rpms/annobin
7
0
Fork 0
Code Issues Pull Requests Releases Activity
497 Commits 7 Branches 60 Tags 6 MiB
6a9bd4377f
Commit Graph

464 Commits

Author SHA1 Message Date
Jakub Jelinek
7cf2a96973 10.48-4 2022-01-19 18:35:04 +01:00
Nick Clifton
f7e1805543 Another NVR bump 2022-01-19 14:25:39 +00:00
Nick Clifton
449fc20654 NVR bump 2022-01-19 13:56:59 +00:00
Nick Clifton
557b866dd0 GCC Plugin: Do not fail if a section cannot be attached to a group. 2022-01-17 14:38:17 +00:00
Nick Clifton
9816f99346 NVR bump to allow rebuild in a side tag. 2022-01-14 10:45:48 +00:00
Nick Clifton
a6ef977e8b GCC Plugin: Only default to link-once when using gcc-12 or later. (#2039297) 2022-01-14 09:48:30 +00:00
Nick Clifton
efff188861 Add fix for fortify test 2022-01-10 12:02:15 +00:00
Nick Clifton
244433eec3 GCC Plugin: Replace CLVC_BOOLEAN with CLVC_BIT_SET/CLVC_BIT_CLEAR. 2022-01-10 09:33:18 +00:00
Nick Clifton
c53c5783da NVR bump and disable annobin during build 2022-01-10 09:16:01 +00:00
Jakub Jelinek
b097ccc79b 10.44-4 2022-01-10 01:01:41 +01:00
Jakub Jelinek
a40c58d2d4 10.44-4 2022-01-10 01:00:55 +01:00
Jakub Jelinek
ffabcb06f2 10.44-3 2022-01-10 00:49:59 +01:00
Jakub Jelinek
550ef1b763 10.44-2 2022-01-10 00:25:58 +01:00
Jakub Jelinek
c34a9f5bc5 10.44-2 2022-01-09 20:08:02 +01:00
Nick Clifton
a14426ce95 Annocheck: Add even more glibc function names. (#2037333) 2022-01-07 15:09:37 +00:00
Nick Clifton
ee78766bff Annocheck: ARM: Do not fail tests that rely upon annobin notes. 2022-01-07 14:10:23 +00:00
Nick Clifton
0000a56eab Annocheck: Extend list of known glibc functions. (#2037333) 2022-01-05 15:38:48 +00:00
Nick Clifton
1e262d15b3 - Annocheck: Ignore gaps that contain the _start symbol (for AArch64). (#1995224) 
- Annocheck: Ignore more glibc special binaries.  (#2037220)
 2022-01-05 12:06:02 +00:00
Nick Clifton
b4ba4e0d3c Annocheck: Do not complaining about missing stack clash notes if the compilation used LTO. (#2034946) 2022-01-04 11:42:27 +00:00
Nick Clifton
ec8f2b145d - Annocheck: Add /usr/lib/ld-linux-aarch64.so.1 to the list of known glibc binaries. (#2033255) 
- Doc: Note that ENDBR is only needed as the landing pad for indirect branches/calls.  (#28705)
- Spec File: Store full	gcc version release string in plugin info file.  (#2030671)
 2021-12-17 15:46:16 +00:00
Nick Clifton
15b34fde9c Fix for RHEL-7 2021-12-14 17:55:37 +00:00
Nick Clifton
7c94cb66cc Annocheck: Do not complaining about missing -mstackrealign notes in LTO mode. (#2030298) 2021-12-14 10:04:35 +00:00
Nick Clifton
0c278a5d73 GCC Plugin: Do not record missing -mstackrealign in LTO mode. (#2030298) 2021-12-13 17:54:33 +00:00
Nick Clifton
0e6be40a3c Tests: Fix fortify and debuginfod tests to use newly built annobin plugin. 2021-12-13 13:41:04 +00:00
Nick Clifton
77a92a7119 Tests: Fix fortify and debuginfod tests to use newly built annobin plugin. 2021-12-13 12:55:43 +00:00
Nick Clifton
d83b796c87 Tests: Fix gaps and stat tests to use newly built annobin plugin. (#2028063) 2021-12-06 17:49:41 +00:00
Nick Clifton
ce231f4bd9 Tests: Fix gaps and stat tests to use newly built annobin plugin. (#2028063) 2021-12-06 14:43:50 +00:00
Nick Clifton
c7d76e06c2 Annocheck: Ignore gaps in binaries at least partial built by golang. 
Resolves: #2028583
 2021-12-06 12:19:06 +00:00
Nick Clifton
c99cca3ac4 Annocheck: Allow spaces in golang symbols. 2021-12-02 15:38:52 +00:00
Nick Clifton
3bf68f34bb Initial checkin of libannocheck 2021-12-01 15:53:49 +00:00
Nick Clifton
14b9ff320e gcc-plugin: Fix bug creating empty attachments. 
Annocheck: Change MAYB result to SKIP for DT_RPATH.  (#2026300)
 2021-11-24 14:03:50 +00:00
Nick Clifton
9fd7a9a7dc Annocheck: Skip missing fortify/warning notes for ARM32. 2021-11-19 12:25:11 +00:00
Nick Clifton
ddf58cca97 gcc-plugin: Try another fix for ppc64le section grouping. (#2023437) 2021-11-18 13:29:22 +00:00
Nick Clifton
cfbdb08f28 gcc-plugin: Revert 10.22 change. (#2023437) 2021-11-16 17:01:20 +00:00
Nick Clifton
5faade2ad7 Add support for more special glibc functions. 
Fix building LLVM and Clang plugins for the ARM architecture.
 2021-11-16 11:14:14 +00:00
Nick Clifton
92c34892f6 Annocheck: Add a test for unicode characters in identifiers. 2021-11-08 13:47:26 +00:00
Nick Clifton
18219884f1 gcc-plugin: Default to link-order grouping for PPC64LE. (#2016458) 2021-10-27 11:10:47 +01:00
Nick Clifton
ee53f9336e Annocheck: Do not fail if a --skip-<name> option does not match a known test. 
ldconfig-test: Skip the LTO check.
 2021-10-26 15:58:02 +01:00
Nick Clifton
7add09b73e Annocheck: Add more glibc function names. 2021-10-26 08:28:59 +01:00
Nick Clifton
7f58204567 gcc-plugin: Fix attaching the .text section to the .text.group section. 2021-10-21 13:48:54 +01:00
Nick Clifton
0bd26e8615 Complain about DT_RPATH for Fedora binaries. 2021-10-20 17:49:04 +01:00
Nick Clifton
3f7c00bf57 Better reporting of problems in object files. 
Resolves: #2013708
 2021-10-18 16:17:25 +01:00
Nick Clifton
7bc94a3f7c Add a requirement on llvm-libs for clang and llvm plugins. 
Resolves: #2014573
 2021-10-18 14:24:09 +01:00
Nick Clifton
0c5b1fec47 Fix configuring annocheck without gcc-plugin. 
- Annocheck: Better reporting of debuginfod problems.
- Tests: Fix bugs in debuginfod test.
 2021-10-14 20:04:48 +01:00
Nick Clifton
ab631794b6 Fix merge issues. 2021-10-13 11:56:58 +01:00
Nick Clifton
8477e1751d Annocheck: Add tests based upon recent bug fixes. 2021-10-13 11:55:02 +01:00
Tom Stellard
825be9a6a2 Rebuild for llvm-13.0.0 2021-10-12 16:29:18 +00:00
Nick Clifton
f1b2a85f11 Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found. 
Resolves: #2011438
 2021-10-08 16:25:13 +01:00
Nick Clifton
f25c7c2336 Annocheck: Fix MAYB results for mixed GO/C files. 
Annocheck: Move some messages from VERBOSE to VERBOSE2.
Annocheck: Scan zero-length tool notes.
 2021-10-08 14:15:39 +01:00
Nick Clifton
efe8b5622b Annocheck: Fix covscan detected flaws. 
plugins: Add more required build options.
 2021-10-06 10:59:43 +01:00
Nick Clifton
c27947f871 Annocheck: Fix cf-prot test to fail if the CET notes are missing. 
Annocheck: Skip gaps in the .plt section.
Plugins: Add -g option when building LLVM and Clang.
 2021-10-05 14:28:09 +01:00
Nick Clifton
37b5de8c9b Annocheck: Add more cases of glibc startup functions. 2021-10-04 15:26:35 +01:00
Nick Clifton
5f79645f58 - Annocheck: Fix covscan detected problems. 
- Annocheck: Add --profile=el8.
- gcc-plugin: Conditionalize generation of branch protection note.
 2021-10-01 13:11:12 +01:00
Nick Clifton
da3ba09492 Annocheck: Ignore gaps containing NOP instructions. 2021-09-29 13:12:12 +01:00
Nick Clifton
c62bd663ec GCC Plugin: Fix detection of running inside the LTO compiler. (#2004917) 2021-09-16 15:06:57 +01:00
Nick Clifton
ee93527317 Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries. 2021-09-15 15:00:18 +01:00
Nick Clifton
0aa5d1ce55 Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result. 2021-09-15 12:09:38 +01:00
Nick Clifton
a99d618d38 Annocheck: Do not set CFLAGS/LDFLAGS when building. Take from environment instead. 2021-09-15 10:43:42 +01:00
Nick Clifton
92cb681581 Annocheck: Fix exit code when tests PASS. 2021-09-10 11:08:17 +01:00
Nick Clifton
fe496281b3 - Documentation: Add node for each hardening test. 
- Documentation: Install online.
- Annocheck: Annote FAIL and MAYB results with URL to documentation
- Annocheck: Add --no-urls and --provide-urls options
- Annocheck: Add --help-<tool> option.
 2021-09-09 14:18:24 +01:00
Nick Clifton
9d82370d42 - Annocheck: Fix fuzzing detected failures. 
- Annocheck: Added --profile option.
- Docs: Documented --profile option and rpminspect.yaml.
 2021-09-03 17:55:06 +01:00
Nick Clifton
ba44d58e22 Annocheck: Skip GO/CET checks. Fix fuzzing detected failures. 2021-08-31 15:18:09 +01:00
Nick Clifton
29d70de971 LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. (#1997444) 
spec file: Add the installation of the annobon sources into /usr/src/annobin.
 2021-08-25 13:38:58 +01:00
Nick Clifton
1d5918a750 Annocheck: Fix memory corruption. (#1996963) 
spec file: Add the creation of a gcc-plugin version info file in /usr/lib/rpm/redhat.
 2021-08-24 17:16:30 +01:00
Nick Clifton
7a0769e513 Annocheck: Add linker generated function for ppc64le exceptions. (#1981410) 
LLVM Plugin: Allow checks to be selected from the command line.
Annocheck: Examine DW_AT_producer for -flto.
 2021-08-18 11:28:24 +01:00
Nick Clifton
5d4d27dda9 Annocheck: Conditionalize detection of AArch64's PAC+BTI protection. 
Annocheck: Add linker generated function for s390x exceptions.  (#1981410)
 2021-08-17 15:03:42 +01:00
Nick Clifton
6d69597433 Annocheck: Generate MAYB results for gaps in notes covering the .text section. (#1991943) 
Annocheck: Close DWARF file descriptors once the debug info is no longer needed.  (#1981410)
LLVM Plugin: Update to build with Clang v13.  (Thanks to: Tom Stellard <tstellar@redhat.com>)
 2021-08-17 12:10:03 +01:00
Tom Stellard
438dd33afc Rebuild for LLVM 13.0.0-rc1 2021-08-16 20:04:41 +00:00
Nick Clifton
c76d8664da Annocheck: Fix memory corruption. (#1988715) 2021-08-16 12:41:17 +01:00
Nick Clifton
75a23fb883 Annocheck: Skip certain tests for kernel modules. 2021-08-11 17:23:33 +01:00
Nick Clifton
71f8485e39 Annocheck: Detect a missing CET note. (#1991931) 
Annocheck: Do not report future fails for AArch64 notes.
Annocheck: Warn about multiple --debug-file, --debug-rpm and --debug-dir options.
 2021-08-10 15:14:48 +01:00
Nick Clifton
4af05b1261 Annocheck: Process files in command line order. (#1988714) 2021-08-09 11:14:43 +01:00
Nick Clifton
0394c1d928 Annocheck: Reverse AArch64 PAC+BTI check, ie fail if they are enabled. 
Resolves: #1984995
 2021-07-23 13:36:44 +01:00
Fedora Release Engineering
8155573258 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2021-07-21 17:34:53 +00:00
Nick Clifton
8adc17e68b Annocheck: Add another test exceptions. 2021-07-13 17:15:00 +01:00
Nick Clifton
5bbd4f5f31 Annocheck: Add some more test exceptions. 2021-07-13 15:39:21 +01:00
Nick Clifton
a978ea49fa Tests: Skip glibc-notes test if the assembler does not support --generate-missing-build-notes. 
Resolves: #1978573
 2021-07-05 12:49:37 +01:00
Nick Clifton
dfddf61cdd Annocheck: Fix spelling mistake in -,stack-realign failure message. (#1977349) 2021-06-29 16:06:16 +01:00
Nick Clifton
76947e83c2 gcc-plugin: Do not record global versions of stack protection settings in LTO mode, if not set. (#1958954) 2021-06-22 16:05:21 +01:00
Nick Clifton
14c8067c11 annocheck: Remove limit on number of input files. 2021-06-21 16:16:26 +01:00
Nick Clifton
f1a1007e43 clang/llvm plugins: Build with correct security options. 2021-06-15 14:48:49 +01:00
Nick Clifton
96f1a8a19f Annocheck: Better detection of GO compiler version. 2021-06-15 12:10:19 +01:00
Nick Clifton
55304ea386 Annocheck: Better support for symbolic links. In verbose mode, report the reason for skipping specific tests. 
Resolves: #1969584
 2021-06-09 16:49:05 +01:00
Tom Stellard
524ebdae25 Rebuild for LLVM 12.0.1 2021-06-04 01:39:25 +00:00
Nick Clifton
993873ad36 Obsolete all previous versions of annobin. 
Resolves: #1967339
 2021-06-03 11:41:16 +01:00
Nick Clifton
1c617b1ec0 annocheck: Improve detection of shared libraries. 
Resolves: #1958954
 2021-05-25 14:54:34 +01:00
Nick Clifton
45b479d2d6 Tidy up spec file 2021-05-19 12:05:01 +01:00
Nick Clifton
81adad3f31 annocheck: Accept 0 as a valid number for gcc minor versions and release numbers. 
gcc-plugin: Add support for ARM and RISCV targets.
 2021-05-13 12:41:45 +01:00
Nick Clifton
394bd0083f timing: do not initialise the clock if the timing tool is disabled. 2021-05-04 15:15:25 +01:00
Nick Clifton
689a7f6f54 gcc-plugin: Replace ICE messsages with verbose messages. 2021-04-30 09:50:06 +01:00
Nick Clifton
e5cf20e0a3 Fix the testsuite so that it can be run in parallel. 2021-04-22 14:15:51 +01:00
Nick Clifton
9e62aa8ed8 Annocheck: WARN if the annobin plugin was built for a newer version of the compiler than the one on which it was run. 
Related: #1950657
 2021-04-21 12:56:16 +01:00
Petr Písař
99c1127a11 Obsolete annobin < 9.66-1 
We want to support an upgrade from a distribution prior an introduction
of annobin-docs.
 2021-04-20 13:53:58 +02:00
Nick Clifton
1622358fc1 Annocheck: Improve detection of missing GNU-stack support. 2021-04-20 12:35:20 +01:00
Petr Písař
60b4b4fa76 Bump a release 
annobin-9.66-3.fc35 was already used in FEDORA-2021-91bdf0b234 update
which went to stable and then untagged. We cannot detach a build from
a finished update.
 2021-04-19 09:51:01 +02:00
Petr Písař
7d1af348fb Build-requiring perl-interpreter is enough 2021-04-16 13:26:58 +02:00
Petr Písař
62f4dedb91 Correct a package rename 
annobin-9.65 which only contained documentation was renamed to
annobin-docs in in 9.66. The Provide is kept for compatibility
(redhat-rpm-config).

The docs subpackage must be required by all the other ones because it
packages a license.
 2021-04-16 13:22:35 +02:00
Martin Cermak
985cb77f4c Fix bz1949570 - file conflicts after separating docs to a noarch subrpm 2021-04-16 09:16:09 +02:00
Nick Clifton
296c2a76fb - Fix anomolies reported by covscan. 
- Move documentation into a sub-package.
 2021-04-09 14:51:58 +01:00
Nick Clifton
d57da4f976 NVR bump to allow rebuilding against GCC 11.0.1 2021-04-06 12:44:50 +01:00
Jakub Jelinek
c910f2212a 9.65-2 2021-03-20 11:05:06 +01:00
Nick Clifton
4a7311622e gcc-plugin: Use a fixed filename when running in LTO mode. 2021-03-09 13:38:59 +00:00
Nick Clifton
60c8169066 Annocheck: Fix detection of special function names. 
Resolves: #1934189
 2021-03-03 10:10:12 +00:00
Nick Clifton
1720e01afe Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc. 
Resolves: #1923439
 2021-02-26 10:09:08 +00:00
Nick Clifton
891fad1c0c Annocheck: Add colour to some messages. Skip the deliberate use of -fno-stack-protector. 
Resolves: #1923439
 2021-02-25 11:22:54 +00:00
Nick Clifton
a35ca900df Annocheck: Fix some problems with tests for missing notes. 2021-02-22 13:02:23 +00:00
Tom Stellard
92c8279fc3 Split plugins into separate sub-packages 
Since annobin is required by redhat-rpm-config, having the clang and llvm plugins
as part of the default package means that llvm-libs is always installed into
the buildroot, which is unnecessary for most packages.

Also, having an llvm depenency in the buildroot makes upgrading llvm more difficult.

This patch attempts to resolve these issues by spliting up the various plugins
into their own sub-packages, so that redhat-rpm-config can have finer-grained
dependencies on only the plugins that it needs.
 2021-02-10 22:17:14 +00:00
Nick Clifton
2cfdfdf4f4 Add some GO tests to annocheck. 2021-02-05 11:21:57 +00:00
Fedora Release Engineering
7c61286322 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2021-01-26 00:07:03 +00:00
Nick Clifton
3a4181e531 Add a future fail for the presence of RPATH in the dynamic tags. 2021-01-20 11:15:10 +00:00
Nick Clifton
df15f450f0 Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing. 2021-01-18 18:09:39 +00:00
Nick Clifton
1874eab6f1 Workaround for elflint problems with PPC compiled files. 
Resolves: #1880634
 2021-01-14 10:37:21 +00:00
Nick Clifton
8b182011da Fix bogus AArch64 test failures. 2021-01-13 10:30:18 +00:00
Nick Clifton
d119c7a74a Improved testing by annocheck. Add fixed format message mode. 2021-01-12 17:19:21 +00:00
Nick Clifton
3bac683d82 Add support for -D_FORTIFY_SOURCE=3. 2021-01-04 16:18:52 +00:00
Tom Stellard
f470483cbf Add BuildRequires: make 
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
 2020-12-16 23:29:24 +00:00
Nick Clifton
5509907436 NVR bump in order to allow the new gating tests to be run. 2020-12-11 17:04:35 +00:00
Nick Clifton
4a3a6f104e annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer. (#1906171) 2020-12-11 14:53:32 +00:00
Nick Clifton
409120aa01 annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations. (#1906171) 2020-12-10 11:48:06 +00:00
Nick Clifton
d7a90f1991 annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL. 2020-12-09 17:15:19 +00:00
Nick Clifton
46640ca3dc 9.49: annocheck: Fix the note analyzer's handling of empty PowerPC64 notes. 2020-12-08 12:58:44 +00:00
Jakub Jelinek
e1bd496eeb Undo bcond_with plugin_rebuild 2020-12-07 15:26:36 +01:00
Jakub Jelinek
dc5d2731d4 9.48-5 2020-12-07 15:08:29 +01:00
Jakub Jelinek
ec71c316e1 9.48-5 2020-12-07 14:50:08 +01:00
Jakub Jelinek
44aadc55ff 9.48-4 2020-12-06 12:17:38 +01:00
Jakub Jelinek
432e8594c3 9.48-3 2020-12-06 11:47:18 +01:00
Jakub Jelinek
a057c0a359 9.48-3 2020-12-06 11:30:03 +01:00
Jakub Jelinek
ebfb417770 9.48-2 2020-12-06 11:18:53 +01:00
Nick Clifton
62931e922e 9.48: gcc plugin: Tweak generation of end symbols for PPC64 when LTO is active. (#1898075) 2020-12-02 12:12:12 +00:00
Nick Clifton
24fe187a8d 9.47: gcc plugin: Add support for GCC 11's cl_vars array. 2020-12-01 13:39:47 +00:00
Jakub Jelinek
3e0594350d Revert plugin_rebuild back. 2020-11-27 11:09:43 +01:00
Jakub Jelinek
3ed514a41c NVR bump for another ELN sidetag rebuild. 2020-11-27 11:04:11 +01:00
Nick Clifton
ea02dafc1f Annocheck: Support enabling/disable future fail tests. 2020-11-24 10:39:50 +00:00
Nick Clifton
b333964fd5 GCC plugin: Always record global notes for the .text.startup, .text.exit, .text.hot and .text.cold sections. 2020-11-23 12:12:25 +00:00
Nick Clifton
62e7074ffd Clang plugin: Add -lLLVM to the build command line. 2020-11-17 16:30:19 +00:00
Nick Clifton
5b0e474e77 Annocheck: Improve reporting of missing -D_FORTIFY_SOURCE option. (#1898075) 2020-11-16 14:26:06 +00:00
Nick Clifton
3cff478cb4 Annocheck: Improve reporting of missing LTO option. 2020-11-16 11:40:56 +00:00
Nick Clifton
33cfa7d0eb annocheck: Add handling of gimple compiled files 2020-11-10 16:41:31 +00:00
Nick Clifton
c0eabbb63f Add --without-gcc-plugin option. 2020-11-09 13:55:03 +00:00
Nick Clifton
e6e8317766 Annocheck: Fix bug parsing DW_AT_producer. 2020-11-06 12:30:46 +00:00
Nick Clifton
34a622f99e Add reporting of GNU Property notes for PowerPC. 
Add test of objcopy's note merging abilities.
 2020-11-04 14:17:42 +00:00
Jakub Jelinek
5b5750dca2 Revert back to defaults. 2020-10-30 01:24:55 +01:00
Jakub Jelinek
2b20a13c51 9.36-2 2020-10-30 01:10:33 +01:00
Jakub Jelinek
a87d8021be 9.36-2 2020-10-30 00:17:46 +01:00
Nick Clifton
a707c7d43e Record the -flto setting and produce a soft warning if it is absent. 
Suppress warnings about _D_GLIBCXX_ASSERTIONS if the source code is known to be something other than C++.
 2020-10-21 15:18:44 +01:00
Nick Clifton
440266bff3 NVR bump and disable plugin use 2020-10-21 11:35:20 +01:00
Nick Clifton
70bb1086ca turn off hard gcc reqauirement (temporary) 2020-10-21 11:12:51 +01:00
Nick Clifton
b2d7c66572 NVR bump and disable plugin use 2020-10-21 10:24:44 +01:00
Nick Clifton
d69789a4b8 NVR bump 2020-10-21 10:23:00 +01:00
Nick Clifton
5515ddd6c9 Correct the directory chosen for 32-bit LLVM and Clang plugins. 
Resolves: #1884951
 2020-10-05 12:40:13 +01:00