diff --git a/0001-llvm-plugin-Add-flegacy-pass-manager-option-to-the-t.patch b/0001-llvm-plugin-Add-flegacy-pass-manager-option-to-the-t.patch deleted file mode 100644 index 17a1626..0000000 --- a/0001-llvm-plugin-Add-flegacy-pass-manager-option-to-the-t.patch +++ /dev/null @@ -1,27 +0,0 @@ -From bda340f0754972944ec115a72f1a8547ffa21f1c Mon Sep 17 00:00:00 2001 -From: Tom Stellard -Date: Mon, 16 Aug 2021 18:04:53 +0000 -Subject: [PATCH] llvm-plugin: Add -flegacy-pass-manager option to the test - case - -The plugin does not work with the new pass manager yet. ---- - llvm-plugin/Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/llvm-plugin/Makefile.in b/llvm-plugin/Makefile.in -index bdd8b19..92bcc9a 100644 ---- a/llvm-plugin/Makefile.in -+++ b/llvm-plugin/Makefile.in -@@ -48,7 +48,7 @@ PLUGIN_TEST_OPTIONS = \ - # -fcf-protection \ - - check: @srcdir@/hello.c -- @ $(CLANG) -Xclang -load -Xclang $(PLUGIN) $(PLUGIN_TEST_OPTIONS) -c @srcdir@/hello.c -+ @ $(CLANG) -flegacy-pass-manager -Xclang -load -Xclang $(PLUGIN) $(PLUGIN_TEST_OPTIONS) -c @srcdir@/hello.c - @ $(READELF) --wide --notes hello.o > llvm-plugin-test.out - @ grep --silent -e "annobin built by llvm version" llvm-plugin-test.out - @ grep --silent -e "running on LLVM version" llvm-plugin-test.out --- -2.26.2 - diff --git a/annobin-golang-spaces-in-symbols.patch b/annobin-golang-spaces-in-symbols.patch deleted file mode 100644 index 15be24b..0000000 --- a/annobin-golang-spaces-in-symbols.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- annobin.orig/annocheck/hardened.c 2021-12-02 15:27:27.325863983 +0000 -+++ annobin-9.87/annocheck/hardened.c 2021-12-02 15:28:03.915609648 +0000 -@@ -3108,6 +3108,10 @@ contains_suspicious_characters (const un - if (isgraph (c)) - continue; - -+ /* Golang allows spaces in some symbols. */ -+ if (c == ' ' && (per_file.lang == LANG_GO || (per_file.seen_tools & TOOL_GO))) -+ continue; -+ - /* Control characters are always suspect. So are spaces and DEL */ - if (iscntrl (c) || c == ' ' || c == 0x7f) - return true; diff --git a/annobin.spec b/annobin.spec index e5ca6f1..65dc587 100644 --- a/annobin.spec +++ b/annobin.spec @@ -1,7 +1,7 @@ Name: annobin Summary: Annotate and examine compiled binary files -Version: 10.65 +Version: 10.66 Release: 1%{?dist} License: GPLv3+ # Maintainer: nickc@redhat.com @@ -459,6 +459,9 @@ fi #--------------------------------------------------------------------------------- %changelog +* Wed Apr 13 2022 Nick Clifton - 10.66-1 +- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled in LTO mode. + * Wed Apr 13 2022 Nick Clifton - 10.65-1 - gcc-plugin: Add support for CLVC_INTEGER options. - Annocheck: Even more special cases for AArch64 glibc on RHEL-8. (#2072082) diff --git a/annobin.unicode.patch b/annobin.unicode.patch deleted file mode 100644 index 1b8fc06..0000000 --- a/annobin.unicode.patch +++ /dev/null @@ -1,404 +0,0 @@ -diff -rupN annobin.orig/Makefile.in annobin-9.87/Makefile.in ---- annobin.orig/Makefile.in 2021-11-10 14:34:16.366259510 +0000 -+++ annobin-9.87/Makefile.in 2021-11-10 14:35:15.947890504 +0000 -@@ -323,6 +323,7 @@ plugindir = @plugindir@ - prefix = @prefix@ - program_transform_name = @program_transform_name@ - psdir = @psdir@ -+runstatedir = @runstatedir@ - sbindir = @sbindir@ - sharedstatedir = @sharedstatedir@ - srcdir = @srcdir@ -diff -rupN annobin.orig/annocheck/Makefile.in annobin-9.87/annocheck/Makefile.in ---- annobin.orig/annocheck/Makefile.in 2021-11-10 14:34:16.368259498 +0000 -+++ annobin-9.87/annocheck/Makefile.in 2021-11-10 14:35:15.948890497 +0000 -@@ -314,6 +314,7 @@ plugindir = @plugindir@ - prefix = @prefix@ - program_transform_name = @program_transform_name@ - psdir = @psdir@ -+runstatedir = @runstatedir@ - sbindir = @sbindir@ - sharedstatedir = @sharedstatedir@ - srcdir = @srcdir@ -diff -rupN annobin.orig/annocheck/hardened.c annobin-9.87/annocheck/hardened.c ---- annobin.orig/annocheck/hardened.c 2021-11-10 14:34:16.368259498 +0000 -+++ annobin-9.87/annocheck/hardened.c 2021-11-10 14:35:53.677656812 +0000 -@@ -40,6 +40,7 @@ - #define SOURCE_STRING_SECTION "string section" - #define SOURCE_COMMENT_SECTION "comment section" - #define SOURCE_RODATA_SECTION ".rodata section" -+#define SOURCE_SYMBOL_SECTION "symbol section" - - #define GOLD_COLOUR "\e[33;40m" - #define RED_COLOUR "\x1B[31;47m" -@@ -208,6 +209,7 @@ enum test_index - TEST_STACK_REALIGN, - TEST_TEXTREL, - TEST_THREADS, -+ TEST_UNICODE, - TEST_WARNINGS, - TEST_WRITEABLE_GOT, - -@@ -252,6 +254,7 @@ static test tests [TEST_MAX] = - TEST (stack-realign, STACK_REALIGN, "Compiled with -mstackrealign (i686 only)"), - TEST (textrel, TEXTREL, "There are no text relocations in the binary"), - TEST (threads, THREADS, "Compiled with -fexceptions"), -+ TEST (unicode, UNICODE, "No unicode symbol names"), - TEST (warnings, WARNINGS, "Compiled with -Wall"), - TEST (writeable-got, WRITEABLE_GOT, "The .got section is not writeable"), - }; -@@ -1067,6 +1070,11 @@ interesting_sec (annocheck_data * da - if (streq (sec->secname, ".gdb_index")) - per_file.debuginfo_file = true; - -+ if (tests[TEST_UNICODE].enabled -+ && (sec->shdr.sh_type == SHT_SYMTAB -+ || sec->shdr.sh_type == SHT_DYNSYM)) -+ return true; -+ - if (streq (sec->secname, ".text")) - { - /* Separate debuginfo files have a .text section with a non-zero -@@ -3086,6 +3094,64 @@ check_code_section (annocheck_data * - } - - static bool -+contains_suspicious_characters (const unsigned char * name) -+{ -+ uint i; -+ uint len = strlen ((const char *) name); -+ -+ /* FIXME: Test that locale is UTF-8. */ -+ -+ for (i = 0; i < len; i++) -+ { -+ unsigned char c = name[i]; -+ -+ if (isgraph (c)) -+ continue; -+ -+ /* Control characters are always suspect. So are spaces and DEL */ -+ if (iscntrl (c) || c == ' ' || c == 0x7f) -+ return true; -+ -+ if (c < 0x7f) /* This test is probably redundant. */ -+ continue; -+ -+ return true; -+ } -+ -+ return false; -+} -+ -+static bool -+check_symbol_section (annocheck_data * data, annocheck_section * sec) -+{ -+ if (! tests[TEST_UNICODE].enabled) -+ return true; -+ -+ /* Scan the symbols looking for non-ASCII characters in their names -+ that might cause problems. Note - we do not examine the string -+ tables directly as there are perfectly legitimate reasons why these -+ characters might appear in strings. But when they are used for -+ identifier names, their use is ... problematic. */ -+ GElf_Sym sym; -+ uint symndx; -+ -+ for (symndx = 1; gelf_getsym (sec->data, symndx, & sym) != NULL; symndx++) -+ { -+ const char * symname = elf_strptr (data->elf, sec->shdr.sh_link, sym.st_name); -+ -+ if (contains_suspicious_characters ((const unsigned char *) symname)) -+ { -+ fail (data, TEST_UNICODE, SOURCE_SYMBOL_SECTION, "suspicious characters were found in a symbol name"); -+ einfo (VERBOSE, "%s: info: symname: '%s', (%lu bytes long) in section: %s", -+ get_filename (data), symname, (unsigned long) strlen (symname), sec->secname); -+ if (!BE_VERBOSE) -+ break; -+ } -+ } -+ return true; -+} -+ -+static bool - check_sec (annocheck_data * data, - annocheck_section * sec) - { -@@ -3096,6 +3162,8 @@ check_sec (annocheck_data * data, - selected in interesting_sec(). */ - switch (sec->shdr.sh_type) - { -+ case SHT_SYMTAB: -+ case SHT_DYNSYM: return check_symbol_section (data, sec); - case SHT_NOTE: return check_note_section (data, sec); - case SHT_STRTAB: return check_string_section (data, sec); - case SHT_DYNAMIC: return check_dynamic_section (data, sec); -@@ -3823,6 +3891,7 @@ finish (annocheck_data * data) - case TEST_RWX_SEG: - case TEST_TEXTREL: - case TEST_THREADS: -+ case TEST_UNICODE: - case TEST_WRITEABLE_GOT: - /* The absence of a result for these tests actually means that they have passed. */ - pass (data, i, SOURCE_FINAL_SCAN, NULL); -diff -rupN annobin.orig/configure annobin-9.87/configure ---- annobin.orig/configure 2021-11-10 14:34:16.366259510 +0000 -+++ annobin-9.87/configure 2021-11-10 14:35:15.950890485 +0000 -@@ -765,6 +765,7 @@ infodir - docdir - oldincludedir - includedir -+runstatedir - localstatedir - sharedstatedir - sysconfdir -@@ -863,6 +864,7 @@ datadir='${datarootdir}' - sysconfdir='${prefix}/etc' - sharedstatedir='${prefix}/com' - localstatedir='${prefix}/var' -+runstatedir='${localstatedir}/run' - includedir='${prefix}/include' - oldincludedir='/usr/include' - docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' -@@ -1115,6 +1117,15 @@ do - | -silent | --silent | --silen | --sile | --sil) - silent=yes ;; - -+ -runstatedir | --runstatedir | --runstatedi | --runstated \ -+ | --runstate | --runstat | --runsta | --runst | --runs \ -+ | --run | --ru | --r) -+ ac_prev=runstatedir ;; -+ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ -+ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ -+ | --run=* | --ru=* | --r=*) -+ runstatedir=$ac_optarg ;; -+ - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) - ac_prev=sbindir ;; - -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ -@@ -1252,7 +1263,7 @@ fi - for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ - datadir sysconfdir sharedstatedir localstatedir includedir \ - oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ -- libdir localedir mandir -+ libdir localedir mandir runstatedir - do - eval ac_val=\$$ac_var - # Remove trailing slashes. -@@ -1405,6 +1416,7 @@ Fine tuning of the installation director - --sysconfdir=DIR read-only single-machine data [PREFIX/etc] - --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] - --localstatedir=DIR modifiable single-machine data [PREFIX/var] -+ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] - --libdir=DIR object code libraries [EPREFIX/lib] - --includedir=DIR C header files [PREFIX/include] - --oldincludedir=DIR C header files for non-gcc [/usr/include] -diff -rupN annobin.orig/doc/Makefile.in annobin-9.87/doc/Makefile.in ---- annobin.orig/doc/Makefile.in 2021-11-10 14:34:16.366259510 +0000 -+++ annobin-9.87/doc/Makefile.in 2021-11-10 14:35:15.951890479 +0000 -@@ -329,6 +329,7 @@ plugindir = @plugindir@ - prefix = @prefix@ - program_transform_name = @program_transform_name@ - psdir = @psdir@ -+runstatedir = @runstatedir@ - sbindir = @sbindir@ - sharedstatedir = @sharedstatedir@ - srcdir = @srcdir@ -diff -rupN annobin.orig/doc/annobin.info annobin-9.87/doc/annobin.info ---- annobin.orig/doc/annobin.info 2021-11-10 14:34:16.366259510 +0000 -+++ annobin-9.87/doc/annobin.info 2021-11-10 14:35:15.951890479 +0000 -@@ -751,6 +751,7 @@ File: annobin.info, Node: Hardened, Ne - [-skip-stack-realign] - [-skip-textrel] - [-skip-threads] -+ [-skip-unicode] - [-skip-warnings] - [-skip-writeable-got] - [-test-NAME] -@@ -877,6 +878,10 @@ code to support the test. - Check that the program was built by a production-ready compiler. - Disabled by '--skip-production'. - -+'Unicode' -+ This test checks for the presence of multibyte characters in symbol -+ names, which are unusual and potentially dangerous. -+ - The tool does support a couple of other command line options as well: - - '--skip-future' -diff -rupN annobin.orig/doc/annobin.texi annobin-9.87/doc/annobin.texi ---- annobin.orig/doc/annobin.texi 2021-11-10 14:34:16.366259510 +0000 -+++ annobin-9.87/doc/annobin.texi 2021-11-10 14:35:15.951890479 +0000 -@@ -855,6 +855,7 @@ annocheck - [@b{--skip-stack-realign}] - [@b{--skip-textrel}] - [@b{--skip-threads}] -+ [@b{--skip-unicode}] - [@b{--skip-warnings}] - [@b{--skip-writeable-got}] - [@b{--test-@var{name}}] -@@ -996,6 +997,11 @@ Check that the program makes consistent - @item Production Ready Compiler - Check that the program was built by a production-ready compiler. - Disabled by @option{--skip-production}. -+ -+@item Unicode -+This test checks for the presence of multibyte characters in symbol -+names, which are unusual and potentially dangerous. -+ - @end table - - The tool does support a couple of other command line options as well: -diff -rupN annobin.orig/gcc-plugin/Makefile.in annobin-9.87/gcc-plugin/Makefile.in ---- annobin.orig/gcc-plugin/Makefile.in 2021-11-10 14:34:16.368259498 +0000 -+++ annobin-9.87/gcc-plugin/Makefile.in 2021-11-10 14:35:15.951890479 +0000 -@@ -333,6 +333,7 @@ plugindir = @plugindir@ - prefix = @prefix@ - program_transform_name = @program_transform_name@ - psdir = @psdir@ -+runstatedir = @runstatedir@ - sbindir = @sbindir@ - sharedstatedir = @sharedstatedir@ - srcdir = @srcdir@ -diff -rupN annobin.orig/scripts/Makefile.in annobin-9.87/scripts/Makefile.in ---- annobin.orig/scripts/Makefile.in 2021-11-10 14:34:16.366259510 +0000 -+++ annobin-9.87/scripts/Makefile.in 2021-11-10 14:35:15.951890479 +0000 -@@ -284,6 +284,7 @@ plugindir = @plugindir@ - prefix = @prefix@ - program_transform_name = @program_transform_name@ - psdir = @psdir@ -+runstatedir = @runstatedir@ - sbindir = @sbindir@ - sharedstatedir = @sharedstatedir@ - srcdir = @srcdir@ -diff -rupN annobin.orig/tests/Makefile.am annobin-9.87/tests/Makefile.am ---- annobin.orig/tests/Makefile.am 2021-11-10 14:34:16.369259492 +0000 -+++ annobin-9.87/tests/Makefile.am 2021-11-10 14:35:15.951890479 +0000 -@@ -22,6 +22,7 @@ TESTS=compile-test \ - missing-notes-test \ - active-checks-test \ - property-note-test \ -+ unicode-test \ - hardening-fail-test - - if HAVE_DEBUGINFOD -diff -rupN annobin.orig/tests/Makefile.in annobin-9.87/tests/Makefile.in ---- annobin.orig/tests/Makefile.in 2021-11-10 14:34:16.369259492 +0000 -+++ annobin-9.87/tests/Makefile.in 2021-11-10 14:35:15.952890473 +0000 -@@ -459,6 +459,7 @@ plugindir = @plugindir@ - prefix = @prefix@ - program_transform_name = @program_transform_name@ - psdir = @psdir@ -+runstatedir = @runstatedir@ - sbindir = @sbindir@ - sharedstatedir = @sharedstatedir@ - srcdir = @srcdir@ -@@ -479,7 +480,7 @@ TESTS = compile-test abi-test active-che - hardening-test instrumentation-test lto-test \ - missing-notes-test objcopy-test section-size-test \ - missing-notes-test active-checks-test property-note-test \ -- hardening-fail-test $(am__append_1) -+ unicode-test hardening-fail-test $(am__append_1) - all: all-am - - .SUFFIXES: -@@ -764,6 +765,13 @@ property-note-test.log: property-note-te - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+unicode-test.log: unicode-test -+ @p='unicode-test'; \ -+ b='unicode-test'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) - debuginfod-test.log: debuginfod-test - @p='debuginfod-test'; \ -diff -rupN annobin.orig/tests/trick-hello.s annobin-9.87/tests/trick-hello.s ---- annobin.orig/tests/trick-hello.s 1970-01-01 01:00:00.000000000 +0100 -+++ annobin-9.87/tests/trick-hello.s 2021-11-10 14:35:15.947890504 +0000 -@@ -0,0 +1,33 @@ -+ .file "trick-hello.c" -+ .text -+ .section .rodata -+.LC0: -+ .string "hah, gotcha!" -+ .text -+ .globl he‮oll‬ -+ .type he‮oll‬, %function -+he‮oll‬: -+.LFB0: -+ nop -+.LFE0: -+ .size he‮oll‬, .-he‮oll‬ -+ .section .rodata -+.LC1: -+ .string "Hello world" -+ .text -+ .globl hello -+ .type hello, %function -+hello: -+.LFB1: -+ nop -+.LFE1: -+ .size hello, .-hello -+ .globl main -+ .type main, %function -+main: -+.LFB2: -+ nop -+.LFE2: -+ .size main, .-main -+ .ident "GCC: (GNU) 11.2.1 20210728 (Red Hat 11.2.1-1)" -+ .section .note.GNU-stack,"",%progbits -diff -rupN annobin.orig/tests/unicode-test annobin-9.87/tests/unicode-test ---- annobin.orig/tests/unicode-test 1970-01-01 01:00:00.000000000 +0100 -+++ annobin-9.87/tests/unicode-test 2021-11-10 14:35:15.947890504 +0000 -@@ -0,0 +1,45 @@ -+#!/bin/bash -+ -+# Copyright (c) 2021 Red Hat. -+# -+# This is free software; you can redistribute it and/or modify it -+# under the terms of the GNU General Public License as published -+# by the Free Software Foundation; either version 3, or (at your -+# option) any later version. -+# -+# It is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+ -+TEST_NAME=unicode -+. $srcdir/common.sh -+ -+OPTS="-O2 -g -Wl,-z,now -pie -fpie" -+ -+start_test -+ -+$GCC $OPTS $srcdir/trick-hello.s -o trick-hello.exe -+if [ $? != 0 ]; -+then -+ echo "unicode-test: FAIL: Could not compile test source file" -+ end_test -+ exit 1 -+fi -+ -+# Run annocheck -+ -+OPTS="--ignore-gaps --skip-all --test-unicode" -+ -+$ANNOCHECK trick-hello.exe $OPTS > unicode.out -+grep -e "FAIL: unicode" unicode.out -+if [ $? != 0 ]; -+then -+ echo "unicode-test: FAIL: annocheck did not detect suspicious symbol names" -+ $ANNOCHECK trick-hello.exe $OPTS --verbose -+ end_test -+ exit 1 -+fi -+ -+end_test -+ diff --git a/sources b/sources index a2847b0..f0b907d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (annobin-10.65.tar.xz) = c7191fc88072431f3c62ae2abe405b88c78b3d703353810aef6bb6bf0c3fa16ad2db84d5e5e940864518474119393454aadc40fdca84bdbba18d686face59ce1 +SHA512 (annobin-10.66.tar.xz) = 3e3fd94c500309acf98a4908479536b3502c26fce6315c071f4a2070269f48615e5f109b3e3c866524e560f98a776fc099a30e5febe89ffb71feda661eeaa620