From: Simon Ruderich Date: Fri, 11 Sep 2015 14:13:12 +0000 (+0200) Subject: sync architecture specific hardening support with dpkg 1.18.2 X-Git-Tag: 0.06~13 X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=110269cac13e46331e6666c46c00e6b34b397cc5;p=blhc%2Fblhc.git sync architecture specific hardening support with dpkg 1.18.2 --- diff --git a/NEWS b/NEWS index 1fd8e32..9245c13 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,12 @@ NEWS ==== +Version 0.XX +------------ + +- Sync architecture specific hardening support with dpkg 1.18.2. + + Version 0.05 ------------ diff --git a/bin/blhc b/bin/blhc index 53480d4..7cfadd1 100755 --- a/bin/blhc +++ b/bin/blhc @@ -992,11 +992,10 @@ foreach my $file (@ARGV) { my ($abi, $os, $cpu) = Dpkg::Arch::debarch_to_debtriplet($arch); # Disable unsupported hardening options. - if ($os !~ /^(?:linux|knetbsd|hurd)$/ or - $cpu =~ /^(?:hppa|mips|mipsel|avr32)$/) { + if ($os !~ /^(?:linux|knetbsd|hurd)$/ or $cpu =~ /^(?:hppa|avr32)$/) { $harden_pie = 0; } - if ($cpu =~ /^(?:ia64|alpha|mips|mipsel|hppa)$/ or $arch eq 'arm') { + if ($cpu =~ /^(?:ia64|alpha|hppa)$/ or $arch eq 'arm') { $harden_stack = 0; $harden_stack_strong = 0; } diff --git a/t/logs/buildd-architecture b/t/logs/buildd-architecture index 7f1b342..c06536d 100644 --- a/t/logs/buildd-architecture +++ b/t/logs/buildd-architecture @@ -1,4 +1,4 @@ -Build Architecture: mipsel +Build Architecture: arm dpkg-buildpackage: source package test gcc -g -O2 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test.c diff --git a/t/logs/buildd-architecture-old b/t/logs/buildd-architecture-old index 9cd5ba6..5b99f63 100644 --- a/t/logs/buildd-architecture-old +++ b/t/logs/buildd-architecture-old @@ -1,6 +1,6 @@ # Old logs used Architecture instead of Build Architecture (sbuild << # 0.63.0-1). -Architecture: mipsel +Architecture: arm dpkg-buildpackage: source package test gcc -g -O2 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test.c diff --git a/t/tests.t b/t/tests.t index 6e546ed..673ed00 100644 --- a/t/tests.t +++ b/t/tests.t @@ -19,7 +19,7 @@ use strict; use warnings; -use Test::More tests => 218; +use Test::More tests => 216; sub is_blhc { @@ -834,11 +834,6 @@ LDFLAGS missing (-pie): gcc -fPIE -o test test.o is_blhc 'arch-ia64', '', 8, $arch_ia64; -is_blhc 'arch-mipsel', '', 8, - 'CFLAGS missing (-Werror=format-security): gcc -D_FORTIFY_SOURCE=2 -g -O2 -Wformat -Wformat-security -Wall -c test.c -LDFLAGS missing (-Wl,-z,relro): gcc -Wl,-z,now -o test test.o -'; - is_blhc 'arch-ia64', '--arch i386', 8, 'CFLAGS missing (-fstack-protector-strong): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fPIE -Wformat -Wformat-security -Werror=format-security -Wall -c test.c LDFLAGS missing (-Wl,-z,relro): gcc -fPIE -pie -o test test.o