diff --git a/.gcc-toolset-9-annobin.metadata b/.gcc-toolset-9-annobin.metadata index 4a54d3c..b741bcf 100644 --- a/.gcc-toolset-9-annobin.metadata +++ b/.gcc-toolset-9-annobin.metadata @@ -1 +1 @@ -399443c633b2f61e939812d16e5f6e65e2f41419 SOURCES/annobin-8.79.tar.xz +3e7ad15509a3cb74328d5951e48e246de4e174f2 SOURCES/annobin-9.08.tar.xz diff --git a/.gitignore b/.gitignore index 4a6f92a..f3f073b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/annobin-8.79.tar.xz +SOURCES/annobin-9.08.tar.xz diff --git a/SPECS/annobin.spec b/SPECS/annobin.spec index 3206d03..fca8e2a 100644 --- a/SPECS/annobin.spec +++ b/SPECS/annobin.spec @@ -4,11 +4,11 @@ Name: %{?scl_prefix}annobin Summary: Binary annotation plugin for GCC -Version: 8.79 -Release: 2%{?dist} +Version: 9.08 +Release: 4%{?dist} License: GPLv3+ -URL: https://fedoraproject.org/wiki/Toolchain/Watermark +# ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark # Maintainer: nickc@redhat.com @@ -36,6 +36,11 @@ URL: https://fedoraproject.org/wiki/Toolchain/Watermark # Use "--without annocheck" to disable the installation of the annocheck program. %bcond_without annocheck +# Use "--with debuginfod" to force support for debuginfod to be compiled into +# the annocheck program. By default the configure script will check for +# availablilty at build time, but this might not match the run time situation. +%bcond_with debuginfod + # Set this to zero to disable the requirement for a specific version of gcc. # This should only be needed if there is some kind of problem with the version # checking logic or when building on RHEL-7 or earlier. @@ -94,6 +99,7 @@ BuildRequires: %{?scl_prefix}gcc %{?scl_prefix}gcc-plugin-devel %{?scl_prefix}gc # we can scrape out the "4.6.1" from the version line. # # The following implements the above: + %global gcc_vr %(%gcc_for_annobin --version | head -n 1 | sed -e 's|.*(Red\ Hat\ ||g' -e 's|)$||g') # We need the major version of gcc. @@ -113,6 +119,7 @@ Requires: (%{?scl_prefix}gcc >= %{gcc_major} with %{?scl_prefix}gcc < %{gcc_next Requires: %{?scl_prefix}gcc %endif +BuildRequires: %{?scl_prefix}gcc %{?scl_prefix}gcc-plugin-devel %{?scl_prefix}gcc-c++ %description Provides a plugin for GCC that records extra information in the files @@ -131,6 +138,10 @@ Summary: Test scripts and binaries for checking the behaviour and output of the Provides a means to test the generation of annotated binaries and the parsing of the resulting files. +%if %{with debuginfod} +BuildRequires: elfutils-debuginfod-client-devel +%endif + %endif #--------------------------------------------------------------------------------- @@ -140,6 +151,9 @@ of the resulting files. Summary: A tool for checking the security hardening status of binaries BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel +%if %{with debuginfod} +BuildRequires: elfutils-debuginfod-client-devel +%endif %description annocheck Installs the annocheck program which uses the notes generated by annobin to @@ -178,7 +192,18 @@ touch doc/annobin.info #--------------------------------------------------------------------------------- %build -%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_PLUGIN_DIR} CC=%gcc_for_annobin CXX=%gxx_for_annobin + +%if %{with debuginfod} +%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_PLUGIN_DIR} CC=%gcc_for_annobin CXX=%gxx_for_annobin --with-debuginfod +%else +# Note - we explicitly disable debuginfod support if it was not configured. +# This is because by default annobin's configue script will assume --with-debuginfod=auto +# and then run a build time test to see if debugingfod is available. It +# may well be, but the build time environment may not match the run time +# environment, and the rpm will not have a Requirement on the debuginfod +# client. +%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_PLUGIN_DIR} CC=%gcc_for_annobin CXX=%gxx_for_annobin --with-debuginfod=no +%endif %make_build # Rebuild the plugin, this time using the plugin itself! This @@ -207,7 +232,10 @@ rm %{_tmppath}/tmp_annobin.so %check # On RHEL7 the assembler does not support all of the annobin tests. # With scl the tests are run with the wrong version of gcc. -make check GCC=%gcc_for_annobin +# Change the following line to "make check GCC=%gcc_for_annobin || :" +# on RHEL7 or if you need to see the test suite logs in order to +# diagnose a test failure. +make check GCC=%gcc_for_annobin if [ -f tests/test-suite.log ]; then cat tests/test-suite.log fi @@ -241,6 +269,43 @@ fi #--------------------------------------------------------------------------------- %changelog +* Tue Feb 18 2020 Nick Clifton - 9.08-4 +- Update gating tests to use the correct gcc-toolset-9 executables. + +* Mon Feb 17 2020 Nick Clifton - 9.08-2 +- Explicitly disable debuginfod support unless configured otherwise. + +* Mon Feb 17 2020 Nick Clifton - 9.08-1 +- Annocheck: Fix error printing out the version number. + +* Fri Feb 14 2020 Nick Clifton - 9.07-1 +- Rebase to 9.07 release: +- Annobin: Add checks of the exact location of the examined switches. +- Annobin: Note when stack clash notes are generated. +- Annocheck: Handle multiple builder IDs in the .comment section. +- Add configure option to suppress building annocheck. +- Fix debuginfod test. +- Correct the build requirement for building with debuginfod support. +- Add debuginfod support. +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild +- Rebuild againt latest gcc-10. +- Add clang plugin (experimental). +- Have annocheck ignore notes with an end address of 0. +- Improve checking of gcc versions. +- Do not skip positive results. +- Generate a WARN result for code compiled with instrumentation enabled. (#1753918) +- Replace address checks with dladdr1. +- Use libabigail like checking to ensure variable address consistency. +- Skip generation of global notes for hot/cold sections. +- Generate FAIL results if -Wall or -Wformat-security are missing. +- If notes cannot be found in the executable look for them in the debuginfo file, if available. +- Generate a FAIL if notes are missing from the executable/debuginfo file. +- Record and report the setting of the AArcht64 specific -mbranch-protection option. +- Improve detection of GO binaries. +- Add gcc version information to annobin notes. +- Do not complain about missing FORTIFY_SOURCE and GLIBCXX_ASSERTIONS in LTO compilations. +- Allow compiler used to run tests to be specified on the command line. (#1723401) + * Thu Aug 08 2019 Nick Clifton - 8.79-2 - Import the missing tests/ sub-directory.