%define __python /opt/rh/gcc-toolset-9/root/usr/bin/python3

%{?scl:%scl_package annobin}

Name:    %{?scl_prefix}annobin

Summary: Annotate and examine compiled binary files

Version: 10.23

Release: 1%{?dist}

License: GPLv3+

# Maintainer: nickc@redhat.com

# Web Page: https://sourceware.org/annobin/

# Watermark Protocol: https://fedoraproject.org/wiki/Toolchain/Watermark

#---------------------------------------------------------------------------------

# Use "--with tests" to enable the testsuite.

%bcond_with tests

# Use "--without annocheck" to disable the installation of the annocheck program.

%bcond_without annocheck

# Use "--with debuginfod" to force support for debuginfod to be compiled into

# the annocheck program.  By default the configure script will check for

# availablilty at build time, but this might not match the run time situation.

# FIXME: Add a --without debuginfod option to forcefully disable the configure

# time check for debuginfod support.

%bcond_with debuginfod

# Use "--with clangplugin" to enable the building of the annobin plugin for Clang.

%bcond_with clangplugin

# Use "--without gccplugin" to disable the building of the annobin plugin for GCC.

%bcond_without gccplugin

# Use "--with llvmplugin" to enable the building of the annobin plugin for LLVM.

%bcond_with llvmplugin

# Set this to zero to disable the requirement for a specific version of gcc.

# This should only be needed if there is some kind of problem with the version

# checking logic or when building on RHEL-7 or earlier.

%global with_hard_gcc_version_requirement 1

%bcond_with plugin_rebuild

# Allow the building of annobin without using annobin itself.

# This is because if we are bootstrapping a new build environment we can have

# a new version of gcc installed, but without a new of annobin installed.

# (i.e. we are building the new version of annobin to go with the new version

# of gcc).  If the *old* annobin plugin is used whilst building this new

# version, the old plugin will complain that version of gcc for which it

# was built is different from the version of gcc that is now being used, and

# then it will abort.

#

# The default was to use plugin during rebuilds (cf BZ 1630550) but this has

# been changed because of the need to be able to rebuild annobin when a change

# to gcc breaks the version installed into the buildroot.

%if %{without plugin_rebuild}

%undefine _annotated_build

%endif

%{!?llvm_version:%global llvm_version 11.1.0}

%{!?llvm_plugin_dir:%global llvm_plugin_dir %{_libdir}/llvm/%{llvm_version}}

%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/%{llvm_version}}

#---------------------------------------------------------------------------------

# Source:  https://nickc.fedorapeople.org/annobin-%%{version}.tar.xz

Source:  annobin-%{version}.tar.xz

# For the latest sources use:  git clone git://sourceware.org/git/annobin.git

# Insert patches here, if needed.

# Patch01: annobin.unicode.patch

#---------------------------------------------------------------------------------

%{?scl:Requires:%scl_runtime}

%{?scl:BuildRequires:%scl_runtime}

%{?scl:BuildRequires:scl-utils-build}

# We need the gcc-toolset-11 version of gcc to build annobin, as otherwise the versions will not match.

%{?scl:Requires:%scl_require_package %{scl} gcc}

BuildRequires: %{?scl_prefix}gcc

%define gcc_for_annobin %{?_scl_root}/usr/bin/gcc

%define gxx_for_annobin %{?_scl_root}/usr/bin/g++

%if %{with gccplugin}

Requires: annobin-plugin-gcc

# [Stolen from gcc-python-plugin]

# GCC will only load plugins that were built against exactly that build of GCC

# We thus need to embed the exact GCC version as a requirement within the

# metadata.

#

# Define "gcc_vr", a variable to hold the VERSION-RELEASE string for the gcc

# we are being built against.

#

# Unfortunately, we can't simply run:

#   rpm -q --qf="%%{version}-%%{release}"

# to determine this, as there's no guarantee of a sane rpm database within

# the chroots created by our build system

#

# So we instead query the version from gcc's output.

#

# gcc.spec has:

#   Version: %%{gcc_version}

#   Release: %%{gcc_release}%%{?dist}

#   ...snip...

#   echo 'Red Hat %%{version}-%%{gcc_release}' > gcc/DEV-PHASE

#

# So, given this output:

#

#   $ gcc --version

#   gcc (GCC) 4.6.1 20110908 (Red Hat 4.6.1-9)

#   Copyright (C) 2011 Free Software Foundation, Inc.

#   This is free software; see the source for copying conditions.  There is NO

#   warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

#

# we can scrape out the "4.6.1" from the version line.

#

# The following implements the above:

%global gcc_vr %(%gcc_for_annobin --version | head -n 1 | sed -e 's|.*(Red\ Hat\ ||g' -e 's|)$||g')

# We need the major version of gcc.

%global gcc_major %(echo "%{gcc_vr}" | cut -f1 -d".")

%global gcc_next  %(v="%{gcc_major}"; echo $((++v)))

# Needed when building the srpm.

%if 0%{?gcc_major} == 0

%global gcc_major 0

%endif

# This is a gcc plugin, hence gcc is required.

%if %{with_hard_gcc_version_requirement}

# BZ 1607430 - There is an exact requirement on the major version of gcc.

Requires: (%{?scl_prefix}gcc >= %{gcc_major} with %{?scl_prefix}gcc < %{gcc_next})

%else

Requires: %{?scl_prefix}gcc

%endif

BuildRequires: %{?scl_prefix}gcc-plugin-devel %{?scl_prefix}gcc-c++

%endif

%if %{with llvmplugin}

Requires: annobin-plugin-llvm

BuildRequires: clang clang-devel llvm llvm-devel compiler-rt

%endif

%if %{with clangplugin}

Requires: annobin-plugin-clang

BuildRequires: clang clang-devel llvm llvm-devel compiler-rt

%endif

# The documentation uses pod2man...

BuildRequires: perl-interpreter perl-podlators gawk

#---------------------------------------------------------------------------

%description

Provides a plugin for GCC that records extra information in the files

that it compiles.

Note - the plugin is automatically enabled in gcc builds via flags

provided by the redhat-rpm-macros package.

%if %{with clangplugin}

Also provides a plugin for Clang which performs a similar function.

%endif

%if %{with llvmplugin}

Also provides a plugin for LLVM which performs a similar function.

%endif

#---------------------------------------------------------------------------

# Now that we have sub-packages for all of the plugins and for annocheck,

# there are no executables left to go into the "annobin" rpm.  But top-level

# packages cannot have "BuildArch: noarch" if sub-packages do have

# architecture requirements, and rpmlint generates an error if an

# architecture specific rpm does not contain any binaries.  So instead all of

# the documentation has been moved into an architecture neutral sub-package,

# and there no longer is a top level annobin rpm at all.

%package docs

Summary: Documentation and shell scripts for use with annobin

BuildArch: noarch

# annobin renamed to annobin-doc in 9.66-1

Provides: %{name} = %{version}-%{release}

Obsoletes: %{name} < 9.66-1

%description docs

Provides the documentation files and example shell scripts for use with annobin.

#----------------------------------------------------------------------------

%if %{with tests}

%package tests

Summary: Test scripts and binaries for checking the behaviour and output of the annobin plugin

Requires: %{name}-docs = %{version}-%{release}

%description tests

Provides a means to test the generation of annotated binaries and the parsing

of the resulting files.

%if %{with debuginfod}

BuildRequires: elfutils-debuginfod-client-devel

%endif

%endif

#----------------------------------------------------------------------------

%if %{with annocheck}

%package annocheck

Summary: A tool for checking the security hardening status of binaries

BuildRequires: %{?scl_prefix}gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel %{?scl_prefix}binutils-devel

%if %{with debuginfod}

BuildRequires: elfutils-debuginfod-client-devel make

%endif

Requires: %{name}-docs = %{version}-%{release}

%description annocheck

Installs the annocheck program which uses the notes generated by annobin to

check that the specified files were compiled with the correct security

hardening options.

%endif

#----------------------------------------------------------------------------

%if %{with gccplugin}

%package plugin-gcc

Summary: annobin gcc plugin

Requires: %{name}-docs = %{version}-%{release}

Conflicts: annobin <= 9.60-1

%description plugin-gcc

Installs an annobin plugin that can be used by gcc.

%endif

#---------------------------------------------------------------------------------

%if %{with llvmplugin}

%package plugin-llvm

Summary: annobin llvm plugin

Requires: %{name}-docs = %{version}-%{release}

Conflicts: annobin <= 9.60-1

%description plugin-llvm

Installs an annobin plugin that can be used by llvm tools.

%endif

#---------------------------------------------------------------------------------

%if %{with clangplugin}

%package plugin-clang

Summary: annobin clang plugin

Requires: %{name}-docs = %{version}-%{release}

Conflicts: annobin <= 9.60-1

%description plugin-clang

Installs an annobin plugin that can be used by clang.

%endif

#---------------------------------------------------------------------------------

%global ANNOBIN_GCC_PLUGIN_DIR %(%gcc_for_annobin --print-file-name=plugin)

#---------------------------------------------------------------------------------

%prep

if [ -z "%{gcc_vr}" ]; then

    echo "*** Missing gcc_vr spec file macro, cannot continue." >&2

    exit 1

fi

echo "Requires: (%{?scl_prefix}gcc >= %{gcc_major} and %{?scl_prefix}gcc < %{gcc_next})"

# Cannot use autosetup as it untar's the sources into annobin-<version>

# but then tries to change directory into <scl-prefix>-annobin-<version>.

# %%autosetup -p1

%setup -q -n annobin-%{version}

# %patch01 -p1

# chmod +x tests/unicode-test

# The plugin has to be configured with the same arcane configure

# scripts used by gcc.  Hence we must not allow the Fedora build

# system to regenerate any of the configure files.

touch aclocal.m4 gcc-plugin/config.h.in

touch configure */configure Makefile.in */Makefile.in

# Similarly we do not want to rebuild the documentation.

touch doc/annobin.info

#---------------------------------------------------------------------------------

%build

export CFLAGS="$CFLAGS $RPM_OPT_FLAGS -I%{?_scl_root}/usr/include"

export LDFLAGS="$LD_FLAGS $RPM_LD_FLAGS -L%{?_scl_root}/usr/lib64 -L%{?_scl_root}/usr/lib"

CONFIG_ARGS="--quiet"

%if %{with debuginfod}

CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod"

%else

# Note - we explicitly disable debuginfod support if it was not configured.

# This is because by default annobin's configue script will assume --with-debuginfod=auto

# and then run a build time test to see if debugingfod is available.  It

# may well be, but the build time environment may not match the run time

# environment, and the rpm will not have a Requirement on the debuginfod

# client.

CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod"

%endif

%if %{with clangplugin}

CONFIG_ARGS="$CONFIG_ARGS --with-clang"

%endif

%if %{without gccplugin}

CONFIG_ARGS="$CONFIG_ARGS --without-gcc-plugin"

%else

CONFIG_ARGS="$CONFIG_ARGS --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}"

%endif

%if %{with llvmplugin}

CONFIG_ARGS="$CONFIG_ARGS --with-llvm"

%endif

%if %{without tests}

CONFIG_ARGS="$CONFIG_ARGS --without-test"

%endif

%if %{without annocheck}

CONFIG_ARGS="$CONFIG_ARGS --without-annocheck"

%endif

%set_build_flags

%ifarch %{ix86} x86_64

# FIXME: There should be a better way to do this.

export CLANG_TARGET_OPTIONS="-fcf-protection"

%endif

%configure ${CONFIG_ARGS} || cat config.log

%make_build

%if %{with plugin_rebuild}

# Rebuild the plugin(s), this time using the plugin itself!  This

# ensures that the plugin works, and that it contains annotations

# of its own.

%if %{with gccplugin}

cp gcc-plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so

make -C gcc-plugin clean

BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so"

# Disable the standard annobin plugin so that we do get conflicts.

# Note: the "-fplugin=annobin" is here, despite the fact that it will also

# be automatically added to the gcc command line via

# "-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" because of a bug in gcc's

# plugin command line options handling.  GCC will issue an error saying that

# there is no plugin called "annobin" matching the -fplugin-arg-annobin-disable

# option, despite the fact that there patently is.

BUILD_FLAGS="$BUILD_FLAGS -fplugin=annobin -fplugin-arg-annobin-disable"

# If building on RHEL7, enable the next option as the .attach_to_group

# assembler pseudo op is not available in the assembler.

# BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach"

make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"

rm %{_tmppath}/tmp_annobin.so

%endif

%if %{with clangplugin}

cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so

make -C clang-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS"

%endif

%if %{with llvmplugin}

cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so

make -C llvm-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS"

%endif

%endif

#---------------------------------------------------------------------------------

%install

# PLUGIN_INSTALL_DIR is used by the Clang and LLVM makefiles...

%make_install PLUGIN_INSTALL_DIR=%{buildroot}/%{llvm_plugin_dir}

%if %{with clangplugin}

# Move clang plugin to a seperate directory.

mkdir -p %{buildroot}/%{clang_plugin_dir}

mv %{buildroot}/%{llvm_plugin_dir}/annobin-for-clang.so %{buildroot}/%{clang_plugin_dir}

%endif

rm -f %{buildroot}%{_infodir}/dir

#---------------------------------------------------------------------------------

%if %{with tests}

%check

# With scl the tests are run with the wrong version of gcc.  Hence

# we allow the tests to fail.

make check GCC=%gcc_for_annobin

if [ -f tests/test-suite.log ]; then

    cat tests/test-suite.log

fi

%if %{with clangplugin}

# FIXME: RUN CLANG tests

%endif

%if %{with llvmplugin}

# FIXME: RUN LLVM tests

%endif

%endif

#---------------------------------------------------------------------------------

%files docs

%license COPYING3 LICENSE

%exclude %{_datadir}/doc/annobin-plugin/COPYING3

%exclude %{_datadir}/doc/annobin-plugin/LICENSE

%doc %{_datadir}/doc/annobin-plugin/annotation.proposal.txt

%{_infodir}/annobin.info*

%{_mandir}/man1/annobin.1*

%{_mandir}/man1/built-by.1*

%{_mandir}/man1/check-abi.1*

%{_mandir}/man1/hardened.1*

%{_mandir}/man1/run-on-binaries-in.1*

%if %{with llvmplugin}

%files plugin-llvm

%{llvm_plugin_dir}/annobin-for-llvm.so

%endif

%if %{with clangplugin}

%files plugin-clang

%{clang_plugin_dir}/annobin-for-clang.so

%endif

%if %{with gccplugin}

%files plugin-gcc

%{ANNOBIN_GCC_PLUGIN_DIR}

%endif

%if %{with annocheck}

%files annocheck

%{_bindir}/annocheck

%{_mandir}/man1/annocheck.1*

%endif

#---------------------------------------------------------------------------------

%changelog

* Wed Nov 10 2021 Nick Clifton <nickc@redhat.com> - 10.23-1  (#2020405)

- Annocheck: Add a test for unicode characters in identifiers.

- gcc-plugin: Default to link-order grouping for PPC64LE.  (#2016458)

- Annocheck: Do not fail if a --skip-<name> option does not match a known test.

- ldconfig-test: Skip the LTO check.

- Annocheck: Add more glibc function names.

- gcc-plugin: Fix attaching the .text section to the .text.group section.

- Complain about DT_RPATH for Fedora binaries.

- Better reporting of problems in object files.  (#2013708)

- Add a requirement on llvm-libs for clang and llvm plugins.  (#2014573)

- Fix configuring annocheck without gcc-plugin.

- Annocheck: Better reporting of debuginfod problems.

- Tests: Fix bugs in debuginfod test.

- Annocheck: Add tests based upon recent bug fixes.

- Annocheck: Another tweak to glibc detection code.

- Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found.  (#20011438)

- Annocheck: Fix MAYB results for mixed GO/C files.

- Annocheck: Move some messages from VERBOSE to VERBOSE2.

- Annocheck: Scan zero-length tool notes.

- Annocheck: Fix covscan detected flaws.

- plugins: Add more required build options.

- Annocheck: Fix cf-prot test to fail if the CET notes are missing.

- Annocheck: Skip gaps in the .plt section.

- Plugins: Add -g option when building LLVM and Clang.

- Annocheck: Add more cases of glibc startup functions.

- Annocheck: Fix covscan detected problems.

- Annocheck: Add --profile=el8.

- gcc-plugin: Conditionalize generation of branch protection note.

- Annocheck: Ignore gaps containing NOP instructions.

- GCC Plugin: Fix detection of running inside the LTO compiler.  (#2004917)

- Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries.

- Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result.

- Annocheck: Do not set CFLAGS/LDFLAGS when building.  Take from environment instead.

- Annocheck: Fix exit code when tests PASS.

- Documentation: Add node for each hardening test.

- Documentation: Install online.

- Annocheck: Annote FAIL and MAYB results with URL to documentation

- Annocheck: Add --no-urls and --provide-urls options

- Annocheck: Add --help-<tool> option.

- Annocheck: Fix fuzzing detected failures.

- Annocheck: Add --profile option.

- Docs: Document --profile option and rpminspect.yaml.

- Annocheck: Skip GO/CET checks.  Fix fuzzing detected failures.

- LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. (#1997444)

- Annocheck: Fix memory corruption.  (#1996963)

- Annocheck: Fix conditionalization of AArch64's PAC+BTI detection.

- Annocheck: Add linker generated function for ppc64le exceptions.  (#1981410)

- LLVM Plugin: Allow checks to be selected from the command line.

- Annocheck: Examine DW_AT_producer for -flto.    

- Annocheck: Conditionalize detection of AArch64's PAC+BTI protection.

- Annocheck: Add linker generated function for s390x exceptions.  (#1981410)

- Annocheck: Generate MAYB results for gaps in notes covering the .text section.  (#1991943)

- Annocheck: Close DWARF file descriptors once the debug info is no longer needed.  (#1981410)

- LLVM Plugin: Update to build with Clang v13.  (Thanks to: Tom Stellard <tstellar@redhat.com>)

- Annocheck: Fix memory corruption.  (#1988715)

- Annocheck: Skip certain tests for kernel modules.

* Fri Oct 29 2021 Nick Clifton  <nickc@redhat.com> - 9.85-3

- Default to disabling the tests as they are often run with the wrong compiler.

* Thu Oct 28 2021 Nick Clifton  <nickc@redhat.com> - 9.85-2

- Annocheck: Add test for multibyte characters in symbol names.  (#2017368)

* Tue Aug 10 2021 Nick Clifton  <nickc@redhat.com> - 9.85-1

- Annocheck: Detect a missing CET note.  (#1991931)

- Annocheck: Do not report future fails for AArch64 notes.

- Annocheck: Warn about multiple --debug-file, --debug-rpm and --debug-dir options.

- Annocheck: Process files in command line order.  (#1988714)

- Annocheck: Reverse AArch64 PAC+BTI check, ie fail if they are enabled.  (#1984995)

- Annocheck: Add another test exceptions.

- Annocheck: Add some more test exceptions.

- Tests: Skip glibc-notes test if the assembler does not support --generate-missing-build-notes.  (#1978573)

- Tests: Skip objcopy test if objcopy does not support --merge-notes.

* Wed Jun 30 2021 Nick Clifton  <nickc@redhat.com> - 9.79-1

- Annocheck: Fix spelling mistake in -mstack-realign failure message.  (#1977349)

- gcc-plugin: Do not record global versions of stack protection settings in LTO mode, if not set.  (#1958954)

- Annocheck: Remove limit on number of input files.

- Annocheck: Conditionalize test of DF_PIE_1 flag.

- clang/llvm plugins: Build with correct security options.

- Annocheck: Better detection of GO compiler version.

- Annocheck: Better support for symbolic links.

- Annocheck: In verbose mode, report the reason for skipping specific tests.  (#1969584)

* Wed May 26 2021 Nick Clifton  <nickc@redhat.com> - 9.73-1

- annocheck: Improve detection of shared libraries.  (#1958954)

* Tue May 25 2021 Nick Clifton  <nickc@redhat.com> - 9.72-2

- NVR bump to rebuild against latest gcc.

* Thu May 13 2021 Nick Clifton  <nickc@redhat.com> - 9.72-1

- Rebase to 9.72.  (#1957319)

- annocheck: Accept 0 as a valid number for gcc minor versions and release numbers.

- gcc-plugin: Add support for ARM and RISCV targets.

- timing: do not initialise the clock if the timing tool is disabled.

- gcc-plugin: Replace ICE messsages with verbose messages.

- Fix the testsuite so that it can be run in parallel.

- Annocheck: WARN if the annobin plugin was built for a newer version of the compiler than the one on which it was run.  (#1950657)

- Obsolete annobin < 9.66-1 (bug #1949570)

- Annocheck: Improve detection of missing GNU-stack support.

- Correct a package rename (bug #1949570)

- Require docs subpackage by the other ones because of a license

- Build-requiring perl-interpreter is enough

- Fix bz1949570

- Fix anomolies reported by covscan.

- Move documentation into a sub-package.

- gcc-plugin: Use a fixed filename when running in LTO mode.

- Annocheck: Fix detection of special function names.  (#1934189)

- Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc.  (#1923439)

- Annocheck: Add colour to some messages.  Skip the deliberate use of -fno-stack-protector.  (#1923439)

- Annocheck: Fix some problems with tests for missing notes.

- Split plugins into separate sub-packages

- Add some GO tests to annocheck.

- Add a future fail for the presence of RPATH in the dynamic tags.

- Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing.

- Workaround for elflint problems with PPC compiled files.  (#1880634)

- Fix bogus AArch64 test failures.

- Improved testing by annocheck.  Add fixed format message mode.

- Fix inconsistency reporting -fcf-protection and -fstack-clash-protection results.

- Add support for -D_FORTIFY_SOURCE=3.

- annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer.  (#1906171)

- annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations.  (#1906171)

- annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL.

- annocheck: Fix notes analyzer to accept empty PPC64 notes.

- gcc plugin: Tweak generation of end symbols for PPC64 when LTO is active.  (#1898075)

- gcc plugin: Add support for GCC 11's cl_vars array.

- Annocheck: Support enabling/disabling future fails.

- GCC plugin: Always record global notes for the .text.startup,

  .text.exit, .text.hot and .text.cold sections.

- Clang plugin: Add -lLLVM to the build command line.

- Annocheck: Improve reporting of missing -D_FORTIFY_SOURCE option.  (#1898075)

- Annocheck: Improve reporting of missing LTO option.

- Add detecting of gimple compiled binaries.

- Add --without-gcc-plugin option.

- Annocheck: Fix bug parsing DW_AT_producer.

- Add test of .note.gnu.property section for PowerPC.

- Add test of objcopy's ability to merge notes.

- NVR bump for another ELN sidetag rebuild.

- Record the -flto setting and produce a soft warning if it is absent.

- Suppress warnings about _D_GLIBCXX_ASSERTIONS if the source code is known to be something other than C++.

- Correct the directory chosen for 32-bit LLVM and Clang plugins.  (#1884951)

- Allow the use of the SHF_LINK_ORDER section flag to discard unused notes.  (Experimental).

- Enable the build and installation of the LLVM and Clang plugins.  (Experimental).

- gcc-plugin: Fix test for empty PowerPC sections.  (#1880634)

- annocheck: Add tests for the AArch64 BTI and PAC security features.  (#1862478)

- gcc plugin: Use a 4 byte offset for PowerPC start symbols, so that they do not break disassemblies.

- gcc plugin: Correct the detection of 32-bit x86 builds.  (#1876197)

- gcc plugin: Detect any attempt to access the global_options array.

- gcc plugin: Do not complain about missing pre-processor options when examining a preprocessed input file.  (#1862718)

- Use more robust checks for AArch64 options.

- Detect CLANG compiled assembler that is missing IBT support.

* Wed Jul 29 2020 Nick Clifton <nickc@redhat.com> - 9.25-1

- Improved target pointer size discovery.

* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 9.24-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Sun Jul 26 2020 Nick Clifton <nickc@redhat.com> - 9.24-2

- Rebuild with plugin enabled to check that suppression works.

* Sun Jul 26 2020 Nick Clifton <nickc@redhat.com> - 9.24-1

- Add support for installing clang and llvm plugins.

- Temporary suppression of aarch64 pointer size check.  (#1860549)

* Sat Jul 25 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 9.23-2

- Rebuild for gcc 10.2

* Wed Jul 01 2020 Nick Clifton <nickc@redhat.com> - 9.23-1

- Annocheck: Do not skip tests of the short-enums notes.  (#1743635)

* Mon Jun 15 2020 Nick Clifton <nickc@redhat.com> - 9.22-1

- Add (optional) llvm plugin.

* Wed Apr 22 2020 Nick Clifton <nickc@redhat.com> - 9.21-1

- Annobin: Fall back on using the flags if the option cannot be found in cl_options.  (#1817659)

* Thu Apr 16 2020 Nick Clifton <nickc@redhat.com> - 9.20-1

- Annocheck: Detect Fortran compiled programs.  (#1824393)

* Wed Apr 01 2020 Nick Clifton <nickc@redhat.com> - 9.19-1

- Annobin: If option name mismatch occurs, seach for the real option.  (#1817452)

* Mon Mar 30 2020 Nick Clifton <nickc@redhat.com> - 9.18-1

- Annocheck: Fix a division by zero error when parsing GO binaries.  (#1818863)

* Fri Mar 27 2020 Nick Clifton <nickc@redhat.com> - 9.16-1

- Annobin: Fix access to the -flto and -fsanitize flags.

* Thu Mar 26 2020 Nick Clifton <nickc@redhat.com> - 9.14-1

- Annobin: Use offsets stored in gcc's cl_option structure to access the global_options array, thus removing the need to check for changes in the size of this structure.

* Thu Mar 26 2020 Nick Clifton <nickc@redhat.com> - 9.13-2

- NVR bump to allow rebuilding against new gcc.

* Thu Mar 12 2020 Nick Clifton <nickc@redhat.com> - 9.13-1

- Rename gcc plugin directory to gcc-plugin.

- Stop annocheck from complaining about missing options when the binary has been built in a mixed environment.

* Thu Mar 12 2020 Nick Clifton <nickc@redhat.com> - 9.12-3

- And again, this time with annotation enabled.  (#1810941)

* Thu Mar 12 2020 Nick Clifton <nickc@redhat.com> - 9.12-2

- NVR bump to enable rebuild against updated gcc.  (#1810941)

* Wed Mar 04 2020 Nick Clifton <nickc@redhat.com> - 9.12-1

- Improve builtby tool.

- Stop annocheck complaining about missing notes when the binary is not compiled by either gcc or clang.

- Skip the check of the ENTRY instruction for binaries not compiled by gcc or clang.  (#1809656)

* Fri Feb 28 2020 Nick Clifton <nickc@redhat.com> - 9.11-1

- Fix infinite loop hangup in annocheck.

- Disable debuginfod support by default.

- Improve parsing of .comment section.

* Thu Feb 27 2020 Nick Clifton <nickc@redhat.com> - 9.10-1

- Fix clang plugin to use hidden symbols.

* Tue Feb 25 2020 Nick Clifton <nickc@redhat.com> - 9.09-1

- Add ability to build clang plugin (disabled by default).

* Mon Feb 17 2020 Nick Clifton <nickc@redhat.com> - 9.08-1

- Annocheck: Fix error printing out the version number.

* Fri Feb 14 2020 Nick Clifton <nickc@redhat.com> - 9.07-1

- Annobin: Add checks of the exact location of the examined switches.

* Tue Feb 11 2020 Nick Clifton <nickc@redhat.com> - 9.06-1

- Annobin: Note when stack clash notes are generated.

- Annocheck: Handle multiple builder IDs in the .comment section.

* Fri Jan 31 2020 Nick Clifton <nickc@redhat.com> - 9.05-1

- Add configure option to suppress building annocheck.

* Fri Jan 31 2020 Nick Clifton <nickc@redhat.com> - 9.04-1

- Fix debuginfod test.

* Thu Jan 30 2020 Nick Clifton <nickc@redhat.com> - 9.03-2

- Correct the build requirement for building with debuginfod support.

* Thu Jan 30 2020 Nick Clifton <nickc@redhat.com> - 9.03-1

- Add debuginfod support.

* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 9.01-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

* Mon Jan 20 2020 Nick Clifton <nickc@redhat.com> - 9.01-2

- Rebuild againt latest gcc-10.

* Mon Jan 20 2020 Nick Clifton <nickc@redhat.com> - 9.01-1

- Add clang plugin (experimental).

* Fri Dec 06 2019 Nick Clifton <nickc@redhat.com> - 8.92-1