X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=bin%2Fblhc;h=d5af8a01983d8f24241b44b596075b6646dea055;hb=19d0b5330bbfc99c924edd98ab603d8032aa3c76;hp=bfdcfc575ee7642ae81fff9faf6c86c2ae62dcc0;hpb=7c2d7bf70b579bfb7143b604f8246395c1cbc4d7;p=blhc%2Fblhc.git diff --git a/bin/blhc b/bin/blhc index bfdcfc5..d5af8a0 100755 --- a/bin/blhc +++ b/bin/blhc @@ -2,7 +2,7 @@ # Build log hardening check, checks build logs for missing hardening flags. -# Copyright (C) 2012 Simon Ruderich +# Copyright (C) 2012-2013 Simon Ruderich # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -24,7 +24,7 @@ use warnings; use Getopt::Long (); use Text::ParseWords (); -our $VERSION = '0.03'; +our $VERSION = '0.04'; # CONSTANTS/VARIABLES @@ -440,6 +440,7 @@ sub is_non_verbose_build { # # C++ compiler setting. return 0 if $line =~ /^\s*C\+\+.+?:\s+(?:yes|no)\s*$/; + return 0 if $line =~ /^\s*C\+\+ Library: stdc\+\+$/; # "Compiling" with no file name. if ($line =~ /^\s*[Cc]ompiling\s+(.+?)(?:\.\.\.)?$/) { # $file_extension_regex may need spaces around the filename. @@ -565,7 +566,7 @@ if ($option_help) { Pod::Usage::pod2usage(1); } if ($option_version) { - print "blhc $VERSION Copyright (C) 2012 Simon Ruderich + print "blhc $VERSION Copyright (C) 2012-2013 Simon Ruderich This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -771,6 +772,13 @@ foreach my $file (@ARGV) { if (not $arch and index($line, 'dpkg-buildpackage: host architecture ') == 0) { $arch = substr $line, 37, -1; # -1 to ignore '\n' at the end + + # Old buildd logs use e.g. "host architecture is alpha", remove + # the "is", otherwise debarch_to_debtriplet() will not detect the + # architecture. + if (index($arch, 'is ') == 0) { + $arch = substr $arch, 3; + } } # Ignore compiler warnings for now. @@ -844,13 +852,20 @@ foreach my $file (@ARGV) { next if $line =~ /^\s*(?:Host\s+)?(?:C(?:\+\+)?\s+)? [Cc]ompiler[\s.]*:?\s+ /x; - next if $line =~ /^\s*(?:- )?(?:HOST_)?(?:CC|CXX)\s*=\s*$cc_regex_full\s*$/o; - # `moc-qt4`, contains '-I/usr/share/qt4/mkspecs/linux-g++' (or - # similar for other architectures) which gets recognized as a - # compiler line. Ignore it. - next if $line =~ m{^/usr/bin/moc-qt4 + next if $line =~ m{^\s*(?:-\s)?(?:HOST_)?(?:CC|CXX) + \s*=\s*$cc_regex_full + # optional compiler options, don't allow + # "everything" here to prevent false negatives + \s*(?:\s-\S+)*\s*$}xo; + # `moc-qt4`/`moc-qt5` contain '-I.../linux-g++' in their command + # line (or similar for other architectures) which gets recognized + # as a compiler line, but `moc-qt*` is only a preprocessor for Qt + # C++ files. No hardening flags are relevant during this step, + # thus ignore `moc-qt*` lines. The resulting files will be + # compiled in a separate step (and therefore checked). + next if $line =~ m{^\S+/bin/moc-qt[45] \s.+\s - -I/usr/share/qt4/mkspecs/[a-z]+-g\++(?:-64)? + -I\S+/mkspecs/[a-z]+-g\++(?:-64)? \s}x; # Ignore false positives when the line contains only CC=gcc but no # other gcc command. @@ -1470,7 +1485,7 @@ Ejari.aalto@cante.netE for their valuable input and suggestions. =head1 LICENSE AND COPYRIGHT -Copyright (C) 2012 by Simon Ruderich +Copyright (C) 2012-2013 by Simon Ruderich This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by