rebase to 10.58
This commit is contained in:
Nick Clifton
parent
0fb007a262
commit
696b64924d
155
annobin.spec
155
annobin.spec
|
|
@ -1,8 +1,8 @@
|
|||
|
||||
Name: annobin
|
||||
Summary: Annotate and examine compiled binary files
|
||||
Version: 9.87
|
||||
Release: 5%{?dist}
|
||||
Version: 10.58
|
||||
Release: 1%{?dist}
|
||||
License: GPLv3+
|
||||
# Maintainer: nickc@redhat.com
|
||||
# Web Page: https://sourceware.org/annobin/
|
||||
|
|
@ -61,11 +61,6 @@ Source: https://nickc.fedorapeople.org/annobin-%{version}.tar.xz
|
|||
|
||||
# Insert patches here, if needed. Eg:
|
||||
# Patch01: annobin-foo.patch
|
||||
# We need to force use of legacy pass manager until annobin is ported to the new
|
||||
# pass manager.
|
||||
Patch01: 0001-llvm-plugin-Add-flegacy-pass-manager-option-to-the-t.patch
|
||||
Patch02: annobin.unicode.patch
|
||||
Patch03: annobin-golang-spaces-in-symbols.patch
|
||||
|
||||
#---------------------------------------------------------------------------------
|
||||
|
||||
|
|
@ -129,7 +124,7 @@ BuildArch: noarch
|
|||
Provides: %{name} = %{version}-%{release}
|
||||
Obsoletes: %{name} < %{version}-%{release}
|
||||
# The documentation uses pod2man...
|
||||
BuildRequires: perl-interpreter perl-podlators gawk make
|
||||
BuildRequires: perl-interpreter perl-podlators gawk make sharutils
|
||||
|
||||
%description docs
|
||||
Provides the documentation files and example shell scripts for use with annobin.
|
||||
|
|
@ -166,6 +161,7 @@ BuildRequires: elfutils-debuginfod-client-devel
|
|||
%endif
|
||||
|
||||
Requires: %{name}-docs = %{version}-%{release}
|
||||
Requires: cpio rpm
|
||||
|
||||
%description annocheck
|
||||
Installs the annocheck program which uses the notes generated by annobin to
|
||||
|
|
@ -248,6 +244,7 @@ Installs an annobin plugin that can be used by gcc.
|
|||
Summary: annobin llvm plugin
|
||||
|
||||
Requires: %{name}-docs = %{version}-%{release}
|
||||
Requires: llvm-libs
|
||||
Conflicts: %{name} <= 9.60-1
|
||||
BuildRequires: clang clang-devel llvm llvm-devel compiler-rt
|
||||
|
||||
|
|
@ -263,6 +260,7 @@ Installs an annobin plugin that can be used by LLVM tools.
|
|||
Summary: annobin clang plugin
|
||||
|
||||
Requires: %{name}-docs = %{version}-%{release}
|
||||
Requires: llvm-libs
|
||||
Conflicts: %{name} <= 9.60-1
|
||||
BuildRequires: clang clang-devel llvm llvm-devel compiler-rt
|
||||
|
||||
|
|
@ -292,7 +290,6 @@ fi
|
|||
echo "Requires: (gcc >= %{gcc_major} and gcc < %{gcc_next})"
|
||||
|
||||
%autosetup -p1
|
||||
chmod +x tests/unicode-test
|
||||
|
||||
# The plugin has to be configured with the same arcane configure
|
||||
# scripts used by gcc. Hence we must not allow the Fedora build
|
||||
|
|
@ -340,16 +337,24 @@ CONFIG_ARGS="$CONFIG_ARGS --without-test"
|
|||
|
||||
%if %{without annocheck}
|
||||
CONFIG_ARGS="$CONFIG_ARGS --without-annocheck"
|
||||
%else
|
||||
# Fedora supports AArch64's -mbranch-protection=bti, RHEL does not.
|
||||
%if 0%{?fedora} != 0
|
||||
export CFLAGS="$CFLAGS -DAARCH64_BRANCH_PROTECTION_SUPPORTED=1"
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%set_build_flags
|
||||
|
||||
export CFLAGS="$CFLAGS $RPM_OPT_FLAGS %build_cflags"
|
||||
export LDFLAGS="$LDFLAGS %build_ldflags"
|
||||
|
||||
%ifarch %{ix86} x86_64
|
||||
# FIXME: There should be a better way to do this.
|
||||
export CLANG_TARGET_OPTIONS="-fcf-protection"
|
||||
%endif
|
||||
|
||||
%configure ${CONFIG_ARGS} || cat config.log
|
||||
CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" CXXFLAGS="$CFLAGS" %configure ${CONFIG_ARGS} || cat config.log
|
||||
|
||||
%make_build
|
||||
|
||||
|
|
@ -366,32 +371,27 @@ make -C gcc-plugin clean
|
|||
BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so"
|
||||
|
||||
# Disable the standard annobin plugin so that we do get conflicts.
|
||||
# Note: the "-fplugin=annobin" is here, despite the fact that it will also
|
||||
# be automatically added to the gcc command line via
|
||||
# "-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" because of a bug in gcc's
|
||||
# plugin command line options handling. GCC will issue an error saying that
|
||||
# there is no plugin called "annobin" matching the -fplugin-arg-annobin-disable
|
||||
# option, despite the fact that there patently is.
|
||||
BUILD_FLAGS="$BUILD_FLAGS -fplugin=annobin -fplugin-arg-annobin-disable"
|
||||
OPTS="$(rpm --eval '%undefine _annotated_build %build_cflags %build_ldflags')"
|
||||
|
||||
# If building on systems with an assembler that does not support the
|
||||
# .attach_to_group pseudo op (eg RHEL-7) then enable the next line.
|
||||
# BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach"
|
||||
|
||||
make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
|
||||
make -C gcc-plugin CXXFLAGS="$OPTS $BUILD_FLAGS"
|
||||
rm %{_tmppath}/tmp_annobin.so
|
||||
%endif
|
||||
|
||||
%if %{with clangplugin}
|
||||
cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so
|
||||
make -C clang-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS"
|
||||
make -C clang-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS"
|
||||
%endif
|
||||
|
||||
%if %{with llvmplugin}
|
||||
cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so
|
||||
make -C llvm-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS"
|
||||
make -C llvm-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS"
|
||||
%endif
|
||||
|
||||
# endif for %%if {with_plugin_rebuild}
|
||||
%endif
|
||||
|
||||
#---------------------------------------------------------------------------------
|
||||
|
|
@ -417,15 +417,6 @@ make check
|
|||
if [ -f tests/test-suite.log ]; then
|
||||
cat tests/test-suite.log
|
||||
fi
|
||||
|
||||
%if %{with clangplugin}
|
||||
# FIXME: RUN CLANG tests
|
||||
%endif
|
||||
|
||||
%if %{with llvmplugin}
|
||||
# FIXME: RUN LLVM tests
|
||||
%endif
|
||||
|
||||
%endif
|
||||
|
||||
#---------------------------------------------------------------------------------
|
||||
|
|
@ -437,10 +428,10 @@ fi
|
|||
%doc %{_datadir}/doc/annobin-plugin/annotation.proposal.txt
|
||||
%{_infodir}/annobin.info*
|
||||
%{_mandir}/man1/annobin.1*
|
||||
%{_mandir}/man1/built-by.1*
|
||||
%{_mandir}/man1/check-abi.1*
|
||||
%{_mandir}/man1/hardened.1*
|
||||
%{_mandir}/man1/run-on-binaries-in.1*
|
||||
%exclude %{_mandir}/man1/built-by.1*
|
||||
%exclude %{_mandir}/man1/check-abi.1*
|
||||
%exclude %{_mandir}/man1/hardened.1*
|
||||
%exclude %{_mandir}/man1/run-on-binaries-in.1*
|
||||
|
||||
%if %{with llvmplugin}
|
||||
%files plugin-llvm
|
||||
|
|
@ -459,6 +450,8 @@ fi
|
|||
|
||||
%if %{with annocheck}
|
||||
%files annocheck
|
||||
%{_includedir}/libannocheck.h
|
||||
%{_libdir}/libannocheck.*
|
||||
%{_bindir}/annocheck
|
||||
%{_mandir}/man1/annocheck.1*
|
||||
%endif
|
||||
|
|
@ -466,6 +459,102 @@ fi
|
|||
#---------------------------------------------------------------------------------
|
||||
|
||||
%changelog
|
||||
* Tue Mar 22 2022 Nick Clifton <nickc@redhat.com> - 10.58-1
|
||||
- Rebase to 10.57:
|
||||
- gcc-plugin: Do not issue warning messages for autoconf generated source files. (#2009958)
|
||||
- Annocheck: Update documentation and fix typo in annocheck. (#2061291)
|
||||
- Annocheck: Add option to enable/disable following symbolic links.
|
||||
- Always identify Rust binaries, even if built on a host that does not know about Rust. (#2057737)
|
||||
- Spec File: Use a different method to disable the annobin plugin (#2054571)
|
||||
- Annocheck: Skip PIE anf PIC tests for GO binaries.
|
||||
- gcc-plugin: Fix libtool so that extraneous runpaths are not added to the plugin. (#2030667)
|
||||
- gcc-plugin: Use canonical_option field of save_decoded_options array. (#2047148)
|
||||
- Annocheck: Add an option to disable the use of debuginfod (if available).
|
||||
- Annocheck: Add more glibc special file names.
|
||||
- Annocheck: Skip some tests for BPF binaries.
|
||||
- Annocheck: Add another glibc static library symbol. (#2043047)
|
||||
- Annocheck: Skip property note test for GO binaries. (#204300)
|
||||
- GCC Plugin: Do not fail if a section cannot be attached to a group.
|
||||
- Annocheck: Improve detection of kernel modules.
|
||||
- GCC Plugin: Only default to link-once when using gcc-12 or later. (#2039297)
|
||||
- Annocheck: Add option to disable instrumentation test.
|
||||
- GCC Plugin: Replace CLVC_BOOLEAN with CLVC_BIT_SET/CLVC_BIT_CLEAR.
|
||||
- Annocheck: Add even more glibc function names. (#2037333)
|
||||
- Annocheck: ARM: Do not fail tests that rely upon annobin notes.
|
||||
- Annocheck: Extend list of known glibc functions. (#2037333)
|
||||
- Annocheck: Ignore gaps that contain the _start symbol (for AArch64). (#1995224)
|
||||
- Annocheck: Ignore more glibc special binaries. (#2037220)
|
||||
- Annocheck: Do not complaining about missing stack clash notes if the compilation used LTO. (#2034946)
|
||||
- Annocheck: Add /usr/lib/ld-linux-aarch64.so.1 to the list of known glibc binaries. (#2033255)
|
||||
- Doc: Note that ENDBR is only needed as the landing pad for indirect branches/calls. (#28705)
|
||||
- Annocheck: Add special case for x86_64 RHEL-7 gaps. (#2031133)
|
||||
- Annocheck: Do not complaining about missing -mstackrealign notes in LTO mode. (#2030298)
|
||||
- GCC Plugin: Do not record missing -mstackrealign in LTO mode. (#2030298)
|
||||
- Tests: Fix fortify and debuginfod tests to use newly built annobin plugin.
|
||||
- Tests: Fix gaps and stat tests to use newly built annobin plugin. (#2028063)
|
||||
- Annocheck: Ignore gaps in binaries at least partial built by golang. (#2028583)
|
||||
- Annocheck: Allow spaces in golang symbols.
|
||||
- Annocheck: Initial deployment of libannocheck.
|
||||
- gcc-plugin: Fix bug creating empty attachments.
|
||||
- Annocheck: Change MAYB result to SKIP for DT_RPATH. (#2026300)
|
||||
- Annocheck: Skip missing fortify/warning notes for ARM32.
|
||||
- gcc-plugin: Try another fix for ppc64le section grouping. (#2023437)
|
||||
- gcc-plugin: Revert 10.22 change. (#2023437)
|
||||
- Annocheck: Add exception for /usr/sbin/ldconfig. (#2022973)
|
||||
- Annocheck: Add a test for unicode characters in identifiers.
|
||||
- gcc-plugin: Default to link-order grouping for PPC64LE. (#2016458)
|
||||
- Annocheck: Do not fail if a --skip-<name> option does not match a known test.
|
||||
- ldconfig-test: Skip the LTO check.
|
||||
- Annocheck: Add more glibc function names.
|
||||
- gcc-plugin: Fix attaching the .text section to the .text.group section.
|
||||
- Complain about DT_RPATH for Fedora binaries.
|
||||
- Better reporting of problems in object files. (#2013708)
|
||||
- Add a requirement on llvm-libs for clang and llvm plugins. (#2014573)
|
||||
- Fix configuring annocheck without gcc-plugin.
|
||||
- Annocheck: Better reporting of debuginfod problems.
|
||||
- Tests: Fix bugs in debuginfod test.
|
||||
- Annocheck: Add tests based upon recent bug fixes.
|
||||
- Annocheck: Another tweak to glibc detection code.
|
||||
- Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found. (#20011438)
|
||||
- Annocheck: Fix MAYB results for mixed GO/C files.
|
||||
- Annocheck: Move some messages from VERBOSE to VERBOSE2.
|
||||
- Annocheck: Scan zero-length tool notes.
|
||||
- Annocheck: Fix covscan detected flaws.
|
||||
- plugins: Add more required build options.
|
||||
- Annocheck: Fix cf-prot test to fail if the CET notes are missing.
|
||||
- Annocheck: Skip gaps in the .plt section.
|
||||
- Plugins: Add -g option when building LLVM and Clang.
|
||||
- Annocheck: Add more cases of glibc startup functions.
|
||||
- Annocheck: Fix covscan detected problems.
|
||||
- Annocheck: Add --profile=el8.
|
||||
- gcc-plugin: Conditionalize generation of branch protection note.
|
||||
- Annocheck: Ignore gaps containing NOP instructions.
|
||||
- GCC Plugin: Fix detection of running inside the LTO compiler. (#2004917)
|
||||
- Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries.
|
||||
- Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result.
|
||||
- Annocheck: Do not set CFLAGS/LDFLAGS when building. Take from environment instead.
|
||||
- Annocheck: Fix exit code when tests PASS.
|
||||
- Documentation: Add node for each hardening test.
|
||||
- Documentation: Install online.
|
||||
- Annocheck: Annote FAIL and MAYB results with URL to documentation
|
||||
- Annocheck: Add --no-urls and --provide-urls options
|
||||
- Annocheck: Add --help-<tool> option.
|
||||
- Annocheck: Fix fuzzing detected failures.
|
||||
- Annocheck: Add --profile option.
|
||||
- Docs: Document --profile option and rpminspect.yaml.
|
||||
- Annocheck: Skip GO/CET checks. Fix fuzzing detected failures.
|
||||
- LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. (#1997444)
|
||||
- Annocheck: Fix memory corruption. (#1996963)
|
||||
- Annocheck: Fix conditionalization of AArch64's PAC+BTI detection.
|
||||
- Annocheck: Add linker generated function for ppc64le exceptions. (#1981410)
|
||||
- LLVM Plugin: Allow checks to be selected from the command line.
|
||||
- Annocheck: Examine DW_AT_producer for -flto.
|
||||
- Annocheck: Conditionalize detection of AArch64's PAC+BTI protection.
|
||||
- Annocheck: Add linker generated function for s390x exceptions. (#1981410)
|
||||
- Annocheck: Generate MAYB results for gaps in notes covering the .text section. (#1991943)
|
||||
- Annocheck: Close DWARF file descriptors once the debug info is no longer needed. (#1981410)
|
||||
- LLVM Plugin: Update to build with Clang v13. (Thanks to: Tom Stellard <tstellar@redhat.com>)
|
||||
|
||||
* Thu Dec 02 2021 Nick Clifton <nickc@redhat.com> - 9.87-5
|
||||
- Annocheck: Allow spaces in golang symbols.
|
||||
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
SHA512 (annobin-9.87.tar.xz) = 04ce3881a149b1e609ecbfcd90b5eb37eddef923f2b6eb3b8e7cc15c6f2c645930ff4e01ff592d9eddd47767cd2b793e68a3dc4c5cc385519c8b6c041ac15a53
|
||||
SHA512 (annobin-10.58.tar.xz) = 7d40fe9ddbee788db3331ec138aa588936d726ec50e0286b23be3792f20c2fc111c635b70598e0d8b6ba24a92de514fc637d5cea6b9d7781de781fbf244dfbd8
|
||||
|
|
|
|||
Loading…
Reference in New Issue