b097ccc79b
10.44-4
2022-01-10 01:01:41 +01:00
a40c58d2d4
10.44-4
2022-01-10 01:00:55 +01:00
ffabcb06f2
10.44-3
2022-01-10 00:49:59 +01:00
550ef1b763
10.44-2
2022-01-10 00:25:58 +01:00
c34a9f5bc5
10.44-2
2022-01-09 20:08:02 +01:00
a14426ce95
Annocheck: Add even more glibc function names. ( #2037333 )
2022-01-07 15:09:37 +00:00
ee78766bff
Annocheck: ARM: Do not fail tests that rely upon annobin notes.
2022-01-07 14:10:23 +00:00
0000a56eab
Annocheck: Extend list of known glibc functions. ( #2037333 )
2022-01-05 15:38:48 +00:00
1e262d15b3
- Annocheck: Ignore gaps that contain the _start symbol (for AArch64). ( #1995224 )
...
- Annocheck: Ignore more glibc special binaries. (#2037220 )
2022-01-05 12:06:02 +00:00
b4ba4e0d3c
Annocheck: Do not complaining about missing stack clash notes if the compilation used LTO. ( #2034946 )
2022-01-04 11:42:27 +00:00
ec8f2b145d
- Annocheck: Add /usr/lib/ld-linux-aarch64.so.1 to the list of known glibc binaries. ( #2033255 )
...
- Doc: Note that ENDBR is only needed as the landing pad for indirect branches/calls. (#28705 )
- Spec File: Store full gcc version release string in plugin info file. (#2030671 )
2021-12-17 15:46:16 +00:00
15b34fde9c
Fix for RHEL-7
2021-12-14 17:55:37 +00:00
7c94cb66cc
Annocheck: Do not complaining about missing -mstackrealign notes in LTO mode. ( #2030298 )
2021-12-14 10:04:35 +00:00
0c278a5d73
GCC Plugin: Do not record missing -mstackrealign in LTO mode. ( #2030298 )
2021-12-13 17:54:33 +00:00
0e6be40a3c
Tests: Fix fortify and debuginfod tests to use newly built annobin plugin.
2021-12-13 13:41:04 +00:00
77a92a7119
Tests: Fix fortify and debuginfod tests to use newly built annobin plugin.
2021-12-13 12:55:43 +00:00
d83b796c87
Tests: Fix gaps and stat tests to use newly built annobin plugin. ( #2028063 )
2021-12-06 17:49:41 +00:00
ce231f4bd9
Tests: Fix gaps and stat tests to use newly built annobin plugin. ( #2028063 )
2021-12-06 14:43:50 +00:00
c7d76e06c2
Annocheck: Ignore gaps in binaries at least partial built by golang.
...
Resolves : #2028583
2021-12-06 12:19:06 +00:00
c99cca3ac4
Annocheck: Allow spaces in golang symbols.
2021-12-02 15:38:52 +00:00
3bf68f34bb
Initial checkin of libannocheck
2021-12-01 15:53:49 +00:00
14b9ff320e
gcc-plugin: Fix bug creating empty attachments.
...
Annocheck: Change MAYB result to SKIP for DT_RPATH. (#2026300 )
2021-11-24 14:03:50 +00:00
9fd7a9a7dc
Annocheck: Skip missing fortify/warning notes for ARM32.
2021-11-19 12:25:11 +00:00
ddf58cca97
gcc-plugin: Try another fix for ppc64le section grouping. ( #2023437 )
2021-11-18 13:29:22 +00:00
cfbdb08f28
gcc-plugin: Revert 10.22 change. ( #2023437 )
2021-11-16 17:01:20 +00:00
5faade2ad7
Add support for more special glibc functions.
...
Fix building LLVM and Clang plugins for the ARM architecture.
2021-11-16 11:14:14 +00:00
92c34892f6
Annocheck: Add a test for unicode characters in identifiers.
2021-11-08 13:47:26 +00:00
18219884f1
gcc-plugin: Default to link-order grouping for PPC64LE. ( #2016458 )
2021-10-27 11:10:47 +01:00
ee53f9336e
Annocheck: Do not fail if a --skip-<name> option does not match a known test.
...
ldconfig-test: Skip the LTO check.
2021-10-26 15:58:02 +01:00
7add09b73e
Annocheck: Add more glibc function names.
2021-10-26 08:28:59 +01:00
7f58204567
gcc-plugin: Fix attaching the .text section to the .text.group section.
2021-10-21 13:48:54 +01:00
0bd26e8615
Complain about DT_RPATH for Fedora binaries.
2021-10-20 17:49:04 +01:00
3f7c00bf57
Better reporting of problems in object files.
...
Resolves : #2013708
2021-10-18 16:17:25 +01:00
7bc94a3f7c
Add a requirement on llvm-libs for clang and llvm plugins.
...
Resolves : #2014573
2021-10-18 14:24:09 +01:00
0c5b1fec47
Fix configuring annocheck without gcc-plugin.
...
- Annocheck: Better reporting of debuginfod problems.
- Tests: Fix bugs in debuginfod test.
2021-10-14 20:04:48 +01:00
ab631794b6
Fix merge issues.
2021-10-13 11:56:58 +01:00
8477e1751d
Annocheck: Add tests based upon recent bug fixes.
2021-10-13 11:55:02 +01:00
825be9a6a2
Rebuild for llvm-13.0.0
2021-10-12 16:29:18 +00:00
f1b2a85f11
Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found.
...
Resolves : #2011438
2021-10-08 16:25:13 +01:00
f25c7c2336
Annocheck: Fix MAYB results for mixed GO/C files.
...
Annocheck: Move some messages from VERBOSE to VERBOSE2.
Annocheck: Scan zero-length tool notes.
2021-10-08 14:15:39 +01:00
efe8b5622b
Annocheck: Fix covscan detected flaws.
...
plugins: Add more required build options.
2021-10-06 10:59:43 +01:00
c27947f871
Annocheck: Fix cf-prot test to fail if the CET notes are missing.
...
Annocheck: Skip gaps in the .plt section.
Plugins: Add -g option when building LLVM and Clang.
2021-10-05 14:28:09 +01:00
37b5de8c9b
Annocheck: Add more cases of glibc startup functions.
2021-10-04 15:26:35 +01:00
5f79645f58
- Annocheck: Fix covscan detected problems.
...
- Annocheck: Add --profile=el8.
- gcc-plugin: Conditionalize generation of branch protection note.
2021-10-01 13:11:12 +01:00
da3ba09492
Annocheck: Ignore gaps containing NOP instructions.
2021-09-29 13:12:12 +01:00
c62bd663ec
GCC Plugin: Fix detection of running inside the LTO compiler. ( #2004917 )
2021-09-16 15:06:57 +01:00
ee93527317
Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries.
2021-09-15 15:00:18 +01:00
0aa5d1ce55
Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result.
2021-09-15 12:09:38 +01:00
a99d618d38
Annocheck: Do not set CFLAGS/LDFLAGS when building. Take from environment instead.
2021-09-15 10:43:42 +01:00
92cb681581
Annocheck: Fix exit code when tests PASS.
2021-09-10 11:08:17 +01:00
fe496281b3
- Documentation: Add node for each hardening test.
...
- Documentation: Install online.
- Annocheck: Annote FAIL and MAYB results with URL to documentation
- Annocheck: Add --no-urls and --provide-urls options
- Annocheck: Add --help-<tool> option.
2021-09-09 14:18:24 +01:00
9d82370d42
- Annocheck: Fix fuzzing detected failures.
...
- Annocheck: Added --profile option.
- Docs: Documented --profile option and rpminspect.yaml.
2021-09-03 17:55:06 +01:00
ba44d58e22
Annocheck: Skip GO/CET checks. Fix fuzzing detected failures.
2021-08-31 15:18:09 +01:00
29d70de971
LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. ( #1997444 )
...
spec file: Add the installation of the annobon sources into /usr/src/annobin.
2021-08-25 13:38:58 +01:00
1d5918a750
Annocheck: Fix memory corruption. ( #1996963 )
...
spec file: Add the creation of a gcc-plugin version info file in /usr/lib/rpm/redhat.
2021-08-24 17:16:30 +01:00
7a0769e513
Annocheck: Add linker generated function for ppc64le exceptions. ( #1981410 )
...
LLVM Plugin: Allow checks to be selected from the command line.
Annocheck: Examine DW_AT_producer for -flto.
2021-08-18 11:28:24 +01:00
5d4d27dda9
Annocheck: Conditionalize detection of AArch64's PAC+BTI protection.
...
Annocheck: Add linker generated function for s390x exceptions. (#1981410 )
2021-08-17 15:03:42 +01:00
6d69597433
Annocheck: Generate MAYB results for gaps in notes covering the .text section. ( #1991943 )
...
Annocheck: Close DWARF file descriptors once the debug info is no longer needed. (#1981410 )
LLVM Plugin: Update to build with Clang v13. (Thanks to: Tom Stellard <tstellar@redhat.com>)
2021-08-17 12:10:03 +01:00
438dd33afc
Rebuild for LLVM 13.0.0-rc1
2021-08-16 20:04:41 +00:00
c76d8664da
Annocheck: Fix memory corruption. ( #1988715 )
2021-08-16 12:41:17 +01:00
75a23fb883
Annocheck: Skip certain tests for kernel modules.
2021-08-11 17:23:33 +01:00
71f8485e39
Annocheck: Detect a missing CET note. ( #1991931 )
...
Annocheck: Do not report future fails for AArch64 notes.
Annocheck: Warn about multiple --debug-file, --debug-rpm and --debug-dir options.
2021-08-10 15:14:48 +01:00
4af05b1261
Annocheck: Process files in command line order. ( #1988714 )
2021-08-09 11:14:43 +01:00
0394c1d928
Annocheck: Reverse AArch64 PAC+BTI check, ie fail if they are enabled.
...
Resolves : #1984995
2021-07-23 13:36:44 +01:00
8155573258
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 17:34:53 +00:00
8adc17e68b
Annocheck: Add another test exceptions.
2021-07-13 17:15:00 +01:00
5bbd4f5f31
Annocheck: Add some more test exceptions.
2021-07-13 15:39:21 +01:00
a978ea49fa
Tests: Skip glibc-notes test if the assembler does not support --generate-missing-build-notes.
...
Resolves : #1978573
2021-07-05 12:49:37 +01:00
dfddf61cdd
Annocheck: Fix spelling mistake in -,stack-realign failure message. ( #1977349 )
2021-06-29 16:06:16 +01:00
76947e83c2
gcc-plugin: Do not record global versions of stack protection settings in LTO mode, if not set. ( #1958954 )
2021-06-22 16:05:21 +01:00
14c8067c11
annocheck: Remove limit on number of input files.
2021-06-21 16:16:26 +01:00
f1a1007e43
clang/llvm plugins: Build with correct security options.
2021-06-15 14:48:49 +01:00
96f1a8a19f
Annocheck: Better detection of GO compiler version.
2021-06-15 12:10:19 +01:00
55304ea386
Annocheck: Better support for symbolic links. In verbose mode, report the reason for skipping specific tests.
...
Resolves : #1969584
2021-06-09 16:49:05 +01:00
524ebdae25
Rebuild for LLVM 12.0.1
2021-06-04 01:39:25 +00:00
993873ad36
Obsolete all previous versions of annobin.
...
Resolves : #1967339
2021-06-03 11:41:16 +01:00
1c617b1ec0
annocheck: Improve detection of shared libraries.
...
Resolves : #1958954
2021-05-25 14:54:34 +01:00
45b479d2d6
Tidy up spec file
2021-05-19 12:05:01 +01:00
81adad3f31
annocheck: Accept 0 as a valid number for gcc minor versions and release numbers.
...
gcc-plugin: Add support for ARM and RISCV targets.
2021-05-13 12:41:45 +01:00
394bd0083f
timing: do not initialise the clock if the timing tool is disabled.
2021-05-04 15:15:25 +01:00
689a7f6f54
gcc-plugin: Replace ICE messsages with verbose messages.
2021-04-30 09:50:06 +01:00
e5cf20e0a3
Fix the testsuite so that it can be run in parallel.
2021-04-22 14:15:51 +01:00
9e62aa8ed8
Annocheck: WARN if the annobin plugin was built for a newer version of the compiler than the one on which it was run.
...
Related: #1950657
2021-04-21 12:56:16 +01:00
99c1127a11
Obsolete annobin < 9.66-1
...
We want to support an upgrade from a distribution prior an introduction
of annobin-docs.
2021-04-20 13:53:58 +02:00
1622358fc1
Annocheck: Improve detection of missing GNU-stack support.
2021-04-20 12:35:20 +01:00
60b4b4fa76
Bump a release
...
annobin-9.66-3.fc35 was already used in FEDORA-2021-91bdf0b234 update
which went to stable and then untagged. We cannot detach a build from
a finished update.
2021-04-19 09:51:01 +02:00
7d1af348fb
Build-requiring perl-interpreter is enough
2021-04-16 13:26:58 +02:00
62f4dedb91
Correct a package rename
...
annobin-9.65 which only contained documentation was renamed to
annobin-docs in in 9.66. The Provide is kept for compatibility
(redhat-rpm-config).
The docs subpackage must be required by all the other ones because it
packages a license.
2021-04-16 13:22:35 +02:00
985cb77f4c
Fix bz1949570 - file conflicts after separating docs to a noarch subrpm
2021-04-16 09:16:09 +02:00
296c2a76fb
- Fix anomolies reported by covscan.
...
- Move documentation into a sub-package.
2021-04-09 14:51:58 +01:00
d57da4f976
NVR bump to allow rebuilding against GCC 11.0.1
2021-04-06 12:44:50 +01:00
c910f2212a
9.65-2
2021-03-20 11:05:06 +01:00
4a7311622e
gcc-plugin: Use a fixed filename when running in LTO mode.
2021-03-09 13:38:59 +00:00
60c8169066
Annocheck: Fix detection of special function names.
...
Resolves : #1934189
2021-03-03 10:10:12 +00:00
1720e01afe
Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc.
...
Resolves : #1923439
2021-02-26 10:09:08 +00:00
891fad1c0c
Annocheck: Add colour to some messages. Skip the deliberate use of -fno-stack-protector.
...
Resolves : #1923439
2021-02-25 11:22:54 +00:00
a35ca900df
Annocheck: Fix some problems with tests for missing notes.
2021-02-22 13:02:23 +00:00
92c8279fc3
Split plugins into separate sub-packages
...
Since annobin is required by redhat-rpm-config, having the clang and llvm plugins
as part of the default package means that llvm-libs is always installed into
the buildroot, which is unnecessary for most packages.
Also, having an llvm depenency in the buildroot makes upgrading llvm more difficult.
This patch attempts to resolve these issues by spliting up the various plugins
into their own sub-packages, so that redhat-rpm-config can have finer-grained
dependencies on only the plugins that it needs.
2021-02-10 22:17:14 +00:00
2cfdfdf4f4
Add some GO tests to annocheck.
2021-02-05 11:21:57 +00:00
7c61286322
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 00:07:03 +00:00
3a4181e531
Add a future fail for the presence of RPATH in the dynamic tags.
2021-01-20 11:15:10 +00:00
df15f450f0
Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing.
2021-01-18 18:09:39 +00:00
1874eab6f1
Workaround for elflint problems with PPC compiled files.
...
Resolves : #1880634
2021-01-14 10:37:21 +00:00
8b182011da
Fix bogus AArch64 test failures.
2021-01-13 10:30:18 +00:00
d119c7a74a
Improved testing by annocheck. Add fixed format message mode.
2021-01-12 17:19:21 +00:00
3bac683d82
Add support for -D_FORTIFY_SOURCE=3.
2021-01-04 16:18:52 +00:00
f470483cbf
Add BuildRequires: make
...
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
2020-12-16 23:29:24 +00:00
5509907436
NVR bump in order to allow the new gating tests to be run.
2020-12-11 17:04:35 +00:00
4a3a6f104e
annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer. ( #1906171 )
2020-12-11 14:53:32 +00:00
409120aa01
annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations. ( #1906171 )
2020-12-10 11:48:06 +00:00
d7a90f1991
annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL.
2020-12-09 17:15:19 +00:00
46640ca3dc
9.49: annocheck: Fix the note analyzer's handling of empty PowerPC64 notes.
2020-12-08 12:58:44 +00:00
e1bd496eeb
Undo bcond_with plugin_rebuild
2020-12-07 15:26:36 +01:00
dc5d2731d4
9.48-5
2020-12-07 15:08:29 +01:00
ec71c316e1
9.48-5
2020-12-07 14:50:08 +01:00
44aadc55ff
9.48-4
2020-12-06 12:17:38 +01:00
432e8594c3
9.48-3
2020-12-06 11:47:18 +01:00
a057c0a359
9.48-3
2020-12-06 11:30:03 +01:00
ebfb417770
9.48-2
2020-12-06 11:18:53 +01:00
62931e922e
9.48: gcc plugin: Tweak generation of end symbols for PPC64 when LTO is active. ( #1898075 )
2020-12-02 12:12:12 +00:00
24fe187a8d
9.47: gcc plugin: Add support for GCC 11's cl_vars array.
2020-12-01 13:39:47 +00:00
3e0594350d
Revert plugin_rebuild back.
2020-11-27 11:09:43 +01:00
3ed514a41c
NVR bump for another ELN sidetag rebuild.
2020-11-27 11:04:11 +01:00
ea02dafc1f
Annocheck: Support enabling/disable future fail tests.
2020-11-24 10:39:50 +00:00
b333964fd5
GCC plugin: Always record global notes for the .text.startup, .text.exit, .text.hot and .text.cold sections.
2020-11-23 12:12:25 +00:00
62e7074ffd
Clang plugin: Add -lLLVM to the build command line.
2020-11-17 16:30:19 +00:00
5b0e474e77
Annocheck: Improve reporting of missing -D_FORTIFY_SOURCE option. ( #1898075 )
2020-11-16 14:26:06 +00:00
3cff478cb4
Annocheck: Improve reporting of missing LTO option.
2020-11-16 11:40:56 +00:00
33cfa7d0eb
annocheck: Add handling of gimple compiled files
2020-11-10 16:41:31 +00:00
c0eabbb63f
Add --without-gcc-plugin option.
2020-11-09 13:55:03 +00:00
e6e8317766
Annocheck: Fix bug parsing DW_AT_producer.
2020-11-06 12:30:46 +00:00
34a622f99e
Add reporting of GNU Property notes for PowerPC.
...
Add test of objcopy's note merging abilities.
2020-11-04 14:17:42 +00:00
5b5750dca2
Revert back to defaults.
2020-10-30 01:24:55 +01:00
2b20a13c51
9.36-2
2020-10-30 01:10:33 +01:00
a87d8021be
9.36-2
2020-10-30 00:17:46 +01:00
a707c7d43e
Record the -flto setting and produce a soft warning if it is absent.
...
Suppress warnings about _D_GLIBCXX_ASSERTIONS if the source code is known to be something other than C++.
2020-10-21 15:18:44 +01:00
440266bff3
NVR bump and disable plugin use
2020-10-21 11:35:20 +01:00
70bb1086ca
turn off hard gcc reqauirement (temporary)
2020-10-21 11:12:51 +01:00
b2d7c66572
NVR bump and disable plugin use
2020-10-21 10:24:44 +01:00
d69789a4b8
NVR bump
2020-10-21 10:23:00 +01:00
5515ddd6c9
Correct the directory chosen for 32-bit LLVM and Clang plugins.
...
Resolves : #1884951
2020-10-05 12:40:13 +01:00
d94f0f89ce
gcc-plugin: Allow the use of the SHF_LINK_ORDER section flag to discard unused notes. (Experimental).
2020-10-02 13:29:31 +01:00
ad2a3b8d06
Enable the Clang and LLVM plugins by default. (Experimental).
2020-09-28 11:41:09 +01:00
5a05a4d64e
gcc-plugin: Fix test for empty PowerPC sections.
...
Resolves : #1880634
2020-09-21 13:13:34 +01:00
a305baad65
NVR bump to allow rebuild
2020-09-17 13:55:20 +01:00
087486d90e
annocheck: Add tests for the AArch64 BTI and PAC security features.
...
Resolves : #1862478
2020-09-16 07:47:41 +01:00
353a681587
gcc plugin: Use a 4 byte offset for PowerPC start symbols, so that they do not break disassemblies.
2020-09-10 13:42:30 +01:00
397174a269
gcc plugin: Correct the detection of 32-bit x86 builds.
...
Resolves : #1876197
2020-09-10 11:06:24 +01:00
d9c1db450f
gcc plugin: Detect any attempt to access the global_options array.
2020-08-17 10:51:27 +01:00
057676c5e3
gcc plugin: Do not complain about missing pre-processor options when examining a preprocessed input file.
...
Resolves : #1862718
2020-08-11 16:24:55 +01:00
Jakub Jelinek
Nick Clifton
Tom Stellard
Fedora Release Engineering
Petr Písař
Martin Cermak