diff --git a/annobin.spec b/annobin.spec index 6c9c8a7..e8bdc87 100644 --- a/annobin.spec +++ b/annobin.spec @@ -1,8 +1,8 @@ Name: annobin Summary: Annotate and examine compiled binary files -Version: 9.87 -Release: 5%{?dist} +Version: 10.58 +Release: 1%{?dist} License: GPLv3+ # Maintainer: nickc@redhat.com # Web Page: https://sourceware.org/annobin/ @@ -61,11 +61,6 @@ Source: https://nickc.fedorapeople.org/annobin-%{version}.tar.xz # Insert patches here, if needed. Eg: # Patch01: annobin-foo.patch -# We need to force use of legacy pass manager until annobin is ported to the new -# pass manager. -Patch01: 0001-llvm-plugin-Add-flegacy-pass-manager-option-to-the-t.patch -Patch02: annobin.unicode.patch -Patch03: annobin-golang-spaces-in-symbols.patch #--------------------------------------------------------------------------------- @@ -129,7 +124,7 @@ BuildArch: noarch Provides: %{name} = %{version}-%{release} Obsoletes: %{name} < %{version}-%{release} # The documentation uses pod2man... -BuildRequires: perl-interpreter perl-podlators gawk make +BuildRequires: perl-interpreter perl-podlators gawk make sharutils %description docs Provides the documentation files and example shell scripts for use with annobin. @@ -166,6 +161,7 @@ BuildRequires: elfutils-debuginfod-client-devel %endif Requires: %{name}-docs = %{version}-%{release} +Requires: cpio rpm %description annocheck Installs the annocheck program which uses the notes generated by annobin to @@ -248,6 +244,7 @@ Installs an annobin plugin that can be used by gcc. Summary: annobin llvm plugin Requires: %{name}-docs = %{version}-%{release} +Requires: llvm-libs Conflicts: %{name} <= 9.60-1 BuildRequires: clang clang-devel llvm llvm-devel compiler-rt @@ -263,6 +260,7 @@ Installs an annobin plugin that can be used by LLVM tools. Summary: annobin clang plugin Requires: %{name}-docs = %{version}-%{release} +Requires: llvm-libs Conflicts: %{name} <= 9.60-1 BuildRequires: clang clang-devel llvm llvm-devel compiler-rt @@ -292,7 +290,6 @@ fi echo "Requires: (gcc >= %{gcc_major} and gcc < %{gcc_next})" %autosetup -p1 -chmod +x tests/unicode-test # The plugin has to be configured with the same arcane configure # scripts used by gcc. Hence we must not allow the Fedora build @@ -340,16 +337,24 @@ CONFIG_ARGS="$CONFIG_ARGS --without-test" %if %{without annocheck} CONFIG_ARGS="$CONFIG_ARGS --without-annocheck" +%else +# Fedora supports AArch64's -mbranch-protection=bti, RHEL does not. +%if 0%{?fedora} != 0 +export CFLAGS="$CFLAGS -DAARCH64_BRANCH_PROTECTION_SUPPORTED=1" +%endif %endif %set_build_flags +export CFLAGS="$CFLAGS $RPM_OPT_FLAGS %build_cflags" +export LDFLAGS="$LDFLAGS %build_ldflags" + %ifarch %{ix86} x86_64 # FIXME: There should be a better way to do this. export CLANG_TARGET_OPTIONS="-fcf-protection" %endif -%configure ${CONFIG_ARGS} || cat config.log +CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" CXXFLAGS="$CFLAGS" %configure ${CONFIG_ARGS} || cat config.log %make_build @@ -366,32 +371,27 @@ make -C gcc-plugin clean BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so" # Disable the standard annobin plugin so that we do get conflicts. -# Note: the "-fplugin=annobin" is here, despite the fact that it will also -# be automatically added to the gcc command line via -# "-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" because of a bug in gcc's -# plugin command line options handling. GCC will issue an error saying that -# there is no plugin called "annobin" matching the -fplugin-arg-annobin-disable -# option, despite the fact that there patently is. -BUILD_FLAGS="$BUILD_FLAGS -fplugin=annobin -fplugin-arg-annobin-disable" +OPTS="$(rpm --eval '%undefine _annotated_build %build_cflags %build_ldflags')" # If building on systems with an assembler that does not support the # .attach_to_group pseudo op (eg RHEL-7) then enable the next line. # BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach" -make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS" +make -C gcc-plugin CXXFLAGS="$OPTS $BUILD_FLAGS" rm %{_tmppath}/tmp_annobin.so %endif %if %{with clangplugin} cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so -make -C clang-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS" +make -C clang-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS" %endif %if %{with llvmplugin} cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so -make -C llvm-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS" +make -C llvm-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS" %endif +# endif for %%if {with_plugin_rebuild} %endif #--------------------------------------------------------------------------------- @@ -417,15 +417,6 @@ make check if [ -f tests/test-suite.log ]; then cat tests/test-suite.log fi - -%if %{with clangplugin} -# FIXME: RUN CLANG tests -%endif - -%if %{with llvmplugin} -# FIXME: RUN LLVM tests -%endif - %endif #--------------------------------------------------------------------------------- @@ -437,10 +428,10 @@ fi %doc %{_datadir}/doc/annobin-plugin/annotation.proposal.txt %{_infodir}/annobin.info* %{_mandir}/man1/annobin.1* -%{_mandir}/man1/built-by.1* -%{_mandir}/man1/check-abi.1* -%{_mandir}/man1/hardened.1* -%{_mandir}/man1/run-on-binaries-in.1* +%exclude %{_mandir}/man1/built-by.1* +%exclude %{_mandir}/man1/check-abi.1* +%exclude %{_mandir}/man1/hardened.1* +%exclude %{_mandir}/man1/run-on-binaries-in.1* %if %{with llvmplugin} %files plugin-llvm @@ -459,6 +450,8 @@ fi %if %{with annocheck} %files annocheck +%{_includedir}/libannocheck.h +%{_libdir}/libannocheck.* %{_bindir}/annocheck %{_mandir}/man1/annocheck.1* %endif @@ -466,6 +459,102 @@ fi #--------------------------------------------------------------------------------- %changelog +* Tue Mar 22 2022 Nick Clifton - 10.58-1 +- Rebase to 10.57: +- gcc-plugin: Do not issue warning messages for autoconf generated source files. (#2009958) +- Annocheck: Update documentation and fix typo in annocheck. (#2061291) +- Annocheck: Add option to enable/disable following symbolic links. +- Always identify Rust binaries, even if built on a host that does not know about Rust. (#2057737) +- Spec File: Use a different method to disable the annobin plugin (#2054571) +- Annocheck: Skip PIE anf PIC tests for GO binaries. +- gcc-plugin: Fix libtool so that extraneous runpaths are not added to the plugin. (#2030667) +- gcc-plugin: Use canonical_option field of save_decoded_options array. (#2047148) +- Annocheck: Add an option to disable the use of debuginfod (if available). +- Annocheck: Add more glibc special file names. +- Annocheck: Skip some tests for BPF binaries. +- Annocheck: Add another glibc static library symbol. (#2043047) +- Annocheck: Skip property note test for GO binaries. (#204300) +- GCC Plugin: Do not fail if a section cannot be attached to a group. +- Annocheck: Improve detection of kernel modules. +- GCC Plugin: Only default to link-once when using gcc-12 or later. (#2039297) +- Annocheck: Add option to disable instrumentation test. +- GCC Plugin: Replace CLVC_BOOLEAN with CLVC_BIT_SET/CLVC_BIT_CLEAR. +- Annocheck: Add even more glibc function names. (#2037333) +- Annocheck: ARM: Do not fail tests that rely upon annobin notes. +- Annocheck: Extend list of known glibc functions. (#2037333) +- Annocheck: Ignore gaps that contain the _start symbol (for AArch64). (#1995224) +- Annocheck: Ignore more glibc special binaries. (#2037220) +- Annocheck: Do not complaining about missing stack clash notes if the compilation used LTO. (#2034946) +- Annocheck: Add /usr/lib/ld-linux-aarch64.so.1 to the list of known glibc binaries. (#2033255) +- Doc: Note that ENDBR is only needed as the landing pad for indirect branches/calls. (#28705) +- Annocheck: Add special case for x86_64 RHEL-7 gaps. (#2031133) +- Annocheck: Do not complaining about missing -mstackrealign notes in LTO mode. (#2030298) +- GCC Plugin: Do not record missing -mstackrealign in LTO mode. (#2030298) +- Tests: Fix fortify and debuginfod tests to use newly built annobin plugin. +- Tests: Fix gaps and stat tests to use newly built annobin plugin. (#2028063) +- Annocheck: Ignore gaps in binaries at least partial built by golang. (#2028583) +- Annocheck: Allow spaces in golang symbols. +- Annocheck: Initial deployment of libannocheck. +- gcc-plugin: Fix bug creating empty attachments. +- Annocheck: Change MAYB result to SKIP for DT_RPATH. (#2026300) +- Annocheck: Skip missing fortify/warning notes for ARM32. +- gcc-plugin: Try another fix for ppc64le section grouping. (#2023437) +- gcc-plugin: Revert 10.22 change. (#2023437) +- Annocheck: Add exception for /usr/sbin/ldconfig. (#2022973) +- Annocheck: Add a test for unicode characters in identifiers. +- gcc-plugin: Default to link-order grouping for PPC64LE. (#2016458) +- Annocheck: Do not fail if a --skip- option does not match a known test. +- ldconfig-test: Skip the LTO check. +- Annocheck: Add more glibc function names. +- gcc-plugin: Fix attaching the .text section to the .text.group section. +- Complain about DT_RPATH for Fedora binaries. +- Better reporting of problems in object files. (#2013708) +- Add a requirement on llvm-libs for clang and llvm plugins. (#2014573) +- Fix configuring annocheck without gcc-plugin. +- Annocheck: Better reporting of debuginfod problems. +- Tests: Fix bugs in debuginfod test. +- Annocheck: Add tests based upon recent bug fixes. +- Annocheck: Another tweak to glibc detection code. +- Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found. (#20011438) +- Annocheck: Fix MAYB results for mixed GO/C files. +- Annocheck: Move some messages from VERBOSE to VERBOSE2. +- Annocheck: Scan zero-length tool notes. +- Annocheck: Fix covscan detected flaws. +- plugins: Add more required build options. +- Annocheck: Fix cf-prot test to fail if the CET notes are missing. +- Annocheck: Skip gaps in the .plt section. +- Plugins: Add -g option when building LLVM and Clang. +- Annocheck: Add more cases of glibc startup functions. +- Annocheck: Fix covscan detected problems. +- Annocheck: Add --profile=el8. +- gcc-plugin: Conditionalize generation of branch protection note. +- Annocheck: Ignore gaps containing NOP instructions. +- GCC Plugin: Fix detection of running inside the LTO compiler. (#2004917) +- Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries. +- Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result. +- Annocheck: Do not set CFLAGS/LDFLAGS when building. Take from environment instead. +- Annocheck: Fix exit code when tests PASS. +- Documentation: Add node for each hardening test. +- Documentation: Install online. +- Annocheck: Annote FAIL and MAYB results with URL to documentation +- Annocheck: Add --no-urls and --provide-urls options +- Annocheck: Add --help- option. +- Annocheck: Fix fuzzing detected failures. +- Annocheck: Add --profile option. +- Docs: Document --profile option and rpminspect.yaml. +- Annocheck: Skip GO/CET checks. Fix fuzzing detected failures. +- LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. (#1997444) +- Annocheck: Fix memory corruption. (#1996963) +- Annocheck: Fix conditionalization of AArch64's PAC+BTI detection. +- Annocheck: Add linker generated function for ppc64le exceptions. (#1981410) +- LLVM Plugin: Allow checks to be selected from the command line. +- Annocheck: Examine DW_AT_producer for -flto. +- Annocheck: Conditionalize detection of AArch64's PAC+BTI protection. +- Annocheck: Add linker generated function for s390x exceptions. (#1981410) +- Annocheck: Generate MAYB results for gaps in notes covering the .text section. (#1991943) +- Annocheck: Close DWARF file descriptors once the debug info is no longer needed. (#1981410) +- LLVM Plugin: Update to build with Clang v13. (Thanks to: Tom Stellard ) + * Thu Dec 02 2021 Nick Clifton - 9.87-5 - Annocheck: Allow spaces in golang symbols. diff --git a/sources b/sources index 4569ce3..335bcf6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (annobin-9.87.tar.xz) = 04ce3881a149b1e609ecbfcd90b5eb37eddef923f2b6eb3b8e7cc15c6f2c645930ff4e01ff592d9eddd47767cd2b793e68a3dc4c5cc385519c8b6c041ac15a53 +SHA512 (annobin-10.58.tar.xz) = 7d40fe9ddbee788db3331ec138aa588936d726ec50e0286b23be3792f20c2fc111c635b70598e0d8b6ba24a92de514fc637d5cea6b9d7781de781fbf244dfbd8