From 1edce69bd423afe5190505e73df57854a35a49e7 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 01 2022 10:19:22 +0000 Subject: import annobin-10.54-2.el9 --- diff --git a/.annobin.metadata b/.annobin.metadata index a4f8217..7d0c807 100644 --- a/.annobin.metadata +++ b/.annobin.metadata @@ -1 +1 @@ -638e8de1542d8a62e9765d830b65bd2dd547c348 SOURCES/annobin-10.44.tar.xz +d05ee3d63e94162fd1ad51b7d79a0c7a8638f47c SOURCES/annobin-10.54.tar.xz diff --git a/.gitignore b/.gitignore index 8e0942a..9a8b67a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/annobin-10.44.tar.xz +SOURCES/annobin-10.54.tar.xz diff --git a/SPECS/annobin.spec b/SPECS/annobin.spec index 9d17437..59cc010 100644 --- a/SPECS/annobin.spec +++ b/SPECS/annobin.spec @@ -1,8 +1,8 @@ Name: annobin Summary: Annotate and examine compiled binary files -Version: 10.44 -Release: 1%{?dist} +Version: 10.54 +Release: 2%{?dist} License: GPLv3+ # Maintainer: nickc@redhat.com # Web Page: https://sourceware.org/annobin/ @@ -161,11 +161,11 @@ of the resulting files. %package annocheck Summary: A tool for checking the security hardening status of binaries -BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel +BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel make %if %{with debuginfod} BuildRequires: elfutils-debuginfod-client-devel -BuildRequires: make %endif +Requires: cpio rpm %description annocheck Installs the annocheck program which uses the notes generated by annobin to @@ -178,9 +178,8 @@ hardening options. %global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin) -%{!?llvm_version:%global llvm_version 12.0.1} -%{!?llvm_plugin_dir:%global llvm_plugin_dir %{_libdir}/llvm/%{llvm_version}} -%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/%{llvm_version}} +%{!?llvm_plugin_dir:%global llvm_plugin_dir %{_libdir}/llvm/plugins} +%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/plugins} %if %{with gccplugin} # The next line has been stolen from redhat-rpm-config.spec. @@ -190,7 +189,7 @@ hardening options. %global rrcdir /usr/lib/rpm/redhat # Information about the gcc plugin is recorded in this file. -%global aver %{rrcdir}/annobin-plugin-version-info +%global aver annobin-plugin-version-info %endif #--------------------------------------------------------------------------------- @@ -268,30 +267,24 @@ make -C gcc-plugin clean BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so" # Disable the standard annobin plugin so that we do get conflicts. -# Note: the "-fplugin=annobin" is here, despite the fact that it will also -# be automatically added to the gcc command line via -# "-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" because of a bug in gcc's -# plugin command line options handling. GCC will issue an error saying that -# there is no plugin called "annobin" matching the -fplugin-arg-annobin-disable -# option, despite the fact that there patently is. -BUILD_FLAGS="$BUILD_FLAGS -fplugin=annobin -fplugin-arg-annobin-disable" +OPTS="$(rpm --eval '%undefine _annotated_build %build_cflags %build_ldflags')" # If building on RHEL7, enable the next option as the .attach_to_group # assembler pseudo op is not available in the assembler. # BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach" -make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS" +make -C gcc-plugin CXXFLAGS="$OPTS $BUILD_FLAGS" rm %{_tmppath}/tmp_annobin.so %endif %if %{with clangplugin} cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so -make -C clang-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS" +make -C clang-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS" %endif %if %{with llvmplugin} cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so -make -C llvm-plugin all CXXFLAGS="%{optflags} $BUILD_FLAGS" +make -C llvm-plugin all CXXFLAGS="$OPTS $BUILD_FLAGS" %endif %endif @@ -310,14 +303,10 @@ mv %{buildroot}/%{llvm_plugin_dir}/annobin-for-clang.so %{buildroot}/%{clang_plu %if %{with gccplugin} # Record the version of gcc that built this plugin. -mkdir -p %{buildroot}%{rrcdir} -rm -f %{buildroot}%{aver} # Note - we cannot just store %%{gcc_vr} as sometimes the gcc rpm version changes # without the NVR being altered. See BZ #2030671 for more discussion on this. -echo `rpm --query gcc --queryformat '%{version}-%{release}'` > %{buildroot}%{aver} -# Provide a more complete version information string on the second line. -# This is not used by the comparison logic, but makes the file more useful to humans. -echo "%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0.0.0 was built by gcc version %{gcc_vr} from the %{version} sources" >> %{buildroot}%{aver} +mkdir -p %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR} +cat `gcc --print-file-name=rpmver` > %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver} # Also install a copy of the sources into the build tree. mkdir -p %{buildroot}%{annobin_source_dir} @@ -361,8 +350,10 @@ fi %endif %if %{with gccplugin} -%{ANNOBIN_GCC_PLUGIN_DIR} -%{aver} +%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so +%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0 +%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0.0.0 +%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver} %{annobin_source_dir}/latest-annobin.tar.xz %endif @@ -377,6 +368,41 @@ fi #--------------------------------------------------------------------------------- %changelog +* Tue Feb 15 2022 Nick Clifton - 10.54-2 +- Spec File: Use a different method to disable the annobin plugin (#2054571) + +* Mon Feb 14 2022 Nick Clifton - 10.54-1 +- Annocheck: Accept static GO binaries. (#2053606) + +* Fri Feb 11 2022 Nick Clifton - 10.53-2 +- NVR bump to allow rebuilding against latest gcc. (#2053507) + +* Fri Jan 28 2022 Nick Clifton - 10.53-1 +- gcc-plugin: Fix libtool so that extraneous runpaths are not added to the plugin. (#2047356) +- gcc-plugin: Use canonical_option field of save_decoded_options array. (#2047148) + +* Tue Jan 25 2022 Nick Clifton - 10.51-1 +- Annocheck: Add an option to disable the use of debuginfod (if available). +- Annocheck: Add more glibc special file names. +- Annocheck: Skip some tests for BPF binaries. (#2044897) + +* Mon Jan 24 2022 Nick Clifton - 10.50-1 +- Annocheck: Skip property note test for GO binaries. (#204300) +- Annocheck: Add another glibc static library symbol. (#2043047) +- Spec File: Use gcc --print-file-name=rpmver for the gcc version info. + +* Mon Jan 17 2022 Nick Clifton - 10.48-1 +- GCC Plugin: Do not fail if a section cannot be attached to a group. + +* Wed Jan 12 2022 Nick Clifton - 10.47-1 +- Annocheck: Improve detection of kernel modules. +- GCC Plugin: Only default to link-once when using gcc-12 or later. (#2039297) + +* Wed Jan 12 2022 Nick Clifton - 10.46-1 +- Annocheck: Add option to disable instrumentation test. +- GCC Plugin: Fix building with gcc-12. +- Spec file: Add requirement on cpio for annocheck. (#2039747) + * Fri Jan 07 2022 Nick Clifton - 10.44-1 - Annocheck: Add even more glibc function names. (#2037333) - Annocheck: ARM: Do not fail tests that rely upon annobin notes.