import annobin-10.67-3.el8

.annobin.metadata

@@ -1 +1 @@
-cb5a3c922fa3018c7df177d27357a04cfc9085e5 SOURCES/annobin-10.29.tar.xz
+c0950f32db75ab1aa938fbd0342410c9329682f9 SOURCES/annobin-10.67.tar.xz

.gitignore

@@ -1 +1 @@
-SOURCES/annobin-10.29.tar.xz
+SOURCES/annobin-10.67.tar.xz

SOURCES/annobin-annocheck-no-debuginfod.patch

@@ -0,0 +1,11 @@
+--- annobin.orig/annocheck/annocheck.c	2022-03-24 11:58:57.549279537 +0000
++++ annobin-10.58/annocheck/annocheck.c	2022-03-24 11:59:09.574237612 +0000
+@@ -21,6 +21,8 @@
+ #include <sys/stat.h>
+ #include <elfutils/libdwelf.h>
+ #include <elfutils/libdwfl.h>
++#undef  HAVE_LIBDEBUGINFOD 
++#define HAVE_LIBDEBUGINFOD 0
+ #ifndef LIBANNOCHECK
+ #if HAVE_LIBDEBUGINFOD
+ #include <elfutils/debuginfod.h>

SOURCES/annobin-gaps-test.patch

@@ -1,17 +0,0 @@
---- annobin.orig/tests/gaps-test	2021-11-22 16:02:17.449655455 +0000
-+++ annobin-10.27/tests/gaps-test	2021-11-22 16:06:37.296680446 +0000
-@@ -40,12 +40,13 @@ fi
- # Run annocheck
- 
- SKIPS="--skip-property-note --skip-dynamic-tags --skip-not-dynamic-tags --skip-branch-protection --skip-not-branch-protection --skip-lto"
-+SKIPS+=" --skip-stack-clash --skip-cf-protection --skip-stack-realign"
- $ANNOCHECK main.exe $SKIPS > main.out
- grep -e "PASS" main.out
- if [ $? != 0 ];
- then
-     echo "gaps-test: FAIL: using rpm build macros did not produce an executable that passes annocheck"
--    $ANNOCHECK main.exe $SKIPS --verbose --enable-notes
-+    $ANNOCHECK main.exe $SKIPS --verbose
-     echo $GCC $OPTS $srcdir/main.c -o main.exe
-     end_test
-     exit 1

SOURCES/annobin-nop.patch

@@ -1,12 +1,12 @@
-diff -rup annobin.orig/gcc-plugin/annobin.cc annobin-9.72/gcc-plugin/annobin.cc
---- annobin.orig/gcc-plugin/annobin.cc	2021-05-17 17:25:32.693441649 +0100
-+++ annobin-9.72/gcc-plugin/annobin.cc	2021-05-17 17:25:50.176331776 +0100
-@@ -1722,7 +1722,7 @@ annobin_emit_start_sym_and_version_note
+diff -rup annobin.orig/gcc-plugin/annobin.cc annobin-10.64/gcc-plugin/annobin.cc
+--- annobin.orig/gcc-plugin/annobin.cc	2022-04-06 12:55:02.350469755 +0100
++++ annobin-10.64/gcc-plugin/annobin.cc	2022-04-06 12:55:28.503296390 +0100
+@@ -1851,7 +1851,7 @@ annobin_emit_start_sym_and_version_note
  	 Ensure that we do not have empty special text sections so that the
  	 annobin start symbols are never beyond the end of the sections.  */
+ #ifndef ANNOBIN_NOP_INSN
+-#define ANNOBIN_NOP_INSN ".nop"
++#define ANNOBIN_NOP_INSN "nop"
+ #endif
        if (* suffix && enable_ppc64_nops)
--	annobin_emit_asm (".nop", "Inserted by the annobin plugin.  Disable with -fplugin-arg-annobin-no-ppc64-nops");
-+	annobin_emit_asm ("nop", "Inserted by the annobin plugin.  Disable with -fplugin-arg-annobin-no-ppc64-nops");
-     }
-   else
-     fprintf (asm_out_file, "\t.equiv %s%s, .\n", annobin_output_filesym, suffix);
+ 	annobin_emit_asm (ANNOBIN_NOP_INSN,

SPECS/annobin.spec

@@ -1,11 +1,12 @@
 
 Name:    annobin
 Summary: Annotate and examine compiled binary files
-Version: 10.29
+Version: 10.67
 Release: 3%{?dist}
 License: GPLv3+
-# ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark
 # Maintainer: nickc@redhat.com
+# Web Page: https://sourceware.org/annobin/
+# Watermark Protocol: https://fedoraproject.org/wiki/Toolchain/Watermark
 
 #---------------------------------------------------------------------------------
 
@@ -15,7 +16,7 @@ License: GPLv3+
 # Use "--without annocheck" to disable the installation of the annocheck program.
 %bcond_without annocheck
 
-# Use "--with debuginfod" to force support for debuginfod to be compiled into
+# Use "--with debuginfod" to add support for debuginfod to be compiled into
 # the annocheck program.  By default the configure script will check for
 # availablilty at build time, but this might not match the run time situation.
 # FIXME: Add a --without debuginfod option to forcefully disable the configure
@@ -25,6 +26,9 @@ License: GPLv3+
 # Use "--with clangplugin" to build the annobin plugin for Clang.
 %bcond_with clangplugin
 
+# Use "--without gccplugin" to disable the building of the annobin plugin for GCC.
+%bcond_without gccplugin
+
 # Use "--with llvmplugin" to build the annobin plugin for LLVM.
 %bcond_with llvmplugin
 
@@ -33,7 +37,7 @@ License: GPLv3+
 # checking logic or when building on RHEL-7 or earlier.
 %global with_hard_gcc_version_requirement 1
 
-%bcond_without annobin_plugin
+%bcond_without plugin_rebuild
 # Allow the building of annobin without using annobin itself.
 # This is because if we are bootstrapping a new build environment we can have
 # a new version of gcc installed, but without a new of annobin installed.
@@ -44,19 +48,25 @@ License: GPLv3+
 # then it will abort.
 #
 # The default is to use annobin.  cf BZ 1630550.
-%if %{without annobin_plugin}
+%if %{without plugin_rebuild}
 %undefine _annotated_build
 %endif
 
 #---------------------------------------------------------------------------------
 
-# Source:  https://nickc.fedorapeople.org/annobin-%%{version}.tar.xz
-Source:  annobin-%{version}.tar.xz
+%global annobin_sources annobin-%{version}.tar.xz
+Source: https://nickc.fedorapeople.org/%{annobin_sources}
+# Source: %%{annobin_sources}
 # For the latest sources use:  git clone git://sourceware.org/git/annobin.git
 
+# This is where a copy of the sources will be installed.
+%global annobin_source_dir %{_usrsrc}/annobin
+
+# Insert patches here, if needed.  Eg:
+# Patch01: annobin-foo.patch
 # Insert patches here, if needed.
 Patch01: annobin-nop.patch
-Patch02: annobin-gaps-test.patch
+Patch02: annobin-annocheck-no-debuginfod.patch
 
 #---------------------------------------------------------------------------------
 
@@ -172,14 +182,12 @@ hardening options.
 
 %global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin)
 
-%if %{with clangplugin} || %{with llvmplugin}
-# FIXME: We currently assume that the first directory listed in clang's
-# search directory output is the one that we should use for plugins.
-# This might not be correct.
-# The gensub() below is because without it $2 would look like:
-# " =/usr/lib64/clang/8.0.0"
-# Note - we install LLVM plugins into the same directory as Clang plugins.
-%global ANNOBIN_CLANG_PLUGIN_DIR %(clang --print-search-dirs | gawk -e'BEGIN { FS = ":" } /libraries/ { print gensub(" =","",1,$2) } END { }')
+%{!?llvm_plugin_dir:%global  llvm_plugin_dir  %{_libdir}/llvm/plugins}
+%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/plugins}
+
+%if %{with gccplugin}
+# Information about the gcc plugin is recorded in this file.
+%global aver annobin-plugin-version-info
 %endif
 
 #---------------------------------------------------------------------------------
@@ -206,7 +214,7 @@ touch doc/annobin.info
 
 %build
 
-CONFIG_ARGS=
+CONFIG_ARGS="--quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}"
 
 %if %{with debuginfod}
 CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod"
@@ -218,59 +226,94 @@ CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod"
 CONFIG_ARGS="$CONFIG_ARGS --with-clang"
 %endif
 
+%if %{without gccplugin}
+CONFIG_ARGS="$CONFIG_ARGS --without-gcc-plugin"
+%endif
+
 %if %{with llvmplugin}
 CONFIG_ARGS="$CONFIG_ARGS --with-llvm"
 %endif
 
 %if %{without tests}
-CONFIG_ARGS="$CONFIG_ARGS --without-test"
+CONFIG_ARGS="$CONFIG_ARGS --without-tests"
 %endif
 
-%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR} ${CONFIG_ARGS} || cat config.log
+%set_build_flags
+
+# Fedora supports AArch64's -mbranch-protection=bti, RHEL does not.
+%if 0%{?fedora} != 0
+export CFLAGS="$CFLAGS -DAARCh64_BRANCH_PROTECTION_SUPPORTED=1"
+%endif
+
+CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" CXXFLAGS="$CFLAGS" %configure ${CONFIG_ARGS} || cat config.log
+
+%ifarch %{ix86} x86_64
+# FIXME: There should be a better way to do this.
+export CLANG_TARGET_OPTIONS="-fcf-protection"
+%endif
 
 %make_build
 
+#---------------------------------------------------------------------------------
+
+%if %{with plugin_rebuild}
 # Rebuild the plugin(s), this time using the plugin itself!  This
 # ensures that the plugin works, and that it contains annotations
 # of its own.
+
+%if %{with gccplugin}
 cp gcc-plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so
 make -C gcc-plugin clean
 BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so"
 
-%if %{with annobin_plugin}
 # Disable the standard annobin plugin so that we do get conflicts.
-# Note: the "-fplugin=annobin" is here, despite the fact that it will also
-# be automatically added to the gcc command line via
-# "-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" because of a bug in gcc's
-# plugin command line options handling.  GCC will issue an error saying that
-# there is no plugin called "annobin" matching the -fplugin-arg-annobin-disable
-# option, despite the fact that there patently is.
-BUILD_FLAGS="$BUILD_FLAGS -fplugin=annobin -fplugin-arg-annobin-disable"
-%endif
+OPTS="$(rpm --eval '%undefine _annotated_build %build_cflags %build_ldflags')"
 
 # If building on RHEL7, enable the next option as the .attach_to_group
 # assembler pseudo op is not available in the assembler.
 # BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach"
 
-make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
+make -C gcc-plugin CXXFLAGS="$OPTS $BUILD_FLAGS"
 rm %{_tmppath}/tmp_annobin.so
+%endif
 
 %if %{with clangplugin}
 cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so
-make -C clang-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS"
+make -C clang-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS"
 %endif
 
 %if %{with llvmplugin}
 cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so
-make -C llvm-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS"
+make -C llvm-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS"
+%endif
+
 %endif
 
 #---------------------------------------------------------------------------------
 
 # PLUGIN_INSTALL_DIR is used by the Clang and LLVM makefiles...
 %install
-%make_install PLUGIN_INSTALL_DIR=$RPM_BUILD_ROOT%{ANNOBIN_CLANG_PLUGIN_DIR}
-%{__rm} -f %{buildroot}%{_infodir}/dir
+%make_install PLUGIN_INSTALL_DIR=%{buildroot}/%{llvm_plugin_dir}
+
+%if %{with clangplugin}
+# Move the clang plugin to a seperate directory.
+mkdir -p %{buildroot}/%{clang_plugin_dir}
+mv %{buildroot}/%{llvm_plugin_dir}/annobin-for-clang.so %{buildroot}/%{clang_plugin_dir}
+%endif
+
+%if %{with gccplugin}
+# Record the version of gcc that built this plugin.
+# Note - we cannot just store %%{gcc_vr} as sometimes the gcc rpm version changes
+# without the NVR being altered.  See BZ #2030671 for more discussion on this.
+mkdir -p                             %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}
+cat `gcc --print-file-name=rpmver` > %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver}
+
+# Also install a copy of the sources into the build tree.
+mkdir -p                            %{buildroot}%{annobin_source_dir}
+cp %{_sourcedir}/%{annobin_sources} %{buildroot}%{annobin_source_dir}/latest-annobin.tar.xz
+%endif
+
+rm -f %{buildroot}%{_infodir}/dir
 
 #---------------------------------------------------------------------------------
 
@@ -278,20 +321,16 @@ make -C llvm-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS"
 %check
 # Change the following line to "make check || :" on RHEL7 or if you need to see the
 # test suite logs in order to diagnose a test failure.
-make check
+make -k check CLANG_TESTS="check-pre-clang-13"
 
 if [ -f tests/test-suite.log ]; then
-    cat tests/test-suite.log
-fi
-if [ -f tests/glibc-notes.log ]; then
-    cat tests/glibc-notes.log
+    cat tests/*.log
 fi
 %endif
 
 #---------------------------------------------------------------------------------
 
 %files
-%{ANNOBIN_GCC_PLUGIN_DIR}
 %license COPYING3 LICENSE
 %exclude %{_datadir}/doc/annobin-plugin/COPYING3
 %exclude %{_datadir}/doc/annobin-plugin/LICENSE
@@ -304,14 +343,25 @@ fi
 %exclude %{_mandir}/man1/run-on-binaries-in.1*
 
 %if %{with clangplugin}
-%{ANNOBIN_CLANG_PLUGIN_DIR}
+%{clang_plugin_dir}/annobin-for-clang.so
 %endif
+
 %if %{with llvmplugin}
-%{ANNOBIN_CLANG_PLUGIN_DIR}
+%{llvm_plugin_dir}/annobin-for-llvm.so
+%endif
+
+%if %{with gccplugin}
+%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so
+%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0
+%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0.0.0
+%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver}
+%{annobin_source_dir}/latest-annobin.tar.xz
 %endif
 
 %if %{with annocheck}
 %files annocheck
+%{_includedir}/libannocheck.h
+%{_libdir}/libannocheck.*
 %{_bindir}/annocheck
 %doc %{_mandir}/man1/annocheck.1.gz
 %endif
@@ -319,6 +369,69 @@ fi
 #---------------------------------------------------------------------------------
 
 %changelog
+* Thu Jul 21 2022 Florian Weimer <fweimer@redhat.com> - 10.67-3
+- Rebuild to switch back to system annobin (#2108721)
+
+* Fri Jul 15 2022 Florian Weimer <fweimer@redhat.com> - 10.67-2
+- Rebuild to switch back to system annobin (#2001788)
+
+* Fri Apr 29 2022 Nick Clifton  <nickc@redhat.com> - 10.67-1
+- Rebuild against LLVM 14.  (#2064521)
+- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled by golang.
+- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled in LTO mode.
+- gcc-plugin: Add support for CLVC_INTEGER options.
+
+* Wed Apr 06 2022 Nick Clifton  <nickc@redhat.com> - 10.64-1
+- Annocheck: Add more special cases for AArch64 glibc on RHEL-8.  (#2072082)
+- llvm-plugin: Fix a thinko in the sources.
+- gcc-plugin: Add remap of OPT_Wall.
+- configure: Fix typo in top level configure.ac.
+- Add support for building using meson+ninja.
+- Annocheck: Fix test for AArch64 property notes.  (#2068657)
+- gcc-plugin: Do not issue warning messages for autoconf generated source files.  (#2009958)
+
+* Thu Mar 24 2022 Nick Clifton  <nickc@redhat.com> - 10.58-1
+- Rebase to 10.58.  (#2067148)
+- gcc-plugin: Do not issue warning messages for autoconf generated source files.  (#2009958)
+- Annocheck: Update documentation and fix typo in annocheck.  (#2061291)
+- Annocheck: Add option to enable/disable following symbolic links.
+- Annocheck: Always identify Rust binaries, even if built on a host that does not know about Rust.  (#2057737)
+- Spec File: Use a different method to disable the annobin plugin  (#2054571)
+- Annocheck: Accept static GO binaries.  (#2053606)
+- gcc-plugin: Fix libtool so that extraneous runpaths are not added to the plugin.  (#2047356)
+- gcc-plugin: Use canonical_option field of save_decoded_options array. (#2047148)
+- Annocheck: Add an option to disable the use of debuginfod (if available).
+- Annocheck: Add more glibc special file names.
+- Annocheck: Skip some tests for BPF binaries.  (#2044897)
+- Annocheck: Skip property note test for GO binaries.  (#204300)
+- Annocheck: Add another glibc static library symbol.  (#2043047)
+- Spec File: Use gcc --print-file-name=rpmver for the gcc version info.
+- GCC Plugin: Do not fail if a section cannot be attached to a group.
+- Annocheck: Improve detection of kernel modules.
+- GCC Plugin: Only default to link-once when using gcc-12 or later.  (#2039297)
+- Annocheck: Add option to disable instrumentation test.
+- GCC Plugin: Fix building with gcc-12.
+- Spec file: Add requirement on cpio for annocheck.  (#2039747)
+- Annocheck: Add even more glibc function names. (#2037333)
+- Annocheck: ARM: Do not fail tests that rely upon annobin notes.
+- Annocheck: Extend list of known glibc functions.  (#2037333)
+- Annocheck: Ignore gaps that contain the _start symbol (for AArch64).  (#1995224)
+- Annocheck: Ignore more glibc special binaries.  (#2037220)
+- Annocheck: Do not complaining about missing stack clash notes if the compilation used LTO.  (#2034946)
+- Annocheck: Add /usr/lib/ld-linux-aarch64.so.1 to the list of known glibc binaries.  (#2033255)
+- Docs: Note that ENDBR is only needed as the landing pad for indirect branches/calls.  (#28705)
+- Spec File: Store full	gcc version release string in plugin info file.  (#2030671)
+- Annocheck: Add special case for x86_64 RHEL-7 gaps.  (#2031133)
+- Annocheck: Do not complaining about missing -mstackrealign notes in LTO mode.  (#2030298)
+- GCC Plugin: Do not record missing -mstackrealign in LTO mode.
+- Tests: Fix gaps and stat tests to use newly built annobin plugin.  (#2028063)
+- Annocheck: Ignore gaps in binaries at least partial built by golang.  (#2028583)
+- Annocheck: Allow spaces in gloang symbols.  (#2028583)
+- Annocheck: Initial deployment of libannocheck.  (#2028063)
+- gcc-plugin: Fix bug creating empty attachments.
+- Annocheck: Change MAYB result to SKIP for DT_RPATH.  (#2026300)
+- Annocheck: Skip missing fortify/warning notes for ARM32.
+
 * Tue Feb 08 2022 Nick Clifton  <nickc@redhat.com> - 10.29-3
 - NVR bump in order to allow rebuilding against latest gcc.  (#2052060)