import annobin-10.29-1.el9
This commit is contained in:
parent
3bd486ba5f
commit
9973028a3b
@ -1 +1 @@
|
||||
35001808b4ad6fd3f9f88301adf78d987a0a02ce SOURCES/annobin-9.90.tar.xz
|
||||
cb5a3c922fa3018c7df177d27357a04cfc9085e5 SOURCES/annobin-10.29.tar.xz
|
||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/annobin-9.90.tar.xz
|
||||
SOURCES/annobin-10.29.tar.xz
|
||||
|
@ -1,7 +1,7 @@
|
||||
|
||||
Name: annobin
|
||||
Summary: Annotate and examine compiled binary files
|
||||
Version: 9.90
|
||||
Version: 10.29
|
||||
Release: 1%{?dist}
|
||||
License: GPLv3+
|
||||
# Maintainer: nickc@redhat.com
|
||||
@ -37,7 +37,7 @@ License: GPLv3+
|
||||
# checking logic or when building on RHEL-7 or earlier.
|
||||
%global with_hard_gcc_version_requirement 1
|
||||
|
||||
%bcond_with plugin_rebuild
|
||||
%bcond_without plugin_rebuild
|
||||
# Allow the building of annobin without using annobin itself.
|
||||
# This is because if we are bootstrapping a new build environment we can have
|
||||
# a new version of gcc installed, but without a new of annobin installed.
|
||||
@ -54,9 +54,13 @@ License: GPLv3+
|
||||
|
||||
#---------------------------------------------------------------------------------
|
||||
|
||||
Source: https://nickc.fedorapeople.org/annobin-%{version}.tar.xz
|
||||
%global annobin_sources annobin-%{version}.tar.xz
|
||||
Source: https://nickc.fedorapeople.org/%{annobin_sources}
|
||||
# For the latest sources use: git clone git://sourceware.org/git/annobin.git
|
||||
|
||||
# This is where a copy of the sources will be installed.
|
||||
%global annobin_source_dir %{_usrsrc}/annobin
|
||||
|
||||
# Insert patches here, if needed. Eg:
|
||||
# Patch01: annobin-foo.patch
|
||||
|
||||
@ -174,14 +178,19 @@ hardening options.
|
||||
|
||||
%global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin)
|
||||
|
||||
%if %{with clangplugin} || %{with llvmplugin}
|
||||
# FIXME: We currently assume that the first directory listed in clang's
|
||||
# search directory output is the one that we should use for plugins.
|
||||
# This might not be correct.
|
||||
# The gensub() below is because without it $2 would look like:
|
||||
# " =/usr/lib64/clang/8.0.0"
|
||||
# Note - we install LLVM plugins into the same directory as Clang plugins.
|
||||
%global ANNOBIN_CLANG_PLUGIN_DIR %(clang --print-search-dirs | gawk -e'BEGIN { FS = ":" } /libraries/ { print gensub(" =","",1,$2) } END { }')
|
||||
%{!?llvm_version:%global llvm_version 12.0.1}
|
||||
%{!?llvm_plugin_dir:%global llvm_plugin_dir %{_libdir}/llvm/%{llvm_version}}
|
||||
%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/%{llvm_version}}
|
||||
|
||||
%if %{with gccplugin}
|
||||
# The next line has been stolen from redhat-rpm-config.spec.
|
||||
# We install a version info file into this directory, rather than gcc's plugin
|
||||
# directory, because there is no reliable way for redhat-rpm-config to
|
||||
# determine the name of gcc's plugin directory.
|
||||
%global rrcdir /usr/lib/rpm/redhat
|
||||
|
||||
# Information about the gcc plugin is recorded in this file.
|
||||
%global aver %{rrcdir}/annobin-plugin-version-info
|
||||
%endif
|
||||
|
||||
#---------------------------------------------------------------------------------
|
||||
@ -232,18 +241,20 @@ CONFIG_ARGS="$CONFIG_ARGS --with-llvm"
|
||||
CONFIG_ARGS="$CONFIG_ARGS --without-test"
|
||||
%endif
|
||||
|
||||
%configure ${CONFIG_ARGS} || cat config.log
|
||||
|
||||
%ifarch %{ix86} x86_64
|
||||
# FIXME: There should be a better way to do this.
|
||||
export CLANG_TARGET_OPTIONS="-fcf-protection"
|
||||
%endif
|
||||
%set_build_flags
|
||||
|
||||
# Fedora supports AArch64's -mbranch-protection=bti, RHEL does not.
|
||||
%if 0%{?fedora} != 0
|
||||
export CFLAGS="$CFLAGS -DAARCh64_BRANCH_PROTECTION_SUPPORTED=1"
|
||||
%endif
|
||||
|
||||
CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" CXXFLAGS="$CFLAGS" %configure ${CONFIG_ARGS} || cat config.log
|
||||
|
||||
%ifarch %{ix86} x86_64
|
||||
# FIXME: There should be a better way to do this.
|
||||
export CLANG_TARGET_OPTIONS="-fcf-protection"
|
||||
%endif
|
||||
|
||||
%make_build
|
||||
|
||||
%if %{with plugin_rebuild}
|
||||
@ -289,7 +300,29 @@ make -C llvm-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS"
|
||||
|
||||
# PLUGIN_INSTALL_DIR is used by the Clang and LLVM makefiles...
|
||||
%install
|
||||
%make_install PLUGIN_INSTALL_DIR=$RPM_BUILD_ROOT%{ANNOBIN_CLANG_PLUGIN_DIR}
|
||||
%make_install PLUGIN_INSTALL_DIR=%{buildroot}/%{llvm_plugin_dir}
|
||||
|
||||
%if %{with clangplugin}
|
||||
# Move the clang plugin to a seperate directory.
|
||||
mkdir -p %{buildroot}/%{clang_plugin_dir}
|
||||
mv %{buildroot}/%{llvm_plugin_dir}/annobin-for-clang.so %{buildroot}/%{clang_plugin_dir}
|
||||
%endif
|
||||
|
||||
%if %{with gccplugin}
|
||||
# Record the version of gcc that built this plugin.
|
||||
mkdir -p %{buildroot}%{rrcdir}
|
||||
rm -f %{buildroot}%{aver}
|
||||
# Note - the comparison logic in redhat-rpm-config's %%triggger macros require
|
||||
# that the plugin builder information appear as the first three numbers in the file.
|
||||
echo %{gcc_vr} > %{buildroot}%{aver}
|
||||
# Provide a more complete version information string on the second line.
|
||||
echo "%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0.0.0 was built by gcc version %{gcc_vr} from the %{version} sources" >> %{buildroot}%{aver}
|
||||
|
||||
# Also install a copy of the sources into the build tree.
|
||||
mkdir -p %{buildroot}%{annobin_source_dir}
|
||||
cp %{_sourcedir}/%{annobin_sources} %{buildroot}%{annobin_source_dir}/latest-annobin.tar.xz
|
||||
%endif
|
||||
|
||||
rm -f %{buildroot}%{_infodir}/dir
|
||||
|
||||
#---------------------------------------------------------------------------------
|
||||
@ -313,17 +346,23 @@ fi
|
||||
%doc %{_datadir}/doc/annobin-plugin/annotation.proposal.txt
|
||||
%{_infodir}/annobin.info*
|
||||
%{_mandir}/man1/annobin.1*
|
||||
%{_mandir}/man1/built-by.1*
|
||||
%{_mandir}/man1/check-abi.1*
|
||||
%{_mandir}/man1/hardened.1*
|
||||
%{_mandir}/man1/run-on-binaries-in.1*
|
||||
%exclude %{_mandir}/man1/built-by.1*
|
||||
%exclude %{_mandir}/man1/check-abi.1*
|
||||
%exclude %{_mandir}/man1/hardened.1*
|
||||
%exclude %{_mandir}/man1/run-on-binaries-in.1*
|
||||
|
||||
%if %{with clangplugin} || %{with llvmplugin}
|
||||
%{ANNOBIN_CLANG_PLUGIN_DIR}
|
||||
%if %{with clangplugin}
|
||||
%{clang_plugin_dir}/annobin-for-clang.so
|
||||
%endif
|
||||
|
||||
%if %{with llvmplugin}
|
||||
%{llvm_plugin_dir}/annobin-for-llvm.so
|
||||
%endif
|
||||
|
||||
%if %{with gccplugin}
|
||||
%{ANNOBIN_GCC_PLUGIN_DIR}
|
||||
%{aver}
|
||||
%{annobin_source_dir}/latest-annobin.tar.xz
|
||||
%endif
|
||||
|
||||
%if %{with annocheck}
|
||||
@ -335,6 +374,87 @@ fi
|
||||
#---------------------------------------------------------------------------------
|
||||
|
||||
%changelog
|
||||
* Thu Nov 25 2021 Nick Clifton <nickc@redhat.com> - 10.29-1
|
||||
- gcc-plugin: Fix bug creating empty attachments.
|
||||
- Annocheck: Change MAYB result to SKIP for DT_RPATH. (#2026300)
|
||||
- Annocheck: Skip missing fortify/warning notes for ARM32.
|
||||
|
||||
* Thu Nov 18 2021 Nick Clifton <nickc@redhat.com> - 10.26-1
|
||||
- gcc-plugin: Another attempt at fixing ppc64le section grouping. (#2016458)
|
||||
|
||||
* Tue Nov 16 2021 Nick Clifton <nickc@redhat.com> - 10.25-1
|
||||
- gcc-plugin: Revert 10.22 change. (#2023437)
|
||||
- Annocheck: Add exception for /usr/sbin/ldconfig. (#2022973)
|
||||
|
||||
* Mon Nov 08 2021 Nick Clifton <nickc@redhat.com> - 10.23-1
|
||||
- Annocheck: Add a test for unicode characters in identifiers. (#2009287)
|
||||
|
||||
* Wed Oct 27 2021 Nick Clifton <nickc@redhat.com> - 10.22-1
|
||||
- gcc-plugin: Default to link-order grouping for PPC64LE. (#2016458)
|
||||
- Annocheck: Do not fail if a --skip-<name> option does not match a known test.
|
||||
- ldconfig-test: Skip the LTO check.
|
||||
|
||||
* Tue Oct 26 2021 Nick Clifton <nickc@redhat.com> - 10.20-1
|
||||
- annocheck: Add more glibc functions.
|
||||
- gcc-plugin: Attach the .text section to the .text.group. (#2016458)
|
||||
|
||||
* Tue Oct 19 2021 Nick Clifton <nickc@redhat.com> - 10.17-1
|
||||
- Better reporting of problems in object files. (#2013708)
|
||||
|
||||
* Mon Oct 18 2021 Nick Clifton <nickc@redhat.com> - 10.16-1
|
||||
- Fix -mstackrealign test for non-GCC compiled files. (#2013658)
|
||||
|
||||
* Thu Oct 14 2021 Nick Clifton <nickc@redhat.com> - 10.15-2
|
||||
- Re-enable use of annobin plugin when building annobin. (#2013658)
|
||||
- Exclude man pages for uninstalled scripts. (#2013562)
|
||||
|
||||
* Wed Oct 13 2021 Nick Clifton <nickc@redhat.com> - 10.15-1
|
||||
- Annocheck: Add tests based upon recent bug fixes.
|
||||
- Annocheck: Another tweak to glibc detection code.
|
||||
|
||||
* Fri Oct 08 2021 Nick Clifton <nickc@redhat.com> - 10.13-1
|
||||
- Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found. (#20011438)
|
||||
- Annocheck: Fix MAYB results for mixed GO/C files.
|
||||
- Annocheck: Move some messages from VERBOSE to VERBOSE2.
|
||||
- Annocheck: Scan zero-length tool notes.
|
||||
|
||||
* Wed Oct 06 2021 Nick Clifton <nickc@redhat.com> - 10.11-1
|
||||
- Annocheck: Fix covscan detected flaws.
|
||||
- plugins: Add more required build options. (#2011163)
|
||||
|
||||
* Tue Oct 05 2021 Nick Clifton <nickc@redhat.com> - 10.10-1
|
||||
- Annocheck: Fix cf-prot test to fail if the CET notes are missing. (#2010671)
|
||||
- Annocheck: Skip gaps in the .plt section. (#2010675)
|
||||
- Plugins: Add -g option when building LLVM and Clang. (#2010675)
|
||||
|
||||
* Mon Oct 04 2021 Nick Clifton <nickc@redhat.com> - 10.09-1
|
||||
- Annocheck: Add more cases of glibc startup functions. (#1981410)
|
||||
- Annocheck: Fix covscan detected problems.
|
||||
- Annocheck: Add --profile=el8.
|
||||
- gcc-plugin: Conditionalize generation of branch protection note.
|
||||
- Annocheck: Ignore gaps containing NOP instructions.
|
||||
|
||||
* Thu Sep 16 2021 Nick Clifton <nickc@redhat.com> - 10.06-1
|
||||
- GCC Plugin: Fix detection of running inside the LTO compiler. (#2004917)
|
||||
- Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries.
|
||||
- Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result. (#1995224)
|
||||
- Annocheck: Do not set CFLAGS/LDFLAGS when building. Take from environment instead.
|
||||
- Annocheck: Fix exit code when tests PASS.
|
||||
- Documentation: Add node for each hardening test.
|
||||
- Documentation: Install online.
|
||||
- Annocheck: Annote FAIL and MAYB results with URL to documentation
|
||||
- Annocheck: Add --no-urls and --provide-urls options
|
||||
- Annocheck: Add --help-<tool> option.
|
||||
- Annocheck: Fix fuzzing detected failures.
|
||||
- Annocheck: Add --profile option.
|
||||
- Docs: Document --profile option and rpminspect.yaml.
|
||||
- Annocheck: Skip GO/CET checks. Fix fuzzing detected failures.
|
||||
- LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. (#1997444)
|
||||
- spec file: Add the installation of the annobon sources into /usr/src/annobin.
|
||||
- Annocheck: Fix memory corruption. (#1996963)
|
||||
- spec file: Add the creation of a gcc-plugin version info file in /usr/lib/rpm/redhat.
|
||||
- Annocheck: Fix conditionalization of AArch64's PAC+BTI detection.
|
||||
|
||||
* Wed Aug 18 2021 Nick Clifton <nickc@redhat.com> - 9.90-1
|
||||
- Annocheck: Add linker generated function for ppc64le exceptions. (#1981410)
|
||||
- LLVM Plugin: Allow checks to be selected from the command line.
|
||||
|
Loading…
Reference in New Issue
Block a user