--- /dev/null
+From 8e9d6e0c0982ea5db152d28fc2b5df055527bca1 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 25 Jan 2022 16:35:46 +0000
+Subject: [PATCH] 10.51: Annocheck: Skip some tests for BPF files
+
+---
+ annobin-global.h | 2 +-
+ annocheck/annocheck.c | 48 +++++-
+ annocheck/hardened.c | 321 +++++++++++++++++++++++++++++++++++----
+ annocheck/libannocheck.h | 2 +-
+ doc/annobin.info | 131 ++++++++--------
+ doc/annobin.texi | 10 ++
+ 6 files changed, 419 insertions(+), 95 deletions(-)
+
+diff --git a/annobin-global.h b/annobin-global.h
+index 442eed5..08ce3ed 100644
+--- a/annobin-global.h
++++ b/annobin-global.h
+@@ -23,7 +23,7 @@ extern "C" {
+
+ NB/ Keep this value in sync with libannochck_version defined in
+ annocheck/libannocheck.h. */
+-#define ANNOBIN_VERSION 1050
++#define ANNOBIN_VERSION 1051
+
+ /* The version of the annotation specification supported. */
+ #define SPEC_VERSION 3
+diff --git a/annocheck/annocheck.c b/annocheck/annocheck.c
+index 55aed96..7c3e294 100644
+--- a/annocheck/annocheck.c
++++ b/annocheck/annocheck.c
+@@ -59,6 +59,10 @@ static const char * debug_rpm_dir = NULL;
+ static const char * tmpdir = NULL;
+ #endif
+
++#if HAVE_LIBDEBUGINFOD && ! defined LIBANNOCHECK
++static bool use_debuginfod = true;
++#endif
++
+ static checker * first_checker = NULL;
+ static checker * first_sec_checker = NULL;
+ static checker * first_seg_checker = NULL;
+@@ -740,22 +744,21 @@ follow_debuglink (annocheck_data * data)
+
+ #ifndef LIBANNOCHECK
+ #if HAVE_LIBDEBUGINFOD
+- if (build_id_len > 0)
++ if (! use_debuginfod)
++ ;
++ else if (build_id_len > 0)
+ {
+ debuginfod_client *client = debuginfod_begin ();
+
+ if (client != NULL)
+ {
+-einfo (VERBOSE2, "C");
+ TRY_DEBUG ("DEBUGINFOD_URLS=%s", getenv (DEBUGINFOD_URLS_ENV_VAR) ?: "" );
+-einfo (VERBOSE2, "B");
+
+ /* If the debug file is successfully downloaded, debugfile will be
+ set to the path of the local copy. */
+ fd = debuginfod_find_debuginfo (client, build_id_ptr, build_id_len, & debugfile);
+
+ debuginfod_end (client);
+-einfo (VERBOSE2, "D");
+
+ if (fd >= 0)
+ {
+@@ -774,7 +777,7 @@ einfo (VERBOSE2, "D");
+ einfo (VERBOSE2, "%s: support for debuginfod not built into annocheck", data->filename);
+ #endif /* HAVE_LIBDEBUGINFOD */
+ #endif /* not LIBANNOCHECK */
+-
++
+ /* Failed to find the file. */
+ einfo (VERBOSE2, "%s: warn: Could not find separate debug file: %s", data->filename, link);
+
+@@ -1374,6 +1377,9 @@ process_rpm_file (const char * filename)
+ /* Increment the recursion level. */
+ " --level ", itoa (level + 1),
+ " --ignore-unknown",
++#if HAVE_LIBDEBUGINFOD && !defined LIBANNOCHECK
++ use_debuginfod ? "" : " --no-use-debuginfod",
++#endif
+ /* Pass on the name of the temporary data directory, if created. */
+ tmpdir == NULL ? "" : " --tmpdir ",
+ tmpdir == NULL ? "" : tmpdir,
+@@ -1805,6 +1811,10 @@ usage (void)
+ einfo (INFO, " --quiet [Do not print anything, just return an exit status]");
+ einfo (INFO, " --verbose [Produce informational messages whilst working. Repeat for more information]");
+ einfo (INFO, " --version [Report the verion of the tool & exit]");
++#if HAVE_LIBDEBUGINFOD
++ einfo (INFO, " --use-debuginfod [Use debuginfod, even if it is available (default)]");
++ einfo (INFO, " --no-use-debuginfod [Do not use debuginfod, even if it is available]");
++#endif
+
+ einfo (INFO, "The following options are internal to the scanner and not expected to be supplied by the user:");
+ einfo (INFO, " --prefix=<TEXT> [Include <TEXT> in the output description]");
+@@ -2068,7 +2078,7 @@ process_command_line (uint argc, const char * argv[])
+ goto unknown_arg;
+ break;
+
+- case 'v': /* --verbose or --version */
++ case 'v': /* --verbose or --version. */
+ if (const_strneq (arg, "version"))
+ {
+ print_version ();
+@@ -2085,6 +2095,32 @@ process_command_line (uint argc, const char * argv[])
+ goto unknown_arg;
+ break;
+
++ case 'u':
++ if (streq (arg, "use-debuginfod"))
++ {
++#if HAVE_LIBDEBUGINFOD
++ use_debuginfod = true;
++#else
++ einfo (WARN, "debuginfod is not supported by this build of annocheck");
++#endif
++ }
++ else
++ goto unknown_arg;
++ break;
++
++ case 'n':
++ if (streq (arg, "no-use-debuginfod"))
++ {
++#if HAVE_LIBDEBUGINFOD
++ use_debuginfod = false;
++#else
++ /* Do not warn, just silently accept. */
++#endif
++ }
++ else
++ goto unknown_arg;
++ break;
++
+ default:
+ unknown_arg:
+ einfo (WARN, "Unrecognised command line option: %s", orig_arg);
+diff --git a/annocheck/hardened.c b/annocheck/hardened.c
+index 38f4b64..c2c529d 100644
+--- a/annocheck/hardened.c
++++ b/annocheck/hardened.c
+@@ -1171,13 +1171,17 @@ is_special_glibc_binary (const char * path)
+ static const char * known_prefixes [] =
+ {
+ /* NB/ Keep this array alpha-sorted. */
++ /* NB/ The terminating forward slash is important. */
+ "/lib/",
+ "/lib64/",
+ "/sbin/",
+ "/usr/bin/",
+ "/usr/lib/",
++ "/usr/lib/gconv/",
+ "/usr/lib64/",
++ "/usr/lib64/gconv/",
+ "/usr/libexec/",
++ "/usr/libexec/getconf/",
+ "/usr/sbin/"
+ };
+
+@@ -1192,11 +1196,9 @@ is_special_glibc_binary (const char * path)
+ path += len;
+ break;
+ }
+- /* Since the array is alpha-sorted and we are searching in reverse order,
+- a positive result means that path > prefix and hence we can stop the search. */
+- if (res > 0)
+- /* All (absolute) glibc binaries should have a known prefix. */
+- return false;
++ /* Do not abort this loop if res > 0/
++ We can have a file like /usr/lib64/libmcheck.a which will
++ not match /usr/lib64/gconv but which should match /usr/lib64. */
+ }
+
+ if (i < 0)
+@@ -1207,32 +1209,276 @@ is_special_glibc_binary (const char * path)
+ const char * known_glibc_specials[] =
+ {
+ /* NB/ Keep this array alpha sorted. */
++ "ANSI_X3.110.so",
++ "ARMSCII-8.so",
++ "ASMO_449.so",
++ "BIG5.so",
++ "BIG5HKSCS.so",
++ "BRF.so",
++ "CP10007.so",
++ "CP1125.so",
++ "CP1250.so",
++ "CP1251.so",
++ "CP1252.so",
++ "CP1253.so",
++ "CP1254.so",
++ "CP1255.so",
++ "CP1256.so",
++ "CP1257.so",
++ "CP1258.so",
++ "CP737.so",
++ "CP770.so",
++ "CP771.so",
++ "CP772.so",
++ "CP773.so",
++ "CP774.so",
++ "CP775.so",
++ "CP932.so",
++ "CSN_369103.so",
++ "CWI.so",
++ "DEC-MCS.so",
++ "EBCDIC-AT-DE-A.so",
++ "EBCDIC-AT-DE.so",
++ "EBCDIC-CA-FR.so",
++ "EBCDIC-DK-NO-A.so",
++ "EBCDIC-DK-NO.so",
++ "EBCDIC-ES-A.so",
++ "EBCDIC-ES-S.so",
++ "EBCDIC-ES.so",
++ "EBCDIC-FI-SE-A.so",
++ "EBCDIC-FI-SE.so",
++ "EBCDIC-FR.so",
++ "EBCDIC-IS-FRISS.so",
++ "EBCDIC-IT.so",
++ "EBCDIC-PT.so",
++ "EBCDIC-UK.so",
++ "EBCDIC-US.so",
++ "ECMA-CYRILLIC.so",
++ "EUC-CN.so",
++ "EUC-JISX0213.so",
++ "EUC-JP-MS.so",
++ "EUC-JP.so",
++ "EUC-KR.so",
++ "EUC-TW.so",
++ "GB18030.so",
++ "GBBIG5.so",
++ "GBGBK.so",
++ "GBK.so",
++ "GEORGIAN-ACADEMY.so",
++ "GEORGIAN-PS.so",
++ "GOST_19768-74.so",
++ "GREEK-CCITT.so",
++ "GREEK7-OLD.so",
++ "GREEK7.so",
++ "HP-GREEK8.so",
++ "HP-ROMAN8.so",
++ "HP-ROMAN9.so",
++ "HP-THAI8.so",
++ "HP-TURKISH8.so",
++ "IBM037.so",
++ "IBM038.so",
++ "IBM1004.so",
++ "IBM1008.so",
++ "IBM1008_420.so",
++ "IBM1025.so",
++ "IBM1026.so",
++ "IBM1046.so",
++ "IBM1047.so",
++ "IBM1097.so",
++ "IBM1112.so",
++ "IBM1122.so",
++ "IBM1123.so",
++ "IBM1124.so",
++ "IBM1129.so",
++ "IBM1130.so",
++ "IBM1132.so",
++ "IBM1133.so",
++ "IBM1137.so",
++ "IBM1140.so",
++ "IBM1141.so",
++ "IBM1142.so",
++ "IBM1143.so",
++ "IBM1144.so",
++ "IBM1145.so",
++ "IBM1146.so",
++ "IBM1147.so",
++ "IBM1148.so",
++ "IBM1149.so",
++ "IBM1153.so",
++ "IBM1154.so",
++ "IBM1155.so",
++ "IBM1156.so",
++ "IBM1157.so",
++ "IBM1158.so",
++ "IBM1160.so",
++ "IBM1161.so",
++ "IBM1162.so",
++ "IBM1163.so",
++ "IBM1164.so",
++ "IBM1166.so",
++ "IBM1167.so",
++ "IBM12712.so",
++ "IBM1364.so",
++ "IBM1371.so",
++ "IBM1388.so",
++ "IBM1390.so",
++ "IBM1399.so",
++ "IBM16804.so",
++ "IBM256.so",
++ "IBM273.so",
++ "IBM274.so",
++ "IBM275.so",
++ "IBM277.so",
++ "IBM278.so",
++ "IBM280.so",
++ "IBM281.so",
++ "IBM284.so",
++ "IBM285.so",
++ "IBM290.so",
++ "IBM297.so",
++ "IBM420.so",
++ "IBM423.so",
++ "IBM424.so",
++ "IBM437.so",
++ "IBM4517.so",
++ "IBM4899.so",
++ "IBM4909.so",
++ "IBM4971.so",
++ "IBM500.so",
++ "IBM5347.so",
++ "IBM803.so",
++ "IBM850.so",
++ "IBM851.so",
++ "IBM852.so",
++ "IBM855.so",
++ "IBM856.so",
++ "IBM857.so",
++ "IBM858.so",
++ "IBM860.so",
++ "IBM861.so",
++ "IBM862.so",
++ "IBM863.so",
++ "IBM864.so",
++ "IBM865.so",
++ "IBM866.so",
++ "IBM866NAV.so",
++ "IBM868.so",
++ "IBM869.so",
++ "IBM870.so",
++ "IBM871.so",
++ "IBM874.so",
++ "IBM875.so",
++ "IBM880.so",
++ "IBM891.so",
++ "IBM901.so",
++ "IBM902.so",
++ "IBM903.so",
++ "IBM9030.so",
++ "IBM904.so",
++ "IBM905.so",
++ "IBM9066.so",
++ "IBM918.so",
++ "IBM921.so",
++ "IBM922.so",
++ "IBM930.so",
++ "IBM932.so",
++ "IBM933.so",
++ "IBM935.so",
++ "IBM937.so",
++ "IBM939.so",
++ "IBM943.so",
++ "IBM9448.so",
++ "IEC_P27-1.so",
++ "INIS-8.so",
++ "INIS-CYRILLIC.so",
++ "INIS.so",
++ "ISIRI-3342.so",
++ "ISO-2022-CN-EXT.so",
++ "ISO-2022-CN.so",
++ "ISO-2022-JP-3.so",
++ "ISO-2022-JP.so",
++ "ISO-2022-KR.so",
++ "ISO-8859-1_CP037_Z900.so",
++ "ISO-IR-197.so",
++ "ISO-IR-209.so",
++ "ISO646.so",
++ "ISO8859-1.so",
++ "ISO8859-10.so",
++ "ISO8859-11.so",
++ "ISO8859-13.so",
++ "ISO8859-14.so",
++ "ISO8859-15.so",
++ "ISO8859-16.so",
++ "ISO8859-2.so",
++ "ISO8859-3.so",
++ "ISO8859-4.so",
++ "ISO8859-5.so",
++ "ISO8859-6.so",
++ "ISO8859-7.so",
++ "ISO8859-8.so",
++ "ISO8859-9.so",
++ "ISO8859-9E.so",
++ "ISO_10367-BOX.so",
++ "ISO_11548-1.so",
++ "ISO_2033.so",
++ "ISO_5427-EXT.so",
++ "ISO_5427.so",
++ "ISO_5428.so",
++ "ISO_6937-2.so",
++ "ISO_6937.so",
++ "JOHAB.so",
++ "KOI-8.so",
++ "KOI8-R.so",
++ "KOI8-RU.so",
++ "KOI8-T.so",
++ "KOI8-U.so",
++ "LATIN-GREEK-1.so",
++ "LATIN-GREEK.so",
++ "MAC-CENTRALEUROPE.so",
++ "MAC-IS.so",
++ "MAC-SAMI.so",
++ "MAC-UK.so",
++ "MACINTOSH.so",
++ "MIK.so",
++ "Mcrt1.o",
++ "NATS-DANO.so",
++ "NATS-SEFI.so",
++ "POSIX_V6_ILP32_OFF32",
++ "POSIX_V6_ILP32_OFFBIG",
++ "POSIX_V6_LP64_OFF64",
++ "POSIX_V7_ILP32_OFF32",
++ "POSIX_V7_ILP32_OFFBIG",
++ "POSIX_V7_LP64_OFF64",
++ "PT154.so",
++ "RK1048.so",
++ "SAMI-WS2.so",
++ "SHIFT_JISX0213.so",
++ "SJIS.so",
++ "Scrt1.o",
++ "T.61.so",
++ "TCVN5712-1.so",
++ "TIS-620.so",
++ "TSCII.so",
++ "UHC.so",
++ "UNICODE.so",
++ "UTF-16.so",
++ "UTF-32.so",
++ "UTF-7.so",
++ "UTF16_UTF32_Z9.so",
++ "UTF8_UTF16_Z9.so",
++ "UTF8_UTF32_Z9.so",
++ "VISCII.so",
++ "XBS5_ILP32_OFF32",
++ "XBS5_ILP32_OFFBIG",
++ "XBS5_LP64_OFF64",
+ "audit/sotruss-lib.so",
+ "build-locale-archive",
+- "gconv/ANSI_X3.110.so",
+- "gconv/CP1252.so",
+- "gconv/ISO-8859-1_CP037_Z900.so",
+- "gconv/ISO8859-1.so",
+- "gconv/ISO8859-15.so",
+- "gconv/UNICODE.so",
+- "gconv/UTF-16.so",
+- "gconv/UTF-32.so",
+- "gconv/UTF-7.so",
+- "gconv/UTF16_UTF32_Z9.so",
+- "gconv/UTF8_UTF16_Z9.so",
+- "gconv/UTF8_UTF32_Z9.so",
++ "crt1.o",
++ "gcrt1.o",
+ "gencat",
+ "getconf",
+- "getconf/POSIX_V6_ILP32_OFF32",
+- "getconf/POSIX_V6_ILP32_OFFBIG",
+- "getconf/POSIX_V6_LP64_OFF64",
+- "getconf/POSIX_V7_ILP32_OFF32",
+- "getconf/POSIX_V7_ILP32_OFFBIG",
+- "getconf/POSIX_V7_LP64_OFF64",
+- "getconf/XBS5_ILP32_OFF32",
+- "getconf/XBS5_ILP32_OFFBIG",
+- "getconf/XBS5_LP64_OFF64",
+ "getent",
++ "grcrt1.o",
+ "iconv",
+ "iconvconfig",
+ "ld-2.33.so",
+@@ -1247,9 +1493,12 @@ is_special_glibc_binary (const char * path)
+ "libSegFault.so",
+ "libc.so.6",
+ "libc_malloc_debug.so.0",
++ "libg.a:dummy.o",
+ "libm.so.6",
++ "libmcheck.a",
+ "libmemusage.so",
+ "libmvec.so.1",
++ "libnsl.so.1",
+ "libnss_compat.so.2",
+ "libpcprofile.so",
+ "libresolv.so.2",
+@@ -1258,7 +1507,10 @@ is_special_glibc_binary (const char * path)
+ "locale",
+ "localedef",
+ "makedb",
++ "memusagestat",
++ "pcprofiledump",
+ "pldd",
++ "rcrt1.o",
+ "sprof",
+ "zdump",
+ "zic"
+@@ -1758,6 +2010,7 @@ skip_stack_checks_for_function (annocheck_data * data, enum test_index check, co
+ "../sysdeps/x86_64/crti.S",
+ "../sysdeps/x86_64/start.S",
+ "_GLOBAL__sub_I_main",
++ "_ZN12_GLOBAL__N_122thread_cleanup_handlerEPv", /* Found in Clang's compile-rt library. */
+ "__libc_csu_fini",
+ "__libc_csu_init",
+ "__libc_init_first",
+@@ -2661,7 +2914,9 @@ build_note_checker (annocheck_data * data,
+
+ case 0:
+ case 1:
+- if (! skip_test_for_current_func (data, TEST_FORTIFY))
++ if (is_special_glibc_binary (data->full_filename))
++ skip (data, TEST_FORTIFY, SOURCE_ANNOBIN_NOTES, "glibc binaries are built without fortification");
++ else if (! skip_test_for_current_func (data, TEST_FORTIFY))
+ fail (data, TEST_FORTIFY, SOURCE_ANNOBIN_NOTES, "-O level is too low");
+ break;
+
+@@ -4723,6 +4978,10 @@ finish (annocheck_data * data)
+ skip (data, i, SOURCE_FINAL_SCAN, "kernel modules do not need a GNU type stack section");
+ else if (is_grub_module (data))
+ skip (data, i, SOURCE_FINAL_SCAN, "grub modules do not need a GNU type stack section");
++#ifdef EM_BPF
++ else if (per_file.e_machine == EM_BPF)
++ skip (data, i, SOURCE_FINAL_SCAN, "BPF binaries are special");
++#endif
+ else if (is_object_file ())
+ {
+ fail (data, i, SOURCE_FINAL_SCAN, "no .note.GNU-stack section found");
+@@ -4813,6 +5072,10 @@ finish (annocheck_data * data)
+ skip (data, i, SOURCE_FINAL_SCAN, "kernel modules are not compiled with this feature");
+ else if (per_file.seen_tools & TOOL_GO)
+ skip (data, i, SOURCE_FINAL_SCAN, "GO compilation does not use the C preprocessor");
++#ifdef EM_BPF
++ else if (per_file.e_machine == EM_BPF)
++ skip (data, i, SOURCE_FINAL_SCAN, "BPF binaries are special");
++#endif
+ else if (per_file.e_machine == EM_ARM)
+ /* The macros file from redhat-rpm-config explicitly disables the annobin plugin for ARM32
+ because of the problems reported in https://bugzilla.redhat.com/show_bug.cgi?id=1951492
+@@ -4891,6 +5154,10 @@ finish (annocheck_data * data)
+ skip (data, i, SOURCE_FINAL_SCAN, "GO does not support stack clash protection");
+ else if (per_file.lto_used)
+ skip (data, i, SOURCE_FINAL_SCAN, "compiling in LTO mode hides the -fstack-clash-protection option");
++#ifdef EM_BPF
++ else if (per_file.e_machine == EM_BPF)
++ skip (data, i, SOURCE_FINAL_SCAN, "BPF binaries are special");
++#endif
+ else
+ maybe (data, i, SOURCE_FINAL_SCAN, "no notes found regarding this test");
+ break;
+diff --git a/annocheck/libannocheck.h b/annocheck/libannocheck.h
+index c0f672d..3e33914 100644
+--- a/annocheck/libannocheck.h
++++ b/annocheck/libannocheck.h
+@@ -18,7 +18,7 @@ extern "C" {
+
+ /* NB/ Keep this value in sync with ANNOBIN_VERSION defined in
+ annobin-global.h. */
+-const unsigned int libannocheck_version = 1050;
++const unsigned int libannocheck_version = 1051;
+
+ typedef enum libannocheck_error
+ {
+diff --git a/doc/annobin.info b/doc/annobin.info
+index 7c7d67c..c98fb7a 100644
+--- a/doc/annobin.info
++++ b/doc/annobin.info
+@@ -600,6 +600,8 @@ File: annobin.info, Node: Annocheck, Next: Libannocheck, Prev: Examining, Up
+ [-debug-rpm=FILE]
+ [-dwarf-dir=DIR]
+ [-prefix=TEXT]
++ [-use-debuginfod]
++ [-no-use-debuginfod]
+ [-enable-TOOL]
+ [-disable-TOOL]
+ [-TOOL-OPTION]
+@@ -680,6 +682,15 @@ that are used regardless of which tools are enabled.
+ '--version'
+ Report the version of the tool and then exit.
+
++'--use-debuginfod'
++ Enable the use of the debuginfod service to download debuginfo
++ rpms. This feature is enabled by default, but it is only active if
++ support for the debuginfod server has been compiled in to
++ annocheck.
++
++'--no-use-debuginfod'
++ Do not use the debuginfod service, even if it is available.
++
+ '--enable-TOOL'
+ Enable TOOL. Most tools are disabled by default and so need to be
+ enabled via this option before they will act.
+@@ -3490,66 +3501,66 @@ Node: The CF Encoding\7f19015
+ Node: The ENUM Encoding\7f20087
+ Node: The INSTRUMENT Encoding\7f20476
+ Node: Annocheck\7f21850
+-Node: Built By\7f25735
+-Node: Hardened\7f27238
+-Node: Test bind now\7f31017
+-Node: Test branch protection\7f32657
+-Node: Test cf protection\7f34911
+-Node: Test dynamic segment\7f39020
+-Node: Test dynamic tags\7f40151
+-Node: Test entry\7f42500
+-Node: Test fortify\7f43395
+-Node: Test glibcxx assertions\7f44908
+-Node: Test gnu relro\7f45946
+-Node: Test gnu stack\7f47680
+-Node: Test go revision\7f50077
+-Node: Test instrumentation\7f51125
+-Node: Test lto\7f51956
+-Node: Test not branch protection\7f52862
+-Node: Test not dynamic tags\7f54444
+-Node: Test notes\7f56132
+-Node: Test only go\7f58415
+-Node: Test optimization\7f59566
+-Node: Test pic\7f60941
+-Node: Test pie\7f62486
+-Node: Test production\7f63774
+-Node: Test property note\7f64587
+-Node: Test run path\7f67064
+-Node: Test rwx seg\7f69285
+-Node: Test short enums\7f70557
+-Node: Test stack clash\7f71574
+-Node: Test stack prot\7f73035
+-Node: Test stack realign\7f74367
+-Node: Test textrel\7f75637
+-Node: Test threads\7f76894
+-Node: Test unicode\7f77709
+-Node: Test warnings\7f79200
+-Node: Test writable got\7f80035
+-Node: Hardened Command Line Options\7f81321
+-Node: Waiving Hardened Results\7f86761
+-Node: Notes\7f88405
+-Node: Size\7f89041
+-Node: Timing\7f91184
+-Node: Libannocheck\7f91823
+-Node: libannocheck_init\7f93762
+-Node: libannocheck_finish\7f94684
+-Node: libannocheck_get_version\7f95232
+-Node: libannocheck_get_error_message\7f95641
+-Node: libannocheck_get_known_tests\7f96281
+-Node: libannocheck_enable_all_tests\7f97447
+-Node: libannocheck_disable_all_tests\7f97926
+-Node: libannocheck_enable_test\7f98482
+-Node: libannocheck_disable_test\7f99150
+-Node: libannocheck_enable_profile\7f99819
+-Node: libannocheck_get_known_profiles\7f100341
+-Node: libannocheck_run_tests\7f101044
+-Node: Configure Options\7f101889
+-Node: Legacy Scripts\7f104231
+-Node: Who Built Me\7f105006
+-Node: ABI Checking\7f107766
+-Node: Hardening Checks\7f109882
+-Node: Checking Archives\7f113968
+-Node: GNU FDL\7f116389
++Node: Built By\7f26116
++Node: Hardened\7f27619
++Node: Test bind now\7f31398
++Node: Test branch protection\7f33038
++Node: Test cf protection\7f35292
++Node: Test dynamic segment\7f39401
++Node: Test dynamic tags\7f40532
++Node: Test entry\7f42881
++Node: Test fortify\7f43776
++Node: Test glibcxx assertions\7f45289
++Node: Test gnu relro\7f46327
++Node: Test gnu stack\7f48061
++Node: Test go revision\7f50458
++Node: Test instrumentation\7f51506
++Node: Test lto\7f52337
++Node: Test not branch protection\7f53243
++Node: Test not dynamic tags\7f54825
++Node: Test notes\7f56513
++Node: Test only go\7f58796
++Node: Test optimization\7f59947
++Node: Test pic\7f61322
++Node: Test pie\7f62867
++Node: Test production\7f64155
++Node: Test property note\7f64968
++Node: Test run path\7f67445
++Node: Test rwx seg\7f69666
++Node: Test short enums\7f70938
++Node: Test stack clash\7f71955
++Node: Test stack prot\7f73416
++Node: Test stack realign\7f74748
++Node: Test textrel\7f76018
++Node: Test threads\7f77275
++Node: Test unicode\7f78090
++Node: Test warnings\7f79581
++Node: Test writable got\7f80416
++Node: Hardened Command Line Options\7f81702
++Node: Waiving Hardened Results\7f87142
++Node: Notes\7f88786
++Node: Size\7f89422
++Node: Timing\7f91565
++Node: Libannocheck\7f92204
++Node: libannocheck_init\7f94143
++Node: libannocheck_finish\7f95065
++Node: libannocheck_get_version\7f95613
++Node: libannocheck_get_error_message\7f96022
++Node: libannocheck_get_known_tests\7f96662
++Node: libannocheck_enable_all_tests\7f97828
++Node: libannocheck_disable_all_tests\7f98307
++Node: libannocheck_enable_test\7f98863
++Node: libannocheck_disable_test\7f99531
++Node: libannocheck_enable_profile\7f100200
++Node: libannocheck_get_known_profiles\7f100722
++Node: libannocheck_run_tests\7f101425
++Node: Configure Options\7f102270
++Node: Legacy Scripts\7f104612
++Node: Who Built Me\7f105387
++Node: ABI Checking\7f108147
++Node: Hardening Checks\7f110263
++Node: Checking Archives\7f114349
++Node: GNU FDL\7f116770
+ \1f
+ End Tag Table
+
+diff --git a/doc/annobin.texi b/doc/annobin.texi
+index a4ba0d5..bc3cfc0 100644
+--- a/doc/annobin.texi
++++ b/doc/annobin.texi
+@@ -682,6 +682,8 @@ annocheck
+ [@b{--debug-rpm=}@var{file}]
+ [@b{--dwarf-dir=}@var{dir}]
+ [@b{--prefix=}@var{text}]
++ [@b{--use-debuginfod}]
++ [@b{--no-use-debuginfod}]
+ [@b{--enable-@var{tool}}]
+ [@b{--disable-@var{tool}}]
+ [@b{--@var{tool}-@var{option}}]
+@@ -769,6 +771,14 @@ information.
+ @item --version
+ Report the version of the tool and then exit.
+
++@item --use-debuginfod
++Enable the use of the debuginfod service to download debuginfo rpms.
++This feature is enabled by default, but it is only active if support
++for the debuginfod server has been compiled in to annocheck.
++
++@item --no-use-debuginfod
++Do not use the debuginfod service, even if it is available.
++
+ @item --enable-@var{tool}
+ Enable @var{tool}. Most tools are disabled by default and so need to
+ be enabled via this option before they will act.
+--
+2.34.1
+