X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=bin%2Fblhc;h=d804ecdea41338865a799061ad4c5fad01359639;hb=981d562930dc0f7eb76323571ccad3332029371a;hp=3839ec90d296cbecc401e0677a393d81b62a61e8;hpb=bd2f117db6034fc6b1ad2a95ba8009c2915978d5;p=blhc%2Fblhc.git

diff --git a/bin/blhc b/bin/blhc
index 3839ec9..d804ecd 100755
--- a/bin/blhc
+++ b/bin/blhc
@@ -370,6 +370,10 @@ while (my $line = <>) {
     # false positives.
     $start = 1 if $line =~ /^dpkg-buildpackage:/;
     next if not $start;
+    # And stop at the end of the build log. Package details (reported by the
+    # buildd logs) are not important for us. This also prevents false
+    # positives.
+    last if $line =~ /^Build finished at \d{8}-\d{4}$/;
 
     # Detect architecture automatically unless overridden.
     if (not $option_arch
@@ -447,6 +451,10 @@ while (my $line = <>) {
             next if $line =~ /^\s*Depends: .*?$cc_regex.*?$/
                     and $line !~ /\s-./; # option, prevent false negatives
 
+            # Check if additional hardening options were used. Used to ensure
+            # they are used for the complete build.
+            $harden_pie     = 1 if any_flags_used($line, @cflags_pie, @ldflags_pie);
+            $harden_bindnow = 1 if any_flags_used($line, @ldflags_bindnow);
 
             push @input, $line;
         }
@@ -480,13 +488,6 @@ if ($option_arch) {
     }
 }
 
-# Check if additional hardening options were used. Used to ensure they are
-# used for the complete build.
-foreach my $line (@input) {
-    $harden_pie     = 1 if any_flags_used($line, @cflags_pie, @ldflags_pie);
-    $harden_bindnow = 1 if any_flags_used($line, @ldflags_bindnow);
-}
-
 # Check the specified hardening options, same order as dpkg-buildflags.
 if ($harden_pie) {
     @cflags  = (@cflags,  @cflags_pie);