import annobin-10.29-1.el9

This commit is contained in:
CentOS Sources 2021-12-07 12:39:38 -05:00 committed by Stepan Oksanichenko
parent 3bd486ba5f
commit 9973028a3b
3 changed files with 146 additions and 26 deletions

View File

@ -1 +1 @@
35001808b4ad6fd3f9f88301adf78d987a0a02ce SOURCES/annobin-9.90.tar.xz
cb5a3c922fa3018c7df177d27357a04cfc9085e5 SOURCES/annobin-10.29.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/annobin-9.90.tar.xz
SOURCES/annobin-10.29.tar.xz

View File

@ -1,7 +1,7 @@
Name: annobin
Summary: Annotate and examine compiled binary files
Version: 9.90
Version: 10.29
Release: 1%{?dist}
License: GPLv3+
# Maintainer: nickc@redhat.com
@ -37,7 +37,7 @@ License: GPLv3+
# checking logic or when building on RHEL-7 or earlier.
%global with_hard_gcc_version_requirement 1
%bcond_with plugin_rebuild
%bcond_without plugin_rebuild
# Allow the building of annobin without using annobin itself.
# This is because if we are bootstrapping a new build environment we can have
# a new version of gcc installed, but without a new of annobin installed.
@ -54,9 +54,13 @@ License: GPLv3+
#---------------------------------------------------------------------------------
Source: https://nickc.fedorapeople.org/annobin-%{version}.tar.xz
%global annobin_sources annobin-%{version}.tar.xz
Source: https://nickc.fedorapeople.org/%{annobin_sources}
# For the latest sources use: git clone git://sourceware.org/git/annobin.git
# This is where a copy of the sources will be installed.
%global annobin_source_dir %{_usrsrc}/annobin
# Insert patches here, if needed. Eg:
# Patch01: annobin-foo.patch
@ -174,14 +178,19 @@ hardening options.
%global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin)
%if %{with clangplugin} || %{with llvmplugin}
# FIXME: We currently assume that the first directory listed in clang's
# search directory output is the one that we should use for plugins.
# This might not be correct.
# The gensub() below is because without it $2 would look like:
# " =/usr/lib64/clang/8.0.0"
# Note - we install LLVM plugins into the same directory as Clang plugins.
%global ANNOBIN_CLANG_PLUGIN_DIR %(clang --print-search-dirs | gawk -e'BEGIN { FS = ":" } /libraries/ { print gensub(" =","",1,$2) } END { }')
%{!?llvm_version:%global llvm_version 12.0.1}
%{!?llvm_plugin_dir:%global llvm_plugin_dir %{_libdir}/llvm/%{llvm_version}}
%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/%{llvm_version}}
%if %{with gccplugin}
# The next line has been stolen from redhat-rpm-config.spec.
# We install a version info file into this directory, rather than gcc's plugin
# directory, because there is no reliable way for redhat-rpm-config to
# determine the name of gcc's plugin directory.
%global rrcdir /usr/lib/rpm/redhat
# Information about the gcc plugin is recorded in this file.
%global aver %{rrcdir}/annobin-plugin-version-info
%endif
#---------------------------------------------------------------------------------
@ -232,18 +241,20 @@ CONFIG_ARGS="$CONFIG_ARGS --with-llvm"
CONFIG_ARGS="$CONFIG_ARGS --without-test"
%endif
%configure ${CONFIG_ARGS} || cat config.log
%ifarch %{ix86} x86_64
# FIXME: There should be a better way to do this.
export CLANG_TARGET_OPTIONS="-fcf-protection"
%endif
%set_build_flags
# Fedora supports AArch64's -mbranch-protection=bti, RHEL does not.
%if 0%{?fedora} != 0
export CFLAGS="$CFLAGS -DAARCh64_BRANCH_PROTECTION_SUPPORTED=1"
%endif
CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" CXXFLAGS="$CFLAGS" %configure ${CONFIG_ARGS} || cat config.log
%ifarch %{ix86} x86_64
# FIXME: There should be a better way to do this.
export CLANG_TARGET_OPTIONS="-fcf-protection"
%endif
%make_build
%if %{with plugin_rebuild}
@ -289,7 +300,29 @@ make -C llvm-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS"
# PLUGIN_INSTALL_DIR is used by the Clang and LLVM makefiles...
%install
%make_install PLUGIN_INSTALL_DIR=$RPM_BUILD_ROOT%{ANNOBIN_CLANG_PLUGIN_DIR}
%make_install PLUGIN_INSTALL_DIR=%{buildroot}/%{llvm_plugin_dir}
%if %{with clangplugin}
# Move the clang plugin to a seperate directory.
mkdir -p %{buildroot}/%{clang_plugin_dir}
mv %{buildroot}/%{llvm_plugin_dir}/annobin-for-clang.so %{buildroot}/%{clang_plugin_dir}
%endif
%if %{with gccplugin}
# Record the version of gcc that built this plugin.
mkdir -p %{buildroot}%{rrcdir}
rm -f %{buildroot}%{aver}
# Note - the comparison logic in redhat-rpm-config's %%triggger macros require
# that the plugin builder information appear as the first three numbers in the file.
echo %{gcc_vr} > %{buildroot}%{aver}
# Provide a more complete version information string on the second line.
echo "%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0.0.0 was built by gcc version %{gcc_vr} from the %{version} sources" >> %{buildroot}%{aver}
# Also install a copy of the sources into the build tree.
mkdir -p %{buildroot}%{annobin_source_dir}
cp %{_sourcedir}/%{annobin_sources} %{buildroot}%{annobin_source_dir}/latest-annobin.tar.xz
%endif
rm -f %{buildroot}%{_infodir}/dir
#---------------------------------------------------------------------------------
@ -313,17 +346,23 @@ fi
%doc %{_datadir}/doc/annobin-plugin/annotation.proposal.txt
%{_infodir}/annobin.info*
%{_mandir}/man1/annobin.1*
%{_mandir}/man1/built-by.1*
%{_mandir}/man1/check-abi.1*
%{_mandir}/man1/hardened.1*
%{_mandir}/man1/run-on-binaries-in.1*
%exclude %{_mandir}/man1/built-by.1*
%exclude %{_mandir}/man1/check-abi.1*
%exclude %{_mandir}/man1/hardened.1*
%exclude %{_mandir}/man1/run-on-binaries-in.1*
%if %{with clangplugin} || %{with llvmplugin}
%{ANNOBIN_CLANG_PLUGIN_DIR}
%if %{with clangplugin}
%{clang_plugin_dir}/annobin-for-clang.so
%endif
%if %{with llvmplugin}
%{llvm_plugin_dir}/annobin-for-llvm.so
%endif
%if %{with gccplugin}
%{ANNOBIN_GCC_PLUGIN_DIR}
%{aver}
%{annobin_source_dir}/latest-annobin.tar.xz
%endif
%if %{with annocheck}
@ -335,6 +374,87 @@ fi
#---------------------------------------------------------------------------------
%changelog
* Thu Nov 25 2021 Nick Clifton <nickc@redhat.com> - 10.29-1
- gcc-plugin: Fix bug creating empty attachments.
- Annocheck: Change MAYB result to SKIP for DT_RPATH. (#2026300)
- Annocheck: Skip missing fortify/warning notes for ARM32.
* Thu Nov 18 2021 Nick Clifton <nickc@redhat.com> - 10.26-1
- gcc-plugin: Another attempt at fixing ppc64le section grouping. (#2016458)
* Tue Nov 16 2021 Nick Clifton <nickc@redhat.com> - 10.25-1
- gcc-plugin: Revert 10.22 change. (#2023437)
- Annocheck: Add exception for /usr/sbin/ldconfig. (#2022973)
* Mon Nov 08 2021 Nick Clifton <nickc@redhat.com> - 10.23-1
- Annocheck: Add a test for unicode characters in identifiers. (#2009287)
* Wed Oct 27 2021 Nick Clifton <nickc@redhat.com> - 10.22-1
- gcc-plugin: Default to link-order grouping for PPC64LE. (#2016458)
- Annocheck: Do not fail if a --skip-<name> option does not match a known test.
- ldconfig-test: Skip the LTO check.
* Tue Oct 26 2021 Nick Clifton <nickc@redhat.com> - 10.20-1
- annocheck: Add more glibc functions.
- gcc-plugin: Attach the .text section to the .text.group. (#2016458)
* Tue Oct 19 2021 Nick Clifton <nickc@redhat.com> - 10.17-1
- Better reporting of problems in object files. (#2013708)
* Mon Oct 18 2021 Nick Clifton <nickc@redhat.com> - 10.16-1
- Fix -mstackrealign test for non-GCC compiled files. (#2013658)
* Thu Oct 14 2021 Nick Clifton <nickc@redhat.com> - 10.15-2
- Re-enable use of annobin plugin when building annobin. (#2013658)
- Exclude man pages for uninstalled scripts. (#2013562)
* Wed Oct 13 2021 Nick Clifton <nickc@redhat.com> - 10.15-1
- Annocheck: Add tests based upon recent bug fixes.
- Annocheck: Another tweak to glibc detection code.
* Fri Oct 08 2021 Nick Clifton <nickc@redhat.com> - 10.13-1
- Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found. (#20011438)
- Annocheck: Fix MAYB results for mixed GO/C files.
- Annocheck: Move some messages from VERBOSE to VERBOSE2.
- Annocheck: Scan zero-length tool notes.
* Wed Oct 06 2021 Nick Clifton <nickc@redhat.com> - 10.11-1
- Annocheck: Fix covscan detected flaws.
- plugins: Add more required build options. (#2011163)
* Tue Oct 05 2021 Nick Clifton <nickc@redhat.com> - 10.10-1
- Annocheck: Fix cf-prot test to fail if the CET notes are missing. (#2010671)
- Annocheck: Skip gaps in the .plt section. (#2010675)
- Plugins: Add -g option when building LLVM and Clang. (#2010675)
* Mon Oct 04 2021 Nick Clifton <nickc@redhat.com> - 10.09-1
- Annocheck: Add more cases of glibc startup functions. (#1981410)
- Annocheck: Fix covscan detected problems.
- Annocheck: Add --profile=el8.
- gcc-plugin: Conditionalize generation of branch protection note.
- Annocheck: Ignore gaps containing NOP instructions.
* Thu Sep 16 2021 Nick Clifton <nickc@redhat.com> - 10.06-1
- GCC Plugin: Fix detection of running inside the LTO compiler. (#2004917)
- Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries.
- Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result. (#1995224)
- Annocheck: Do not set CFLAGS/LDFLAGS when building. Take from environment instead.
- Annocheck: Fix exit code when tests PASS.
- Documentation: Add node for each hardening test.
- Documentation: Install online.
- Annocheck: Annote FAIL and MAYB results with URL to documentation
- Annocheck: Add --no-urls and --provide-urls options
- Annocheck: Add --help-<tool> option.
- Annocheck: Fix fuzzing detected failures.
- Annocheck: Add --profile option.
- Docs: Document --profile option and rpminspect.yaml.
- Annocheck: Skip GO/CET checks. Fix fuzzing detected failures.
- LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. (#1997444)
- spec file: Add the installation of the annobon sources into /usr/src/annobin.
- Annocheck: Fix memory corruption. (#1996963)
- spec file: Add the creation of a gcc-plugin version info file in /usr/lib/rpm/redhat.
- Annocheck: Fix conditionalization of AArch64's PAC+BTI detection.
* Wed Aug 18 2021 Nick Clifton <nickc@redhat.com> - 9.90-1
- Annocheck: Add linker generated function for ppc64le exceptions. (#1981410)
- LLVM Plugin: Allow checks to be selected from the command line.