X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=bin%2Fblhc;h=f11ba111028c3949fd526a8f89eee47f316fba2c;hb=14b61d421e2479318cb2971acc1c94812f5a8ac1;hp=fb4123c9d4ed5067a319dec9804a30c0fe09463b;hpb=939680ee42dc1c1b11c5adb9111db5d94bbb5bb6;p=blhc%2Fblhc.git

diff --git a/bin/blhc b/bin/blhc
index fb4123c..f11ba11 100755
--- a/bin/blhc
+++ b/bin/blhc
@@ -24,7 +24,7 @@ use warnings;
 use Getopt::Long ();
 use Text::ParseWords ();
 
-our $VERSION = '0.07';
+our $VERSION = '0.08';
 
 
 # CONSTANTS/VARIABLES
@@ -431,17 +431,33 @@ sub all_flags_used {
 sub cppflags_fortify_broken {
     my ($line, $missing_flags) = @_;
 
-    # This doesn't take the position into account, but is a simple solution.
-    # And if the build system tries to force -D_FORTIFY_SOURCE=0/1, something
-    # is wrong anyway.
+    if (not any_flags_used($line, @def_cppflags_fortify_bad)) {
+        return 0;
+    }
+
+    # $def_cppflags_fortify[0] must be -D_FORTIFY_SOURCE=2!
+    my $fortify_source = $def_cppflags_fortify[0];
 
-    if (any_flags_used($line, @def_cppflags_fortify_bad)) {
-        # $def_cppflags_fortify[0] must be -D_FORTIFY_SOURCE=2!
-        push @{$missing_flags}, $def_cppflags_fortify[0];
-        return 1;
+    # Some build systems enable/disable fortify source multiple times, check
+    # the final result.
+    my $disable_pos = 0;
+    foreach my $flag (@def_cppflags_fortify_bad) {
+        while ($line =~ /$flag/g) {
+            if ($disable_pos < $+[0]) {
+                $disable_pos = $+[0];
+            }
+        }
+    }
+    my $enable_pos = 0;
+    while ($line =~ /$fortify_source/g) {
+        $enable_pos = $+[0];
+    }
+    if ($enable_pos > $disable_pos) {
+        return 0;
     }
 
-    return 0;
+    push @{$missing_flags}, $fortify_source;
+    return 1;
 }
 
 # Modifies $missing_flags_ref array.
@@ -872,7 +888,7 @@ foreach my $file (@ARGV) {
 
         # This flags is not always available, but if it is use it.
         if ($line =~ /^DEB_BUILD_OPTIONS=.*\bparallel=(\d+)/) {
-            $parallel = $1;
+            $parallel = $1 * 2;
         }
 
         # We skip over unimportant lines at the beginning of the log to
@@ -1068,11 +1084,11 @@ foreach my $file (@ARGV) {
 
     # Option or auto detected.
     if ($arch) {
-        # The following was partially copied from dpkg-dev 1.18.24
-        # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, _add_hardening_flags()),
-        # copyright Raphaël Hertzog <hertzog@debian.org>, Kees Cook
-        # <kees@debian.org>, Canonical, Ltd. licensed under GPL version 2 or
-        # later. Keep it in sync.
+        # The following was partially copied from dpkg-dev 1.19.0.5
+        # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, _add_build_flags()),
+        # copyright Raphaël Hertzog <hertzog@debian.org>, Guillem Jover
+        # <guillem@debian.org>, Kees Cook <kees@debian.org>, Canonical, Ltd.
+        # licensed under GPL version 2 or later. Keep it in sync.
 
         require Dpkg::Arch;
         my ($os, $cpu);
@@ -1085,8 +1101,8 @@ foreach my $file (@ARGV) {
         }
 
         my %builtin_pie_arch = map { $_ => 1 } qw(
-            amd64 arm64 armel armhf i386 kfreebsd-amd64 kfreebsd-i386
-            mips mipsel mips64el ppc64el s390x sparc sparc64
+            amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-amd64 kfreebsd-i386
+            mips mipsel mips64el powerpc ppc64 ppc64el s390x sparc sparc64
         );
 
         # Disable unsupported hardening options.