.annobin.metadata

@@ -1 +1 @@
-05a3407433cf8d1ec4b15e7a15d3022235502cb8 SOURCES/annobin-10.27.tar.xz
+54956e8dfce9d977814449907acaeb26c50dd1cc SOURCES/annobin-11.13.tar.xz

.gitignore

@@ -1 +1 @@
-SOURCES/annobin-10.27.tar.xz
+SOURCES/annobin-11.13.tar.xz

SOURCES/annobin-annocheck-no-debuginfod.patch

@@ -0,0 +1,12 @@
+diff -rup annobin.orig/annocheck/annocheck.c annobin-11.12/annocheck/annocheck.c
+--- annobin.orig/annocheck/annocheck.c	2023-03-03 16:09:24.659603476 +0000
++++ annobin-11.12/annocheck/annocheck.c	2023-03-03 16:09:57.249530355 +0000
+@@ -20,6 +20,8 @@
+ #include <sys/stat.h>
+ #include <elfutils/libdwelf.h>
+ #include <elfutils/libdwfl.h>
++#undef  HAVE_LIBDEBUGINFOD 
++#define HAVE_LIBDEBUGINFOD 0
+ #ifndef LIBANNOCHECK
+ #include <rpm/rpmlib.h>
+ #if HAVE_LIBDEBUGINFOD

SOURCES/annobin-gaps-test.patch

@@ -1,17 +0,0 @@
---- annobin.orig/tests/gaps-test	2021-11-22 16:02:17.449655455 +0000
-+++ annobin-10.27/tests/gaps-test	2021-11-22 16:06:37.296680446 +0000
-@@ -40,12 +40,13 @@ fi
- # Run annocheck
- 
- SKIPS="--skip-property-note --skip-dynamic-tags --skip-not-dynamic-tags --skip-branch-protection --skip-not-branch-protection --skip-lto"
-+SKIPS+=" --skip-stack-clash --skip-cf-protection --skip-stack-realign"
- $ANNOCHECK main.exe $SKIPS > main.out
- grep -e "PASS" main.out
- if [ $? != 0 ];
- then
-     echo "gaps-test: FAIL: using rpm build macros did not produce an executable that passes annocheck"
--    $ANNOCHECK main.exe $SKIPS --verbose --enable-notes
-+    $ANNOCHECK main.exe $SKIPS --verbose
-     echo $GCC $OPTS $srcdir/main.c -o main.exe
-     end_test
-     exit 1

SOURCES/annobin-nop.patch

@@ -1,12 +1,12 @@
-diff -rup annobin.orig/gcc-plugin/annobin.cc annobin-9.72/gcc-plugin/annobin.cc
+diff -rup annobin.orig/gcc-plugin/annobin.cc annobin-10.64/gcc-plugin/annobin.cc
---- annobin.orig/gcc-plugin/annobin.cc	2021-05-17 17:25:32.693441649 +0100
+--- annobin.orig/gcc-plugin/annobin.cc	2022-04-06 12:55:02.350469755 +0100
-+++ annobin-9.72/gcc-plugin/annobin.cc	2021-05-17 17:25:50.176331776 +0100
++++ annobin-10.64/gcc-plugin/annobin.cc	2022-04-06 12:55:28.503296390 +0100
-@@ -1722,7 +1722,7 @@ annobin_emit_start_sym_and_version_note
+@@ -1851,7 +1851,7 @@ annobin_emit_start_sym_and_version_note
  	 Ensure that we do not have empty special text sections so that the
  	 annobin start symbols are never beyond the end of the sections.  */
+ #ifndef ANNOBIN_NOP_INSN
+-#define ANNOBIN_NOP_INSN ".nop"
++#define ANNOBIN_NOP_INSN "nop"
+ #endif
        if (* suffix && enable_ppc64_nops)
--	annobin_emit_asm (".nop", "Inserted by the annobin plugin.  Disable with -fplugin-arg-annobin-no-ppc64-nops");
+ 	annobin_emit_asm (ANNOBIN_NOP_INSN,
-+	annobin_emit_asm ("nop", "Inserted by the annobin plugin.  Disable with -fplugin-arg-annobin-no-ppc64-nops");
-     }
-   else
-     fprintf (asm_out_file, "\t.equiv %s%s, .\n", annobin_output_filesym, suffix);

SPECS/annobin.spec

@@ -1,11 +1,12 @@
 
 Name:    annobin
 Summary: Annotate and examine compiled binary files
-Version: 10.27
+Version: 11.13
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv3+
-# ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark
 # Maintainer: nickc@redhat.com
+# Web Page: https://sourceware.org/annobin/
+# Watermark Protocol: https://fedoraproject.org/wiki/Toolchain/Watermark
 
 #---------------------------------------------------------------------------------
 
@@ -25,6 +26,9 @@ License: GPLv3+
 # Use "--with clangplugin" to build the annobin plugin for Clang.
 %bcond_with clangplugin
 
+# Use "--without gccplugin" to disable the building of the annobin plugin for GCC.
+%bcond_without gccplugin
+
 # Use "--with llvmplugin" to build the annobin plugin for LLVM.
 %bcond_with llvmplugin
 
@@ -33,7 +37,7 @@ License: GPLv3+
 # checking logic or when building on RHEL-7 or earlier.
 %global with_hard_gcc_version_requirement 1
 
-%bcond_without annobin_plugin
+%bcond_without plugin_rebuild
 # Allow the building of annobin without using annobin itself.
 # This is because if we are bootstrapping a new build environment we can have
 # a new version of gcc installed, but without a new of annobin installed.
@@ -44,19 +48,22 @@ License: GPLv3+
 # then it will abort.
 #
 # The default is to use annobin.  cf BZ 1630550.
-%if %{without annobin_plugin}
+%if %{without plugin_rebuild}
 %undefine _annotated_build
 %endif
 
 #---------------------------------------------------------------------------------
 
-# Source:  https://nickc.fedorapeople.org/annobin-%%{version}.tar.xz
+%global annobin_sources annobin-%{version}.tar.xz
-Source:  annobin-%{version}.tar.xz
+Source: https://nickc.fedorapeople.org/%{annobin_sources}
 # For the latest sources use:  git clone git://sourceware.org/git/annobin.git
 
-# Insert patches here, if needed.
+# This is where a copy of the sources will be installed.
+%global annobin_source_dir %{_usrsrc}/annobin
+
+# Insert patches here, if needed.  Eg:
 Patch01: annobin-nop.patch
-Patch02: annobin-gaps-test.patch
+Patch02: annobin-annocheck-no-debuginfod.patch
 
 #---------------------------------------------------------------------------------
 
@@ -112,7 +119,7 @@ Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next})
 Requires: gcc
 %endif
 
-BuildRequires: gcc gcc-plugin-devel gcc-c++
+BuildRequires: gcc gcc-plugin-devel gcc-c++ sharutils
 # The documentation uses pod2man...
 BuildRequires: perl perl-podlators
 %if %{with clangplugin}
@@ -147,6 +154,12 @@ Summary: Test scripts and binaries for checking the behaviour and output of the
 Provides a means to test the generation of annotated binaries and the parsing
 of the resulting files.
 
+BuildRequires: make sharutils
+
+%if %{with debuginfod}
+BuildRequires: elfutils-debuginfod-client-devel
+%endif
+
 %endif
 
 #---------------------------------------------------------------------------------
@@ -155,12 +168,14 @@ of the resulting files.
 %package annocheck
 Summary: A tool for checking the security hardening status of binaries
 
-BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel
+BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel make
+
 %if %{with debuginfod}
 BuildRequires: elfutils-debuginfod-client-devel
-BuildRequires: make
 %endif
 
+Requires: cpio rpm
+
 %description annocheck
 Installs the annocheck program which uses the notes generated by annobin to
 check that the specified files were compiled with the correct security
@@ -172,14 +187,12 @@ hardening options.
 
 %global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin)
 
-%if %{with clangplugin} || %{with llvmplugin}
+%{!?llvm_plugin_dir:%global  llvm_plugin_dir  %{_libdir}/llvm/plugins}
-# FIXME: We currently assume that the first directory listed in clang's
+%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/plugins}
-# search directory output is the one that we should use for plugins.
+
-# This might not be correct.
+%if %{with gccplugin}
-# The gensub() below is because without it $2 would look like:
+# Information about the gcc plugin is recorded in this file.
-# " =/usr/lib64/clang/8.0.0"
+%global aver annobin-plugin-version-info
-# Note - we install LLVM plugins into the same directory as Clang plugins.
-%global ANNOBIN_CLANG_PLUGIN_DIR %(clang --print-search-dirs | gawk -e'BEGIN { FS = ":" } /libraries/ { print gensub(" =","",1,$2) } END { }')
 %endif
 
 #---------------------------------------------------------------------------------
@@ -206,11 +219,17 @@ touch doc/annobin.info
 
 %build
 
-CONFIG_ARGS=
+CONFIG_ARGS="--quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}"
 
 %if %{with debuginfod}
 CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod"
 %else
+# Note - we explicitly disable debuginfod support if it was not configured.
+# This is because by default annobin's configue script will assume --with-debuginfod=auto
+# and then run a build time test to see if debugingfod is available.  It
+# may well be, but the build time environment may not match the run time
+# environment, and the rpm will not have a Requirement on the debuginfod
+# client.
 CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod"
 %endif
 
@@ -218,80 +237,123 @@ CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod"
 CONFIG_ARGS="$CONFIG_ARGS --with-clang"
 %endif
 
+%if %{without gccplugin}
+CONFIG_ARGS="$CONFIG_ARGS --without-gcc-plugin"
+%endif
+
 %if %{with llvmplugin}
 CONFIG_ARGS="$CONFIG_ARGS --with-llvm"
 %endif
 
 %if %{without tests}
-CONFIG_ARGS="$CONFIG_ARGS --without-test"
+CONFIG_ARGS="$CONFIG_ARGS --without-tests"
 %endif
 
-%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR} ${CONFIG_ARGS} || cat config.log
+%if %{without annocheck}
+CONFIG_ARGS="$CONFIG_ARGS --without-annocheck"
+%endif
+
+%set_build_flags
+
+export CFLAGS="$CFLAGS $RPM_OPT_FLAGS %build_cflags"
+export LDFLAGS="$LDFLAGS %build_ldflags"
+
+# Fedora supports AArch64's -mbranch-protection=bti, RHEL does not.
+%if 0%{?fedora} != 0
+export CFLAGS="$CFLAGS -DAARCH64_BRANCH_PROTECTION_SUPPORTED=1"
+%endif
+
+CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" CXXFLAGS="$CFLAGS" %configure ${CONFIG_ARGS} || cat config.log
+
+%ifarch %{ix86} x86_64
+# FIXME: There should be a better way to do this.
+export CLANG_TARGET_OPTIONS="-fcf-protection"
+%endif
 
 %make_build
 
+#---------------------------------------------------------------------------------
+
+%if %{with plugin_rebuild}
 # Rebuild the plugin(s), this time using the plugin itself!  This
 # ensures that the plugin works, and that it contains annotations
 # of its own.
+
+%if %{with gccplugin}
 cp gcc-plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so
 make -C gcc-plugin clean
 BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so"
 
-%if %{with annobin_plugin}
 # Disable the standard annobin plugin so that we do get conflicts.
-# Note: the "-fplugin=annobin" is here, despite the fact that it will also
+OPTS="$(rpm --eval '%undefine _annotated_build %build_cflags %build_ldflags')"
-# be automatically added to the gcc command line via
-# "-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" because of a bug in gcc's
-# plugin command line options handling.  GCC will issue an error saying that
-# there is no plugin called "annobin" matching the -fplugin-arg-annobin-disable
-# option, despite the fact that there patently is.
-BUILD_FLAGS="$BUILD_FLAGS -fplugin=annobin -fplugin-arg-annobin-disable"
-%endif
 
 # If building on RHEL7, enable the next option as the .attach_to_group
 # assembler pseudo op is not available in the assembler.
 # BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach"
 
-make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
+make -C gcc-plugin CXXFLAGS="$OPTS $BUILD_FLAGS"
 rm %{_tmppath}/tmp_annobin.so
+%endif
 
 %if %{with clangplugin}
 cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so
-make -C clang-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS"
+make -C clang-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS"
 %endif
 
 %if %{with llvmplugin}
 cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so
-make -C llvm-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS"
+make -C llvm-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS"
+%endif
+
 %endif
 
 #---------------------------------------------------------------------------------
 
 # PLUGIN_INSTALL_DIR is used by the Clang and LLVM makefiles...
 %install
-%make_install PLUGIN_INSTALL_DIR=$RPM_BUILD_ROOT%{ANNOBIN_CLANG_PLUGIN_DIR}
+
-%{__rm} -f %{buildroot}%{_infodir}/dir
+%make_install PLUGIN_INSTALL_DIR=%{buildroot}/%{llvm_plugin_dir}
+
+%if %{with clangplugin}
+# Move the clang plugin to a seperate directory.
+mkdir -p %{buildroot}/%{clang_plugin_dir}
+mv %{buildroot}/%{llvm_plugin_dir}/annobin-for-clang.so %{buildroot}/%{clang_plugin_dir}
+%endif
+
+%if %{with gccplugin}
+# Record the version of gcc that built this plugin.
+# Note - we cannot just store %%{gcc_vr} as sometimes the gcc rpm version changes
+# without the NVR being altered.  See BZ #2030671 for more discussion on this.
+mkdir -p                             %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}
+cat `gcc --print-file-name=rpmver` > %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver}
+
+# Also install a copy of the sources into the build tree.
+mkdir -p                            %{buildroot}%{annobin_source_dir}
+cp %{_sourcedir}/%{annobin_sources} %{buildroot}%{annobin_source_dir}/latest-annobin.tar.xz
+%endif
+
+rm -f %{buildroot}%{_infodir}/dir
 
 #---------------------------------------------------------------------------------
 
 %if %{with tests}
 %check
-# Change the following line to "make check || :" on RHEL7 or if you need to see the
+# The first "make check" is run with "|| :" so that we can capture any logs
-# test suite logs in order to diagnose a test failure.
+# from failed tests.  The second "make check" is there so that the build
-make check
+# will fail if any of the tests fail.
-
+make check CLANG_TESTS="check-pre-clang-13" || :
 if [ -f tests/test-suite.log ]; then
     cat tests/test-suite.log
 fi
-if [ -f tests/glibc-notes.log ]; then
+# If necessary use uuencode to preserve test binaries here.  For example:
-    cat tests/glibc-notes.log
+uuencode tests/tmp_atexit/atexit.strip atexit.strip
-fi
+make check CLANG_TESTS="check-pre-clang-13"
+
 %endif
 
 #---------------------------------------------------------------------------------
 
 %files
-%{ANNOBIN_GCC_PLUGIN_DIR}
 %license COPYING3 LICENSE
 %exclude %{_datadir}/doc/annobin-plugin/COPYING3
 %exclude %{_datadir}/doc/annobin-plugin/LICENSE
@@ -304,14 +366,26 @@ fi
 %exclude %{_mandir}/man1/run-on-binaries-in.1*
 
 %if %{with clangplugin}
-%{ANNOBIN_CLANG_PLUGIN_DIR}
+%{clang_plugin_dir}/annobin-for-clang.so
 %endif
+
 %if %{with llvmplugin}
-%{ANNOBIN_CLANG_PLUGIN_DIR}
+%{llvm_plugin_dir}/annobin-for-llvm.so
+%endif
+
+%if %{with gccplugin}
+%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so
+%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0
+%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0.0.0
+%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver}
+%{annobin_source_dir}/latest-annobin.tar.xz
 %endif
 
 %if %{with annocheck}
 %files annocheck
+%{_includedir}/libannocheck.h
+%{_libdir}/libannocheck.*
+%{_libdir}/pkgconfig/libannocheck.pc
 %{_bindir}/annocheck
 %doc %{_mandir}/man1/annocheck.1.gz
 %endif
@@ -319,6 +393,141 @@ fi
 #---------------------------------------------------------------------------------
 
 %changelog
+* Mon Jul 10 2023 Marek Polacek  <polacek@redhat.com> - 11.13-2
+- NVR bump to allow rebuilding.  (#2218984)
+
+* Thu Mar 09 2023 Nick Clifton  <nickc@redhat.com> - 11.13-1
+- NVR bump to allow rebuilding.  (#2162746)
+
+* Fri Mar 03 2023 Nick Clifton  <nickc@redhat.com> - 11.12-1
+- Rebase to 11.12.  Brings in:
+- GCC Plugin: Do not run if other plugins are active.  (#2162746)
+- Annocheck: Add code to handle glibc functions built without LTO.
+- Libannocheck: Fix thinko in debugging code.
+- Annocheck: Fix LTO test.
+- Notes: Display notes held in separate debuginfo files.
+- Annocheck: Fix atexit test.  Fix recording of version numbers.  (#2165528)
+- LLVM & Clang Plugins: Build with branch protection on AArch64.  (#2164364)
+- Libannocheck: Fix bug causing infinite looping when running tests.
+- Annocheck: Fix handling of file built by multiple versions of gcc.  (#2160700)
+- Annocheck: Fix handling of empty files.  (#2159292)
+- Annocheck: Add crti.o and crtn.o to the list of known glibc special files.  (#2158740)
+- Annocheck: Fix memory leaks.
+- Annocheck: Do not treat object files as if they did not contain any code.  (#2158182)
+- Annocheck: Add more special glibc filenames.
+- Annocheck: Improve handling of tool versions.
+- GCC plugin: Fix building with gcc-13.
+- Annocheck: Add test for binaries built by cross compilers.
+- Annocheck: Improve heuristic used to detect binaries without code. (#2144533)
+- Annocheck: Avoid using debug filename when parsing notes in a debuginfo file.  (#2152280)
+
+* Wed Dec 07 2022 Nick Clifton  <nickc@redhat.com> - 10.94-1
+- Rebase to 10.94.  (#2151312)
+- Annocheck: Better detection of binaries which do not contain code.  (#2144533)
+- Annocheck: Provide more information when a test is skipped because the file being tested was not compiled.
+- Annocheck: Try harder not to run mutually exclusive tests.
+- Tests: Fix future-test so that it properly handles the situation where the compiler does not support the new options.
+- Libannocheck: Actually set result fields after tests are run.
+- Libannocheck: Replace libannocheck_version variable with LIBANNOCHECK_VERSION define.
+- Libannocheck: Remove 'Requires binutils-devel' from libannocheck.pc.
+- Libannocheck: Move into separate sub-package.
+- Libannocheck: Add libannocheck.pc pkgconfig file.
+- Libannocheck: Add libannocheck_reinit().
+- GCC Plugin: Record -ftrivial-auto-var-init and -fzero-call-used-regs.
+- Annocheck: Add future tests for  -ftrivial-auto-var-init and -fzero-call-used-regs.
+- Clang Plugin: Fix for building with Clang-15.  (#2125875)
+- Annocheck: Add a test for the inconsistent use of -Ofast.  (#1248744)
+- Plugin: Fix top level configuration support for RiscV.
+- Annocheck: Improvements to the size tool.
+- Annocheck: Fixes for libannocheck.h.
+- Annocheck: Add automatic profile selection.
+- Annocheck: Improve gap detection and reporting.
+- Annocheck: Check build-id of separate debuginfo files.
+- Annocheck: Add GAPS test replacing --ignore-gaps.
+- Annocheck: Fix covscan detected race condition between stat() and open().
+- Annocheck: Handle binaries created by Rust 1.18.  (#2094420)
+- Annocheck: Add optional function name to --skip arguments.  (PR 29229)
+- Annocheck: Fix handling of command line options that take arguments.  (#2086850)
+- Annocheck: Do not complain about unenabled -mbranch-protection option in AArch64 binaries.  (#2078909)
+- gcc-plugin: Fix typo in configure.ac.
+- Add support for RISC-V.
+- Annocheck: Add another special case for glibc rpms.  (#2083070)
+- Annocheck: Do not complain about unenabled -mbranch-protection option in AArch64 binaries if compiled using LTO.  (#2082146)
+- Annocheck: Add more glibc exceptions + check PT_TLS segments.  (#2081131)
+
+* Thu Jul 21 2022 Florian Weimer <fweimer@redhat.com> - 10.67-3
+- Rebuild to switch back to system annobin (#2108721)
+
+* Fri Jul 15 2022 Florian Weimer <fweimer@redhat.com> - 10.67-2
+- Rebuild to switch back to system annobin (#2001788)
+
+* Fri Apr 29 2022 Nick Clifton  <nickc@redhat.com> - 10.67-1
+- Rebuild against LLVM 14.  (#2064521)
+- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled by golang.
+- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled in LTO mode.
+- gcc-plugin: Add support for CLVC_INTEGER options.
+
+* Wed Apr 06 2022 Nick Clifton  <nickc@redhat.com> - 10.64-1
+- Annocheck: Add more special cases for AArch64 glibc on RHEL-8.  (#2072082)
+- llvm-plugin: Fix a thinko in the sources.
+- gcc-plugin: Add remap of OPT_Wall.
+- configure: Fix typo in top level configure.ac.
+- Add support for building using meson+ninja.
+- Annocheck: Fix test for AArch64 property notes.  (#2068657)
+- gcc-plugin: Do not issue warning messages for autoconf generated source files.  (#2009958)
+
+* Thu Mar 24 2022 Nick Clifton  <nickc@redhat.com> - 10.58-1
+- Rebase to 10.58.  (#2067148)
+- gcc-plugin: Do not issue warning messages for autoconf generated source files.  (#2009958)
+- Annocheck: Update documentation and fix typo in annocheck.  (#2061291)
+- Annocheck: Add option to enable/disable following symbolic links.
+- Annocheck: Always identify Rust binaries, even if built on a host that does not know about Rust.  (#2057737)
+- Spec File: Use a different method to disable the annobin plugin  (#2054571)
+- Annocheck: Accept static GO binaries.  (#2053606)
+- gcc-plugin: Fix libtool so that extraneous runpaths are not added to the plugin.  (#2047356)
+- gcc-plugin: Use canonical_option field of save_decoded_options array. (#2047148)
+- Annocheck: Add an option to disable the use of debuginfod (if available).
+- Annocheck: Add more glibc special file names.
+- Annocheck: Skip some tests for BPF binaries.  (#2044897)
+- Annocheck: Skip property note test for GO binaries.  (#204300)
+- Annocheck: Add another glibc static library symbol.  (#2043047)
+- Spec File: Use gcc --print-file-name=rpmver for the gcc version info.
+- GCC Plugin: Do not fail if a section cannot be attached to a group.
+- Annocheck: Improve detection of kernel modules.
+- GCC Plugin: Only default to link-once when using gcc-12 or later.  (#2039297)
+- Annocheck: Add option to disable instrumentation test.
+- GCC Plugin: Fix building with gcc-12.
+- Spec file: Add requirement on cpio for annocheck.  (#2039747)
+- Annocheck: Add even more glibc function names. (#2037333)
+- Annocheck: ARM: Do not fail tests that rely upon annobin notes.
+- Annocheck: Extend list of known glibc functions.  (#2037333)
+- Annocheck: Ignore gaps that contain the _start symbol (for AArch64).  (#1995224)
+- Annocheck: Ignore more glibc special binaries.  (#2037220)
+- Annocheck: Do not complaining about missing stack clash notes if the compilation used LTO.  (#2034946)
+- Annocheck: Add /usr/lib/ld-linux-aarch64.so.1 to the list of known glibc binaries.  (#2033255)
+- Docs: Note that ENDBR is only needed as the landing pad for indirect branches/calls.  (#28705)
+- Spec File: Store full	gcc version release string in plugin info file.  (#2030671)
+- Annocheck: Add special case for x86_64 RHEL-7 gaps.  (#2031133)
+- Annocheck: Do not complaining about missing -mstackrealign notes in LTO mode.  (#2030298)
+- GCC Plugin: Do not record missing -mstackrealign in LTO mode.
+- Tests: Fix gaps and stat tests to use newly built annobin plugin.  (#2028063)
+- Annocheck: Ignore gaps in binaries at least partial built by golang.  (#2028583)
+- Annocheck: Allow spaces in gloang symbols.  (#2028583)
+- Annocheck: Initial deployment of libannocheck.  (#2028063)
+- gcc-plugin: Fix bug creating empty attachments.
+- Annocheck: Change MAYB result to SKIP for DT_RPATH.  (#2026300)
+- Annocheck: Skip missing fortify/warning notes for ARM32.
+
+* Tue Feb 08 2022 Nick Clifton  <nickc@redhat.com> - 10.29-3
+- NVR bump in order to allow rebuilding against latest gcc.  (#2052060)
+
+* Mon Jan 24 2022 Nick Clifton  <nickc@redhat.com> - 10.29-2
+- Spec File: Add "Requires: rpm cpio" to annocheck sub-package.  (#2043474)
+
+* Tue Nov 30 2021 Nick Clifton  <nickc@redhat.com> - 10.28-1
+- gcc-plugin: Fix bug creating empty attachments.  (#2026944)
+- Annocheck: Change MAYB result to SKIP for DT_RPATH.  (#2026300)
+
 * Mon Nov 22 2021 Nick Clifton  <nickc@redhat.com> - 10.27-1
 - Annocheck: Skip missing fortify/warning notes for ARM32.
 - gcc-plugin: Try another fix for ppc64le section grouping.  (#2023437)