9.68-2

- Annocheck: Improve detection of missing GNU-stack support.
- Fix anomolies reported by covscan.
- gcc-plugin: Use a fixed filename when running in LTO mode.
- Annocheck: Fix detection of special function names.  (#1934189)
- Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc.  (#1923439)
- Annocheck: Add colour to some messages.  Skip the deliberate use of -fno-stack-protector.  (#1923439)
- Annocheck: Fix some problems with tests for missing notes.
- Add some GO tests to annocheck.
- Add a future fail for the presence of RPATH in the dynamic tags.
- Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing.
- Workaround for elflint problems with PPC compiled files.  (#1880634)
- Fix bogus AArch64 test failures.
- Improved testing by annocheck.  Add fixed format message mode.
- Fix inconsistency reporting -fcf-protection and -fstack-clash-protection results.
- Add support for -D_FORTIFY_SOURCE=3.
- annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer.  (#1906171)
- annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations.  (#1906171)
- annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL.

.gitignore

@@ -1,106 +1 @@
-/annobin-2.0.tar.xz
-/annobin-2.1.tar.xz
-/annobin-2.2.tar.xz
-/annobin-2.3.tar.lz
-/annobin-2.3.tar.xz
-/annobin-2.4.tar.xz
-/annobin-2.5.tar.xz
-/annobin-2.5.1.tar.xz
-/annobin-3.0.tar.xz
-/annobin-3.1.tar.xz
-/annobin-3.2.tar.xz
-/annobin-3.3.tar.xz
-/annobin-3.4.tar.xz
-/annobin-3.5.tar.xz
-/annobin-3.6.tar.xz
-/annobin-5.0.tar.xz
-/annobin-5.1.tar.xz
-/annobin-5.2.tar.xz
-/annobin-5.3.tar.xz
-/annobin-5.4.tar.xz
-/annobin-5.5.tar.xz
-/annobin-5.6.tar.xz
-/annobin-5.7.tar.xz
-/annobin-5.8.tar.xz
-/annobin-5.9.tar.xz
-/annobin-5.10.tar.xz
-/annobin-5.11.tar.xz
-/annobin-6.0.tar.xz
-/annobin-6.1.tar.xz
-/annobin-6.2.tar.xz
-/annobin-6.3.tar.xz
-/annobin-6.4.tar.xz
-/annobin-6.5.tar.xz
-/annobin-6.6.tar.xz
-/annobin-7.0.tar.xz
-/annobin-7.1.tar.xz
-/annobin-8.0.tar.xz
-/annobin-8.1.tar.xz
-/annobin-8.2.tar.xz
-/annobin-8.3.tar.xz
-/annobin-8.4.tar.xz
-/annobin-8.5.tar.xz
-/annobin-8.6.tar.xz
-/annobin-8.7.tar.xz
-/annobin-8.8.tar.xz
-/annobin-8.9.tar.xz
-/annobin-8.10.tar.xz
-/annobin-8.11.tar.xz
-/annobin-8.12.tar.xz
-/annobin-8.13.tar.xz
-/annobin-8.14.tar.xz
-/annobin-8.15.tar.xz
-/annobin-8.16.tar.xz
-/annobin-8.17.tar.xz
-/annobin-8.18.tar.xz
-/annobin-8.19.tar.xz
-/annobin-8.20.tar.xz
-/annobin-8.21.tar.xz
-/annobin-8.22.tar.xz
-/annobin-8.23.tar.xz
-/annobin-8.24.tar.xz
-/annobin-8.25.tar.xz
-/annobin-8.26.tar.xz
-/annobin-8.27.tar.xz
-/annobin-8.29.tar.xz
-/annobin-8.30.tar.xz
-/annobin-8.31.tar.xz
-/annobin-8.32.tar.xz
-/annobin-8.33.tar.xz
-/annobin-8.34.tar.xz
-/annobin-8.35.tar.xz
-/annobin-8.36.tar.xz
-/annobin-8.37.tar.xz
-/annobin-8.38.tar.xz
-/annobin-8.39.tar.xz
-/annobin-8.41.tar.xz
-/annobin-8.44.tar.xz
-/annobin-8.45.tar.xz
-/annobin-8.48.tar.xz
-/annobin-8.49.tar.xz
-/annobin-8.50.tar.xz
-/annobin-8.51.tar.xz
-/annobin-8.52.tar.xz
-/annobin-8.53.tar.xz
-/annobin-8.55.tar.xz
-/annobin-8.56.tar.xz
-/annobin-8.57.tar.xz
-/annobin-8.58.tar.xz
-/annobin-8.59.tar.xz
-/annobin-8.60.tar.xz
-/annobin-8.61.tar.xz
-/annobin-8.62.tar.xz
-/annobin-8.63.tar.xz
-/annobin-8.64.tar.xz
-/annobin-8.65.tar.xz
-/annobin-8.66.tar.xz
-/annobin-8.67.tar.xz
-/annobin-8.68.tar.xz
-/annobin-8.69.tar.xz
-/annobin-8.70.tar.xz
-/annobin-8.71.tar.xz
-/annobin-8.72.tar.xz
-/annobin-8.73.tar.xz
-/annobin-8.74.tar.xz
-/annobin-8.76.tar.xz
-/annobin-8.77.tar.xz
+/annobin-*.tar.xz

annobin.spec

@@ -1,13 +1,37 @@
 
 Name:    annobin
-Summary: Binary annotation plugin for GCC
-Version: 8.77
-Release: 1%{?dist}
-
+Summary: Annotate and examine compiled binary files
+Version: 9.68
+Release: 2%{?dist}
 License: GPLv3+
-URL:     https://fedoraproject.org/wiki/Toolchain/Watermark
+# ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark
 # Maintainer: nickc@redhat.com
 
+#---------------------------------------------------------------------------------
+
+# Use "--without tests" to disable the testsuite.
+%bcond_without tests
+
+# Use "--without annocheck" to disable the installation of the annocheck program.
+%bcond_without annocheck
+
+# Use "--with debuginfod" to force support for debuginfod to be compiled into
+# the annocheck program.  By default the configure script will check for
+# availablilty at build time, but this might not match the run time situation.
+# FIXME: Add a --without debuginfod option to forcefully disable the configure
+# time check for debuginfod support.
+%bcond_with debuginfod
+
+# Use "--with clangplugin" to build the annobin plugin for Clang.
+%bcond_with clangplugin
+
+# Use "--with llvmplugin" to build the annobin plugin for LLVM.
+%bcond_with llvmplugin
+
+# Set this to zero to disable the requirement for a specific version of gcc.
+# This should only be needed if there is some kind of problem with the version
+# checking logic or when building on RHEL-7 or earlier.
+%global with_hard_gcc_version_requirement 1
 
 # # Do not build the annobin plugin with annotation enabled.
 # # This is because if we are bootstrapping a new build environment we can have
@@ -22,20 +46,10 @@ URL:     https://fedoraproject.org/wiki/Toolchain/Watermark
 # The problem should now only arise when rebasing to a new major version
 # of gcc, in which case the undefine below can be temporarily reinstated.
 #
-# %%undefine _annotated_build
-
-# Use "--without tests" to disable the testsuite.  The default is to run them.
-%bcond_without tests
-
-# Use "--without annocheck" to disable the installation of the annocheck program.
-%bcond_without annocheck
-
-# Set this to zero to disable the requirement for a specific version of gcc.
-# This should only be needed if there is some kind of problem with the version
-# checking logic or when building on RHEL-7 or earlier.
-%global with_hard_gcc_version_requirement 1
+%undefine _annotated_build
 
 #---------------------------------------------------------------------------------
+
 Source:  https://nickc.fedorapeople.org/annobin-%{version}.tar.xz
 # For the latest sources use:  git clone git://sourceware.org/git/annobin.git
 
@@ -97,6 +111,12 @@ Requires: gcc
 %endif
 
 BuildRequires: gcc gcc-plugin-devel gcc-c++
+%if %{with clangplugin}
+BuildRequires: clang clang-devel llvm llvm-devel compiler-rt
+%endif
+%if %{with llvmplugin}
+BuildRequires: clang clang-devel llvm llvm-devel compiler-rt
+%endif
 
 %description
 Provides a plugin for GCC that records extra information in the files
@@ -105,6 +125,14 @@ that it compiles.
 Note - the plugin is automatically enabled in gcc builds via flags
 provided by the redhat-rpm-macros package.
 
+%if %{with clangplugin}
+Also provides a plugin for Clang which performs a similar function.
+%endif
+
+%if %{with llvmplugin}
+Also provides a plugin for LLVM which performs a similar function.
+%endif
+
 #---------------------------------------------------------------------------------
 %if %{with tests}
 
@@ -124,6 +152,9 @@ of the resulting files.
 Summary: A tool for checking the security hardening status of binaries
 
 BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel
+%if %{with debuginfod}
+BuildRequires: elfutils-debuginfod-client-devel
+%endif
 
 %description annocheck
 Installs the annocheck program which uses the notes generated by annobin to
@@ -134,7 +165,17 @@ hardening options.
 
 #---------------------------------------------------------------------------------
 
-%global ANNOBIN_PLUGIN_DIR %(gcc --print-file-name=plugin)
+%global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin)
+
+%if %{with clangplugin}
+# FIXME: Clang does not appear to have an official plugin directory.
+# Instead it just uses dlopen() with no pathname prefix.  So we
+# construct a (hopefully good) path and rely upon users of annobin
+# knowing about this location.
+# FIXME2: Currently this same path is hardcoded into the Makefile.in
+# files in the clang-plugin and llvm-plugin source directories...
+%global ANNOBIN_CLANG_PLUGIN_DIR /usr/lib64/clang/%(llvm-config --version)/lib
+%endif
 
 #---------------------------------------------------------------------------------
 
@@ -144,14 +185,14 @@ if [ -z "%{gcc_vr}" ]; then
     exit 1
 fi
 
-echo "Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next})"
+echo "Requires: (gcc >= %{gcc_major} and gcc < %{gcc_next})"
 
 %autosetup -p1
 
 # The plugin has to be configured with the same arcane configure
 # scripts used by gcc.  Hence we must not allow the Fedora build
 # system to regenerate any of the configure files.
-touch aclocal.m4 plugin/config.h.in
+touch aclocal.m4 gcc-plugin/config.h.in
 touch configure */configure Makefile.in */Makefile.in
 # Similarly we do not want to rebuild the documentation.
 touch doc/annobin.info
@@ -159,47 +200,90 @@ touch doc/annobin.info
 #---------------------------------------------------------------------------------
 
 %build
-%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_PLUGIN_DIR}
+
+CONFIG_ARGS=
+
+%if %{with debuginfod}
+CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod"
+%else
+CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod"
+%endif
+
+%if %{with clangplugin}
+CONFIG_ARGS="$CONFIG_ARGS --with-clang"
+%endif
+
+%if %{with llvmplugin}
+CONFIG_ARGS="$CONFIG_ARGS --with-llvm"
+%endif
+
+%if %{without tests}
+CONFIG_ARGS="$CONFIG_ARGS --without-test"
+%endif
+
+%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR} ${CONFIG_ARGS} || cat config.log
+
 %make_build
+
 # Rebuild the plugin, this time using the plugin itself!  This
 # ensures that the plugin works, and that it contains annotations
 # of its own.  This could mean that we end up with a plugin with
 # double annotations in it.  (If the build system enables annotations
 # for plugins by default).  I have not tested this yet, but I think
 # that it should be OK.
-cp plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so
-make -C plugin clean
+cp gcc-plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so
+make -C gcc-plugin clean
 BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so -fplugin-arg-tmp_annobin-rename"
 # If building on RHEL7, enable the next option as the .attach_to_group assembler pseudo op is not available in the assembler.
 # BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach"
-make -C plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
+make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
 rm %{_tmppath}/tmp_annobin.so
 
+%if %{with clangplugin}
+# FIXME: The symbolic link should not be needed.
+ln -f -s ../annobin-global.h clang-plugin
+make -C clang-plugin annobin.so 
+%endif
+
 #---------------------------------------------------------------------------------
 
 %install
 %make_install
-%{__rm} -f %{buildroot}%{_infodir}/dir
+rm -f %{buildroot}%{_infodir}/dir
+
+%if %{with clangplugin}
+install -Dpm0755 -t %{buildroot}%{ANNOBIN_CLANG_PLUGIN_DIR} clang-plugin/annobin.so
+%endif
+
+%if %{with llvmplugin}
+#FIXME: ADD INSTALL
+%endif
 
 #---------------------------------------------------------------------------------
 
 %if %{with tests}
 %check
-# On RHEL7 the assembler does not support all of the annobin tests.
+# Change the following line to "make check || :" on RHEL7 or if you need to see the
+# test suite logs in order to diagnose a test failure.
 make check
 if [ -f tests/test-suite.log ]; then
     cat tests/test-suite.log
 fi
+
+%if %{with clangplugin}
+# FIXME: RUN clang tests.
+%endif
+
+%if %{with llvmplugin}
+#FIXME: RUN LLVM tests.
+%endif
+
 %endif
 
 #---------------------------------------------------------------------------------
 
 %files
-%{ANNOBIN_PLUGIN_DIR}
-%{_bindir}/built-by
-%{_bindir}/check-abi
-%{_bindir}/hardened
-%{_bindir}/run-on-binaries-in
+%{ANNOBIN_GCC_PLUGIN_DIR}
 %license COPYING3 LICENSE
 %exclude %{_datadir}/doc/annobin-plugin/COPYING3
 %exclude %{_datadir}/doc/annobin-plugin/LICENSE
@@ -211,6 +295,13 @@ fi
 %{_mandir}/man1/hardened.1*
 %{_mandir}/man1/run-on-binaries-in.1*
 
+%if %{with clangplugin}
+%{ANNOBIN_CLANG_PLUGIN_DIR}
+%endif
+%if %{with llvmplugin}
+%{ANNOBIN_CLANG_PLUGIN_DIR}
+%endif
+
 %if %{with annocheck}
 %files annocheck
 %{_bindir}/annocheck
@@ -220,6 +311,218 @@ fi
 #---------------------------------------------------------------------------------
 
 %changelog
+* Sun Apr 25 2021 Jakub Jelinek <jakub@redhat.com> - 9.68-2
+- Rebuilt for gcc 10.3.1-1
+
+* Wed Apr 21 2021 Nick Clifton  <nickc@redhat.com> - 9.68-1
+- Annocheck: WARN if the annobin plugin was built for a newer version of the compiler than the one on which it was run.  (#1950657)
+- Annocheck: Improve detection of missing GNU-stack support.
+- Fix anomolies reported by covscan.
+- gcc-plugin: Use a fixed filename when running in LTO mode.
+- Annocheck: Fix detection of special function names.  (#1934189)
+- Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc.  (#1923439)
+- Annocheck: Add colour to some messages.  Skip the deliberate use of -fno-stack-protector.  (#1923439)
+- Annocheck: Fix some problems with tests for missing notes.
+- Add some GO tests to annocheck.
+- Add a future fail for the presence of RPATH in the dynamic tags.
+- Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing.
+- Workaround for elflint problems with PPC compiled files.  (#1880634)
+- Fix bogus AArch64 test failures.
+- Improved testing by annocheck.  Add fixed format message mode.
+- Fix inconsistency reporting -fcf-protection and -fstack-clash-protection results.
+- Add support for -D_FORTIFY_SOURCE=3.
+- annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer.  (#1906171)
+- annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations.  (#1906171)
+- annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL.
+
+* Wed Dec 09 2020 Nick Clifton <nickc@redhat.com> - 9.49-1
+- Rebase to 9.49.
+- annocheck: Fix notes analyzer to accept empty PPC64 notes.
+- gcc plugin: Tweak generation of end symbols for PPC64 when LTO is active.  (#1898075)
+- gcc plugin: Add support for GCC 11's cl_vars array.
+- Annocheck: Support enabling/disabling future fails.
+- GCC plugin: Always record global notes for the .text.startup,
+  .text.exit, .text.hot and .text.cold sections.
+- Clang plugin: Add -lLLVM to the build command line.
+- Annocheck: Improve reporting of missing -D_FORTIFY_SOURCE option.  (#1898075)
+- Annocheck: Improve reporting of missing LTO option.
+- Add detecting of gimple compiled binaries.
+- Add --without-gcc-plugin option.
+- Annocheck: Fix bug parsing DW_AT_producer.
+- Add test of .note.gnu.property section for PowerPC.
+- Add test of objcopy's ability to merge notes.
+- Record the -flto setting and produce a soft warning if it is absent.
+- Suppress warnings about _D_GLIBCXX_ASSERTIONS if the source code is known to be something other than C++.
+- Correct the directory chosen for 32-bit LLVM and Clang plugins.  (#1884951)
+- Allow the use of the SHF_LINK_ORDER section flag to discard unused notes.  (Experimental).
+- Enable the build and installation of the LLVM and Clang plugins.  (Experimental).
+- gcc-plugin: Fix test for empty PowerPC sections.  (#1880634)
+- annocheck: Add tests for the AArch64 BTI and PAC security features.  (#1862478)
+- gcc plugin: Use a 4 byte offset for PowerPC start symbols, so that they do not break disassemblies.
+- gcc plugin: Correct the detection of 32-bit x86 builds.  (#1876197)
+- gcc plugin: Detect any attempt to access the global_options array.
+
+* Wed Oct 07 2020 Jakub Jelinek <jakub@redhat.com> - 9.28-3
+- NVR bump to allow rebuilding without using annobin.
+
+* Tue Oct 06 2020 Jakub Jelinek <jakub@redhat.com> - 9.28-2
+- Rebuilt for gcc 10.2.1-5
+
+* Tue Aug 11 2020 Nick Clifton <nickc@redhat.com> - 9.28-1
+- gcc plugin: Do not complain about missing pre-processor options when examining a preprocessed input file.  (#1862718)
+
+* Thu Jul 30 2020 Nick Clifton <nickc@redhat.com> - 9.27-1
+- Use more robust checks for AArch64 options.
+
+* Thu Jul 30 2020 Nick Clifton <nickc@redhat.com> - 9.26-1
+- Detect CLANG compiled assembler that is missing IBT support.
+
+* Wed Jul 29 2020 Nick Clifton <nickc@redhat.com> - 9.25-1
+- Improved target pointer size discovery.
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 9.24-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Sun Jul 26 2020 Nick Clifton <nickc@redhat.com> - 9.24-2
+- Rebuild with plugin enabled to check that suppression works.
+
+* Sun Jul 26 2020 Nick Clifton <nickc@redhat.com> - 9.24-1
+- Add support for installing clang and llvm plugins.
+- Temporary suppression of aarch64 pointer size check.  (#1860549)
+
+* Sat Jul 25 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 9.23-2
+- Rebuild for gcc 10.2
+
+* Wed Jul 01 2020 Nick Clifton <nickc@redhat.com> - 9.23-1
+- Annocheck: Do not skip tests of the short-enums notes.  (#1743635)
+
+* Mon Jun 15 2020 Nick Clifton <nickc@redhat.com> - 9.22-1
+- Add (optional) llvm plugin.
+
+* Wed Apr 22 2020 Nick Clifton <nickc@redhat.com> - 9.21-1
+- Annobin: Fall back on using the flags if the option cannot be found in cl_options.  (#1817659)
+
+* Thu Apr 16 2020 Nick Clifton <nickc@redhat.com> - 9.20-1
+- Annocheck: Detect Fortran compiled programs.  (#1824393)
+
+* Wed Apr 01 2020 Nick Clifton <nickc@redhat.com> - 9.19-1
+- Annobin: If option name mismatch occurs, seach for the real option.  (#1817452)
+
+* Mon Mar 30 2020 Nick Clifton <nickc@redhat.com> - 9.18-1
+- Annocheck: Fix a division by zero error when parsing GO binaries.  (#1818863)
+
+* Fri Mar 27 2020 Nick Clifton <nickc@redhat.com> - 9.16-1
+- Annobin: Fix access to the -flto and -fsanitize flags.
+
+* Thu Mar 26 2020 Nick Clifton <nickc@redhat.com> - 9.14-1
+- Annobin: Use offsets stored in gcc's cl_option structure to access the global_options array, thus removing the need to check for changes in the size of this structure.
+
+* Thu Mar 26 2020 Nick Clifton <nickc@redhat.com> - 9.13-2
+- NVR bump to allow rebuilding against new gcc.
+
+* Thu Mar 12 2020 Nick Clifton <nickc@redhat.com> - 9.13-1
+- Rename gcc plugin directory to gcc-plugin.
+- Stop annocheck from complaining about missing options when the binary has been built in a mixed environment.
+
+* Thu Mar 12 2020 Nick Clifton <nickc@redhat.com> - 9.12-3
+- And again, this time with annotation enabled.  (#1810941)
+
+* Thu Mar 12 2020 Nick Clifton <nickc@redhat.com> - 9.12-2
+- NVR bump to enable rebuild against updated gcc.  (#1810941)
+
+* Wed Mar 04 2020 Nick Clifton <nickc@redhat.com> - 9.12-1
+- Improve builtby tool.
+- Stop annocheck complaining about missing notes when the binary is not compiled by either gcc or clang.
+- Skip the check of the ENTRY instruction for binaries not compiled by gcc or clang.  (#1809656)
+
+* Fri Feb 28 2020 Nick Clifton <nickc@redhat.com> - 9.11-1
+- Fix infinite loop hangup in annocheck.
+- Disable debuginfod support by default.
+- Improve parsing of .comment section.
+
+* Thu Feb 27 2020 Nick Clifton <nickc@redhat.com> - 9.10-1
+- Fix clang plugin to use hidden symbols.
+
+* Tue Feb 25 2020 Nick Clifton <nickc@redhat.com> - 9.09-1
+- Add ability to build clang plugin (disabled by default).
+
+* Mon Feb 17 2020 Nick Clifton <nickc@redhat.com> - 9.08-1
+- Annocheck: Fix error printing out the version number.
+
+* Fri Feb 14 2020 Nick Clifton <nickc@redhat.com> - 9.07-1
+- Annobin: Add checks of the exact location of the examined switches.
+
+* Tue Feb 11 2020 Nick Clifton <nickc@redhat.com> - 9.06-1
+- Annobin: Note when stack clash notes are generated.
+- Annocheck: Handle multiple builder IDs in the .comment section.
+
+* Fri Jan 31 2020 Nick Clifton <nickc@redhat.com> - 9.05-1
+- Add configure option to suppress building annocheck.
+
+* Fri Jan 31 2020 Nick Clifton <nickc@redhat.com> - 9.04-1
+- Fix debuginfod test.
+
+* Thu Jan 30 2020 Nick Clifton <nickc@redhat.com> - 9.03-2
+- Correct the build requirement for building with debuginfod support.
+
+* Thu Jan 30 2020 Nick Clifton <nickc@redhat.com> - 9.03-1
+- Add debuginfod support.
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 9.01-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Jan 20 2020 Nick Clifton <nickc@redhat.com> - 9.01-2
+- Rebuild againt latest gcc-10.
+
+* Mon Jan 20 2020 Nick Clifton <nickc@redhat.com> - 9.01-1
+- Add clang plugin (experimental).
+
+* Fri Dec 06 2019 Nick Clifton <nickc@redhat.com> - 8.92-1
+- Have annocheck ignore notes with an end address of 0.
+
+* Mon Nov 18 2019 Nick Clifton <nickc@redhat.com> - 8.91-1
+- Improve checking of gcc versions.
+
+* Fri Nov 15 2019 Nick Clifton <nickc@redhat.com> - 8.90-1
+- Do not skip positive results.
+
+* Fri Nov 01 2019 Nick Clifton <nickc@redhat.com> - 8.88-1
+- Generate a WARN result for code compiled with instrumentation enabled.  (#1753918)
+
+* Tue Oct 22 2019 Nick Clifton <nickc@redhat.com> - 8.87-1
+- Replace address checks with dladdr1.
+
+* Mon Oct 21 2019 Nick Clifton <nickc@redhat.com> - 8.86-1
+- Use libabigail like checking to ensure variable address consistency.
+
+* Wed Oct 16 2019 Nick Clifton <nickc@redhat.com> - 8.85-1
+- Skip generation of global notes for hot/cold sections.
+
+* Thu Oct 10 2019 Nick Clifton <nickc@redhat.com> - 8.84-1
+- Generate FAIL results if -Wall or -Wformat-security are missing.
+
+* Thu Oct 03 2019 Nick Clifton <nickc@redhat.com> - 8.83-1
+- If notes cannot be found in the executable look for them in the debuginfo file, if available.
+- Generate a FAIL if notes are missing from the executable/debuginfo file.
+- Record and report the setting of the AArcht64 specific -mbranch-protection option.
+
+* Mon Sep 23 2019 Nick Clifton <nickc@redhat.com> - 8.81-1
+- Improve detection of GO binaries.
+- Add gcc version information to annobin notes.
+- Do not complain about missing FORTIFY_SOURCE and GLIBCXX_ASSERTIONS in LTO compilations.
+
+* Wed Sep 04 2019 Nick Clifton <nickc@redhat.com> - 8.79-2
+- NVR bump to allow rebuild against latest gcc.  (#1748529)
+
+* Tue Aug 06 2019 Nick Clifton <nickc@redhat.com> - 8.79-1
+- Allow compiler used to run tests to be specified on the command line.  (#1723401)
+
+* Tue Aug 06 2019 Nick Clifton <nickc@redhat.com> - 8.78-1
+- Fix a memory allocation error in the annobin plugin.  (#1737306)
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 8.77-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
 * Mon Jun 24 2019 Nick Clifton <nickc@redhat.com> - 8.77-1
 - Another attempt at fixing the detection and reporting of missing -D_FORTIFY_SOURCE options.  (#1703500)
 

sources

@@ -1 +1 @@
-SHA512 (annobin-8.77.tar.xz) = d9d393aa359ab58a24d295dd4108b0255e39cf9210ec99125ce3f3589adff795aba50234817b38134964caa2fc92cf04d6c6e2945ae6cc2e1145033383cc58cb
+SHA512 (annobin-9.68.tar.xz) = ca76411cd112f61002f56d5cbe82307c3137b6da4deaaa12d70493ac514ff3950ffda4e0812c0414200a495228fe36b02a9a8628c5e616456adffe923917b391