|
|
|
@ -1,13 +1,37 @@
|
|
|
|
|
|
|
|
|
|
Name: annobin
|
|
|
|
|
Summary: Binary annotation plugin for GCC
|
|
|
|
|
Version: 8.77
|
|
|
|
|
Release: 1%{?dist}
|
|
|
|
|
|
|
|
|
|
Summary: Annotate and examine compiled binary files
|
|
|
|
|
Version: 9.68
|
|
|
|
|
Release: 2.0.riscv64%{?dist}
|
|
|
|
|
License: GPLv3+
|
|
|
|
|
URL: https://fedoraproject.org/wiki/Toolchain/Watermark
|
|
|
|
|
# ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark
|
|
|
|
|
# Maintainer: nickc@redhat.com
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
# Use "--without tests" to disable the testsuite.
|
|
|
|
|
%bcond_without tests
|
|
|
|
|
|
|
|
|
|
# Use "--without annocheck" to disable the installation of the annocheck program.
|
|
|
|
|
%bcond_without annocheck
|
|
|
|
|
|
|
|
|
|
# Use "--with debuginfod" to force support for debuginfod to be compiled into
|
|
|
|
|
# the annocheck program. By default the configure script will check for
|
|
|
|
|
# availablilty at build time, but this might not match the run time situation.
|
|
|
|
|
# FIXME: Add a --without debuginfod option to forcefully disable the configure
|
|
|
|
|
# time check for debuginfod support.
|
|
|
|
|
%bcond_with debuginfod
|
|
|
|
|
|
|
|
|
|
# Use "--with clangplugin" to build the annobin plugin for Clang.
|
|
|
|
|
%bcond_with clangplugin
|
|
|
|
|
|
|
|
|
|
# Use "--with llvmplugin" to build the annobin plugin for LLVM.
|
|
|
|
|
%bcond_with llvmplugin
|
|
|
|
|
|
|
|
|
|
# Set this to zero to disable the requirement for a specific version of gcc.
|
|
|
|
|
# This should only be needed if there is some kind of problem with the version
|
|
|
|
|
# checking logic or when building on RHEL-7 or earlier.
|
|
|
|
|
%global with_hard_gcc_version_requirement 1
|
|
|
|
|
|
|
|
|
|
# # Do not build the annobin plugin with annotation enabled.
|
|
|
|
|
# # This is because if we are bootstrapping a new build environment we can have
|
|
|
|
@ -22,26 +46,19 @@ URL: https://fedoraproject.org/wiki/Toolchain/Watermark
|
|
|
|
|
# The problem should now only arise when rebasing to a new major version
|
|
|
|
|
# of gcc, in which case the undefine below can be temporarily reinstated.
|
|
|
|
|
#
|
|
|
|
|
# %%undefine _annotated_build
|
|
|
|
|
|
|
|
|
|
# Use "--without tests" to disable the testsuite. The default is to run them.
|
|
|
|
|
%bcond_without tests
|
|
|
|
|
|
|
|
|
|
# Use "--without annocheck" to disable the installation of the annocheck program.
|
|
|
|
|
%bcond_without annocheck
|
|
|
|
|
|
|
|
|
|
# Set this to zero to disable the requirement for a specific version of gcc.
|
|
|
|
|
# This should only be needed if there is some kind of problem with the version
|
|
|
|
|
# checking logic or when building on RHEL-7 or earlier.
|
|
|
|
|
%global with_hard_gcc_version_requirement 1
|
|
|
|
|
%undefine _annotated_build
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
Source: https://nickc.fedorapeople.org/annobin-%{version}.tar.xz
|
|
|
|
|
# For the latest sources use: git clone git://sourceware.org/git/annobin.git
|
|
|
|
|
|
|
|
|
|
# Insert patches here, if needed.
|
|
|
|
|
# Patch01: annobin-xxx.patch
|
|
|
|
|
|
|
|
|
|
# RISC-V
|
|
|
|
|
Patch0: annobin-add-riscv-support.patch
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
# [Stolen from gcc-python-plugin]
|
|
|
|
@ -97,6 +114,12 @@ Requires: gcc
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
BuildRequires: gcc gcc-plugin-devel gcc-c++
|
|
|
|
|
%if %{with clangplugin}
|
|
|
|
|
BuildRequires: clang clang-devel llvm llvm-devel compiler-rt
|
|
|
|
|
%endif
|
|
|
|
|
%if %{with llvmplugin}
|
|
|
|
|
BuildRequires: clang clang-devel llvm llvm-devel compiler-rt
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
Provides a plugin for GCC that records extra information in the files
|
|
|
|
@ -105,6 +128,14 @@ that it compiles.
|
|
|
|
|
Note - the plugin is automatically enabled in gcc builds via flags
|
|
|
|
|
provided by the redhat-rpm-macros package.
|
|
|
|
|
|
|
|
|
|
%if %{with clangplugin}
|
|
|
|
|
Also provides a plugin for Clang which performs a similar function.
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%if %{with llvmplugin}
|
|
|
|
|
Also provides a plugin for LLVM which performs a similar function.
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------
|
|
|
|
|
%if %{with tests}
|
|
|
|
|
|
|
|
|
@ -124,6 +155,9 @@ of the resulting files.
|
|
|
|
|
Summary: A tool for checking the security hardening status of binaries
|
|
|
|
|
|
|
|
|
|
BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel
|
|
|
|
|
%if %{with debuginfod}
|
|
|
|
|
BuildRequires: elfutils-debuginfod-client-devel
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%description annocheck
|
|
|
|
|
Installs the annocheck program which uses the notes generated by annobin to
|
|
|
|
@ -134,7 +168,17 @@ hardening options.
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
%global ANNOBIN_PLUGIN_DIR %(gcc --print-file-name=plugin)
|
|
|
|
|
%global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin)
|
|
|
|
|
|
|
|
|
|
%if %{with clangplugin}
|
|
|
|
|
# FIXME: Clang does not appear to have an official plugin directory.
|
|
|
|
|
# Instead it just uses dlopen() with no pathname prefix. So we
|
|
|
|
|
# construct a (hopefully good) path and rely upon users of annobin
|
|
|
|
|
# knowing about this location.
|
|
|
|
|
# FIXME2: Currently this same path is hardcoded into the Makefile.in
|
|
|
|
|
# files in the clang-plugin and llvm-plugin source directories...
|
|
|
|
|
%global ANNOBIN_CLANG_PLUGIN_DIR /usr/lib64/clang/%(llvm-config --version)/lib
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
@ -144,14 +188,14 @@ if [ -z "%{gcc_vr}" ]; then
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
echo "Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next})"
|
|
|
|
|
echo "Requires: (gcc >= %{gcc_major} and gcc < %{gcc_next})"
|
|
|
|
|
|
|
|
|
|
%autosetup -p1
|
|
|
|
|
|
|
|
|
|
# The plugin has to be configured with the same arcane configure
|
|
|
|
|
# scripts used by gcc. Hence we must not allow the Fedora build
|
|
|
|
|
# system to regenerate any of the configure files.
|
|
|
|
|
touch aclocal.m4 plugin/config.h.in
|
|
|
|
|
touch aclocal.m4 gcc-plugin/config.h.in
|
|
|
|
|
touch configure */configure Makefile.in */Makefile.in
|
|
|
|
|
# Similarly we do not want to rebuild the documentation.
|
|
|
|
|
touch doc/annobin.info
|
|
|
|
@ -159,47 +203,90 @@ touch doc/annobin.info
|
|
|
|
|
#---------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
%build
|
|
|
|
|
%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_PLUGIN_DIR}
|
|
|
|
|
|
|
|
|
|
CONFIG_ARGS=
|
|
|
|
|
|
|
|
|
|
%if %{with debuginfod}
|
|
|
|
|
CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod"
|
|
|
|
|
%else
|
|
|
|
|
CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod"
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%if %{with clangplugin}
|
|
|
|
|
CONFIG_ARGS="$CONFIG_ARGS --with-clang"
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%if %{with llvmplugin}
|
|
|
|
|
CONFIG_ARGS="$CONFIG_ARGS --with-llvm"
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%if %{without tests}
|
|
|
|
|
CONFIG_ARGS="$CONFIG_ARGS --without-test"
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR} ${CONFIG_ARGS} || cat config.log
|
|
|
|
|
|
|
|
|
|
%make_build
|
|
|
|
|
|
|
|
|
|
# Rebuild the plugin, this time using the plugin itself! This
|
|
|
|
|
# ensures that the plugin works, and that it contains annotations
|
|
|
|
|
# of its own. This could mean that we end up with a plugin with
|
|
|
|
|
# double annotations in it. (If the build system enables annotations
|
|
|
|
|
# for plugins by default). I have not tested this yet, but I think
|
|
|
|
|
# that it should be OK.
|
|
|
|
|
cp plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so
|
|
|
|
|
make -C plugin clean
|
|
|
|
|
cp gcc-plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so
|
|
|
|
|
make -C gcc-plugin clean
|
|
|
|
|
BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so -fplugin-arg-tmp_annobin-rename"
|
|
|
|
|
# If building on RHEL7, enable the next option as the .attach_to_group assembler pseudo op is not available in the assembler.
|
|
|
|
|
# BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach"
|
|
|
|
|
make -C plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
|
|
|
|
|
make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
|
|
|
|
|
rm %{_tmppath}/tmp_annobin.so
|
|
|
|
|
|
|
|
|
|
%if %{with clangplugin}
|
|
|
|
|
# FIXME: The symbolic link should not be needed.
|
|
|
|
|
ln -f -s ../annobin-global.h clang-plugin
|
|
|
|
|
make -C clang-plugin annobin.so
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
%install
|
|
|
|
|
%make_install
|
|
|
|
|
%{__rm} -f %{buildroot}%{_infodir}/dir
|
|
|
|
|
rm -f %{buildroot}%{_infodir}/dir
|
|
|
|
|
|
|
|
|
|
%if %{with clangplugin}
|
|
|
|
|
install -Dpm0755 -t %{buildroot}%{ANNOBIN_CLANG_PLUGIN_DIR} clang-plugin/annobin.so
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%if %{with llvmplugin}
|
|
|
|
|
#FIXME: ADD INSTALL
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
%if %{with tests}
|
|
|
|
|
%check
|
|
|
|
|
# On RHEL7 the assembler does not support all of the annobin tests.
|
|
|
|
|
# Change the following line to "make check || :" on RHEL7 or if you need to see the
|
|
|
|
|
# test suite logs in order to diagnose a test failure.
|
|
|
|
|
make check
|
|
|
|
|
if [ -f tests/test-suite.log ]; then
|
|
|
|
|
cat tests/test-suite.log
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
%if %{with clangplugin}
|
|
|
|
|
# FIXME: RUN clang tests.
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%if %{with llvmplugin}
|
|
|
|
|
#FIXME: RUN LLVM tests.
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
%files
|
|
|
|
|
%{ANNOBIN_PLUGIN_DIR}
|
|
|
|
|
%{_bindir}/built-by
|
|
|
|
|
%{_bindir}/check-abi
|
|
|
|
|
%{_bindir}/hardened
|
|
|
|
|
%{_bindir}/run-on-binaries-in
|
|
|
|
|
%{ANNOBIN_GCC_PLUGIN_DIR}
|
|
|
|
|
%license COPYING3 LICENSE
|
|
|
|
|
%exclude %{_datadir}/doc/annobin-plugin/COPYING3
|
|
|
|
|
%exclude %{_datadir}/doc/annobin-plugin/LICENSE
|
|
|
|
@ -211,6 +298,13 @@ fi
|
|
|
|
|
%{_mandir}/man1/hardened.1*
|
|
|
|
|
%{_mandir}/man1/run-on-binaries-in.1*
|
|
|
|
|
|
|
|
|
|
%if %{with clangplugin}
|
|
|
|
|
%{ANNOBIN_CLANG_PLUGIN_DIR}
|
|
|
|
|
%endif
|
|
|
|
|
%if %{with llvmplugin}
|
|
|
|
|
%{ANNOBIN_CLANG_PLUGIN_DIR}
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%if %{with annocheck}
|
|
|
|
|
%files annocheck
|
|
|
|
|
%{_bindir}/annocheck
|
|
|
|
@ -220,6 +314,221 @@ fi
|
|
|
|
|
#---------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
|
* Sat May 01 2021 David Abdurachmanov <david.abdurachmanov@gmail.com> - 9.68-2.0.riscv64
|
|
|
|
|
- Add support for riscv64
|
|
|
|
|
|
|
|
|
|
* Sun Apr 25 2021 Jakub Jelinek <jakub@redhat.com> - 9.68-2
|
|
|
|
|
- Rebuilt for gcc 10.3.1-1
|
|
|
|
|
|
|
|
|
|
* Wed Apr 21 2021 Nick Clifton <nickc@redhat.com> - 9.68-1
|
|
|
|
|
- Annocheck: WARN if the annobin plugin was built for a newer version of the compiler than the one on which it was run. (#1950657)
|
|
|
|
|
- Annocheck: Improve detection of missing GNU-stack support.
|
|
|
|
|
- Fix anomolies reported by covscan.
|
|
|
|
|
- gcc-plugin: Use a fixed filename when running in LTO mode.
|
|
|
|
|
- Annocheck: Fix detection of special function names. (#1934189)
|
|
|
|
|
- Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc. (#1923439)
|
|
|
|
|
- Annocheck: Add colour to some messages. Skip the deliberate use of -fno-stack-protector. (#1923439)
|
|
|
|
|
- Annocheck: Fix some problems with tests for missing notes.
|
|
|
|
|
- Add some GO tests to annocheck.
|
|
|
|
|
- Add a future fail for the presence of RPATH in the dynamic tags.
|
|
|
|
|
- Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing.
|
|
|
|
|
- Workaround for elflint problems with PPC compiled files. (#1880634)
|
|
|
|
|
- Fix bogus AArch64 test failures.
|
|
|
|
|
- Improved testing by annocheck. Add fixed format message mode.
|
|
|
|
|
- Fix inconsistency reporting -fcf-protection and -fstack-clash-protection results.
|
|
|
|
|
- Add support for -D_FORTIFY_SOURCE=3.
|
|
|
|
|
- annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer. (#1906171)
|
|
|
|
|
- annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations. (#1906171)
|
|
|
|
|
- annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL.
|
|
|
|
|
|
|
|
|
|
* Wed Dec 09 2020 Nick Clifton <nickc@redhat.com> - 9.49-1
|
|
|
|
|
- Rebase to 9.49.
|
|
|
|
|
- annocheck: Fix notes analyzer to accept empty PPC64 notes.
|
|
|
|
|
- gcc plugin: Tweak generation of end symbols for PPC64 when LTO is active. (#1898075)
|
|
|
|
|
- gcc plugin: Add support for GCC 11's cl_vars array.
|
|
|
|
|
- Annocheck: Support enabling/disabling future fails.
|
|
|
|
|
- GCC plugin: Always record global notes for the .text.startup,
|
|
|
|
|
.text.exit, .text.hot and .text.cold sections.
|
|
|
|
|
- Clang plugin: Add -lLLVM to the build command line.
|
|
|
|
|
- Annocheck: Improve reporting of missing -D_FORTIFY_SOURCE option. (#1898075)
|
|
|
|
|
- Annocheck: Improve reporting of missing LTO option.
|
|
|
|
|
- Add detecting of gimple compiled binaries.
|
|
|
|
|
- Add --without-gcc-plugin option.
|
|
|
|
|
- Annocheck: Fix bug parsing DW_AT_producer.
|
|
|
|
|
- Add test of .note.gnu.property section for PowerPC.
|
|
|
|
|
- Add test of objcopy's ability to merge notes.
|
|
|
|
|
- Record the -flto setting and produce a soft warning if it is absent.
|
|
|
|
|
- Suppress warnings about _D_GLIBCXX_ASSERTIONS if the source code is known to be something other than C++.
|
|
|
|
|
- Correct the directory chosen for 32-bit LLVM and Clang plugins. (#1884951)
|
|
|
|
|
- Allow the use of the SHF_LINK_ORDER section flag to discard unused notes. (Experimental).
|
|
|
|
|
- Enable the build and installation of the LLVM and Clang plugins. (Experimental).
|
|
|
|
|
- gcc-plugin: Fix test for empty PowerPC sections. (#1880634)
|
|
|
|
|
- annocheck: Add tests for the AArch64 BTI and PAC security features. (#1862478)
|
|
|
|
|
- gcc plugin: Use a 4 byte offset for PowerPC start symbols, so that they do not break disassemblies.
|
|
|
|
|
- gcc plugin: Correct the detection of 32-bit x86 builds. (#1876197)
|
|
|
|
|
- gcc plugin: Detect any attempt to access the global_options array.
|
|
|
|
|
|
|
|
|
|
* Wed Oct 07 2020 Jakub Jelinek <jakub@redhat.com> - 9.28-3
|
|
|
|
|
- NVR bump to allow rebuilding without using annobin.
|
|
|
|
|
|
|
|
|
|
* Tue Oct 06 2020 Jakub Jelinek <jakub@redhat.com> - 9.28-2
|
|
|
|
|
- Rebuilt for gcc 10.2.1-5
|
|
|
|
|
|
|
|
|
|
* Tue Aug 11 2020 Nick Clifton <nickc@redhat.com> - 9.28-1
|
|
|
|
|
- gcc plugin: Do not complain about missing pre-processor options when examining a preprocessed input file. (#1862718)
|
|
|
|
|
|
|
|
|
|
* Thu Jul 30 2020 Nick Clifton <nickc@redhat.com> - 9.27-1
|
|
|
|
|
- Use more robust checks for AArch64 options.
|
|
|
|
|
|
|
|
|
|
* Thu Jul 30 2020 Nick Clifton <nickc@redhat.com> - 9.26-1
|
|
|
|
|
- Detect CLANG compiled assembler that is missing IBT support.
|
|
|
|
|
|
|
|
|
|
* Wed Jul 29 2020 Nick Clifton <nickc@redhat.com> - 9.25-1
|
|
|
|
|
- Improved target pointer size discovery.
|
|
|
|
|
|
|
|
|
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 9.24-3
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Sun Jul 26 2020 Nick Clifton <nickc@redhat.com> - 9.24-2
|
|
|
|
|
- Rebuild with plugin enabled to check that suppression works.
|
|
|
|
|
|
|
|
|
|
* Sun Jul 26 2020 Nick Clifton <nickc@redhat.com> - 9.24-1
|
|
|
|
|
- Add support for installing clang and llvm plugins.
|
|
|
|
|
- Temporary suppression of aarch64 pointer size check. (#1860549)
|
|
|
|
|
|
|
|
|
|
* Sat Jul 25 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 9.23-2
|
|
|
|
|
- Rebuild for gcc 10.2
|
|
|
|
|
|
|
|
|
|
* Wed Jul 01 2020 Nick Clifton <nickc@redhat.com> - 9.23-1
|
|
|
|
|
- Annocheck: Do not skip tests of the short-enums notes. (#1743635)
|
|
|
|
|
|
|
|
|
|
* Mon Jun 15 2020 Nick Clifton <nickc@redhat.com> - 9.22-1
|
|
|
|
|
- Add (optional) llvm plugin.
|
|
|
|
|
|
|
|
|
|
* Wed Apr 22 2020 Nick Clifton <nickc@redhat.com> - 9.21-1
|
|
|
|
|
- Annobin: Fall back on using the flags if the option cannot be found in cl_options. (#1817659)
|
|
|
|
|
|
|
|
|
|
* Thu Apr 16 2020 Nick Clifton <nickc@redhat.com> - 9.20-1
|
|
|
|
|
- Annocheck: Detect Fortran compiled programs. (#1824393)
|
|
|
|
|
|
|
|
|
|
* Wed Apr 01 2020 Nick Clifton <nickc@redhat.com> - 9.19-1
|
|
|
|
|
- Annobin: If option name mismatch occurs, seach for the real option. (#1817452)
|
|
|
|
|
|
|
|
|
|
* Mon Mar 30 2020 Nick Clifton <nickc@redhat.com> - 9.18-1
|
|
|
|
|
- Annocheck: Fix a division by zero error when parsing GO binaries. (#1818863)
|
|
|
|
|
|
|
|
|
|
* Fri Mar 27 2020 Nick Clifton <nickc@redhat.com> - 9.16-1
|
|
|
|
|
- Annobin: Fix access to the -flto and -fsanitize flags.
|
|
|
|
|
|
|
|
|
|
* Thu Mar 26 2020 Nick Clifton <nickc@redhat.com> - 9.14-1
|
|
|
|
|
- Annobin: Use offsets stored in gcc's cl_option structure to access the global_options array, thus removing the need to check for changes in the size of this structure.
|
|
|
|
|
|
|
|
|
|
* Thu Mar 26 2020 Nick Clifton <nickc@redhat.com> - 9.13-2
|
|
|
|
|
- NVR bump to allow rebuilding against new gcc.
|
|
|
|
|
|
|
|
|
|
* Thu Mar 12 2020 Nick Clifton <nickc@redhat.com> - 9.13-1
|
|
|
|
|
- Rename gcc plugin directory to gcc-plugin.
|
|
|
|
|
- Stop annocheck from complaining about missing options when the binary has been built in a mixed environment.
|
|
|
|
|
|
|
|
|
|
* Thu Mar 12 2020 Nick Clifton <nickc@redhat.com> - 9.12-3
|
|
|
|
|
- And again, this time with annotation enabled. (#1810941)
|
|
|
|
|
|
|
|
|
|
* Thu Mar 12 2020 Nick Clifton <nickc@redhat.com> - 9.12-2
|
|
|
|
|
- NVR bump to enable rebuild against updated gcc. (#1810941)
|
|
|
|
|
|
|
|
|
|
* Wed Mar 04 2020 Nick Clifton <nickc@redhat.com> - 9.12-1
|
|
|
|
|
- Improve builtby tool.
|
|
|
|
|
- Stop annocheck complaining about missing notes when the binary is not compiled by either gcc or clang.
|
|
|
|
|
- Skip the check of the ENTRY instruction for binaries not compiled by gcc or clang. (#1809656)
|
|
|
|
|
|
|
|
|
|
* Fri Feb 28 2020 Nick Clifton <nickc@redhat.com> - 9.11-1
|
|
|
|
|
- Fix infinite loop hangup in annocheck.
|
|
|
|
|
- Disable debuginfod support by default.
|
|
|
|
|
- Improve parsing of .comment section.
|
|
|
|
|
|
|
|
|
|
* Thu Feb 27 2020 Nick Clifton <nickc@redhat.com> - 9.10-1
|
|
|
|
|
- Fix clang plugin to use hidden symbols.
|
|
|
|
|
|
|
|
|
|
* Tue Feb 25 2020 Nick Clifton <nickc@redhat.com> - 9.09-1
|
|
|
|
|
- Add ability to build clang plugin (disabled by default).
|
|
|
|
|
|
|
|
|
|
* Mon Feb 17 2020 Nick Clifton <nickc@redhat.com> - 9.08-1
|
|
|
|
|
- Annocheck: Fix error printing out the version number.
|
|
|
|
|
|
|
|
|
|
* Fri Feb 14 2020 Nick Clifton <nickc@redhat.com> - 9.07-1
|
|
|
|
|
- Annobin: Add checks of the exact location of the examined switches.
|
|
|
|
|
|
|
|
|
|
* Tue Feb 11 2020 Nick Clifton <nickc@redhat.com> - 9.06-1
|
|
|
|
|
- Annobin: Note when stack clash notes are generated.
|
|
|
|
|
- Annocheck: Handle multiple builder IDs in the .comment section.
|
|
|
|
|
|
|
|
|
|
* Fri Jan 31 2020 Nick Clifton <nickc@redhat.com> - 9.05-1
|
|
|
|
|
- Add configure option to suppress building annocheck.
|
|
|
|
|
|
|
|
|
|
* Fri Jan 31 2020 Nick Clifton <nickc@redhat.com> - 9.04-1
|
|
|
|
|
- Fix debuginfod test.
|
|
|
|
|
|
|
|
|
|
* Thu Jan 30 2020 Nick Clifton <nickc@redhat.com> - 9.03-2
|
|
|
|
|
- Correct the build requirement for building with debuginfod support.
|
|
|
|
|
|
|
|
|
|
* Thu Jan 30 2020 Nick Clifton <nickc@redhat.com> - 9.03-1
|
|
|
|
|
- Add debuginfod support.
|
|
|
|
|
|
|
|
|
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 9.01-3
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Mon Jan 20 2020 Nick Clifton <nickc@redhat.com> - 9.01-2
|
|
|
|
|
- Rebuild againt latest gcc-10.
|
|
|
|
|
|
|
|
|
|
* Mon Jan 20 2020 Nick Clifton <nickc@redhat.com> - 9.01-1
|
|
|
|
|
- Add clang plugin (experimental).
|
|
|
|
|
|
|
|
|
|
* Fri Dec 06 2019 Nick Clifton <nickc@redhat.com> - 8.92-1
|
|
|
|
|
- Have annocheck ignore notes with an end address of 0.
|
|
|
|
|
|
|
|
|
|
* Mon Nov 18 2019 Nick Clifton <nickc@redhat.com> - 8.91-1
|
|
|
|
|
- Improve checking of gcc versions.
|
|
|
|
|
|
|
|
|
|
* Fri Nov 15 2019 Nick Clifton <nickc@redhat.com> - 8.90-1
|
|
|
|
|
- Do not skip positive results.
|
|
|
|
|
|
|
|
|
|
* Fri Nov 01 2019 Nick Clifton <nickc@redhat.com> - 8.88-1
|
|
|
|
|
- Generate a WARN result for code compiled with instrumentation enabled. (#1753918)
|
|
|
|
|
|
|
|
|
|
* Tue Oct 22 2019 Nick Clifton <nickc@redhat.com> - 8.87-1
|
|
|
|
|
- Replace address checks with dladdr1.
|
|
|
|
|
|
|
|
|
|
* Mon Oct 21 2019 Nick Clifton <nickc@redhat.com> - 8.86-1
|
|
|
|
|
- Use libabigail like checking to ensure variable address consistency.
|
|
|
|
|
|
|
|
|
|
* Wed Oct 16 2019 Nick Clifton <nickc@redhat.com> - 8.85-1
|
|
|
|
|
- Skip generation of global notes for hot/cold sections.
|
|
|
|
|
|
|
|
|
|
* Thu Oct 10 2019 Nick Clifton <nickc@redhat.com> - 8.84-1
|
|
|
|
|
- Generate FAIL results if -Wall or -Wformat-security are missing.
|
|
|
|
|
|
|
|
|
|
* Thu Oct 03 2019 Nick Clifton <nickc@redhat.com> - 8.83-1
|
|
|
|
|
- If notes cannot be found in the executable look for them in the debuginfo file, if available.
|
|
|
|
|
- Generate a FAIL if notes are missing from the executable/debuginfo file.
|
|
|
|
|
- Record and report the setting of the AArcht64 specific -mbranch-protection option.
|
|
|
|
|
|
|
|
|
|
* Mon Sep 23 2019 Nick Clifton <nickc@redhat.com> - 8.81-1
|
|
|
|
|
- Improve detection of GO binaries.
|
|
|
|
|
- Add gcc version information to annobin notes.
|
|
|
|
|
- Do not complain about missing FORTIFY_SOURCE and GLIBCXX_ASSERTIONS in LTO compilations.
|
|
|
|
|
|
|
|
|
|
* Wed Sep 04 2019 Nick Clifton <nickc@redhat.com> - 8.79-2
|
|
|
|
|
- NVR bump to allow rebuild against latest gcc. (#1748529)
|
|
|
|
|
|
|
|
|
|
* Tue Aug 06 2019 Nick Clifton <nickc@redhat.com> - 8.79-1
|
|
|
|
|
- Allow compiler used to run tests to be specified on the command line. (#1723401)
|
|
|
|
|
|
|
|
|
|
* Tue Aug 06 2019 Nick Clifton <nickc@redhat.com> - 8.78-1
|
|
|
|
|
- Fix a memory allocation error in the annobin plugin. (#1737306)
|
|
|
|
|
|
|
|
|
|
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 8.77-2
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Mon Jun 24 2019 Nick Clifton <nickc@redhat.com> - 8.77-1
|
|
|
|
|
- Another attempt at fixing the detection and reporting of missing -D_FORTIFY_SOURCE options. (#1703500)
|
|
|
|
|
|
|
|
|
|