[ol7_software_collections] devtoolset-12-annobin-annocheck-11.08-1.el7.x86_64

Name:	devtoolset-12-annobin-annocheck
Version:	11.08
Release:	1.el7
Architecture:	x86_64
Group:	Unspecified
Size:	427025
License:	GPLv3+
RPM:	devtoolset-12-annobin-annocheck-11.08-1.el7.x86_64.rpm
Source RPM:	devtoolset-12-annobin-11.08-1.el7.src.rpm
Build Date:	Thu May 25 2023
Build Host:	build-ol7-x86_64.oracle.com
Vendor:	Oracle America
Summary:	A tool for checking the security hardening status of binaries
Description:	Installs the annocheck program which uses the notes generated by annobin to check that the specified files were compiled with the correct security hardening options.

Changelog (Show File list) (Show related packages)

Tue Jan 31 2023 Nick Clifton <nickc@redhat.com> - 11.08-1

- Annocheck: Fix atexit test.  Fix recording of version numbers.  (#2165528)

Fri Jan 27 2023 Nick Clifton <nickc@redhat.com> - 11.06-1

- Rebase to 11.06.  (#2165024)
- Annocheck: Fix handling of file built by multiple versions of gcc.  (#2160700)
- Spec file: Enable annotated building.
- Annocheck: Fix handling of empty files.  (#2159292)
- Annocheck: Add crti.o and crtn.o to the list of known glibc special files.  (#2158740)
- Annocheck: Fix memory leaks.
- Annocheck: Do not assume that object files contain no code simply because they do not have an executable segment.  (#2158386)
- Annocheck: Add more special glibc filenames.  (#2158100)
- Annocheck: Improve handling of tool versions.

Fri Dec 16 2022 Nick Clifton <nickc@redhat.com> - 10.98-1

- GCC Plugin: Fix building with gcc-13.
- Annocheck: Add test for binaries built by cross compilers.
- Annocheck: Improve heuristic used to detect binaries without code. (#2144533)
- Annocheck: Use real filename rather than debuginfo filename. (#2152280)
- Rebase to 10.94, brining in support for LLVM 15. (#2118992)
- Annocheck: Better detection of binaries which do not contain code. (#2144533)
- Annocheck: Provide more information when a test is skipped because the file being tested was not compiled.
- Annocheck: Try harder not to run mutually exclusive tests.
- Tests: Fix future-test so that it properly handles the situation where the compiler does not support the new options.
- Libannocheck: Actually set result fields after tests are run.
- Libannocheck: Replace libannocheck_version variable with LIBANNOCHECK_VERSION define.
- Libannocheck: Remove 'Requires binutils-devel' from libannocheck.pc.
- Libannocheck: Move into separate sub-package.
- Libannocheck: Add libannocheck.pc pkgconfig file.
- Libannocheck: Add libannocheck_reinit().
- GCC Plugin: Record -ftrivial-auto-var-init and -fzero-call-used-regs.
- Annocheck: Add future tests for -ftrivial-auto-var-init and -fzero-call-used-regs.
- Clang Plugin: Fix for building with Clang-15. (#2125875)
- Annocheck: Add a test for the inconsistent use of -Ofast. (#1248744)
- Plugin: Fix top level configuration support for RiscV.
- Annocheck: Improvements to the size tool.
- Annocheck: Fixes for libannocheck.h.
- Annocheck: Add automatic profile selection.
- Annocheck: Improve gap detection and reporting.
- Spec File: Use the %dir directive in the %files section to ensure that
- plugin directories are useable. (#2080454)

Fri Jun 24 2022 Nick Clifton <nickc@redhat.com> - 10.76-1

- Remove bogus Provides from annobin-doc subpackage.  (#2099481)
- Annocheck: Check build-id of separate debuginfo files.
- Annocheck: Add GAPS test replacing --ignore-gaps.

Mon Jun 13 2022 Nick Clifton <nickc@redhat.com> - 10.75-1

- Rebase:
- Annocheck: Fix covscan detected race condition between stat() and open().
- Annocheck: Handle binaries created by Rust 1.18.  (#2094420)
- Annocheck: Add optional function name to --skip arguments.  (PR 29229)
- Annocheck: Fix handling of command line options that take arguments.  (#2086850)
- Annocheck: Do not complain about unenabled -mbranch-protection option in AArch64 binaries.  (#2078909)
- gcc-plugin: Fix typo in configure.ac.
- Add support for RISC-V.
- Annocheck: Add another special case for glibc rpms.  (#2083070)
- Annocheck: Do not complain about unenabled -mbranch-protection option in AArch64 binaries if compiled using LTO.  (#2082146)
- Annocheck: Add more glibc exceptions + check PT_TLS segments.  (#2081131)
- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled by golang.
- Annocheck: Do not complain about missing -mbranch-protection option in AArch64 binaries if compiled in LTO mode.
- gcc-plugin: Add support for CLVC_INTEGER options.
- Annocheck: Even more special cases for AArch64 glibc on RHEL-8.  (#2072082)
- Annocheck: Add more special cases for AArch64 glibc on RHEL-8.  (#2072082)
- llvm-plugin: Fix a thinko in the sources.
- gcc-plugin: Add remap of OPT_Wall.
- configure: Fix typo in top level configure.ac.
- Add support for building using meson+ninja.
- Annocheck: Fix test for AArch64 property notes.  (#2068657)
- gcc-plugin: Do not issue warning messages for autoconf generated source files.  (#2009958)
- Annocheck: Update documentation and fix typo in annocheck.  (#2061291)
- Annocheck: Add option to enable/disable following symbolic links.
- Always identify Rust binaries, even if built on a host that does not know about Rust.  (#2057737)
- Annocheck: Skip PIE anf PIC tests for GO binaries.
- gcc-plugin: Fix libtool so that extraneous runpaths are not added to the plugin.  (#2030667)
- gcc-plugin: Use canonical_option field of save_decoded_options array. (#2047148)
- Annocheck: Add an option to disable the use of debuginfod (if available).
- Annocheck: Add more glibc special file names.
- Annocheck: Skip some tests for BPF binaries.
- Annocheck: Add another glibc static library symbol.  (#2043047)
- Annocheck: Skip property note test for GO binaries.  (#204300)
- GCC Plugin: Do not fail if a section cannot be attached to a group.
- Annocheck: Improve detection of kernel modules.
- GCC Plugin: Only default to link-once when using gcc-12 or later.  (#2039297)
- Annocheck: Add option to disable instrumentation test.
- GCC Plugin: Replace CLVC_BOOLEAN with CLVC_BIT_SET/CLVC_BIT_CLEAR.
- Annocheck: Add even more glibc function names. (#2037333)
- Annocheck: ARM: Do not fail tests that rely upon annobin notes.
- Annocheck: Extend list of known glibc functions.  (#2037333)
- Annocheck: Ignore gaps that contain the _start symbol (for AArch64).  (#1995224)
- Annocheck: Ignore more glibc special binaries.  (#2037220)
- Annocheck: Do not complaining about missing stack clash notes if the compilation used LTO.  (#2034946)
- Annocheck: Add /usr/lib/ld-linux-aarch64.so.1 to the list of known glibc binaries.  (#2033255)
- Doc: Note that ENDBR is only needed as the landing pad for indirect branches/calls.  (#28705)
- Spec File: Store full	gcc version release string in plugin info file.  (#2030671)

Tue Dec 14 2021 Nick Clifton <nickc@redhat.com> - 10.38-1

- Annocheck: Add special case for x86_64 RHEL-7 gaps.  (#2031133)

Mon Dec 13 2021 Nick Clifton <nickc@redhat.com> - 10.35-1

- Tests: Fix fortify and debuginfod tests to use newly built annobin plugin.  (#2031133)
- Tests: Fix gaps and stat tests to use newly built annobin plugin.  (#2028063)
- Annocheck: Ignore gaps in binaries at least partial built by golang.  (#2028583)
- Annocheck: Allow spaces in golang symbols.
- Annocheck: Initial deployment of libannocheck.

Fri Nov 26 2021 Nick Clifton <nickc@redhat.com> - 10.29-1

- gcc-plugin: Fix bug creating empty attachments.
- Annocheck: Change MAYB result to SKIP for DT_RPATH.  (#2026300)
- Annocheck: Skip missing fortify/warning notes for ARM32.
- gcc-plugin: Try another fix for ppc64le section grouping.  (#2023437)
- gcc-plugin: Revert 10.22 change.  (#2023437)
- Annocheck: Add exception for /usr/sbin/ldconfig.  (#2022973)
- Annocheck: Add a test for unicode characters in identifiers.
- gcc-plugin: Default to link-order grouping for PPC64LE.  (#2016458)
- Annocheck: Do not fail if a --skip-<name> option does not match a known test.
- ldconfig-test: Skip the LTO check.
- Annocheck: Add more glibc function names.
- gcc-plugin: Fix attaching the .text section to the .text.group section.
- Complain about DT_RPATH for Fedora binaries.
- Better reporting of problems in object files.  (#2013708)
- Add a requirement on llvm-libs for clang and llvm plugins.  (#2014573)
- Fix configuring annocheck without gcc-plugin.
- Annocheck: Better reporting of debuginfod problems.
- Tests: Fix bugs in debuginfod test.
- Annocheck: Add tests based upon recent bug fixes.
- Annocheck: Another tweak to glibc detection code.
- Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found.  (#20011438)
- Annocheck: Fix MAYB results for mixed GO/C files.
- Annocheck: Move some messages from VERBOSE to VERBOSE2.
- Annocheck: Scan zero-length tool notes.
- Annocheck: Fix covscan detected flaws.
- plugins: Add more required build options.
- Annocheck: Fix cf-prot test to fail if the CET notes are missing.
- Annocheck: Skip gaps in the .plt section.
- Plugins: Add -g option when building LLVM and Clang.
- Annocheck: Add more cases of glibc startup functions.
- Annocheck: Fix covscan detected problems.
- Annocheck: Add --profile=el8.
- gcc-plugin: Conditionalize generation of branch protection note.
- Annocheck: Ignore gaps containing NOP instructions.
- GCC Plugin: Fix detection of running inside the LTO compiler.  (#2004917)
- Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries.
- Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result.
- Annocheck: Do not set CFLAGS/LDFLAGS when building.  Take from environment instead.
- Annocheck: Fix exit code when tests PASS.
- Documentation: Add node for each hardening test.
- Documentation: Install online.
- Annocheck: Annote FAIL and MAYB results with URL to documentation
- Annocheck: Add --no-urls and --provide-urls options
- Annocheck: Add --help-<tool> option.
- Annocheck: Fix fuzzing detected failures.
- Annocheck: Add --profile option.
- Docs: Document --profile option and rpminspect.yaml.
- Annocheck: Skip GO/CET checks.  Fix fuzzing detected failures.
- LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. (#1997444)
- Annocheck: Fix memory corruption.  (#1996963)
- Annocheck: Fix conditionalization of AArch64's PAC+BTI detection.
- Annocheck: Add linker generated function for ppc64le exceptions.  (#1981410)
- LLVM Plugin: Allow checks to be selected from the command line.
- Annocheck: Examine DW_AT_producer for -flto.    
- Annocheck: Conditionalize detection of AArch64's PAC+BTI protection.
- Annocheck: Add linker generated function for s390x exceptions.  (#1981410)
- Annocheck: Generate MAYB results for gaps in notes covering the .text section.  (#1991943)
- Annocheck: Close DWARF file descriptors once the debug info is no longer needed.  (#1981410)
- LLVM Plugin: Update to build with Clang v13.  (Thanks to: Tom Stellard <tstellar@redhat.com>)
- Annocheck: Fix memory corruption.  (#1988715)
- Annocheck: Skip certain tests for kernel modules.
- Annocheck: Detect a missing CET note.  (#1991931)
- Annocheck: Do not report future fails for AArch64 notes.
- Annocheck: Warn about multiple --debug-file, --debug-rpm and --debug-dir options.
- Annocheck: Process files in command line order.  (#1988714)
- Annocheck: Reverse AArch64 PAC+BTI check, ie fail if they are enabled.  (#1984995)

Tue Jul 20 2021 Nick Clifton <nickc@redhat.com> - 9.82-1

- Annocheck: Add another test exceptions.
- Annocheck: Add some more test exceptions.
- Tests: Skip glibc-notes test if the assembler does not support --generate-missing-build-notes.  (#1978573)
- Tests: Skip objcopy test if objcopy does not support --merge-notes.

Wed Jun 30 2021 Nick Clifton <nickc@redhat.com> - 9.79-1

- Annocheck: Fix spelling mistake in -mstack-realign failure message.  (#1977349)
- gcc-plugin: Do not record global versions of stack protection settings in LTO mode, if not set.  (#1958954)
- Annocheck: Remove limit on number of input files.