diff --git a/.annobin.metadata b/.annobin.metadata
index d3a1865..4220c89 100644
--- a/.annobin.metadata
+++ b/.annobin.metadata
@@ -1 +1 @@
-ea07144ebf221728339143b378c3a73ce99e767b SOURCES/annobin-10.15.tar.xz
+e86729286e7277e6e0983074175b5362c0d1dae6 SOURCES/annobin-10.21.tar.xz
diff --git a/.gitignore b/.gitignore
index 0078bf7..5894136 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/annobin-10.15.tar.xz
+SOURCES/annobin-10.21.tar.xz
diff --git a/SOURCES/annobin.ldconfig.patch b/SOURCES/annobin.ldconfig.patch
new file mode 100644
index 0000000..3315846
--- /dev/null
+++ b/SOURCES/annobin.ldconfig.patch
@@ -0,0 +1,102 @@
+diff -rup annobin.orig/annocheck/hardened.c annobin-10.21/annocheck/hardened.c
+--- annobin.orig/annocheck/hardened.c	2021-10-26 16:27:58.353141848 +0100
++++ annobin-10.21/annocheck/hardened.c	2021-10-26 16:28:24.527040025 +0100
+@@ -1479,7 +1479,7 @@ skip_fortify_checks_for_function (annoch
+     {
+       /* NB. KEEP THIS ARRAY ALPHA-SORTED  */
+       "_GLOBAL__sub_I_main",
+-      "_Unwind_Resume",              /* In /sbin/ldconfig.  */
++      "_Unwind_Resume",
+       "__b64_ntop",  	             /* Found in ppc64le, RHEL-9, /lib64/libresolv.so.2.  */
+       "__b64_pton",	             /* Found in ppc64le, RHEL-9, /lib64/libresolv.so.2.  */
+       "__ctype_get_mb_cur_max",
+@@ -1490,17 +1490,13 @@ skip_fortify_checks_for_function (annoch
+       "__td_ta_rtld_global",         /* Found in ppc64le, RHEL-9, /lib64/libthread_db.so.1.  */
+       "_dl_start_user", 	     /* Found in ppc64le, RHEL-9, /lib64/ld64.so.2.  */
+       "_dl_tunable_set_arena_max",   /* Found in ppc64le, RHEL-9, /lib64/libc_malloc_debug.so.0.  */
+-      "_nl_archive_subfreeres",      /* Found in x86_64, RHEL-8.6 /sbin/ldconfig.  */
+       "_start",
+       "blacklist_store_name",
+       "dlmopen_doit",                /* Found in ppc64le, RHEL-9, /lib64/ld64.so.2.  */
+-      "free_category",               /* Found in x86_64, RHEL-8.6 /sbin/ldconfig.  */
+       "free_derivation",
+       "free_mem",
+-      "insert_to_aux_cache.cold.6",  /* Found in x86_64, RHEL-8.6 /sbin/ldconfig.  */
+       "install_handler",
+       "internal_setgrent",
+-      "print_entry",                 /* In /sbin/ldconfig.  */
+       "td_init",	             /* Found in ppc64le, RHEL-9, /lib64/libthread_db.so.1.  */
+       "unlink_blk" 	             /* Found in ppc64le, RHEL-9, /lib64/libc_malloc_debug.so.0.  */
+     };
+@@ -1524,11 +1520,9 @@ skip_pic_checks_for_function (annocheck_
+     {
+       /* NB. KEEP THIS ARRAY ALPHA-SORTED  */
+       "_GLOBAL__sub_I_main",
+-      "_Unwind_Resume",         /* In /sbin/ldconfig.  */
+-      "_nl_archive_subfreeres", /* In /sbin/ldconfig.  */
++      "_Unwind_Resume",
+       "_start",
+-      "atexit",        /* The atexit function in libiberty is only compiled with -fPIC not -fPIE.  */
+-      "print_entry"    /* In /sbin/ldconfig.  */
++      "atexit"                  /* The atexit function in libiberty is only compiled with -fPIC not -fPIE.  */
+     };
+ 
+   if (skip_this_func (non_pie_funcs, ARRAY_SIZE (non_pie_funcs), component_name))
+@@ -1566,15 +1560,12 @@ skip_stack_checks_for_function (annochec
+       "_dl_start",
+       "_dl_start_user", /* Found in ppc64le, RHEL-9 /lib64/ld64.so.2.  */
+       "_dl_sysinfo_int80", /* In /lib/ld-linux.so.2.  */
+-      "_dl_tls_static_surplus_init", /* In /sbin/ldconfig.  */
+       "_fini",
+       "_init",
+       "_start",
+-      "allocate_dtv",   /* Found in AArch64, RHEL-8, /sbin/ldconfig.  */
+       "check_match", 	/* Found in AArch64, RHEL-8, /lib64/ld-2.28.so.  */
+       "check_one_fd",
+       "dlmopen_doit", 
+-      "generic_start_main", /* Found in PPC64LE, RHEL-8, /sbin/ldconfig.  */
+       "get_common_indices.constprop.0",
+       "is_dst",
+       "notify_audit_modules_of_loaded_object",
+@@ -1665,6 +1656,10 @@ function %s is part of the C library's s
+       return true;
+     }
+ 
++  /* The ldconfig binary is known to be compiled with most security features.  */
++  if (streq (data->full_filename, "/sbin/ldconfig"))
++    return true;
++  
+   switch (check)
+     {
+     case TEST_STACK_PROT:
+@@ -4790,7 +4785,11 @@ process_arg (const char * arg, const cha
+ 	    }
+ 	}
+ 
+-      return false;
++      /* Do not fail if we do not recognise the test name.  It may be from a
++	 future version of annocheck, and it just so happens that a test is
++	 running this version by mistake.  */
++      einfo (INFO, "ignoring unrecognized test name in --skip option: %s", arg);
++      return true;
+     }
+ 
+   if (const_strneq (arg, "test-"))
+diff -rup annobin.orig/annocheck/hardened.c annobin-10.21/annocheck/hardened.c
+--- annobin.orig/annocheck/hardened.c	2021-10-27 11:23:27.161942804 +0100
++++ annobin-10.21/annocheck/hardened.c	2021-10-27 11:23:59.692741676 +0100
+@@ -1658,7 +1658,13 @@ function %s is part of the C library's s
+ 
+   /* The ldconfig binary is known to be compiled with most security features.  */
+   if (streq (data->full_filename, "/sbin/ldconfig"))
+-    return true;
++    {
++      sprintf (reason, "\
++function %s is part of the C library's startup code, which executes before stack protection is established",
++	       component_name);
++      skip (data, check, SOURCE_SKIP_CHECKS, reason);
++      return true;
++    }
+   
+   switch (check)
+     {
diff --git a/SPECS/annobin.spec b/SPECS/annobin.spec
index 97f641c..72a0160 100644
--- a/SPECS/annobin.spec
+++ b/SPECS/annobin.spec
@@ -1,8 +1,8 @@
 
 Name:    annobin
 Summary: Annotate and examine compiled binary files
-Version: 10.15
-Release: 2%{?dist}
+Version: 10.21
+Release: 3%{?dist}
 License: GPLv3+
 # ProtocolURL: https://fedoraproject.org/wiki/Toolchain/Watermark
 # Maintainer: nickc@redhat.com
@@ -56,6 +56,7 @@ Source:  annobin-%{version}.tar.xz
 
 # Insert patches here, if needed.
 Patch01: annobin-nop.patch
+Patch02: annobin.ldconfig.patch
 
 #---------------------------------------------------------------------------------
 
@@ -318,6 +319,25 @@ fi
 #---------------------------------------------------------------------------------
 
 %changelog
+* Wed Oct 27 2021 Nick Clifton  <nickc@redhat.com> - 10.21-3
+- annocheck: Disable LTO test when checking ldconfig (attempt 3).  (#2017039)
+
+* Tue Oct 26 2021 Nick Clifton  <nickc@redhat.com> - 10.21-2
+- annocheck: Disable LTO test when checking ldconfig (attempt 2).  (#2017039)
+
+* Tue Oct 26 2021 Nick Clifton  <nickc@redhat.com> - 10.21-1
+- annocheck: Disable LTO test when checking ldconfig.  (#2017039)
+
+* Mon Oct 25 2021 Nick Clifton  <nickc@redhat.com> - 10.20-1
+- annocheck: Add more glibc function names.  (#2017039)
+- gcc-plugin: Fix attaching the .text section to the .text.group section.
+- Complain about DT_RPATH for Fedora binaries.
+- Better reporting of problems in object files.  (#2013708)
+- Add a requirement on llvm-libs for clang and llvm plugins.  (#2014573)
+- Fix configuring annocheck without gcc-plugin.
+- Annocheck: Better reporting of debuginfod problems.
+- Tests: Fix bugs in debuginfod test.
+
 * Mon Oct 18 2021 Nick Clifton  <nickc@redhat.com> - 10.15-2
 - Exclude man pages for uninstalled scripts.  (#2013565)