[ol8_appstream] gcc-toolset-11-annobin-annocheck-10.23-1.el8.aarch64

Name:	gcc-toolset-11-annobin-annocheck
Version:	10.23
Release:	1.el8
Architecture:	aarch64
Group:	Unspecified
Size:	277507
License:	GPLv3+
RPM:	gcc-toolset-11-annobin-annocheck-10.23-1.el8.aarch64.rpm
Source RPM:	gcc-toolset-11-annobin-10.23-1.el8.src.rpm
Build Date:	Sat Apr 02 2022
Build Host:	build-ol8-aarch64.oracle.com
Vendor:	Oracle America
Summary:	A tool for checking the security hardening status of binaries
Description:	Installs the annocheck program which uses the notes generated by annobin to check that the specified files were compiled with the correct security hardening options.

Changelog (Show File list) (Show related packages)

Wed Nov 10 2021 Nick Clifton <nickc@redhat.com> - 10.23-1 (#2020405)

- Annocheck: Add a test for unicode characters in identifiers.
- gcc-plugin: Default to link-order grouping for PPC64LE.  (#2016458)
- Annocheck: Do not fail if a --skip-<name> option does not match a known test.
- ldconfig-test: Skip the LTO check.
- Annocheck: Add more glibc function names.
- gcc-plugin: Fix attaching the .text section to the .text.group section.
- Complain about DT_RPATH for Fedora binaries.
- Better reporting of problems in object files.  (#2013708)
- Add a requirement on llvm-libs for clang and llvm plugins.  (#2014573)
- Fix configuring annocheck without gcc-plugin.
- Annocheck: Better reporting of debuginfod problems.
- Tests: Fix bugs in debuginfod test.
- Annocheck: Add tests based upon recent bug fixes.
- Annocheck: Another tweak to glibc detection code.
- Annocheck: Fix memory corruptions when using --debug-path and when a corrupt note is found.  (#20011438)
- Annocheck: Fix MAYB results for mixed GO/C files.
- Annocheck: Move some messages from VERBOSE to VERBOSE2.
- Annocheck: Scan zero-length tool notes.
- Annocheck: Fix covscan detected flaws.
- plugins: Add more required build options.
- Annocheck: Fix cf-prot test to fail if the CET notes are missing.
- Annocheck: Skip gaps in the .plt section.
- Plugins: Add -g option when building LLVM and Clang.
- Annocheck: Add more cases of glibc startup functions.
- Annocheck: Fix covscan detected problems.
- Annocheck: Add --profile=el8.
- gcc-plugin: Conditionalize generation of branch protection note.
- Annocheck: Ignore gaps containing NOP instructions.
- GCC Plugin: Fix detection of running inside the LTO compiler.  (#2004917)
- Annocheck: Do not insist on the DT_AARCH64_PAC_PLT flag being present in AArch64 binaries.
- Annocheck: With gaps at the start/end of the .text section, check for special symbols before displaying a MAYB result.
- Annocheck: Do not set CFLAGS/LDFLAGS when building.  Take from environment instead.
- Annocheck: Fix exit code when tests PASS.
- Documentation: Add node for each hardening test.
- Documentation: Install online.
- Annocheck: Annote FAIL and MAYB results with URL to documentation
- Annocheck: Add --no-urls and --provide-urls options
- Annocheck: Add --help-<tool> option.
- Annocheck: Fix fuzzing detected failures.
- Annocheck: Add --profile option.
- Docs: Document --profile option and rpminspect.yaml.
- Annocheck: Skip GO/CET checks.  Fix fuzzing detected failures.
- LLVM Plugin: Automatically choose the correct tests to run, based upon the version of Clang installed. (#1997444)
- Annocheck: Fix memory corruption.  (#1996963)
- Annocheck: Fix conditionalization of AArch64's PAC+BTI detection.
- Annocheck: Add linker generated function for ppc64le exceptions.  (#1981410)
- LLVM Plugin: Allow checks to be selected from the command line.
- Annocheck: Examine DW_AT_producer for -flto.    
- Annocheck: Conditionalize detection of AArch64's PAC+BTI protection.
- Annocheck: Add linker generated function for s390x exceptions.  (#1981410)
- Annocheck: Generate MAYB results for gaps in notes covering the .text section.  (#1991943)
- Annocheck: Close DWARF file descriptors once the debug info is no longer needed.  (#1981410)
- LLVM Plugin: Update to build with Clang v13.  (Thanks to: Tom Stellard <tstellar@redhat.com>)
- Annocheck: Fix memory corruption.  (#1988715)
- Annocheck: Skip certain tests for kernel modules.

Fri Oct 29 2021 Nick Clifton <nickc@redhat.com> - 9.85-3

- Default to disabling the tests as they are often run with the wrong compiler.

Thu Oct 28 2021 Nick Clifton <nickc@redhat.com> - 9.85-2

- Annocheck: Add test for multibyte characters in symbol names.  (#2017368)

Tue Aug 10 2021 Nick Clifton <nickc@redhat.com> - 9.85-1

- Annocheck: Detect a missing CET note.  (#1991931)
- Annocheck: Do not report future fails for AArch64 notes.
- Annocheck: Warn about multiple --debug-file, --debug-rpm and --debug-dir options.
- Annocheck: Process files in command line order.  (#1988714)
- Annocheck: Reverse AArch64 PAC+BTI check, ie fail if they are enabled.  (#1984995)
- Annocheck: Add another test exceptions.
- Annocheck: Add some more test exceptions.
- Tests: Skip glibc-notes test if the assembler does not support --generate-missing-build-notes.  (#1978573)
- Tests: Skip objcopy test if objcopy does not support --merge-notes.

Wed Jun 30 2021 Nick Clifton <nickc@redhat.com> - 9.79-1

- Annocheck: Fix spelling mistake in -mstack-realign failure message.  (#1977349)
- gcc-plugin: Do not record global versions of stack protection settings in LTO mode, if not set.  (#1958954)
- Annocheck: Remove limit on number of input files.
- Annocheck: Conditionalize test of DF_PIE_1 flag.
- clang/llvm plugins: Build with correct security options.
- Annocheck: Better detection of GO compiler version.
- Annocheck: Better support for symbolic links.
- Annocheck: In verbose mode, report the reason for skipping specific tests.  (#1969584)

Wed May 26 2021 Nick Clifton <nickc@redhat.com> - 9.73-1

- annocheck: Improve detection of shared libraries.  (#1958954)

Tue May 25 2021 Nick Clifton <nickc@redhat.com> - 9.72-2
```
- NVR bump to rebuild against latest gcc.
```

Thu May 13 2021 Nick Clifton <nickc@redhat.com> - 9.72-1

- Rebase to 9.72. (#1957319)
- annocheck: Accept 0 as a valid number for gcc minor versions and release numbers.
- gcc-plugin: Add support for ARM and RISCV targets.
- timing: do not initialise the clock if the timing tool is disabled.
- gcc-plugin: Replace ICE messsages with verbose messages.
- Fix the testsuite so that it can be run in parallel.
- Annocheck: WARN if the annobin plugin was built for a newer version of the compiler than the one on which it was run. (#1950657)
- Obsolete annobin < 9.66-1 (bug #1949570)
- Annocheck: Improve detection of missing GNU-stack support.
- Correct a package rename (bug #1949570)
- Require docs subpackage by the other ones because of a license
- Build-requiring perl-interpreter is enough
- Fix bz1949570
- Fix anomolies reported by covscan.
- Move documentation into a sub-package.
- gcc-plugin: Use a fixed filename when running in LTO mode.
- Annocheck: Fix detection of special function names. (#1934189)
- Annocheck: FAIL the deliberate use of -fno-stack-protector, but add some exceptions for glibc. (#1923439)
- Annocheck: Add colour to some messages. Skip the deliberate use of -fno-stack-protector. (#1923439)
- Annocheck: Fix some problems with tests for missing notes.
- Split plugins into separate sub-packages
- Add some GO tests to annocheck.
- Add a future fail for the presence of RPATH in the dynamic tags.
- Add the ability to disable the warning message about -D_FORTIFY_SOURCE being missing.
- Workaround for elflint problems with PPC compiled files. (#1880634)
- Fix bogus AArch64 test failures.
- Improved testing by annocheck. Add fixed format message mode.
- Fix inconsistency reporting -fcf-protection and -fstack-clash-protection results.
- Add support for -D_FORTIFY_SOURCE=3.
- annocheck: When a binary is produced both by GAS and GCC, select GAS as the real producer. (#1906171)
- annocheck: Improve test for LTO compiled binaries that do not have -Wall annotations. (#1906171)
- annocheck: Mark a missining -D_FORTIFY_SOURCE as a FAIL.
- annocheck: Fix notes analyzer to accept empty PPC64 notes.
- gcc plugin: Tweak generation of end symbols for PPC64 when LTO is active. (#1898075)
- gcc plugin: Add support for GCC 11's cl_vars array.
- Annocheck: Support enabling/disabling future fails.
- GCC plugin: Always record global notes for the .text.startup,
.text.exit, .text.hot and .text.cold sections.
- Clang plugin: Add -lLLVM to the build command line.
- Annocheck: Improve reporting of missing -D_FORTIFY_SOURCE option. (#1898075)
- Annocheck: Improve reporting of missing LTO option.
- Add detecting of gimple compiled binaries.
- Add --without-gcc-plugin option.
- Annocheck: Fix bug parsing DW_AT_producer.
- Add test of .note.gnu.property section for PowerPC.
- Add test of objcopy's ability to merge notes.
- NVR bump for another ELN sidetag rebuild.
- Record the -flto setting and produce a soft warning if it is absent.
- Suppress warnings about _D_GLIBCXX_ASSERTIONS if the source code is known to be something other than C++.
- Correct the directory chosen for 32-bit LLVM and Clang plugins. (#1884951)
- Allow the use of the SHF_LINK_ORDER section flag to discard unused notes. (Experimental).
- Enable the build and installation of the LLVM and Clang plugins. (Experimental).
- gcc-plugin: Fix test for empty PowerPC sections. (#1880634)
- annocheck: Add tests for the AArch64 BTI and PAC security features. (#1862478)
- gcc plugin: Use a 4 byte offset for PowerPC start symbols, so that they do not break disassemblies.
- gcc plugin: Correct the detection of 32-bit x86 builds. (#1876197)
- gcc plugin: Detect any attempt to access the global_options array.
- gcc plugin: Do not complain about missing pre-processor options when examining a preprocessed input file. (#1862718)
- Use more robust checks for AArch64 options.
- Detect CLANG compiled assembler that is missing IBT support.

Wed Jul 29 2020 Nick Clifton <nickc@redhat.com> - 9.25-1
```
- Improved target pointer size discovery.
```
Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 9.24-3
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
```