X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=bin%2Fblhc;h=0eee77e79cacdd326d836d931ea306605646e945;hb=9e486fb31e093d0a8a04fab68150041738f8ba8d;hp=c2a9d98f9b802494c49b9760f27f3afb6c476b29;hpb=d791242047730d55a858f668702ea27fe3c77f77;p=blhc%2Fblhc.git

diff --git a/bin/blhc b/bin/blhc
index c2a9d98..0eee77e 100755
--- a/bin/blhc
+++ b/bin/blhc
@@ -2,7 +2,7 @@
 
 # Build log hardening check, checks build logs for missing hardening flags.
 
-# Copyright (C) 2012-2018  Simon Ruderich
+# Copyright (C) 2012-2019  Simon Ruderich
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -24,7 +24,7 @@ use warnings;
 use Getopt::Long ();
 use Text::ParseWords ();
 
-our $VERSION = '0.08';
+our $VERSION = '0.09';
 
 
 # CONSTANTS/VARIABLES
@@ -683,7 +683,7 @@ if ($option_help) {
 }
 if ($option_version) {
     print <<"EOF";
-blhc $VERSION  Copyright (C) 2012-2018  Simon Ruderich
+blhc $VERSION  Copyright (C) 2012-2019  Simon Ruderich
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -1073,7 +1073,9 @@ foreach my $file (@ARGV) {
             # treated as a normal compiler line.
             next if $line =~ m{^\s*rm\s+};
             # Some build systems emit "gcc > file".
-            next if $line =~ m{$cc_regex_normal\s*>\s*\S+};
+            next if $line =~ m{$cc_regex_normal\s*>\s*\S+}o;
+            # Hex output may contain "cc".
+            next if $line =~ m#(?:\b[0-9a-fA-F]{2,}\b\s*){5}#;
 
             # Check if additional hardening options were used. Used to ensure
             # they are used for the complete build.
@@ -1115,7 +1117,7 @@ foreach my $file (@ARGV) {
 
     # Option or auto detected.
     if ($arch) {
-        # The following was partially copied from dpkg-dev 1.19.0.5
+        # The following was partially copied from dpkg-dev 1.19.5
         # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, _add_build_flags()),
         # copyright Raphaël Hertzog <hertzog@debian.org>, Guillem Jover
         # <guillem@debian.org>, Kees Cook <kees@debian.org>, Canonical, Ltd.
@@ -1132,8 +1134,24 @@ foreach my $file (@ARGV) {
         }
 
         my %builtin_pie_arch = map { $_ => 1 } qw(
-            amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-amd64 kfreebsd-i386
-            mips mipsel mips64el powerpc ppc64 ppc64el s390x sparc sparc64
+            amd64
+            arm64
+            armel
+            armhf
+            hurd-i386
+            i386
+            kfreebsd-amd64
+            kfreebsd-i386
+            mips
+            mipsel
+            mips64el
+            powerpc
+            ppc64
+            ppc64el
+            riscv64
+            s390x
+            sparc
+            sparc64
         );
 
         # Disable unsupported hardening options.
@@ -1757,7 +1775,7 @@ E<lt>jari.aalto@cante.netE<gt> for their valuable input and suggestions.
 
 =head1 LICENSE AND COPYRIGHT
 
-Copyright (C) 2012-2018 by Simon Ruderich
+Copyright (C) 2012-2019 by Simon Ruderich
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by