From 3427699452e66728f84ee4998d79532af714d965 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Wed, 31 Jul 2024 09:04:54 +0100 Subject: [PATCH] Rebase to 12.65 Resolves: RHEL-50818 --- .gitignore | 1 + annobin.spec | 61 +++++++++++++++++++++++++++++++++++++--------------- sources | 2 +- 3 files changed, 46 insertions(+), 18 deletions(-) diff --git a/.gitignore b/.gitignore index d8ad644..2b4536d 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ /annobin-12.17.tar.xz /annobin-12.20.tar.xz /annobin-12.32.tar.xz +/annobin-12.65.tar.xz diff --git a/annobin.spec b/annobin.spec index 5ea2d3c..3049c8e 100644 --- a/annobin.spec +++ b/annobin.spec @@ -8,8 +8,8 @@ BuildRequires: scl-utils-build Name: %{?scl_prefix}annobin Summary: Annotate and examine compiled binary files -Version: 12.32 -Release: 2%{?dist} +Version: 12.65 +Release: 1%{?dist} License: GPL-3.0-or-later AND LGPL-2.0-or-later AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND GFDL-1.3-or-later URL: https://sourceware.org/annobin/ # Maintainer: nickc@redhat.com @@ -57,7 +57,7 @@ URL: https://sourceware.org/annobin/ # # The default is to use plugin during rebuilds (cf BZ 1630550) but this can # be changed because of the need to be able to rebuild annobin when a change -# to gcc breaks the version installed into the buildroot. Mote however that +# to gcc breaks the version installed into the buildroot. Note however that # uncommenting the lines below will result in annocheck not passing the rpminspect # tests.... %if %{without plugin_rebuild} @@ -83,7 +83,9 @@ Patch02: annobin-tmp-default-to-using-group-attach.patch # We need the gcc-toolset-13 version of gcc to build annobin, as otherwise the versions will not match. %{?scl:Requires:%scl_require_package %{scl} gcc} -BuildRequires: %{?scl_prefix}gcc +BuildRequires: %{?scl_prefix}gcc %{?scl_prefix}gcc-c++ +BuildRequires: %{?scl_prefix}annobin-plugin-gcc + %define gcc_for_annobin %{?_scl_root}/usr/bin/gcc %define gxx_for_annobin %{?_scl_root}/usr/bin/g++ @@ -178,7 +180,6 @@ Summary: A tool for checking the security hardening status of binaries BuildRequires: elfutils elfutils-devel elfutils-libelf-devel rpm-devel make BuildRequires: %{?scl_prefix}gcc -BuildRequires: %{?scl_prefix}binutils-devel %if %{with debuginfod} BuildRequires: elfutils-debuginfod-client-devel @@ -197,14 +198,12 @@ Summary: A library for checking the security hardening status of binaries BuildRequires: elfutils elfutils-devel elfutils-libelf-devel rpm-devel make BuildRequires: %{?scl_prefix}gcc -BuildRequires: %{?scl_prefix}binutils-devel %if %{with debuginfod} BuildRequires: elfutils-debuginfod-client-devel %endif Requires: %{name}-docs = %{version}-%{release} -Requires: %{?scl_prefix}binutils-devel %description libannocheck Installs the libannocheck library which uses the notes generated by the @@ -363,8 +362,8 @@ CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod" CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod" %endif -%if %{with clangplugin} -CONFIG_ARGS="$CONFIG_ARGS --with-clang" +%if %{without clangplugin} +CONFIG_ARGS="$CONFIG_ARGS --without-clang-plugin" %endif %if %{without gccplugin} @@ -373,8 +372,8 @@ CONFIG_ARGS="$CONFIG_ARGS --without-gcc-plugin" CONFIG_ARGS="$CONFIG_ARGS --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}" %endif -%if %{with llvmplugin} -CONFIG_ARGS="$CONFIG_ARGS --with-llvm" +%if %{without llvmplugin} +CONFIG_ARGS="$CONFIG_ARGS --without-llvm-plugin" %endif %if %{without tests} @@ -408,9 +407,8 @@ export CLANG_TARGET_OPTIONS="-mbranch-protection=standard" %endif %endif -%ifarch ppc ppc64 ppc64le -# FIXME: This is a workaround for a problem with the Clang C++ headers. It should not be needed. -export CLANG_TARGET_OPTIONS="-mabi=ibmlongdouble" +%ifnarch riscv64 +export CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS -flto" %endif CC=%gcc_for_annobin CXX=%gxx_for_annobin CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" CXXFLAGS="$CFLAGS" %configure ${CONFIG_ARGS} || cat config.log @@ -445,12 +443,13 @@ rm %{_tmppath}/tmp_annobin.so %if %{with clangplugin} cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so -make -C clang-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS" +make -C clang-plugin clean all CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS $BUILD_FLAGS" %endif %if %{with llvmplugin} cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so -make -C llvm-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS" +# To enable verbose more in the plugin append the following: ANNOBIN_VERBOSE="true" +make -C llvm-plugin clean all CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS $BUILD_FLAGS" %endif # endif for %%if {with_plugin_rebuild} @@ -474,7 +473,7 @@ mv %{buildroot}/%{llvm_plugin_dir}/annobin-for-clang.so %{buildroot}/%{clang_plu # Note - we cannot just store %%{gcc_vr} as sometimes the gcc rpm version changes # without the NVR being altered. See BZ #2030671 for more discussion on this. mkdir -p %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR} -cat `gcc --print-file-name=rpmver` > %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver} +cat `%gcc_for_annobin --print-file-name=rpmver` > %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver} # Also install a copy of the sources into the build tree. mkdir -p %{buildroot}%{annobin_source_dir} @@ -483,6 +482,11 @@ cp %{_sourcedir}/%{annobin_sources} %{buildroot}%{annobin_source_dir}/latest-ann rm -f %{buildroot}%{_infodir}/dir +# When annocheck is disabled, annocheck.1.gz will still be generated, remove it. +%if %{without annocheck} +rm -f %{_mandir}/man1/annocheck.1.gz +%endif + #--------------------------------------------------------------------------------- %if %{with tests} @@ -559,6 +563,29 @@ make check GCC=%gcc_for_annobin #--------------------------------------------------------------------------------- %changelog +* Tue Jul 30 2024 Nick Clifton - 12.65-1 +- Rebase to 12.65. (RHEL-51018) +- Annocheck: Fix recording arguments for later re-use. (RHEL-50802) +- GCC Plugin: Fix building AArch64 components with gcc earlier than 11.3. +- Annocheck: Add improvements to the builtby utility. +- Annocheck: Add support for ADA binaries. +- Annocheck: Add support for binaries built from more than two high level source languages. +- Annocheck: Add support for object files containing no executable code. +- Annocheck: Do not FAIL LLVM compiled binaries that have not been built with sanitize-cfi and/or sanitize-safe-stack. +- Annocheck: Add support for Fortran binaries. +- Annocheck: Add heuristic for detecting parts of the CGO runtime library. +- Annocheck: Add improvements for handling Clang runtime binaries. +- Annocheck: Add tweaks for mixed Rust/C binaries. (#2284605) +- Annocheck: Add more glibc source file names. +- Annocheck: Skip GAPS test for GO binaries. (RHEL-36308) +- Annocheck: Remove some false positives for Rust binaries. (#2280239) +- Annocheck: Defer passing the branch protection test until all notes have been checked. +- GCC Plugin: Add extra code for detecting the branch protection setting. (RHEL-35958) + +* Mon Jul 29 2024 Nick Clifton - 12.52-1 +- Rebuild with LLVM 18. (RHEL-50803) +- Rebase to 12.52 in order to bring in fixes for LLVM 18. + * Tue Nov 28 2023 Nick Clifton - 12.32-2 - GCC Plugin: Add %%verify tokens to show that the default plugin names are symbolic links. (RHEL-17505) diff --git a/sources b/sources index f3ff8e9..b6842bd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (annobin-12.32.tar.xz) = 10ab73bc48d0a95102292d90d28c87440b969055ab07e964020703276b6c5db35b8693e828fb0063e1d6e5efb025c8ffe3fafb2dd40377c25767b09a986bc02b +SHA512 (annobin-12.65.tar.xz) = ebe4736b4691e4d4846dfd0f0b1d417069a2fb7d6f1d176efb8bacd5f685b534e0045fb956fa656d3f41dda425f5140c81974b07ec22c9ccb1ae493122e42b2b