# Build log hardening check, checks build logs for missing hardening flags.
-# Copyright (C) 2012-2019 Simon Ruderich
+# Copyright (C) 2012-2020 Simon Ruderich
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
use Getopt::Long ();
use Text::ParseWords ();
-our $VERSION = '0.09';
+our $VERSION = '0.11';
# CONSTANTS/VARIABLES
my $warning_regex = qr/^(.+?):(\d+):\d+: warning: (.+?) \[(.+?)\]$/;
# Regex to catch libtool commands and not lines which show commands executed
# by libtool (e.g. libtool: link: ...).
-my $libtool_regex = qr/\blibtool\s.*--mode=/;
+my $libtool_regex = qr/\blibtool["']?\s.*--mode=/;
my $libtool_link_regex = qr/\blibtool: link: /;
# List of source file extensions which require preprocessing.
return 0 if $line =~ /^\s*C\+\+.+?:\s+(?:yes|no)\s*$/;
return 0 if $line =~ /^\s*C\+\+ Library: stdc\+\+$/;
# "Compiling" non binary files.
- return 0 if $line =~ /^\s*Compiling \S+\.(?:py|el)['"]?\s*(?:\.\.\.)?$/;
+ return 0 if $line =~ /^\s*Compiling \S+\.(?:py|pyx|el)['"]?\s*(?:\.\.\.|because it changed\.)?$/;
return 0 if $line =~ /^\s*[Cc]ompiling catalog \S+\.po\b/;
# "Compiling" with no file name.
if ($line =~ /^\s*[Cc]ompiling\s+(.+?)(?:\.\.\.)?$/) {
}
if ($option_version) {
print <<"EOF";
-blhc $VERSION Copyright (C) 2012-2019 Simon Ruderich
+blhc $VERSION Copyright (C) 2012-2020 Simon Ruderich
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
# look like a compiler executable thus causing the line to be
# treated as a normal compiler line.
next if $line =~ m{^\s*rm\s+};
+ next if $line =~ m{^\s*dwz\s+};
# Some build systems emit "gcc > file".
next if $line =~ m{$cc_regex_normal\s*>\s*\S+}o;
# Hex output may contain "cc".
# Option or auto detected.
if ($arch) {
- # The following was partially copied from dpkg-dev 1.19.7
+ # The following was partially copied from dpkg-dev 1.20.5
# (/usr/share/perl5/Dpkg/Vendor/Debian.pm, _add_build_flags()),
# copyright Raphaƫl Hertzog <hertzog@debian.org>, Guillem Jover
# <guillem@debian.org>, Kees Cook <kees@debian.org>, Canonical, Ltd.
# information. Same for fortran.
my @cflags_backup;
my @cflags_noformat = grep {
- my $ok = 1;
- foreach my $flag (@def_cflags_format) {
- $ok = 0 if $_ eq $flag;
- }
- $ok;
- } @cflags;
+ my $ok = 1;
+ foreach my $flag (@def_cflags_format) {
+ $ok = 0 if $_ eq $flag;
+ }
+ $ok;
+ } @cflags;
# Hack to fix cppflags_fortify_broken() if --ignore-flag
# -D_FORTIFY_SOURCE=2 is used to ignore missing fortification. Only works
=head1 LICENSE AND COPYRIGHT
-Copyright (C) 2012-2019 by Simon Ruderich
+Copyright (C) 2012-2020 by Simon Ruderich
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by