diff --git a/.gcc-toolset-11-annobin.metadata b/.gcc-toolset-11-annobin.metadata index 413ccb8..8c0a8b4 100644 --- a/.gcc-toolset-11-annobin.metadata +++ b/.gcc-toolset-11-annobin.metadata @@ -1 +1 @@ -87f180c5d823d80384d3fdfb508b52d63696472c SOURCES/annobin-9.73.tar.xz +5c4be4229af5a7bbbe0200c587cd44d2a973d591 SOURCES/annobin-10.23.tar.xz diff --git a/.gitignore b/.gitignore index b70743b..117c715 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/annobin-9.73.tar.xz +SOURCES/annobin-10.23.tar.xz diff --git a/SPECS/annobin.spec b/SPECS/annobin.spec index 75521f5..9f68321 100644 --- a/SPECS/annobin.spec +++ b/SPECS/annobin.spec @@ -4,7 +4,7 @@ Name: %{?scl_prefix}annobin Summary: Annotate and examine compiled binary files -Version: 9.73 +Version: 10.23 Release: 1%{?dist} License: GPLv3+ # Maintainer: nickc@redhat.com @@ -13,8 +13,8 @@ License: GPLv3+ #--------------------------------------------------------------------------------- -# Use "--without tests" to disable the testsuite. -%bcond_without tests +# Use "--with tests" to enable the testsuite. +%bcond_with tests # Use "--without annocheck" to disable the installation of the annocheck program. %bcond_without annocheck @@ -67,16 +67,15 @@ License: GPLv3+ Source: annobin-%{version}.tar.xz # For the latest sources use: git clone git://sourceware.org/git/annobin.git -# Insert patches here, if needed. Eg: -# Patch01: annobin-foo.patch +# Insert patches here, if needed. +# Patch01: annobin.unicode.patch #--------------------------------------------------------------------------------- %{?scl:Requires:%scl_runtime} %{?scl:BuildRequires:%scl_runtime} %{?scl:BuildRequires:scl-utils-build} - -# We need the gcc-toolset-9 to build annobin, as otherwise the versions will not match. +# We need the gcc-toolset-11 version of gcc to build annobin, as otherwise the versions will not match. %{?scl:Requires:%scl_require_package %{scl} gcc} BuildRequires: %{?scl_prefix}gcc @@ -139,7 +138,7 @@ Requires: (%{?scl_prefix}gcc >= %{gcc_major} with %{?scl_prefix}gcc < %{gcc_next Requires: %{?scl_prefix}gcc %endif -BuildRequires: %{?scl_prefix}gcc-c++ %{?scl_prefix}gcc-plugin-devel +BuildRequires: %{?scl_prefix}gcc-plugin-devel %{?scl_prefix}gcc-c++ %endif @@ -289,6 +288,8 @@ echo "Requires: (%{?scl_prefix}gcc >= %{gcc_major} and %{?scl_prefix}gcc < %{gcc # but then tries to change directory into -annobin-. # %%autosetup -p1 %setup -q -n annobin-%{version} +# %patch01 -p1 +# chmod +x tests/unicode-test # The plugin has to be configured with the same arcane configure # scripts used by gcc. Hence we must not allow the Fedora build @@ -305,7 +306,7 @@ touch doc/annobin.info export CFLAGS="$CFLAGS $RPM_OPT_FLAGS -I%{?_scl_root}/usr/include" export LDFLAGS="$LD_FLAGS $RPM_LD_FLAGS -L%{?_scl_root}/usr/lib64 -L%{?_scl_root}/usr/lib" -CONFIG_ARGS="--quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}" +CONFIG_ARGS="--quiet" %if %{with debuginfod} CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod" @@ -325,6 +326,8 @@ CONFIG_ARGS="$CONFIG_ARGS --with-clang" %if %{without gccplugin} CONFIG_ARGS="$CONFIG_ARGS --without-gcc-plugin" +%else +CONFIG_ARGS="$CONFIG_ARGS --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}" %endif %if %{with llvmplugin} @@ -339,6 +342,13 @@ CONFIG_ARGS="$CONFIG_ARGS --without-test" CONFIG_ARGS="$CONFIG_ARGS --without-annocheck" %endif +%set_build_flags + +%ifarch %{ix86} x86_64 +# FIXME: There should be a better way to do this. +export CLANG_TARGET_OPTIONS="-fcf-protection" +%endif + %configure ${CONFIG_ARGS} || cat config.log %make_build @@ -384,8 +394,8 @@ make -C llvm-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS" #--------------------------------------------------------------------------------- -# PLUGIN_INSTALL_DIR is used by the Clang and LLVM makefiles... %install +# PLUGIN_INSTALL_DIR is used by the Clang and LLVM makefiles... %make_install PLUGIN_INSTALL_DIR=%{buildroot}/%{llvm_plugin_dir} %if %{with clangplugin} @@ -400,10 +410,9 @@ rm -f %{buildroot}%{_infodir}/dir %if %{with tests} %check -# Change the following line to "make check GCC=%gcc_for_annobin || :" -# if you need to see the test suite logs in order to diagnose a test -# failure. -make check GCC=%gcc_for_annobin || : +# With scl the tests are run with the wrong version of gcc. Hence +# we allow the tests to fail. +make check GCC=%gcc_for_annobin if [ -f tests/test-suite.log ]; then cat tests/test-suite.log fi @@ -456,6 +465,90 @@ fi #--------------------------------------------------------------------------------- %changelog +* Wed Nov 10 2021 Nick Clifton - 10.23-1 (#2020405) +- Annocheck: Add a test for unicode characters in identifiers. +- gcc-plugin: Default to link-order grouping for PPC64LE. (#2016458) +- Annocheck: Do not fail if a --skip- option does not match a known test. +- ldconfig-test: Skip the LTO check. +- Annocheck: Add more glibc function names. +- gcc-plugin: Fix attaching the .text section to the .text.group section. +- Complain about DT_RPATH for Fedora binaries. +- Better reporting of problems in object files. (#2013708) +- Add a requirement on llvm-libs for clang and llvm plugins. (#2014573) +- Fix configuring annocheck without gcc-plugin. +- Annocheck: Better reporting of debuginfod problems. +- Tests: Fix bugs in debuginfod test. +- Annocheck: Add tests based upon recent bug fixes. +- Annocheck: Another tweak to glibc detection code. +- Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found. (#20011438) +- Annocheck: Fix MAYB results for mixed GO/C files. +- Annocheck: Move some messages from VERBOSE to VERBOSE2. +- Annocheck: Scan zero-length tool notes. +- Annocheck: Fix covscan detected flaws. +- plugins: Add more required build options. +- Annocheck: Fix cf-prot test to fail if the CET notes are missing. +- Annocheck: Skip gaps in the .plt section. +- Plugins: Add -g option when building LLVM and Clang. +- Annocheck: Add more cases of glibc startup functions. +- Annocheck: Fix covscan detected problems. +- Annocheck: Add --profile=el8. +- gcc-plugin: Conditionalize generation of branch protection note. +- Annocheck: Ignore gaps containing NOP instructions. +- GCC Plugin: Fix detection of running inside the LTO compiler. (#2004917) +- Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries. +- Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result. +- Annocheck: Do not set CFLAGS/LDFLAGS when building. Take from environment instead. +- Annocheck: Fix exit code when tests PASS. +- Documentation: Add node for each hardening test. +- Documentation: Install online. +- Annocheck: Annote FAIL and MAYB results with URL to documentation +- Annocheck: Add --no-urls and --provide-urls options +- Annocheck: Add --help- option. +- Annocheck: Fix fuzzing detected failures. +- Annocheck: Add --profile option. +- Docs: Document --profile option and rpminspect.yaml. +- Annocheck: Skip GO/CET checks. Fix fuzzing detected failures. +- LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. (#1997444) +- Annocheck: Fix memory corruption. (#1996963) +- Annocheck: Fix conditionalization of AArch64's PAC+BTI detection. +- Annocheck: Add linker generated function for ppc64le exceptions. (#1981410) +- LLVM Plugin: Allow checks to be selected from the command line. +- Annocheck: Examine DW_AT_producer for -flto. +- Annocheck: Conditionalize detection of AArch64's PAC+BTI protection. +- Annocheck: Add linker generated function for s390x exceptions. (#1981410) +- Annocheck: Generate MAYB results for gaps in notes covering the .text section. (#1991943) +- Annocheck: Close DWARF file descriptors once the debug info is no longer needed. (#1981410) +- LLVM Plugin: Update to build with Clang v13. (Thanks to: Tom Stellard ) +- Annocheck: Fix memory corruption. (#1988715) +- Annocheck: Skip certain tests for kernel modules. + +* Fri Oct 29 2021 Nick Clifton - 9.85-3 +- Default to disabling the tests as they are often run with the wrong compiler. + +* Thu Oct 28 2021 Nick Clifton - 9.85-2 +- Annocheck: Add test for multibyte characters in symbol names. (#2017368) + +* Tue Aug 10 2021 Nick Clifton - 9.85-1 +- Annocheck: Detect a missing CET note. (#1991931) +- Annocheck: Do not report future fails for AArch64 notes. +- Annocheck: Warn about multiple --debug-file, --debug-rpm and --debug-dir options. +- Annocheck: Process files in command line order. (#1988714) +- Annocheck: Reverse AArch64 PAC+BTI check, ie fail if they are enabled. (#1984995) +- Annocheck: Add another test exceptions. +- Annocheck: Add some more test exceptions. +- Tests: Skip glibc-notes test if the assembler does not support --generate-missing-build-notes. (#1978573) +- Tests: Skip objcopy test if objcopy does not support --merge-notes. + +* Wed Jun 30 2021 Nick Clifton - 9.79-1 +- Annocheck: Fix spelling mistake in -mstack-realign failure message. (#1977349) +- gcc-plugin: Do not record global versions of stack protection settings in LTO mode, if not set. (#1958954) +- Annocheck: Remove limit on number of input files. +- Annocheck: Conditionalize test of DF_PIE_1 flag. +- clang/llvm plugins: Build with correct security options. +- Annocheck: Better detection of GO compiler version. +- Annocheck: Better support for symbolic links. +- Annocheck: In verbose mode, report the reason for skipping specific tests. (#1969584) + * Wed May 26 2021 Nick Clifton - 9.73-1 - annocheck: Improve detection of shared libraries. (#1958954)