import annobin-9.23-1.el8

.annobin.metadata

@@ -1 +1 @@
-eafca541590675b6734ff6d5cebfb720eed2e732 SOURCES/annobin-8.90.tar.xz
+89eff4420502ad81cd036c60501f2c4b5adbd7a8 SOURCES/annobin-9.23.tar.xz

.gitignore

@@ -1 +1 @@
-SOURCES/annobin-8.90.tar.xz
+SOURCES/annobin-9.23.tar.xz

SPECS/annobin.spec

@@ -1,13 +1,34 @@
 
 Name:    annobin
-Summary: Binary annotation plugin for GCC
-Version: 8.90
+Summary: Annotate and examine compiled binary files
+Version: 9.23
 Release: 1%{?dist}
-
 License: GPLv3+
-URL:     https://fedoraproject.org/wiki/Toolchain/Watermark
+# ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark
 # Maintainer: nickc@redhat.com
 
+#---------------------------------------------------------------------------------
+
+# Use "--without tests" to disable the testsuite.
+%bcond_without tests
+
+# Use "--without annocheck" to disable the installation of the annocheck program.
+%bcond_without annocheck
+
+# Use "--with debuginfod" to force support for debuginfod to be compiled into
+# the annocheck program.  By default the configure script will check for
+# availablilty at build time, but this might not match the run time situation.
+# FIXME: Add a --without debuginfod option to forcefully disable the configure
+# time check for debuginfod support.
+%bcond_with debuginfod
+
+# Use "--with clangplugin" to build the annobin plugin for clang.
+%bcond_with clangplugin
+
+# Set this to zero to disable the requirement for a specific version of gcc.
+# This should only be needed if there is some kind of problem with the version
+# checking logic or when building on RHEL-7 or earlier.
+%global with_hard_gcc_version_requirement 1
 
 # # Do not build the annobin plugin with annotation enabled.
 # # This is because if we are bootstrapping a new build environment we can have
@@ -24,18 +45,8 @@ URL:     https://fedoraproject.org/wiki/Toolchain/Watermark
 #
 # %%undefine _annotated_build
 
-# Use "--without tests" to disable the testsuite.  The default is to run them.
-%bcond_without tests
-
-# Use "--without annocheck" to disable the installation of the annocheck program.
-%bcond_without annocheck
-
-# Set this to zero to disable the requirement for a specific version of gcc.
-# This should only be needed if there is some kind of problem with the version
-# checking logic or when building on RHEL-7 or earlier.
-%global with_hard_gcc_version_requirement 1
-
 #---------------------------------------------------------------------------------
+
 # Source:  https://nickc.fedorapeople.org/annobin-%%{version}.tar.xz
 Source:  annobin-%{version}.tar.xz
 # For the latest sources use:  git clone git://sourceware.org/git/annobin.git
@@ -98,6 +109,9 @@ Requires: gcc
 %endif
 
 BuildRequires: gcc gcc-plugin-devel gcc-c++
+%if %{with clangplugin}
+BuildRequires: clang clang-devel llvm llvm-devel
+%endif
 
 %description
 Provides a plugin for GCC that records extra information in the files
@@ -106,6 +120,10 @@ that it compiles.
 Note - the plugin is automatically enabled in gcc builds via flags
 provided by the redhat-rpm-macros package.
 
+%if %{with clangplugin}
+Also provides a plugin for clang which performs a similar function.
+%endif
+
 #---------------------------------------------------------------------------------
 %if %{with tests}
 
@@ -125,6 +143,9 @@ of the resulting files.
 Summary: A tool for checking the security hardening status of binaries
 
 BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel
+%if %{with debuginfod}
+BuildRequires: elfutils-debuginfod-client-devel
+%endif
 
 %description annocheck
 Installs the annocheck program which uses the notes generated by annobin to
@@ -135,7 +156,15 @@ hardening options.
 
 #---------------------------------------------------------------------------------
 
-%global ANNOBIN_PLUGIN_DIR %(gcc --print-file-name=plugin)
+%global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin)
+
+%if %{with clangplugin}
+# FIXME: Clang does not appear to have an official plugin directory.
+# Instead it just uses dlopen() with no pathname prefix.  So we
+# construct a (hopefully good) path and rely upon users of annobin
+# knowing about this location.
+%global ANNOBIN_CLANG_PLUGIN_DIR /usr/lib64/clang/%(clang --dumpversion)/lib
+%endif
 
 #---------------------------------------------------------------------------------
 
@@ -145,14 +174,14 @@ if [ -z "%{gcc_vr}" ]; then
     exit 1
 fi
 
-echo "Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next})"
+echo "Requires: (gcc >= %{gcc_major} and gcc < %{gcc_next})"
 
 %autosetup -p1
 
 # The plugin has to be configured with the same arcane configure
 # scripts used by gcc.  Hence we must not allow the Fedora build
 # system to regenerate any of the configure files.
-touch aclocal.m4 plugin/config.h.in
+touch aclocal.m4 gcc-plugin/config.h.in
 touch configure */configure Makefile.in */Makefile.in
 # Similarly we do not want to rebuild the documentation.
 touch doc/annobin.info
@@ -160,7 +189,13 @@ touch doc/annobin.info
 #---------------------------------------------------------------------------------
 
 %build
-%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_PLUGIN_DIR}
+
+%if %{with debuginfod}
+%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR} --with-debuginfod || cat config.log
+%else
+%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR} || cat config.log
+%endif
+
 %make_build
 # Rebuild the plugin, this time using the plugin itself!  This
 # ensures that the plugin works, and that it contains annotations
@@ -168,39 +203,50 @@ touch doc/annobin.info
 # double annotations in it.  (If the build system enables annotations
 # for plugins by default).  I have not tested this yet, but I think
 # that it should be OK.
-cp plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so
-make -C plugin clean
+cp gcc-plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so
+make -C gcc-plugin clean
 BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so -fplugin-arg-tmp_annobin-rename"
 # If building on RHEL7, enable the next option as the .attach_to_group assembler pseudo op is not available in the assembler.
 # BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach"
-make -C plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
+make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
 rm %{_tmppath}/tmp_annobin.so
 
+%if %{with clangplugin}
+# FIXME: The symbolic link should not be needed.
+ln -f -s ../annobin-global.h clang-plugin
+make -C clang-plugin annobin.so 
+%endif
+
 #---------------------------------------------------------------------------------
 
 %install
 %make_install
 %{__rm} -f %{buildroot}%{_infodir}/dir
 
+%if %{with clangplugin}
+cp clang-plugin/annobin.so %{ANNOBIN_CLANG_PLUGIN_DIR}
+%endif
+
 #---------------------------------------------------------------------------------
 
 %if %{with tests}
 %check
-# On RHEL7 the assembler does not support all of the annobin tests.
+# Change the following line to "make check || :" on RHEL7 or if you need to see the
+# test suite logs in order to diagnose a test failure.
 make check
 if [ -f tests/test-suite.log ]; then
     cat tests/test-suite.log
 fi
+
+%if %{with clangplugin}
+# FIXME: Add tests of the clang plugin.
+%endif
 %endif
 
 #---------------------------------------------------------------------------------
 
 %files
-%{ANNOBIN_PLUGIN_DIR}
-%{_bindir}/built-by
-%{_bindir}/check-abi
-%{_bindir}/hardened
-%{_bindir}/run-on-binaries-in
+%{ANNOBIN_GCC_PLUGIN_DIR}
 %license COPYING3 LICENSE
 %exclude %{_datadir}/doc/annobin-plugin/COPYING3
 %exclude %{_datadir}/doc/annobin-plugin/LICENSE
@@ -212,7 +258,12 @@ fi
 %doc %{_mandir}/man1/hardened.1.gz
 %doc %{_mandir}/man1/run-on-binaries-in.1.gz
 
+%if %{with clangplugin}
+%{ANNOBIN_CLANG_PLUGIN_DIR}
+%endif
+
 %if %{with annocheck}
+%files annocheck
 %{_bindir}/annocheck
 %doc %{_mandir}/man1/annocheck.1.gz
 %endif
@@ -220,6 +271,40 @@ fi
 #---------------------------------------------------------------------------------
 
 %changelog
+* Wed Jul 01 2020 Nick Clifton <nickc@redhat.com> - 9.23-1
+- Annocheck: Do not skip tests of the short-enums notes.  (#1743635)
+
+* Thu Apr 23 2020 Nick Clifton <nickc@redhat.com> - 9.21-1
+- Annobin: Fall back on using the flags if the option cannot be found in cl_options.  (#1817659)
+- Annocheck: Detect Fortran compiled programs.  (#1824393)
+
+* Mon Apr 06 2020 Nick Clifton <nickc@redhat.com> - 9.19-1
+- Annobin: If option name mismatch occurs, seach for the real option.  (#1817452)
+- Annocheck: Fix a division by zero error when parsing GO binaries.  (#1818863)
+- Annobin: Fix access to the -flto and -fsanitize flags.
+- Annobin: Use offsets stored in gcc's cl_option structure to access the global_options array, thus removing the need to check for changes in the size of this structure.
+- Rename gcc plugin directory to gcc-plugin.
+- Stop annocheck from complaining about missing options when the binary has been built in a mixed environment.
+- Improve builtby tool.
+- Stop annocheck complaining about missing notes when the binary is not compiled by either gcc or clang.
+- Skip the check of the ENTRY instruction for binaries not compiled by gcc or clang.  (#1809656)
+- Fix infinite loop hangup in annocheck.
+- Disable debuginfod support by default.
+- Improve parsing of .comment section.
+- Fix clang plugin to use hidden symbols.
+- Add ability to build clang plugin (disabled by default).
+- Annocheck: Fix error printing out the version number.
+- Annobin: Add checks of the exact location of the examined switches.
+- Annobin: Note when stack clash notes are generated.  (#1803173, #1828797)
+- Annocheck: Handle multiple builder IDs in the .comment section.
+- Add configure option to suppress building annocheck.
+- Fix debuginfod test.
+- Correct the build requirement for building with debuginfod support.
+- Add debuginfod support.
+- Add clang plugin (experimental).
+- Have annocheck ignore notes with an end address of 0.
+- Improve checking of gcc versions.
+
 * Fri Nov 15 2019 Nick Clifton <nickc@redhat.com> - 8.90-1
 - Do not skip positive results.
 
@@ -238,7 +323,7 @@ fi
 - Record and report the setting of the AArcht64 specific -mbranch-protection option.
 - Improve detection of GO binaries.
 - Add gcc version information to annobin notes.
-- Do not complain about missing FORTIFY_SOURCE and GLIBCXX_ASSERTIONS in LTO compilations.
+- Do not complain about missing FORTIFY_SOURCE and GLIBCXX_ASSERTIONS in LTO compilations.  (#1743635)
 
 * Tue Aug 06 2019 Nick Clifton <nickc@redhat.com> - 8.78-1
 - Fix a memory allocation error in the annobin plugin.  (#1737306)