/bin/g++
|
|
|
163901 |
|
|
|
2380dd |
# Make sure that the necessary sub-packages are built.
|
|
|
2380dd |
|
|
|
163901 |
%if %{with gccplugin}
|
|
|
2380dd |
Requires: %{name}-plugin-gcc
|
|
|
163901 |
|
|
|
163901 |
# [Stolen from gcc-python-plugin]
|
|
|
163901 |
# GCC will only load plugins that were built against exactly that build of GCC
|
|
|
163901 |
# We thus need to embed the exact GCC version as a requirement within the
|
|
|
163901 |
# metadata.
|
|
|
163901 |
#
|
|
|
163901 |
# Define "gcc_vr", a variable to hold the VERSION-RELEASE string for the gcc
|
|
|
163901 |
# we are being built against.
|
|
|
163901 |
#
|
|
|
163901 |
# Unfortunately, we can't simply run:
|
|
|
163901 |
# rpm -q --qf="%%{version}-%%{release}"
|
|
|
163901 |
# to determine this, as there's no guarantee of a sane rpm database within
|
|
|
163901 |
# the chroots created by our build system
|
|
|
163901 |
#
|
|
|
163901 |
# So we instead query the version from gcc's output.
|
|
|
163901 |
#
|
|
|
163901 |
# gcc.spec has:
|
|
|
163901 |
# Version: %%{gcc_version}
|
|
|
163901 |
# Release: %%{gcc_release}%%{?dist}
|
|
|
163901 |
# ...snip...
|
|
|
163901 |
# echo 'Red Hat %%{version}-%%{gcc_release}' > gcc/DEV-PHASE
|
|
|
163901 |
#
|
|
|
163901 |
# So, given this output:
|
|
|
163901 |
#
|
|
|
163901 |
# $ gcc --version
|
|
|
163901 |
# gcc (GCC) 4.6.1 20110908 (Red Hat 4.6.1-9)
|
|
|
163901 |
# Copyright (C) 2011 Free Software Foundation, Inc.
|
|
|
163901 |
# This is free software; see the source for copying conditions. There is NO
|
|
|
163901 |
# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
163901 |
#
|
|
|
163901 |
# we can scrape out the "4.6.1" from the version line.
|
|
|
163901 |
#
|
|
|
163901 |
# The following implements the above:
|
|
|
163901 |
|
|
|
163901 |
%global gcc_vr %(%gcc_for_annobin --version | head -n 1 | sed -e 's|.*(Red\ Hat\ ||g' -e 's|)$||g')
|
|
|
163901 |
|
|
|
163901 |
# We need the major version of gcc.
|
|
|
163901 |
%global gcc_major %(echo "%{gcc_vr}" | cut -f1 -d".")
|
|
|
163901 |
%global gcc_next %(v="%{gcc_major}"; echo $((++v)))
|
|
|
163901 |
|
|
|
163901 |
# Needed when building the srpm.
|
|
|
163901 |
%if 0%{?gcc_major} == 0
|
|
|
163901 |
%global gcc_major 0
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
# This is a gcc plugin, hence gcc is required.
|
|
|
163901 |
%if %{with_hard_gcc_version_requirement}
|
|
|
163901 |
# BZ 1607430 - There is an exact requirement on the major version of gcc.
|
|
|
163901 |
Requires: %{?scl_prefix}gcc >= %{gcc_major}, %{?scl_prefix}gcc < %{gcc_next}
|
|
|
163901 |
%else
|
|
|
163901 |
Requires: %{?scl_prefix}gcc
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
BuildRequires: %{?scl_prefix}gcc-plugin-devel %{?scl_prefix}gcc-c++
|
|
|
163901 |
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
2380dd |
%if %{with clangplugin}
|
|
|
2380dd |
Requires: %{name}-plugin-clang
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
2380dd |
%if %{with llvmplugin}
|
|
|
2380dd |
Requires: %{name}-plugin-llvm
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
# The documentation uses pod2man...
|
|
|
163901 |
BuildRequires: perl-interpreter perl-podlators gawk
|
|
|
163901 |
|
|
|
163901 |
#---------------------------------------------------------------------------
|
|
|
163901 |
|
|
|
163901 |
%description
|
|
|
163901 |
Provides a plugin for GCC that records extra information in the files
|
|
|
163901 |
that it compiles.
|
|
|
163901 |
|
|
|
163901 |
Note - the plugin is automatically enabled in gcc builds via flags
|
|
|
163901 |
provided by the redhat-rpm-macros package.
|
|
|
163901 |
|
|
|
163901 |
%if %{with clangplugin}
|
|
|
163901 |
Also provides a plugin for Clang which performs a similar function.
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%if %{with llvmplugin}
|
|
|
163901 |
Also provides a plugin for LLVM which performs a similar function.
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
#---------------------------------------------------------------------------
|
|
|
163901 |
|
|
|
163901 |
# Now that we have sub-packages for all of the plugins and for annocheck,
|
|
|
163901 |
# there are no executables left to go into the "annobin" rpm. But top-level
|
|
|
163901 |
# packages cannot have "BuildArch: noarch" if sub-packages do have
|
|
|
163901 |
# architecture requirements, and rpmlint generates an error if an
|
|
|
163901 |
# architecture specific rpm does not contain any binaries. So instead all of
|
|
|
163901 |
# the documentation has been moved into an architecture neutral sub-package,
|
|
|
163901 |
# and there no longer is a top level annobin rpm at all.
|
|
|
163901 |
|
|
|
163901 |
%package docs
|
|
|
163901 |
Summary: Documentation and shell scripts for use with annobin
|
|
|
163901 |
BuildArch: noarch
|
|
|
163901 |
|
|
|
163901 |
%description docs
|
|
|
163901 |
Provides the documentation files and example shell scripts for use with annobin.
|
|
|
163901 |
|
|
|
163901 |
#----------------------------------------------------------------------------
|
|
|
163901 |
%if %{with tests}
|
|
|
163901 |
|
|
|
163901 |
%package tests
|
|
|
163901 |
Summary: Test scripts and binaries for checking the behaviour and output of the annobin plugin
|
|
|
163901 |
Requires: %{name}-docs = %{version}-%{release}
|
|
|
163901 |
|
|
|
2380dd |
BuildRequires: make, sharutils
|
|
|
163901 |
|
|
|
163901 |
%if %{with debuginfod}
|
|
|
163901 |
BuildRequires: elfutils-debuginfod-client-devel
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
2380dd |
%description tests
|
|
|
2380dd |
Provides a means to test the generation of annotated binaries and the parsing
|
|
|
2380dd |
of the resulting files.
|
|
|
2380dd |
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
#----------------------------------------------------------------------------
|
|
|
163901 |
%if %{with annocheck}
|
|
|
163901 |
|
|
|
163901 |
%package annocheck
|
|
|
163901 |
Summary: A tool for checking the security hardening status of binaries
|
|
|
163901 |
|
|
|
2380dd |
BuildRequires: %{?scl_prefix}gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel %{?scl_prefix}binutils-devel make
|
|
|
163901 |
%if %{with debuginfod}
|
|
|
2380dd |
BuildRequires: elfutils-debuginfod-client-devel
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
Requires: %{name}-docs = %{version}-%{release}
|
|
|
163901 |
|
|
|
163901 |
%description annocheck
|
|
|
163901 |
Installs the annocheck program which uses the notes generated by annobin to
|
|
|
163901 |
check that the specified files were compiled with the correct security
|
|
|
163901 |
hardening options.
|
|
|
163901 |
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
#----------------------------------------------------------------------------
|
|
|
163901 |
%if %{with gccplugin}
|
|
|
163901 |
|
|
|
163901 |
%package plugin-gcc
|
|
|
163901 |
Summary: annobin gcc plugin
|
|
|
163901 |
|
|
|
163901 |
Requires: %{name}-docs = %{version}-%{release}
|
|
|
2380dd |
Conflicts: %{name} <= 9.60-1
|
|
|
163901 |
|
|
|
163901 |
%description plugin-gcc
|
|
|
163901 |
Installs an annobin plugin that can be used by gcc.
|
|
|
163901 |
|
|
|
2380dd |
# Information about the gcc plugin is recorded in this file.
|
|
|
2380dd |
%global aver annobin-plugin-version-info
|
|
|
2380dd |
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
#---------------------------------------------------------------------------------
|
|
|
163901 |
%if %{with llvmplugin}
|
|
|
163901 |
|
|
|
163901 |
%package plugin-llvm
|
|
|
163901 |
Summary: annobin llvm plugin
|
|
|
163901 |
|
|
|
163901 |
Requires: %{name}-docs = %{version}-%{release}
|
|
|
2380dd |
Conflicts: %{name} <= 9.60-1
|
|
|
2380dd |
BuildRequires: clang clang-devel llvm llvm-devel compiler-rt
|
|
|
163901 |
|
|
|
163901 |
%description plugin-llvm
|
|
|
163901 |
Installs an annobin plugin that can be used by llvm tools.
|
|
|
163901 |
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
#---------------------------------------------------------------------------------
|
|
|
163901 |
%if %{with clangplugin}
|
|
|
163901 |
|
|
|
163901 |
%package plugin-clang
|
|
|
163901 |
Summary: annobin clang plugin
|
|
|
163901 |
|
|
|
163901 |
Requires: %{name}-docs = %{version}-%{release}
|
|
|
2380dd |
Conflicts: %{name} <= 9.60-1
|
|
|
2380dd |
BuildRequires: clang clang-devel llvm llvm-devel compiler-rt
|
|
|
163901 |
|
|
|
163901 |
%description plugin-clang
|
|
|
163901 |
Installs an annobin plugin that can be used by clang.
|
|
|
163901 |
|
|
|
163901 |
%endif
|
|
|
163901 |
#---------------------------------------------------------------------------------
|
|
|
163901 |
|
|
|
163901 |
%global ANNOBIN_GCC_PLUGIN_DIR %(%gcc_for_annobin --print-file-name=plugin)
|
|
|
163901 |
|
|
|
163901 |
#---------------------------------------------------------------------------------
|
|
|
163901 |
|
|
|
163901 |
%prep
|
|
|
163901 |
if [ -z "%{gcc_vr}" ]; then
|
|
|
163901 |
echo "*** Missing gcc_vr spec file macro, cannot continue." >&2
|
|
|
163901 |
exit 1
|
|
|
163901 |
fi
|
|
|
163901 |
|
|
|
163901 |
echo "Requires: (%{?scl_prefix}gcc >= %{gcc_major} and %{?scl_prefix}gcc < %{gcc_next})"
|
|
|
163901 |
|
|
|
163901 |
# Cannot use autosetup as it untar's the sources into annobin-<version>
|
|
|
163901 |
# but then tries to change directory into <scl-prefix>-annobin-<version>.
|
|
|
163901 |
# %%autosetup -p1
|
|
|
163901 |
%setup -q -n annobin-%{version}
|
|
|
163901 |
# %%patch01 -p1
|
|
|
163901 |
|
|
|
163901 |
# The plugin has to be configured with the same arcane configure
|
|
|
163901 |
# scripts used by gcc. Hence we must not allow the Fedora build
|
|
|
163901 |
# system to regenerate any of the configure files.
|
|
|
163901 |
touch aclocal.m4 gcc-plugin/config.h.in
|
|
|
163901 |
touch configure */configure Makefile.in */Makefile.in
|
|
|
163901 |
# Similarly we do not want to rebuild the documentation.
|
|
|
163901 |
touch doc/annobin.info
|
|
|
163901 |
|
|
|
163901 |
#---------------------------------------------------------------------------------
|
|
|
163901 |
|
|
|
163901 |
%build
|
|
|
163901 |
|
|
|
163901 |
CONFIG_ARGS="--quiet"
|
|
|
163901 |
|
|
|
163901 |
%if %{with debuginfod}
|
|
|
163901 |
CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod"
|
|
|
163901 |
%else
|
|
|
163901 |
# Note - we explicitly disable debuginfod support if it was not configured.
|
|
|
163901 |
# This is because by default annobin's configue script will assume --with-debuginfod=auto
|
|
|
163901 |
# and then run a build time test to see if debugingfod is available. It
|
|
|
163901 |
# may well be, but the build time environment may not match the run time
|
|
|
163901 |
# environment, and the rpm will not have a Requirement on the debuginfod
|
|
|
163901 |
# client.
|
|
|
163901 |
CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod"
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%if %{with clangplugin}
|
|
|
163901 |
CONFIG_ARGS="$CONFIG_ARGS --with-clang"
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%if %{without gccplugin}
|
|
|
163901 |
CONFIG_ARGS="$CONFIG_ARGS --without-gcc-plugin"
|
|
|
163901 |
%else
|
|
|
163901 |
CONFIG_ARGS="$CONFIG_ARGS --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}"
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%if %{with llvmplugin}
|
|
|
163901 |
CONFIG_ARGS="$CONFIG_ARGS --with-llvm"
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%if %{without tests}
|
|
|
2380dd |
CONFIG_ARGS="$CONFIG_ARGS --without-tests"
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%if %{without annocheck}
|
|
|
163901 |
CONFIG_ARGS="$CONFIG_ARGS --without-annocheck"
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
# Add hardening options supported by gcc-10 but not in RHEL-7 rpm config macros.
|
|
|
163901 |
# EXTRA_ARGS="-fstack-clash-protection -D_GLIBCXX_ASSERTIONS"
|
|
|
163901 |
# %%ifarch %{ix86} x86_64
|
|
|
163901 |
# EXTRA_ARGS="$EXTRA_ARGS -fcf-protection=full"
|
|
|
163901 |
# %%endif
|
|
|
163901 |
#
|
|
|
163901 |
# export CFLAGS="$RPM_OPT_FLAGS $EXTRA_ARGS"
|
|
|
163901 |
# export CXXFLAGS="$RPM_OPT_FLAGS $EXTRA_ARGS"
|
|
|
163901 |
|
|
|
163901 |
export CFLAGS="$CFLAGS $RPM_OPT_FLAGS -I%{?_scl_root}/usr/include"
|
|
|
163901 |
export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -I%{?_scl_root}/usr/include"
|
|
|
163901 |
export LDFLAGS="$LD_FLAGS $RPM_LD_FLAGS -L%{?_scl_root}/usr/lib64 -L%{?_scl_root}/usr/lib"
|
|
|
163901 |
|
|
|
163901 |
%ifarch %{ix86} x86_64
|
|
|
163901 |
# FIXME: There should be a better way to do this.
|
|
|
163901 |
export CLANG_TARGET_OPTIONS="-fcf-protection"
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%configure CC=%gcc_for_annobin CXX=%gxx_for_annobin ${CONFIG_ARGS} || cat config.log
|
|
|
163901 |
|
|
|
163901 |
%make_build
|
|
|
163901 |
|
|
|
163901 |
%if %{with plugin_rebuild}
|
|
|
163901 |
# Rebuild the plugin(s), this time using the plugin itself! This
|
|
|
163901 |
# ensures that the plugin works, and that it contains annotations
|
|
|
163901 |
# of its own.
|
|
|
163901 |
|
|
|
163901 |
%if %{with gccplugin}
|
|
|
163901 |
cp gcc-plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so
|
|
|
163901 |
make -C gcc-plugin clean
|
|
|
163901 |
BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so"
|
|
|
163901 |
|
|
|
163901 |
# Disable the standard annobin plugin so that we do get conflicts.
|
|
|
163901 |
# Note: the "-fplugin=annobin" is here, despite the fact that it will also
|
|
|
163901 |
# be automatically added to the gcc command line via
|
|
|
163901 |
# "-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" because of a bug in gcc's
|
|
|
163901 |
# plugin command line options handling. GCC will issue an error saying that
|
|
|
163901 |
# there is no plugin called "annobin" matching the -fplugin-arg-annobin-disable
|
|
|
163901 |
# option, despite the fact that there patently is.
|
|
|
163901 |
BUILD_FLAGS="$BUILD_FLAGS -fplugin=annobin -fplugin-arg-annobin-disable"
|
|
|
163901 |
|
|
|
163901 |
# If building on RHEL7, enable the next option as the .attach_to_group
|
|
|
163901 |
# assembler pseudo op is not available in the assembler.
|
|
|
163901 |
BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach"
|
|
|
163901 |
|
|
|
163901 |
make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
|
|
|
163901 |
rm %{_tmppath}/tmp_annobin.so
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%if %{with clangplugin}
|
|
|
163901 |
cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so
|
|
|
163901 |
make -C clang-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS"
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%if %{with llvmplugin}
|
|
|
163901 |
cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so
|
|
|
163901 |
make -C llvm-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS"
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
#---------------------------------------------------------------------------------
|
|
|
163901 |
|
|
|
163901 |
%install
|
|
|
2380dd |
|
|
|
163901 |
# PLUGIN_INSTALL_DIR is used by the Clang and LLVM makefiles...
|
|
|
163901 |
%make_install PLUGIN_INSTALL_DIR=%{buildroot}/%{llvm_plugin_dir}
|
|
|
163901 |
|
|
|
163901 |
%if %{with clangplugin}
|
|
|
2380dd |
# Move the clang plugin to a seperate directory.
|
|
|
163901 |
mkdir -p %{buildroot}/%{clang_plugin_dir}
|
|
|
163901 |
mv %{buildroot}/%{llvm_plugin_dir}/annobin-for-clang.so %{buildroot}/%{clang_plugin_dir}
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
2380dd |
%if %{with gccplugin}
|
|
|
2380dd |
# Record the version of gcc that built this plugin.
|
|
|
2380dd |
# Note - we cannot just store %%{gcc_vr} as sometimes the gcc rpm version changes
|
|
|
2380dd |
# without the NVR being altered. See BZ #2030671 for more discussion on this.
|
|
|
2380dd |
mkdir -p %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}
|
|
|
2380dd |
cat `gcc --print-file-name=rpmver` > %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver}
|
|
|
2380dd |
|
|
|
2380dd |
# # Rename the plugin to the DTS version.
|
|
|
2380dd |
# pushd %%{buildroot}/%%{ANNOBIN_GCC_PLUGIN_DIR} > /dev/null
|
|
|
2380dd |
# mv annobin.so.0.0.0 dts-annobin.so.0.0.0
|
|
|
2380dd |
# rm -f annobin.so annobin.so.0
|
|
|
2380dd |
# ln -s dts-annobin.so.0.0.0 dts-annobin.so
|
|
|
2380dd |
# ln -s dts-annobin.so.0.0.0 dts-annobin.so.0
|
|
|
2380dd |
# popd > /dev/null
|
|
|
2380dd |
|
|
|
2380dd |
# Also install a copy of the sources into the build tree.
|
|
|
2380dd |
mkdir -p %{buildroot}%{annobin_source_dir}
|
|
|
2380dd |
cp %{_sourcedir}/%{annobin_sources} %{buildroot}%{annobin_source_dir}/latest-annobin.tar.xz
|
|
|
2380dd |
%endif
|
|
|
2380dd |
|
|
|
163901 |
rm -f %{buildroot}%{_infodir}/dir
|
|
|
163901 |
|
|
|
163901 |
#---------------------------------------------------------------------------------
|
|
|
163901 |
|
|
|
163901 |
%if %{with tests}
|
|
|
163901 |
%check
|
|
|
2380dd |
# FIXME: Run the tests twice. The first time so that we can get error messages...
|
|
|
163901 |
make check GCC=%gcc_for_annobin || :
|
|
|
163901 |
if [ -f tests/test-suite.log ]; then
|
|
|
163901 |
cat tests/test-suite.log
|
|
|
163901 |
fi
|
|
|
2380dd |
# ... the second time so that we get a failure exit code.
|
|
|
2380dd |
make check GCC=%gcc_for_annobin
|
|
|
163901 |
|
|
|
163901 |
%if %{with clangplugin}
|
|
|
163901 |
# FIXME: RUN CLANG tests
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%if %{with llvmplugin}
|
|
|
163901 |
# FIXME: RUN LLVM tests
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
#---------------------------------------------------------------------------------
|
|
|
163901 |
|
|
|
163901 |
%files docs
|
|
|
163901 |
%license COPYING3 LICENSE
|
|
|
163901 |
%exclude %{_datadir}/doc/annobin-plugin/COPYING3
|
|
|
163901 |
%exclude %{_datadir}/doc/annobin-plugin/LICENSE
|
|
|
163901 |
%doc %{_datadir}/doc/annobin-plugin/annotation.proposal.txt
|
|
|
163901 |
%{_infodir}/annobin.info*
|
|
|
163901 |
%{_mandir}/man1/annobin.1*
|
|
|
163901 |
%{_mandir}/man1/built-by.1*
|
|
|
163901 |
%{_mandir}/man1/check-abi.1*
|
|
|
163901 |
%{_mandir}/man1/hardened.1*
|
|
|
163901 |
%{_mandir}/man1/run-on-binaries-in.1*
|
|
|
163901 |
|
|
|
163901 |
%if %{with llvmplugin}
|
|
|
163901 |
%files plugin-llvm
|
|
|
2380dd |
%dir %{llvm_plugin_dir}
|
|
|
163901 |
%{llvm_plugin_dir}/annobin-for-llvm.so
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%if %{with clangplugin}
|
|
|
163901 |
%files plugin-clang
|
|
|
2380dd |
%dir %{clang_plugin_dir}
|
|
|
163901 |
%{clang_plugin_dir}/annobin-for-clang.so
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%if %{with gccplugin}
|
|
|
163901 |
%files plugin-gcc
|
|
|
2380dd |
%dir %{ANNOBIN_GCC_PLUGIN_DIR}
|
|
|
2380dd |
# %%{ANNOBIN_GCC_PLUGIN_DIR}/dts-annobin.so
|
|
|
2380dd |
# %%{ANNOBIN_GCC_PLUGIN_DIR}/dts-annobin.so.0
|
|
|
2380dd |
# %%{ANNOBIN_GCC_PLUGIN_DIR}/dts-annobin.so.0.0.0
|
|
|
2380dd |
%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so
|
|
|
2380dd |
%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0
|
|
|
2380dd |
%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0.0.0
|
|
|
2380dd |
%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver}
|
|
|
2380dd |
%{annobin_source_dir}/latest-annobin.tar.xz
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
%if %{with annocheck}
|
|
|
163901 |
%files annocheck
|
|
|
163901 |
%{_includedir}/libannocheck.h
|
|
|
163901 |
%{_libdir}/libannocheck.*
|
|
|
2380dd |
%{_bindir}/annocheck
|
|
|
2380dd |
%{_mandir}/man1/annocheck.1*
|
|
|
2380dd |
%{_libdir}/pkgconfig/libannocheck.pc
|
|
|
163901 |
%endif
|
|
|
163901 |
|
|
|
163901 |
#---------------------------------------------------------------------------------
|
|
|
163901 |
|
|
|
163901 |
%changelog
|
|
|
2380dd |
* Tue Jan 31 2023 Nick Clifton <nickc@redhat.com> - 11.08-1
|
|
|
2380dd |
- Annocheck: Fix atexit test. Fix recording of version numbers. (#2165528)
|
|
|
2380dd |
|
|
|
2380dd |
* Fri Jan 27 2023 Nick Clifton <nickc@redhat.com> - 11.06-1
|
|
|
2380dd |
- Rebase to 11.06. (#2165024)
|
|
|
2380dd |
- Annocheck: Fix handling of file built by multiple versions of gcc. (#2160700)
|
|
|
2380dd |
- Spec file: Enable annotated building.
|
|
|
2380dd |
- Annocheck: Fix handling of empty files. (#2159292)
|
|
|
2380dd |
- Annocheck: Add crti.o and crtn.o to the list of known glibc special files. (#2158740)
|
|
|
2380dd |
- Annocheck: Fix memory leaks.
|
|
|
2380dd |
- Annocheck: Do not assume that object files contain no code simply because they do not have an executable segment. (#2158386)
|
|
|
2380dd |
- Annocheck: Add more special glibc filenames. (#2158100)
|
|
|
2380dd |
- Annocheck: Improve handling of tool versions.
|
|
|
2380dd |
|
|
|
2380dd |
* Fri Dec 16 2022 Nick Clifton <nickc@redhat.com> - 10.98-1
|
|
|
2380dd |
- GCC Plugin: Fix building with gcc-13.
|
|
|
2380dd |
- Annocheck: Add test for binaries built by cross compilers.
|
|
|
2380dd |
- Annocheck: Improve heuristic used to detect binaries without code. (#2144533)
|
|
|
2380dd |
- Annocheck: Use real filename rather than debuginfo filename. (#2152280)
|
|
|
2380dd |
- Rebase to 10.94, brining in support for LLVM 15. (#2118992)
|
|
|
2380dd |
- Annocheck: Better detection of binaries which do not contain code. (#2144533)
|
|
|
2380dd |
- Annocheck: Provide more information when a test is skipped because the file being tested was not compiled.
|
|
|
2380dd |
- Annocheck: Try harder not to run mutually exclusive tests.
|
|
|
2380dd |
- Tests: Fix future-test so that it properly handles the situation where the compiler does not support the new options.
|
|
|
2380dd |
- Libannocheck: Actually set result fields after tests are run.
|
|
|
2380dd |
- Libannocheck: Replace libannocheck_version variable with LIBANNOCHECK_VERSION define.
|
|
|
2380dd |
- Libannocheck: Remove 'Requires binutils-devel' from libannocheck.pc.
|
|
|
2380dd |
- Libannocheck: Move into separate sub-package.
|
|
|
2380dd |
- Libannocheck: Add libannocheck.pc pkgconfig file.
|
|
|
2380dd |
- Libannocheck: Add libannocheck_reinit().
|
|
|
2380dd |
- GCC Plugin: Record -ftrivial-auto-var-init and -fzero-call-used-regs.
|
|
|
2380dd |
- Annocheck: Add future tests for -ftrivial-auto-var-init and -fzero-call-used-regs.
|
|
|
2380dd |
- Clang Plugin: Fix for building with Clang-15. (#2125875)
|
|
|
2380dd |
- Annocheck: Add a test for the inconsistent use of -Ofast. (#1248744)
|
|
|
2380dd |
- Plugin: Fix top level configuration support for RiscV.
|
|
|
2380dd |
- Annocheck: Improvements to the size tool.
|
|
|
2380dd |
- Annocheck: Fixes for libannocheck.h.
|
|
|
2380dd |
- Annocheck: Add automatic profile selection.
|
|
|
2380dd |
- Annocheck: Improve gap detection and reporting.
|
|
|
2380dd |
- Spec File: Use the %%dir directive in the %%files section to ensure that
|
|
|
2380dd |
- plugin directories are useable. (#2080454)
|
|
|
2380dd |
|
|
|
163901 |
* Fri Jun 24 2022 Nick Clifton <nickc@redhat.com> - 10.76-1
|
|
|
163901 |
- Remove bogus Provides from annobin-doc subpackage. (#2099481)
|
|
|
163901 |
- Annocheck: Check build-id of separate debuginfo files.
|
|
|
163901 |
- Annocheck: Add GAPS test replacing --ignore-gaps.
|
|
|
163901 |
|
|
|
163901 |
* Mon Jun 13 2022 Nick Clifton <nickc@redhat.com> - 10.75-1
|
|
|
163901 |
- Rebase:
|
|
|
163901 |
- Annocheck: Fix covscan detected race condition between stat() and open().
|
|
|
163901 |
- Annocheck: Handle binaries created by Rust 1.18. (#2094420)
|
|
|
163901 |
- Annocheck: Add optional function name to --skip arguments. (PR 29229)
|
|
|
163901 |
- Annocheck: Fix handling of command line options that take arguments. (#2086850)
|
|
|
163901 |
- Annocheck: Do not complain about unenabled -mbranch-protection option in AArch64 binaries. (#2078909)
|
|
|
163901 |
- gcc-plugin: Fix typo in configure.ac.
|
|
|
163901 |
- Add support for RISC-V.
|
|
|
163901 |
- Annocheck: Add another special case for glibc rpms. (#2083070)
|
|
|
163901 |
- Annocheck: Do not complain about unenabled -mbranch-protection option in AArch64 binaries if compiled using LTO. (#2082146)
|
|
|
163901 |
- Annocheck: Add more glibc exceptions + check PT_TLS segments. (#2081131)
|
|
|
163901 |
- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled by golang.
|
|
|
163901 |
- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled in LTO mode.
|
|
|
163901 |
- gcc-plugin: Add support for CLVC_INTEGER options.
|
|
|
163901 |
- Annocheck: Even more special cases for AArch64 glibc on RHEL-8. (#2072082)
|
|
|
163901 |
- Annocheck: Add more special cases for AArch64 glibc on RHEL-8. (#2072082)
|
|
|
163901 |
- llvm-plugin: Fix a thinko in the sources.
|
|
|
163901 |
- gcc-plugin: Add remap of OPT_Wall.
|
|
|
163901 |
- configure: Fix typo in top level configure.ac.
|
|
|
163901 |
- Add support for building using meson+ninja.
|
|
|
163901 |
- Annocheck: Fix test for AArch64 property notes. (#2068657)
|
|
|
163901 |
- gcc-plugin: Do not issue warning messages for autoconf generated source files. (#2009958)
|
|
|
163901 |
- Annocheck: Update documentation and fix typo in annocheck. (#2061291)
|
|
|
163901 |
- Annocheck: Add option to enable/disable following symbolic links.
|
|
|
163901 |
- Always identify Rust binaries, even if built on a host that does not know about Rust. (#2057737)
|
|
|
163901 |
- Annocheck: Skip PIE anf PIC tests for GO binaries.
|
|
|
163901 |
- gcc-plugin: Fix libtool so that extraneous runpaths are not added to the plugin. (#2030667)
|
|
|
163901 |
- gcc-plugin: Use canonical_option field of save_decoded_options array. (#2047148)
|
|
|
163901 |
- Annocheck: Add an option to disable the use of debuginfod (if available).
|
|
|
163901 |
- Annocheck: Add more glibc special file names.
|
|
|
163901 |
- Annocheck: Skip some tests for BPF binaries.
|
|
|
163901 |
- Annocheck: Add another glibc static library symbol. (#2043047)
|
|
|
163901 |
- Annocheck: Skip property note test for GO binaries. (#204300)
|
|
|
163901 |
- GCC Plugin: Do not fail if a section cannot be attached to a group.
|
|
|
163901 |
- Annocheck: Improve detection of kernel modules.
|
|
|
163901 |
- GCC Plugin: Only default to link-once when using gcc-12 or later. (#2039297)
|
|
|
163901 |
- Annocheck: Add option to disable instrumentation test.
|
|
|
163901 |
- GCC Plugin: Replace CLVC_BOOLEAN with CLVC_BIT_SET/CLVC_BIT_CLEAR.
|
|
|
163901 |
- Annocheck: Add even more glibc function names. (#2037333)
|
|
|
163901 |
- Annocheck: ARM: Do not fail tests that rely upon annobin notes.
|
|
|
163901 |
- Annocheck: Extend list of known glibc functions. (#2037333)
|
|
|
163901 |
- Annocheck: Ignore gaps that contain the _start symbol (for AArch64). (#1995224)
|
|
|
163901 |
- Annocheck: Ignore more glibc special binaries. (#2037220)
|
|
|
163901 |
- Annocheck: Do not complaining about missing stack clash notes if the compilation used LTO. (#2034946)
|
|
|
163901 |
- Annocheck: Add /usr/lib/ld-linux-aarch64.so.1 to the list of known glibc binaries. (#2033255)
|
|
|
163901 |
- Doc: Note that ENDBR is only needed as the landing pad for indirect branches/calls. (#28705)
|
|
|
163901 |
- Spec File: Store full gcc version release string in plugin info file. (#2030671)
|
|
|
163901 |
|
|
|
163901 |
* Tue Dec 14 2021 Nick Clifton <nickc@redhat.com> - 10.38-1
|
|
|
163901 |
- Annocheck: Add special case for x86_64 RHEL-7 gaps. (#2031133)
|
|
|
163901 |
|
|
|
163901 |
* Mon Dec 13 2021 Nick Clifton <nickc@redhat.com> - 10.35-1
|
|
|
163901 |
- Tests: Fix fortify and debuginfod tests to use newly built annobin plugin. (#2031133)
|
|
|
163901 |
- Tests: Fix gaps and stat tests to use newly built annobin plugin. (#2028063)
|
|
|
163901 |
- Annocheck: Ignore gaps in binaries at least partial built by golang. (#2028583)
|
|
|
163901 |
- Annocheck: Allow spaces in golang symbols.
|
|
|
163901 |
- Annocheck: Initial deployment of libannocheck.
|
|
|
163901 |
|
|
|
163901 |
* Fri Nov 26 2021 Nick Clifton <nickc@redhat.com> - 10.29-1
|
|
|
163901 |
- gcc-plugin: Fix bug creating empty attachments.
|
|
|
163901 |
- Annocheck: Change MAYB result to SKIP for DT_RPATH. (#2026300)
|
|
|
163901 |
- Annocheck: Skip missing fortify/warning notes for ARM32.
|
|
|
163901 |
- gcc-plugin: Try another fix for ppc64le section grouping. (#2023437)
|
|
|
163901 |
- gcc-plugin: Revert 10.22 change. (#2023437)
|
|
|
163901 |
- Annocheck: Add exception for /usr/sbin/ldconfig. (#2022973)
|
|
|
163901 |
- Annocheck: Add a test for unicode characters in identifiers.
|
|
|
163901 |
- gcc-plugin: Default to link-order grouping for PPC64LE. (#2016458)
|
|
|
163901 |
- Annocheck: Do not fail if a --skip-<name> option does not match a known test.
|
|
|
163901 |
- ldconfig-test: Skip the LTO check.
|
|
|
163901 |
- Annocheck: Add more glibc function names.
|
|
|
163901 |
- gcc-plugin: Fix attaching the .text section to the .text.group section.
|
|
|
163901 |
- Complain about DT_RPATH for Fedora binaries.
|
|
|
163901 |
- Better reporting of problems in object files. (#2013708)
|
|
|
163901 |
- Add a requirement on llvm-libs for clang and llvm plugins. (#2014573)
|
|
|
163901 |
- Fix configuring annocheck without gcc-plugin.
|
|
|
163901 |
- Annocheck: Better reporting of debuginfod problems.
|
|
|
163901 |
- Tests: Fix bugs in debuginfod test.
|
|
|
163901 |
- Annocheck: Add tests based upon recent bug fixes.
|
|
|
163901 |
- Annocheck: Another tweak to glibc detection code.
|
|
|
163901 |
- Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found. (#20011438)
|
|
|
163901 |
- Annocheck: Fix MAYB results for mixed GO/C files.
|
|
|
163901 |
- Annocheck: Move some messages from VERBOSE to VERBOSE2.
|
|
|
163901 |
- Annocheck: Scan zero-length tool notes.
|
|
|
163901 |
- Annocheck: Fix covscan detected flaws.
|
|
|
163901 |
- plugins: Add more required build options.
|
|
|
163901 |
- Annocheck: Fix cf-prot test to fail if the CET notes are missing.
|
|
|
163901 |
- Annocheck: Skip gaps in the .plt section.
|
|
|
163901 |
- Plugins: Add -g option when building LLVM and Clang.
|
|
|
163901 |
- Annocheck: Add more cases of glibc startup functions.
|
|
|
163901 |
- Annocheck: Fix covscan detected problems.
|
|
|
163901 |
- Annocheck: Add --profile=el8.
|
|
|
163901 |
- gcc-plugin: Conditionalize generation of branch protection note.
|
|
|
163901 |
- Annocheck: Ignore gaps containing NOP instructions.
|
|
|
163901 |
- GCC Plugin: Fix detection of running inside the LTO compiler. (#2004917)
|
|
|
163901 |
- Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries.
|
|
|
163901 |
- Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result.
|
|
|
163901 |
- Annocheck: Do not set CFLAGS/LDFLAGS when building. Take from environment instead.
|
|
|
163901 |
- Annocheck: Fix exit code when tests PASS.
|
|
|
163901 |
- Documentation: Add node for each hardening test.
|
|
|
163901 |
- Documentation: Install online.
|
|
|
163901 |
- Annocheck: Annote FAIL and MAYB results with URL to documentation
|
|
|
163901 |
- Annocheck: Add --no-urls and --provide-urls options
|
|
|
163901 |
- Annocheck: Add --help-<tool> option.
|
|
|
163901 |
- Annocheck: Fix fuzzing detected failures.
|
|
|
163901 |
- Annocheck: Add --profile option.
|
|
|
163901 |
- Docs: Document --profile option and rpminspect.yaml.
|
|
|
163901 |
- Annocheck: Skip GO/CET checks. Fix fuzzing detected failures.
|
|
|
163901 |
- LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. (#1997444)
|
|
|
163901 |
- Annocheck: Fix memory corruption. (#1996963)
|
|
|
163901 |
- Annocheck: Fix conditionalization of AArch64's PAC+BTI detection.
|
|
|
163901 |
- Annocheck: Add linker generated function for ppc64le exceptions. (#1981410)
|
|
|
163901 |
- LLVM Plugin: Allow checks to be selected from the command line.
|
|
|
163901 |
- Annocheck: Examine DW_AT_producer for -flto.
|
|
|
163901 |
- Annocheck: Conditionalize detection of AArch64's PAC+BTI protection.
|
|
|
163901 |
- Annocheck: Add linker generated function for s390x exceptions. (#1981410)
|
|
|
163901 |
- Annocheck: Generate MAYB results for gaps in notes covering the .text section. (#1991943)
|
|
|
163901 |
- Annocheck: Close DWARF file descriptors once the debug info is no longer needed. (#1981410)
|
|
|
163901 |
- LLVM Plugin: Update to build with Clang v13. (Thanks to: Tom Stellard <tstellar@redhat.com>)
|
|
|
163901 |
- Annocheck: Fix memory corruption. (#1988715)
|
|
|
163901 |
- Annocheck: Skip certain tests for kernel modules.
|
|
|
163901 |
- Annocheck: Detect a missing CET note. (#1991931)
|
|
|
163901 |
- Annocheck: Do not report future fails for AArch64 notes.
|
|
|
163901 |
- Annocheck: Warn about multiple --debug-file, --debug-rpm and --debug-dir options.
|
|
|
163901 |
- Annocheck: Process files in command line order. (#1988714)
|
|
|
163901 |
- Annocheck: Reverse AArch64 PAC+BTI check, ie fail if they are enabled. (#1984995)
|
|
|
163901 |
|
|
|
163901 |
* Tue Jul 20 2021 Nick Clifton <nickc@redhat.com> - 9.82-1
|
|
|
163901 |
- Annocheck: Add another test exceptions.
|
|
|
163901 |
- Annocheck: Add some more test exceptions.
|
|
|
163901 |
- Tests: Skip glibc-notes test if the assembler does not support --generate-missing-build-notes. (#1978573)
|
|
|
163901 |
- Tests: Skip objcopy test if objcopy does not support --merge-notes.
|
|
|
163901 |
|
|
|
163901 |
* Wed Jun 30 2021 Nick Clifton <nickc@redhat.com> - 9.79-1
|
|
|
163901 |
- Annocheck: Fix spelling mistake in -mstack-realign failure message. (#1977349)
|
|
|
163901 |
- gcc-plugin: Do not record global versions of stack protection settings in LTO mode, if not set. (#1958954)
|
|
|
163901 |
- Annocheck: Remove limit on number of input files.
|
|
|
163901 |
|
|
|
163901 |
* Mon Jun 21 2021 Nick Clifton <nickc@redhat.com> - 9.77-1
|
|
|
163901 |
- annocheck: Conditionalize test of DF_PIE_1 flag.
|
|
|
163901 |
- clang/llvm plugins: Build with correct security options.
|
|
|
163901 |
- Annocheck: Better detection of GO compiler version.
|
|
|
163901 |
- Annocheck: Better support for symbolic links.
|
|
|
163901 |
- Annocheck: In verbose mode, report the reason for skipping specific tests. (#1969584)
|
|
|
163901 |
- annocheck: Improve detection of shared libraries. (#1958954)
|
|
|
163901 |
|
|
|
163901 |
* Mon May 17 2021 Nick Clifton <nickc@redhat.com> - 9.72-1
|
|
|
163901 |
- Rebase to 9.72: (#1954564)
|
|
|
163901 |
- annocheck: Accept 0 as a valid number for gcc minor versions and release numbers.
|
|
|
163901 |
- gcc-plugin: Add support for ARM and RISCV targets.
|
|
|
163901 |
- timing: do not initialise the clock if the timing tool is disabled.
|
|
|
163901 |
- gcc-plugin: Replace ICE messsages with verbose messages.
|
|
|
163901 |
- Fix the testsuite so that it can be run in parallel.
|
|
|
163901 |
- Annocheck: WARN if the annobin plugin was built for a newer version of the compiler than the one on which it was run. (#1950657)
|
|
|
163901 |
- Obsolete annobin < 9.66-1 (bug #1949570)
|
|
|
163901 |
- Annocheck: Improve detection of missing GNU-stack support.
|
|
|
163901 |
- Correct a package rename (bug #1949570)
|
|
|
163901 |
- Require docs subpackage by the other ones because of a license
|
|
|
163901 |
- Build-requiring perl-interpreter is enough
|
|
|
163901 |
- Fix bz1949570
|
|
|
163901 |
- Fix anomolies reported by covscan.
|
|
|
163901 |
- Move documentation into a sub-package.
|
|
|
163901 |
- gcc-plugin: Use a fixed filename when running in LTO mode.
|
|
|
163901 |
- Annocheck: Fix detection of special function names. (#1934189)
|
|
|
163901 |
- Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc. (#1923439)
|
|
|
163901 |
- Annocheck: Add colour to some messages. Skip the deliberate use of -fno-stack-protector. (#1923439)
|
|
|
163901 |
- Annocheck: Fix some problems with tests for missing notes.
|
|
|
163901 |
- Split plugins into separate sub-packages
|
|
|
163901 |
- Add some GO tests to annocheck.
|
|
|
163901 |
- Add a future fail for the presence of RPATH in the dynamic tags.
|
|
|
163901 |
- Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing.
|
|
|
163901 |
- Workaround for elflint problems with PPC compiled files. (#1880634)
|
|
|
163901 |
- Fix bogus AArch64 test failures.
|
|
|
163901 |
- Improved testing by annocheck. Add fixed format message mode.
|
|
|
163901 |
- Fix inconsistency reporting -fcf-protection and -fstack-clash-protection results.
|
|
|
163901 |
- Add support for -D_FORTIFY_SOURCE=3.
|
|
|
163901 |
- annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer. (#1906171)
|
|
|
163901 |
- annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations. (#1906171)
|
|
|
163901 |
- annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL.
|
|
|
163901 |
- annocheck: Fix notes analyzer to accept empty PPC64 notes.
|
|
|
163901 |
- gcc plugin: Tweak generation of end symbols for PPC64 when LTO is active. (#1898075)
|
|
|
163901 |
- gcc plugin: Add support for GCC 11's cl_vars array.
|
|
|
163901 |
- Annocheck: Support enabling/disabling future fails.
|
|
|
163901 |
- GCC plugin: Always record global notes for the .text.startup,
|
|
|
163901 |
.text.exit, .text.hot and .text.cold sections.
|
|
|
163901 |
- Clang plugin: Add -lLLVM to the build command line.
|
|
|
163901 |
- Annocheck: Improve reporting of missing -D_FORTIFY_SOURCE option. (#1898075)
|
|
|
163901 |
- Annocheck: Improve reporting of missing LTO option.
|
|
|
163901 |
- Add detecting of gimple compiled binaries.
|
|
|
163901 |
- Add --without-gcc-plugin option.
|
|
|
163901 |
- Annocheck: Fix bug parsing DW_AT_producer.
|
|
|
163901 |
- Add test of .note.gnu.property section for PowerPC.
|
|
|
163901 |
- Add test of objcopy's ability to merge notes.
|
|
|
163901 |
- Record the -flto setting and produce a soft warning if it is absent.
|
|
|
163901 |
- Suppress warnings about _D_GLIBCXX_ASSERTIONS if the source code is known to be something other than C++.
|
|
|
163901 |
- Correct the directory chosen for 32-bit LLVM and Clang plugins. (#1884951)
|
|
|
163901 |
- Allow the use of the SHF_LINK_ORDER section flag to discard unused notes. (Experimental).
|
|
|
163901 |
- Enable the build and installation of the LLVM and Clang plugins. (Experimental).
|
|
|
163901 |
- gcc-plugin: Fix test for empty PowerPC sections. (#1880634)
|
|
|
163901 |
- annocheck: Add tests for the AArch64 BTI and PAC security features. (#1862478)
|
|
|
163901 |
- gcc plugin: Use a 4 byte offset for PowerPC start symbols, so that they do not break disassemblies.
|
|
|
163901 |
- gcc plugin: Correct the detection of 32-bit x86 builds. (#1876197)
|
|
|
163901 |
- gcc plugin: Detect any attempt to access the global_options array.
|
|
|
163901 |
- gcc plugin: Do not complain about missing pre-processor options when examining a preprocessed input file. (#1862718)
|
|
|
163901 |
- Use more robust checks for AArch64 options.
|
|
|
163901 |
- Detect CLANG compiled assembler that is missing IBT support.
|
|
|
163901 |
- Improved target pointer size discovery.
|
|
|
163901 |
- Add support for installing clang and llvm plugins.
|
|
|
163901 |
- Temporary suppression of aarch64 pointer size check. (#1860549)
|
|
|
163901 |
|
|
|
163901 |
* Mon Aug 10 2020 Nick Clifton <nickc@redhat.com> - 9.23-3
|
|
|
163901 |
- Improve results when running annobin rpms through annocheck. (#1866825)
|
|
|
163901 |
|
|
|
163901 |
* Thu Aug 06 2020 Martin Cermak <mcermak@redhat.com> - 9.23-2
|
|
|
163901 |
- Fix rhbz1866774
|
|
|
163901 |
|
|
|
163901 |
* Mon Jul 13 2020 Nick Clifton <nickc@redhat.com> - 9.23-1
|
|
|
163901 |
- INITIAL CREATION OF DTS-10 ANNOBIN. (#1852725)
|
|
|
163901 |
- Annocheck: Do not skip tests of the short-enums notes. (#1743635)
|
|
|
163901 |
- Add (optional) llvm plugin.
|
|
|
163901 |
9.21-3
|
|
|
163901 |
- Fix the computations of ANNOBIN_GCC_PLUGIN_DIR and ANNOBIN_CLANG_PLUGIN_DIR.
|
|
|
163901 |
9.21-1
|
|
|
163901 |
- Fix stack clash protection problem. (#1803173)
|
|
|
163901 |
9.21-1
|
|
|
163901 |
- Annobin: Fall back on using the flags if the option cannot be found in cl_options. (#1817659)
|
|
|
163901 |
9.20-1
|
|
|
163901 |
- Annocheck: Detect Fortran compiled programs. (#1824393)
|
|
|
163901 |
9.19-1
|
|
|
163901 |
- Annobin: If option name mismatch occurs, seach for the real option. (#1817452)
|
|
|
163901 |
9.18-1
|
|
|
163901 |
- Annocheck: Fix a division by zero error when parsing GO binaries. (#1818863)
|
|
|
163901 |
9.16-1
|
|
|
163901 |
- Annobin: Fix access to the -flto and -fsanitize flags.
|
|
|
163901 |
9.14-1
|
|
|
163901 |
- Annobin: Use offsets stored in gcc's cl_option structure to access the global_options array, thus removing the need to check for changes in the size of this structure.
|
|
|
163901 |
9.13-1
|
|
|
163901 |
- Rename gcc plugin directory to gcc-plugin.
|
|
|
163901 |
- Stop annocheck from complaining about missing options when the binary has been built in a mixed environment.
|
|
|
163901 |
9.12-1
|
|
|
163901 |
- Improve builtby tool.
|
|
|
163901 |
- Stop annocheck complaining about missing notes when the binary is not compiled by either gcc or clang.
|
|
|
163901 |
- Skip the check of the ENTRY instruction for binaries not compiled by gcc or clang. (#1809656)
|
|
|
163901 |
9.11-1
|
|
|
163901 |
- Fix infinite loop hangup in annocheck.
|
|
|
163901 |
- Disable debuginfod support by default.
|
|
|
163901 |
- Improve parsing of .comment section.
|
|
|
163901 |
9.10-1
|
|
|
163901 |
- Fix clang plugin to use hidden symbols.
|
|
|
163901 |
9.09-1
|
|
|
163901 |
- Add ability to build clang plugin (disabled by default).
|
|
|
163901 |
9.08-1
|
|
|
163901 |
- Annocheck: Fix error printing out the version number.
|
|
|
163901 |
9.07-1
|
|
|
163901 |
- Annobin: Add checks of the exact location of the examined switches.
|
|
|
163901 |
9.06-1
|
|
|
163901 |
- Annobin: Note when stack clash notes are generated.
|
|
|
163901 |
- Annocheck: Handle multiple builder IDs in the .comment section.
|
|
|
163901 |
9.05-1
|
|
|
163901 |
- Add configure option to suppress building annocheck.
|
|
|
163901 |
9.04-1
|
|
|
163901 |
- Fix debuginfod test.
|
|
|
163901 |
9.03-2
|
|
|
163901 |
- Correct the build requirement for building with debuginfod support.
|
|
|
163901 |
9.03-1
|
|
|
163901 |
- Add debuginfod support.
|
|
|
163901 |
9.01-1
|
|
|
163901 |
- Add clang plugin (experimental).
|
|
|
163901 |
8.92-1
|
|
|
163901 |
- Have annocheck ignore notes with an end address of 0.
|
|
|
163901 |
8.91-1
|
|
|
163901 |
- Improve checking of gcc versions.
|
|
|
163901 |
8.90-1
|
|
|
163901 |
- Do not skip positive results.
|
|
|
163901 |
8.88-1
|
|
|
163901 |
- Generate a WARN result for code compiled with instrumentation enabled. (#1753918)
|
|
|
163901 |
8.87-1
|
|
|
163901 |
- Replace address checks with dladdr1.
|
|
|
163901 |
8.86-1
|
|
|
163901 |
- Use libabigail like checking to ensure variable address consistency.
|
|
|
163901 |
8.85-1
|
|
|
163901 |
- Skip generation of global notes for hot/cold sections.
|
|
|
163901 |
8.84-1
|
|
|
163901 |
- Generate FAIL results if -Wall or -Wformat-security are missing.
|
|
|
163901 |
8.83-1
|
|
|
163901 |
- If notes cannot be found in the executable look for them in the debuginfo file, if available.
|
|
|
163901 |
- Generate a FAIL if notes are missing from the executable/debuginfo file.
|
|
|
163901 |
- Record and report the setting of the AArcht64 specific -mbranch-protection option.
|
|
|
163901 |
8.81-1
|
|
|
163901 |
- Improve detection of GO binaries.
|
|
|
163901 |
- Add gcc version information to annobin notes.
|
|
|
163901 |
- Do not complain about missing FORTIFY_SOURCE and GLIBCXX_ASSERTIONS in LTO compilations.
|
|
|
163901 |
|
|
|
163901 |
* Wed Aug 21 2019 Nick Clifton <nickc@redhat.com> - 8.79-2
|
|
|
163901 |
- INITIAL CREATION OF DTS-9 ANNOBIN.
|
|
|
163901 |
|
|
|
163901 |
* Thu Aug 08 2019 Nick Clifton <nickc@redhat.com> - 8.79-2
|
|
|
163901 |
- Import the missing tests/ sub-directory.
|
|
|
163901 |
|
|
|
163901 |
* Thu Aug 08 2019 Nick Clifton <nickc@redhat.com> - 8.79-1
|
|
|
163901 |
- Allow the compiler used to run tests to be specified on the command line.
|
|
|
163901 |
|
|
|
163901 |
* Tue Aug 06 2019 Nick Clifton <nickc@redhat.com> - 8.78-1
|
|
|
163901 |
- Fix a memory allocation error in the annobin plugin. (#1737306)
|
|
|
163901 |
|
|
|
163901 |
* Tue Jul 23 2019 Nick Clifton <nickc@redhat.com> - 8.77-4
|
|
|
163901 |
- Change the requirement of gcc-toolset-9 to gcc-toolset-9-gcc. (#1732767)
|
|
|
163901 |
|
|
|
163901 |
* Tue Jul 23 2019 Nick Clifton <nickc@redhat.com> - 8.77-2
|
|
|
163901 |
- Version bump to allow rebuilding with scl_prefix.
|
|
|
163901 |
|
|
|
163901 |
* Tue Jul 23 2019 Nick Clifton <nickc@redhat.com> - 8.77-1
|
|
|
163901 |
- gcc-toolset-9: INITIAL IMPORT OF ANNOBIN FROM RAWHIDE. (#1730483)
|
|
|
163901 |
|
|
|
163901 |
* Mon Jun 24 2019 Nick Clifton <nickc@redhat.com> - 8.77-1
|
|
|
163901 |
- Another attempt at fixing the detection and reporting of missing -D_FORTIFY_SOURCE options. (#1703500)
|
|
|
163901 |
|
|
|
163901 |
* Mon Jun 10 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 8.76-4
|
|
|
163901 |
- Rebuild for RPM 4.15
|
|
|
163901 |
|
|
|
163901 |
* Mon Jun 10 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 8.76-3
|
|
|
163901 |
- Rebuild for RPM 4.15
|
|
|
163901 |
|
|
|
163901 |
* Thu Jun 06 2019 Panu Matilainen <pmatilai@redhat.com> - 8.76-2
|
|
|
163901 |
- Really enable annocheck sub-package
|
|
|
163901 |
|
|
|
163901 |
* Tue Apr 30 2019 Nick Clifton <nickc@redhat.com> - 8.76-1
|
|
|
163901 |
- Report a missing -D_FORTIFY_SOUCRE option if -D_GLIBCXX_ASSERTIONS was detected. (#1703499)
|
|
|
163901 |
- Do not report problems with -fstack-protection if the binary was not built by gcc or clang. (#1703788)
|
|
|
163901 |
|
|
|
163901 |
* Fri Apr 26 2019 Nick Clifton <nickc@redhat.com> - 8.74-1
|
|
|
163901 |
- Add tests of clang command line options recorded in the DW_AT_producer attribute.
|
|
|
163901 |
|
|
|
163901 |
* Wed Apr 24 2019 Nick Clifton <nickc@redhat.com> - 8.73-1
|
|
|
163901 |
- Fix test for an executable stack segment. (#1700924)
|
|
|
163901 |
|
|
|
163901 |
* Thu Apr 18 2019 Nick Clifton <nickc@redhat.com> - 8.72-1
|
|
|
163901 |
- Rebuild annobin with the latest rawhide gcc sources. (#1700923)
|
|
|
163901 |
|
|
|
163901 |
* Thu Feb 28 2019 Nick Clifton <nickc@redhat.com> - 8.71-1
|
|
|
163901 |
- Annobin: Suppress more calls to free() which are triggering memory checker errors. (#1684148)
|
|
|
163901 |
|
|
|
163901 |
* Fri Feb 01 2019 Nick Clifton <nickc@redhat.com> - 8.70-1
|
|
|
163901 |
- Add section flag matching ability to section size tool.
|
|
|
163901 |
|
|
|
163901 |
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 8.69-7
|
|
|
163901 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
163901 |
|
|
|
163901 |
* Tue Jan 29 2019 Björn Esser <besser82@fedoraproject.org> - 8.69-6
|
|
|
163901 |
- Use 'with' for rich dependency on gcc
|
|
|
163901 |
|
|
|
163901 |
* Tue Jan 29 2019 Björn Esser <besser82@fedoraproject.org> - 8.69-5
|
|
|
163901 |
- Really fix rhbz#1607430.
|
|
|
163901 |
|
|
|
163901 |
* Mon Jan 28 2019 Björn Esser <besser82@fedoraproject.org> - 8.69-4
|
|
|
163901 |
- Rebuilt with annotations enabled
|
|
|
163901 |
|
|
|
163901 |
* Mon Jan 28 2019 Björn Esser <besser82@fedoraproject.org> - 8.69-3
|
|
|
163901 |
- Fix rpm query for gcc version.
|
|
|
163901 |
|
|
|
163901 |
* Mon Jan 28 2019 Nick Clifton <nickc@redhat.com> - 8.69-2
|
|
|
163901 |
- Add an exact requirement on the major version of gcc. (#1607430)
|
|
|
163901 |
|
|
|
163901 |
* Thu Jan 24 2019 Nick Clifton <nickc@redhat.com> - 8.69-1
|
|
|
163901 |
- Annobin: Add support for .text.startup and .text.exit sections generated by gcc 9.
|
|
|
163901 |
- Annocheck: Add a note displaying tool.
|
|
|
163901 |
|
|
|
163901 |
* Wed Jan 23 2019 Nick Clifton <nickc@redhat.com> - 8.68-1
|
|
|
163901 |
- Annocheck: Skip checks for -D_FORTIFY_SOURCE and -D_GLIBCXX_ASSERTIONS if there is no compiler generated code in the binary.
|
|
|
163901 |
|
|
|
163901 |
* Mon Jan 21 2019 Björn Esser <besser82@fedoraproject.org> - 8.67-3
|
|
|
163901 |
- Rebuilt with annotations enabled
|
|
|
163901 |
|
|
|
163901 |
* Mon Jan 21 2019 Björn Esser <besser82@fedoraproject.org> - 8.67-2
|
|
|
163901 |
- Rebuilt for GCC 9
|
|
|
163901 |
|
|
|
163901 |
* Thu Jan 17 2019 Nick Clifton <nickc@redhat.com> - 8.67-1
|
|
|
163901 |
- Annocheck: Only skip specific checks for specific symbols. (#1666823)
|
|
|
163901 |
- Annobin: Record the setting of the -fomit-frame-pointer option.
|
|
|
163901 |
|
|
|
163901 |
* Wed Jan 02 2019 Nick Clifton <nickc@redhat.com> - 8.66-1
|
|
|
163901 |
- Annocheck: Do not ignore -Og when checking to see if an optimization level has been set. (#1624162)
|
|
|
163901 |
|
|
|
163901 |
* Tue Dec 11 2018 Nick Clifton <nickc@redhat.com> - 8.65-1
|
|
|
163901 |
- Annobin: Fix handling of multiple .text.unlikely sections.
|
|
|
163901 |
|
|
|
163901 |
* Fri Nov 30 2018 Nick Clifton <nickc@redhat.com> - 8.64-1
|
|
|
163901 |
- Annocheck: Skip gaps in PPC64 executables covered by start_bcax_ symbols. (#1630564)
|
|
|
163901 |
|
|
|
163901 |
* Mon Nov 26 2018 Nick Clifton <nickc@redhat.com> - 8.63-1
|
|
|
163901 |
- Annocheck: Disable ENDBR test for shared libraries. (#1652925)
|
|
|
163901 |
|
|
|
163901 |
* Mon Nov 26 2018 Nick Clifton <nickc@redhat.com> - 8.62-1
|
|
|
163901 |
- Annocheck: Add test for ENDBR instruction at entry address of x86/x86_64 executables. (#1652925)
|
|
|
163901 |
|
|
|
163901 |
* Tue Nov 20 2018 David Cantrell <dcantrell@redhat.com> - 8.61-2
|
|
|
163901 |
- Adjust how the gcc_vr macro is set.
|
|
|
163901 |
|
|
|
163901 |
* Mon Nov 19 2018 Nick Clifton <nickc@redhat.com> - 8.61-1
|
|
|
163901 |
- Fix building with gcc version 4.
|
|
|
163901 |
|
|
|
163901 |
* Tue Nov 13 2018 Nick Clifton <nickc@redhat.com> - 8.60-1
|
|
|
163901 |
- Skip -Wl,-z,now and -Wl,-z,relro checks for non-gcc produced binaries. (#1624421)
|
|
|
163901 |
|
|
|
163901 |
* Mon Nov 05 2018 Nick Clifton <nickc@redhat.com> - 8.59-1
|
|
|
163901 |
- Ensure GNU Property notes are 8-byte aligned in x86_64 binaries. (#1645817)
|
|
|
163901 |
|
|
|
163901 |
* Thu Oct 18 2018 Nick Clifton <nickc@redhat.com> - 8.58-1
|
|
|
163901 |
- Skip PPC64 linker stubs created in the middle of text sections (again). (#1630640)
|
|
|
163901 |
|
|
|
163901 |
* Thu Oct 18 2018 Nick Clifton <nickc@redhat.com> - 8.57-1
|
|
|
163901 |
- Suppress free of invalid pointer. (#1638371)
|
|
|
163901 |
|
|
|
163901 |
* Thu Oct 18 2018 Nick Clifton <nickc@redhat.com> - 8.56-1
|
|
|
163901 |
- Skip PPC64 linker stubs created in the middle of text sections. (#1630640)
|
|
|
163901 |
|
|
|
163901 |
* Tue Oct 16 2018 Nick Clifton <nickc@redhat.com> - 8.55-1
|
|
|
163901 |
- Reset the (PPC64) section start symbol to 0 if its section is empty. (#1638251)
|
|
|
163901 |
|
|
|
163901 |
* Thu Oct 11 2018 Nick Clifton <nickc@redhat.com> - 8.53-1
|
|
|
163901 |
- Also skip virtual thinks created by G++. (#1630619)
|
|
|
163901 |
|
|
|
163901 |
* Wed Oct 10 2018 Nick Clifton <nickc@redhat.com> - 8.52-1
|
|
|
163901 |
- Use uppercase for all fail/mayb/pass results. (#1637706)
|
|
|
163901 |
|
|
|
163901 |
* Wed Oct 10 2018 Nick Clifton <nickc@redhat.com> - 8.51-1
|
|
|
163901 |
- Generate notes for unlikely sections. (#1630620)
|
|
|
163901 |
|
|
|
163901 |
* Mon Oct 08 2018 Nick Clifton <nickc@redhat.com> - 8.50-1
|
|
|
163901 |
- Fix edge case computing section names for end symbols. (#1637039)
|
|
|
163901 |
|
|
|
163901 |
* Mon Oct 08 2018 Nick Clifton <nickc@redhat.com> - 8.49-1
|
|
|
163901 |
- Skip dynamic checks for binaries without a dynamic segment. (#1636606)
|
|
|
163901 |
|
|
|
163901 |
* Fri Oct 05 2018 Nick Clifton <nickc@redhat.com> - 8.48-1
|
|
|
163901 |
- Delay generating attach_to_group directives until the end of the compilation. (#1636265)
|
|
|
163901 |
|
|
|
163901 |
* Mon Oct 01 2018 Nick Clifton <nickc@redhat.com> - 8.47-1
|
|
|
163901 |
- Fix bug introduced in previous delta which would trigger a seg-fault when scanning for gaps.
|
|
|
163901 |
|
|
|
163901 |
* Mon Oct 01 2018 Nick Clifton <nickc@redhat.com> - 8.46-1
|
|
|
163901 |
- Annobin: Fix section name selection for startup sections.
|
|
|
163901 |
- Annocheck: Improve gap skipping heuristics. (#1630574)
|
|
|
163901 |
|
|
|
163901 |
* Mon Oct 01 2018 Nick Clifton <nickc@redhat.com> - 8.45-1
|
|
|
163901 |
- Fix function section support (again). (#1630574)
|
|
|
163901 |
|
|
|
163901 |
* Fri Sep 28 2018 Nick Clifton <nickc@redhat.com> - 8.44-1
|
|
|
163901 |
- Skip compiler option checks for non-GNU producers. (#1633749)
|
|
|
163901 |
|
|
|
163901 |
* Wed Sep 26 2018 Nick Clifton <nickc@redhat.com> - 8.43-1
|
|
|
163901 |
- Fix function section support (again). (#1630574)
|
|
|
163901 |
|
|
|
163901 |
* Tue Sep 25 2018 Nick Clifton <nickc@redhat.com> - 8.42-1
|
|
|
163901 |
- Ignore ppc64le notes where start = end + 2. (#1632259)
|
|
|
163901 |
|
|
|
163901 |
* Tue Sep 25 2018 Nick Clifton <nickc@redhat.com> - 8.41-1
|
|
|
163901 |
- Make annocheck ignore symbols suffixed with ".end". (#1639618)
|
|
|
163901 |
|
|
|
163901 |
* Mon Sep 24 2018 Nick Clifton <nickc@redhat.com> - 8.40-1
|
|
|
163901 |
- Reinstate building annobin with annobin enabled. (#1630550)
|
|
|
163901 |
|
|
|
163901 |
* Fri Sep 21 2018 Nick Clifton <nickc@redhat.com> - 8.39-1
|
|
|
163901 |
- Tweak tests.
|
|
|
163901 |
|
|
|
163901 |
* Fri Sep 21 2018 Nick Clifton <nickc@redhat.com> - 8.38-1
|
|
|
163901 |
- Generate notes and groups for .text.hot and .text.unlikely sections.
|
|
|
163901 |
- When -ffunction-sections is active, put notes for startup sections into .text.startup.foo rather than .text.foo.
|
|
|
163901 |
- Similarly put exit section notes into .text.exit.foo. (#1630574)
|
|
|
163901 |
- Change annocheck's maybe result for GNU Property note being missing into a PASS if it is not needed and a FAIL if it is needed.
|
|
|
163901 |
|
|
|
163901 |
* Wed Sep 19 2018 Nick Clifton <nickc@redhat.com> - 8.37-1
|
|
|
163901 |
- Make the --skip-* options skip all messages about the specified test.
|
|
|
163901 |
|
|
|
163901 |
* Tue Sep 18 2018 Nick Clifton <nickc@redhat.com> - 8.36-1
|
|
|
163901 |
- Improve error message when an ET_EXEC binary is detected.
|
|
|
163901 |
|
|
|
163901 |
* Mon Sep 17 2018 Nick Clifton <nickc@redhat.com> - 8.35-1
|
|
|
163901 |
- Skip failures for PIC vs PIE. (#1629698)
|
|
|
163901 |
|
|
|
163901 |
* Mon Sep 17 2018 Nick Clifton <nickc@redhat.com> - 8.34-1
|
|
|
163901 |
- Ensure 4 byte alignment of note sub-sections. (#1629671)
|
|
|
163901 |
|
|
|
163901 |
* Wed Sep 12 2018 Nick Clifton <nickc@redhat.com> - 8.33-1
|
|
|
163901 |
- Add timing tool to report on speed of the checks.
|
|
|
163901 |
- Add check for conflicting use of the -fshort-enum option.
|
|
|
163901 |
- Add check of the GNU Property notes.
|
|
|
163901 |
- Skip check for -O2 if compiled with -Og. (#1624162)
|
|
|
163901 |
|
|
|
163901 |
* Mon Sep 03 2018 Nick Clifton <nickc@redhat.com> - 8.32-1
|
|
|
163901 |
- Add test for ET_EXEC binaries. (#1625627)
|
|
|
163901 |
- Document --report-unknown option.
|
|
|
163901 |
|
|
|
163901 |
* Thu Aug 30 2018 Nick Clifton <nickc@redhat.com> - 8.31-1
|
|
|
163901 |
- Fix bug in hardened tool which would skip gcc compiled files if the notes were too small.
|
|
|
163901 |
- Fix bugs in section-size tool.
|
|
|
163901 |
- Fix bug in built-by tool.
|
|
|
163901 |
|
|
|
163901 |
* Wed Aug 29 2018 Nick Clifton <nickc@redhat.com> - 8.30-1
|
|
|
163901 |
- Generate notes for comdat sections. (#1619267)
|
|
|
163901 |
|
|
|
163901 |
* Thu Aug 23 2018 Nick Clifton <nickc@redhat.com> - 8.29-1
|
|
|
163901 |
- Add more names to the gap skip list. (#1619267)
|
|
|
163901 |
|
|
|
163901 |
* Thu Aug 23 2018 Nick Clifton <nickc@redhat.com> - 8.28-1
|
|
|
163901 |
- Skip gaps covered by _x86.get_pc_thunk and _savegpr symbols. (#1619267)
|
|
|
163901 |
- Merge ranges where one is wholly covered by another.
|
|
|
163901 |
|
|
|
163901 |
* Wed Aug 22 2018 Nick Clifton <nickc@redhat.com> - 8.27-1
|
|
|
163901 |
- Skip gaps at the end of functions. (#1619267)
|
|
|
163901 |
|
|
|
163901 |
* Tue Aug 21 2018 Nick Clifton <nickc@redhat.com> - 8.26-1
|
|
|
163901 |
- Fix thinko in ppc64 gap detection code. (#1619267)
|
|
|
163901 |
|
|
|
163901 |
* Mon Aug 20 2018 Nick Clifton <nickc@redhat.com> - 8.25-1
|
|
|
163901 |
- Skip gaps at the end of the .text section in ppc64 binaries. (#1619267)
|
|
|
163901 |
|
|
|
163901 |
* Wed Aug 15 2018 Nick Clifton <nickc@redhat.com> - 8.24-1
|
|
|
163901 |
- Skip checks in stack_chk_local_fail.c
|
|
|
163901 |
- Treat gaps as FAIL results rather than MAYBE.
|
|
|
163901 |
|
|
|
163901 |
* Wed Aug 08 2018 Nick Clifton <nickc@redhat.com> - 8.23-1
|
|
|
163901 |
- Skip checks in __stack_chk_local_fail.
|
|
|
163901 |
|
|
|
163901 |
* Wed Aug 08 2018 Nick Clifton <nickc@redhat.com> - 8.22-1
|
|
|
163901 |
- Reduce version check to gcc major version number only. Skip compiler option checks if binary not built with gcc. (#1603089)
|
|
|
163901 |
|
|
|
163901 |
* Tue Aug 07 2018 Nick Clifton <nickc@redhat.com> - 8.21-1
|
|
|
163901 |
- Fix bug in annobin plugin. Add --section-size=NAME option to annocheck.
|
|
|
163901 |
|
|
|
163901 |
* Thu Aug 2 2018 Peter Robinson <pbrobinson@fedoraproject.org> 8.20-2
|
|
|
163901 |
- rebuild for new gcc
|
|
|
163901 |
|
|
|
163901 |
* Thu Aug 02 2018 Nick Clifton <nickc@redhat.com> - 8.20-1
|
|
|
163901 |
- Correct name of man page for run-on-binaries-in script. (#1611155)
|
|
|
163901 |
|
|
|
163901 |
* Wed Jul 25 2018 Nick Clifton <nickc@redhat.com> - 8.19-1
|
|
|
163901 |
- Allow $ORIGIN to be at the start of entries in DT_RPATH and DT_RUNPATH.
|
|
|
163901 |
|
|
|
163901 |
* Mon Jul 23 2018 Nick Clifton <nickc@redhat.com> - 8.18-1
|
|
|
163901 |
- Add support for big endian targets.
|
|
|
163901 |
|
|
|
163901 |
* Mon Jul 23 2018 Nick Clifton <nickc@redhat.com> - 8.17-1
|
|
|
163901 |
- Count passes and failures on a per-component basis and report gaps.
|
|
|
163901 |
|
|
|
163901 |
* Fri Jul 20 2018 Nick Clifton <nickc@redhat.com> - 8.16-1
|
|
|
163901 |
- Use our own copy of the targetm.asm_out.function_section() function. (#159861 comment#17)
|
|
|
163901 |
|
|
|
163901 |
* Fri Jul 20 2018 Nick Clifton <nickc@redhat.com> - 8.15-1
|
|
|
163901 |
- Generate grouped note section name all the time. (#159861 comment#16)
|
|
|
163901 |
|
|
|
163901 |
* Thu Jul 19 2018 Nick Clifton <nickc@redhat.com> - 8.14-1
|
|
|
163901 |
- Fix section conflict problem. (#1603071)
|
|
|
163901 |
|
|
|
163901 |
* Wed Jul 18 2018 Nick Clifton <nickc@redhat.com> - 8.13-1
|
|
|
163901 |
- Fix for building with gcc version 4.
|
|
|
163901 |
- Fix symbol placement in functions with local assembler.
|
|
|
163901 |
|
|
|
163901 |
* Tue Jul 17 2018 Nick Clifton <nickc@redhat.com> - 8.12-1
|
|
|
163901 |
- Fix assertions in range checking code. Add detection of -U options.
|
|
|
163901 |
|
|
|
163901 |
* Tue Jul 17 2018 Nick Clifton <nickc@redhat.com> - 8.11-1
|
|
|
163901 |
- Handle function sections properly. Handle .text.startup and .text.unlikely sections. Improve gap detection and reporting. (#1601055)
|
|
|
163901 |
|
|
|
163901 |
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 8.10-2
|
|
|
163901 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
163901 |
|
|
|
163901 |
* Thu Jul 12 2018 Nick Clifton <nickc@redhat.com> - 8.10-1
|
|
|
163901 |
- Fix construction of absolute versions of --dwarf-dir and --debug-rpm options.
|
|
|
163901 |
|
|
|
163901 |
* Tue Jul 10 2018 Nick Clifton <nickc@redhat.com> - 8.9-1
|
|
|
163901 |
- Fix buffer overrun when very long symbol names are encountered.
|
|
|
163901 |
|
|
|
163901 |
* Tue Jul 10 2018 Nick Clifton <nickc@redhat.com> - 8.8-1
|
|
|
163901 |
- Do not force the generation of function notes when -ffunction-sections is active. (#1598961)
|
|
|
163901 |
|
|
|
163901 |
* Mon Jul 09 2018 Nick Clifton <nickc@redhat.com> - 8.7-1
|
|
|
163901 |
- Skip the .annobin_ prfix when reporting symbols. (#1599315)
|
|
|
163901 |
|
|
|
163901 |
* Mon Jul 09 2018 Nick Clifton <nickc@redhat.com> - 8.6-1
|
|
|
163901 |
- Use the assembler (c++ mangled) version of function names when switching sections. (#1598579)
|
|
|
163901 |
|
|
|
163901 |
* Mon Jul 09 2018 Nick Clifton <nickc@redhat.com> - 8.5-1
|
|
|
163901 |
- Do not call function_section. (#1598961)
|
|
|
163901 |
|
|
|
163901 |
* Fri Jul 06 2018 Nick Clifton <nickc@redhat.com> - 8.4-1
|
|
|
163901 |
- Ignore cross-section gaps. (#1598551)
|
|
|
163901 |
|
|
|
163901 |
* Thu Jul 05 2018 Nick Clifton <nickc@redhat.com> - 8.3-1
|
|
|
163901 |
- Do not skip empty range notes in object files. (#1598361)
|
|
|
163901 |
|
|
|
163901 |
* Mon Jul 02 2018 Nick Clifton <nickc@redhat.com> - 8.2-1
|
|
|
163901 |
- Create the start symbol at the start of the function and the end symbol at the end. (#1596823)
|
|
|
163901 |
|
|
|
163901 |
* Mon Jul 02 2018 Nick Clifton <nickc@redhat.com> - 8.1-1
|
|
|
163901 |
- Fix --debug-rpm when used inside a directory.
|
|
|
163901 |
|
|
|
163901 |
* Thu Jun 28 2018 Nick Clifton <nickc@redhat.com> - 8.0-1
|
|
|
163901 |
- Use a prefix for all annobin generated symbols, and make them hidden.
|
|
|
163901 |
- Only generate weak symbol definitions for linkonce sections.
|
|
|
163901 |
|
|
|
163901 |
* Wed Jun 27 2018 Nick Clifton <nickc@redhat.com> - 7.1-1
|
|
|
163901 |
- Skip some checks for relocatable object files, and dynamic objects.
|
|
|
163901 |
- Stop bogus complaints about stackrealignment not being enabled.
|
|
|
163901 |
|
|
|
163901 |
* Mon Jun 25 2018 Nick Clifton <nickc@redhat.com> - 7.0-1
|
|
|
163901 |
- Add -debug-rpm= option to annocheck.
|
|
|
163901 |
- Only use a 2 byte offset for the initial symbol on PowerPC.
|
|
|
163901 |
|
|
|
163901 |
* Fri Jun 22 2018 Nick Clifton <nickc@redhat.com> - 6.6-1
|
|
|
163901 |
- Use --dwarf-path when looking for build-id based debuginfo files.
|
|
|
163901 |
|
|
|
163901 |
* Fri Jun 22 2018 Nick Clifton <nickc@redhat.com> - 6.5-1
|
|
|
163901 |
- Fix premature closing of dwarf handle.
|
|
|
163901 |
|
|
|
163901 |
* Fri Jun 22 2018 Nick Clifton <nickc@redhat.com> - 6.4-1
|
|
|
163901 |
- Fix scoping bug computing the name of a separate debuginfo file.
|
|
|
163901 |
|
|
|
163901 |
* Tue Jun 19 2018 Nick Clifton <nickc@redhat.com> - 6.3-1
|
|
|
163901 |
- Fix file descriptor leak.
|
|
|
163901 |
|
|
|
163901 |
* Tue Jun 19 2018 Nick Clifton <nickc@redhat.com> - 6.2-1
|
|
|
163901 |
- Add command line options to annocheck to disable individual tests.
|
|
|
163901 |
|
|
|
163901 |
* Fri Jun 08 2018 Nick Clifton <nickc@redhat.com> - 6.1-1
|
|
|
163901 |
- Remove C99-ism from annocheck sources.
|
|
|
163901 |
|
|
|
163901 |
* Wed Jun 06 2018 Nick Clifton <nickc@redhat.com> - 6.0-1
|
|
|
163901 |
- Add the annocheck program.
|
|
|
163901 |
|
|
|
163901 |
* Fri Jun 01 2018 Nick Clifton <nickc@redhat.com> - 5.11-1
|
|
|
163901 |
- Do not use the SHF_GNU_BUILD_NOTE section flag.
|
|
|
163901 |
|
|
|
163901 |
* Thu May 31 2018 Nick Clifton <nickc@redhat.com> - 5.10-1
|
|
|
163901 |
- Remove .sh extension from shell scripts.
|
|
|
163901 |
|
|
|
163901 |
* Wed May 30 2018 Nick Clifton <nickc@redhat.com> - 5.9-1
|
|
|
163901 |
- Record the setting of the -mstackrealign option for i686 binaries.
|
|
|
163901 |
|
|
|
163901 |
* Mon May 14 2018 Nick Clifton <nickc@redhat.com> - 5.8-1
|
|
|
163901 |
- Hide the annobin start of file symbol.
|
|
|
163901 |
|
|
|
163901 |
* Tue May 08 2018 Nick Clifton <nickc@redhat.com> - 5.7-1
|
|
|
163901 |
- Fix script bug in hardended.sh. (Thanks to: Stefan Sørensen <stefan.sorensen@spectralink.com>)
|
|
|
163901 |
|
|
|
163901 |
* Thu May 03 2018 Nick Clifton <nickc@redhat.com> - 5.6-3
|
|
|
163901 |
- Version number bump so that the plugin can be rebuilt with the latest version of GCC.
|
|
|
163901 |
|
|
|
163901 |
* Mon Apr 30 2018 Nick Clifton <nickc@redhat.com> - 5.6-2
|
|
|
163901 |
- Rebuild the plugin with the newly created plugin enabled. (#1573082)
|
|
|
163901 |
|
|
|
163901 |
* Mon Apr 30 2018 Nick Clifton <nickc@redhat.com> - 5.6-1
|
|
|
163901 |
- Skip the isa_flags check in the ABI test because the crt[in].o files are compiled with different flags from the test files.
|
|
|
163901 |
|
|
|
163901 |
* Fri Apr 20 2018 Nick Clifton <nickc@redhat.com> - 5.3-1
|
|
|
163901 |
- Add manual pages for annobin and the scripts.
|
|
|
163901 |
|
|
|
163901 |
* Tue Apr 03 2018 Nick Clifton <nickc@redhat.com> - 5.2-1
|
|
|
163901 |
- Do not record a stack protection setting of -1. (#1563141)
|
|
|
163901 |
|
|
|
163901 |
* Tue Mar 20 2018 Nick Clifton <nickc@redhat.com> - 5.1-1
|
|
|
163901 |
- Do not complain about a dwarf_version value of -1. (#1557511)
|
|
|
163901 |
|
|
|
163901 |
* Thu Mar 15 2018 Nick Clifton <nickc@redhat.com> - 5.0-1
|
|
|
163901 |
- Bias file start symbols by 2 in order to avoid them confused with function symbols. (#1554332)
|
|
|
163901 |
- Version jump is to sync the version number with the annobin plugins internal version number.
|
|
|
163901 |
|
|
|
163901 |
* Mon Mar 12 2018 Nick Clifton <nickc@redhat.com> - 3.6-1
|
|
|
163901 |
- Add --ignore-gaps option to check-abi.sh script.
|
|
|
163901 |
- Use this option in the abi-test check.
|
|
|
163901 |
- Tweak hardening test to skip pic and stack protection checks.
|
|
|
163901 |
|
|
|
163901 |
* Tue Mar 06 2018 Nick Clifton <nickc@redhat.com> - 3.5-1
|
|
|
163901 |
- Handle functions with specific assembler names. (#1552018)
|
|
|
163901 |
|
|
|
163901 |
* Fri Feb 23 2018 Nick Clifton <nickc@redhat.com> - 3.4-2
|
|
|
163901 |
- Add an explicit requirement on the version of gcc used to built the plugin. (#1547260)
|
|
|
163901 |
|
|
|
163901 |
* Fri Feb 09 2018 Nick Clifton <nickc@redhat.com> - 3.4-1
|
|
|
163901 |
- Change type and size of symbols to STT_NOTYPE/0 so that they do not confuse GDB. (#1539664)
|
|
|
163901 |
- Add run-on-binaries-in.sh script to allow the other scripts to be run over a repository.
|
|
|
163901 |
|
|
|
163901 |
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-2
|
|
|
163901 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
163901 |
|
|
|
163901 |
* Tue Jan 30 2018 Nick Clifton <nickc@redhat.com> - 3.3-1
|
|
|
163901 |
- Rebase on 3.3 release, which adds support for recording -mcet and -fcf-protection.
|
|
|
163901 |
|
|
|
163901 |
* Mon Jan 29 2018 Florian Weimer <fweimer@redhat.com> - 3.2-3
|
|
|
163901 |
- Rebuild for GCC 8
|
|
|
163901 |
|
|
|
163901 |
* Fri Jan 26 2018 Nick Clifton <nickc@redhat.com> - 3.2-2
|
|
|
163901 |
- Fix the installation of the annobin.info file.
|
|
|
163901 |
|
|
|
163901 |
* Fri Jan 26 2018 Nick Clifton <nickc@redhat.com> - 3.2-1
|
|
|
163901 |
- Rebase on 3.2 release, which now contains documentation!
|
|
|
163901 |
|
|
|
163901 |
* Fri Jan 26 2018 Richard W.M. Jones <rjones@redhat.com> - 3.1-3
|
|
|
163901 |
- Rebuild against GCC 7.3.1.
|
|
|
163901 |
|
|
|
163901 |
* Tue Jan 16 2018 Nick Clifton <nickc@redhat.com> - 3.1-2
|
|
|
163901 |
- Add --with-gcc-plugin-dir option to the configure command line.
|
|
|
163901 |
|
|
|
163901 |
* Thu Jan 04 2018 Nick Clifton <nickc@redhat.com> - 3.1-1
|
|
|
163901 |
- Rebase on version 3.1 sources.
|
|
|
163901 |
|
|
|
163901 |
* Mon Dec 11 2017 Nick Clifton <nickc@redhat.com> - 2.5.1-5
|
|
|
163901 |
- Do not generate notes when there is no output file. (#1523875)
|
|
|
163901 |
|
|
|
163901 |
* Fri Dec 08 2017 Nick Clifton <nickc@redhat.com> - 2.5.1-4
|
|
|
163901 |
- Invent an input filename when reading from a pipe. (#1523401)
|
|
|
163901 |
|
|
|
163901 |
* Thu Nov 30 2017 Florian Weimer <fweimer@redhat.com> - 2.5.1-3
|
|
|
163901 |
- Use DECL_ASSEMBLER_NAME for symbol references (#1519165)
|
|
|
163901 |
|
|
|
163901 |
* Tue Oct 03 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.5.1-2
|
|
|
163901 |
- Cleanups in spec
|
|
|
163901 |
|
|
|
163901 |
* Tue Sep 26 2017 Nick Clifton <nickc@redhat.com> - 2.5.1-1
|
|
|
163901 |
- Touch the auto-generated files in order to stop them from being regenerated.
|
|
|
163901 |
|
|
|
163901 |
* Tue Sep 26 2017 Nick Clifton <nickc@redhat.com> - 2.5-2
|
|
|
163901 |
- Stop the plugin complaining about compiler datestamp mismatches.
|
|
|
163901 |
|
|
|
163901 |
* Thu Sep 21 2017 Nick Clifton <nickc@redhat.com> - 2.4-1
|
|
|
163901 |
- Tweak tests so that they will run on older machines.
|
|
|
163901 |
|
|
|
163901 |
* Thu Sep 21 2017 Nick Clifton <nickc@redhat.com> - 2.3-1
|
|
|
163901 |
- Add annobin-tests subpackage containing some preliminary tests.
|
|
|
163901 |
- Remove link-time test for unsupported targets.
|
|
|
163901 |
|
|
|
163901 |
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0-3
|
|
|
163901 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
163901 |
|
|
|
163901 |
* Mon Jul 31 2017 Florian Weimer <fweimer@redhat.com> - 2.0-2
|
|
|
163901 |
- Rebuild with binutils fix for ppc64le (#1475636)
|
|
|
163901 |
|
|
|
163901 |
* Wed Jun 28 2017 Nick Clifton <nickc@redhat.com> - 2.0-1
|
|
|
163901 |
- Fixes for problems reported by the package submission review:
|
|
|
163901 |
* Add %%license entry to %%file section.
|
|
|
163901 |
* Update License and BuildRequires tags.
|
|
|
163901 |
* Add Requires tag.
|
|
|
163901 |
* Remove %%clean.
|
|
|
163901 |
* Add %%check.
|
|
|
163901 |
* Clean up the %%changelog.
|
|
|
163901 |
- Update to use version 2 of the specification and sources.
|
|
|
163901 |
|
|
|
163901 |
* Thu May 11 2017 Nick Clifton <nickc@redhat.com> - 1.0-1
|
|
|
163901 |
- Initial submission.
|