]> ruderich.org/simon Gitweb - blhc/blhc.git/log
blhc/blhc.git
6 months agoIgnore another cargo/rust false positive
Simon Ruderich [Fri, 5 Apr 2024 05:47:50 +0000 (07:47 +0200)]
Ignore another cargo/rust false positive

8 months agoRelease 0.14 0.14
Simon Ruderich [Wed, 28 Feb 2024 11:51:41 +0000 (12:51 +0100)]
Release 0.14

8 months agoSupport branch protection
Simon Ruderich [Wed, 28 Feb 2024 11:42:54 +0000 (12:42 +0100)]
Support branch protection

8 months agoSupport stack clash protection
Simon Ruderich [Wed, 28 Feb 2024 11:34:23 +0000 (12:34 +0100)]
Support stack clash protection

8 months agoNEWS: minor cleanup
Simon Ruderich [Wed, 28 Feb 2024 11:33:26 +0000 (12:33 +0100)]
NEWS: minor cleanup

8 months agoSync architecture specific hardening support with dpkg 1.22.5
Simon Ruderich [Wed, 28 Feb 2024 09:50:32 +0000 (10:50 +0100)]
Sync architecture specific hardening support with dpkg 1.22.5

8 months agoThe latest cmake bug was already reported as #1043522
Simon Ruderich [Wed, 28 Feb 2024 08:48:07 +0000 (09:48 +0100)]
The latest cmake bug was already reported as #1043522

8 months agoFix another false positives from cmake not setting CPPFLAGS
Simon Ruderich [Wed, 28 Feb 2024 08:41:11 +0000 (09:41 +0100)]
Fix another false positives from cmake not setting CPPFLAGS

8 months agoProperly ignore cargo/rust output
Simon Ruderich [Wed, 28 Feb 2024 08:29:46 +0000 (09:29 +0100)]
Properly ignore cargo/rust output

8 months agoUpdate copyright years
Simon Ruderich [Wed, 28 Feb 2024 08:29:15 +0000 (09:29 +0100)]
Update copyright years

8 months agoSupport -g3
Simon Ruderich [Wed, 28 Feb 2024 07:06:25 +0000 (08:06 +0100)]
Support -g3

13 months agoSync architecture specific hardening support with dpkg 1.22.0
Simon Ruderich [Wed, 13 Sep 2023 06:01:41 +0000 (08:01 +0200)]
Sync architecture specific hardening support with dpkg 1.22.0

Also remove avr32 architecture from tests which no longer exists.

17 months agoMention "ignore-line-regexp" can be used multiple times in man page
Simon Ruderich [Sun, 7 May 2023 18:41:21 +0000 (20:41 +0200)]
Mention "ignore-line-regexp" can be used multiple times in man page

19 months agoUpdate copyright years
Simon Ruderich [Thu, 16 Mar 2023 07:24:49 +0000 (08:24 +0100)]
Update copyright years

19 months agoNEWS: fix typo and add missing periods
Simon Ruderich [Thu, 16 Mar 2023 07:22:39 +0000 (08:22 +0100)]
NEWS: fix typo and add missing periods

19 months agoFix false postive when using `nvcc`
Simon Ruderich [Thu, 16 Mar 2023 07:12:01 +0000 (08:12 +0100)]
Fix false postive when using `nvcc`

22 months agoSupport -D_FORTIFY_SOURCE=3
Simon Ruderich [Tue, 27 Dec 2022 22:07:57 +0000 (23:07 +0100)]
Support -D_FORTIFY_SOURCE=3

22 months agoSync architecture specific hardening support with dpkg 1.21.13
Simon Ruderich [Wed, 21 Dec 2022 14:29:51 +0000 (15:29 +0100)]
Sync architecture specific hardening support with dpkg 1.21.13

No changes.

22 months agoUpdate copyright years
Simon Ruderich [Wed, 21 Dec 2022 14:20:16 +0000 (15:20 +0100)]
Update copyright years

22 months agoUpdate moc handling to be aware of Qt6
Ross Vandegrift [Wed, 21 Dec 2022 06:39:29 +0000 (22:39 -0800)]
Update moc handling to be aware of Qt6

moc is now at /usr/lib/qt6/libexec/moc in qt6.

[sr: Modified regex slightly to make it more readable.]

3 years agoNEWS: use correct Debian bug number in 0.13
Simon Ruderich [Sun, 10 Oct 2021 06:08:51 +0000 (08:08 +0200)]
NEWS: use correct Debian bug number in 0.13

Found by Joao Eriberto Mota Filho.

3 years agoRelease 0.13 0.13
Simon Ruderich [Sat, 9 Oct 2021 09:19:18 +0000 (11:19 +0200)]
Release 0.13

3 years agoStrip (basic) environment variables before compiler detection
Simon Ruderich [Sat, 9 Oct 2021 09:17:59 +0000 (11:17 +0200)]
Strip (basic) environment variables before compiler detection

3 years agoProperly handle quoted flags
Simon Ruderich [Tue, 5 Oct 2021 11:16:07 +0000 (13:16 +0200)]
Properly handle quoted flags

Add an additional test to make sure we won't accidentally accept
environment variables as flags.

This does not fix Debian bug #975650. For that environment variables
must be properly handled.

3 years agoFix false positives from cmake when probing for compiler flags
Simon Ruderich [Tue, 5 Oct 2021 10:30:15 +0000 (12:30 +0200)]
Fix false positives from cmake when probing for compiler flags

Modified the suggested regex slightly. See also upstream bug report
https://gitlab.kitware.com/cmake/cmake/-/issues/20631#note_746828

3 years agoAdd example how to test blhc ignore string without a rebuild
Simon Ruderich [Tue, 5 Oct 2021 10:16:05 +0000 (12:16 +0200)]
Add example how to test blhc ignore string without a rebuild

Thanks to Eriberto Mota for the suggestion.

3 years agoUpdate copyright years
Simon Ruderich [Tue, 5 Oct 2021 10:07:03 +0000 (12:07 +0200)]
Update copyright years

3 years agoFix false positive when calling make
Simon Ruderich [Sat, 28 Nov 2020 11:10:43 +0000 (12:10 +0100)]
Fix false positive when calling make

3 years agoFix indentation
Simon Ruderich [Sat, 28 Nov 2020 11:07:29 +0000 (12:07 +0100)]
Fix indentation

3 years agoAlso split commands on && and ||
Simon Ruderich [Sat, 28 Nov 2020 11:06:31 +0000 (12:06 +0100)]
Also split commands on && and ||

Ignore `echo` commands to prevent false positives.

Splitting only on ; can hide false negatives.

3 years agoRemove unused function array_equal()
Simon Ruderich [Sat, 28 Nov 2020 10:29:01 +0000 (11:29 +0100)]
Remove unused function array_equal()

Unused since 42b57fd ("Fix another Ada false positive for format flags",
2016-09-10)

4 years agoRelease 0.12 0.12
Simon Ruderich [Wed, 29 Jul 2020 05:55:23 +0000 (07:55 +0200)]
Release 0.12

4 years agoDetect non-verbose commands in waf builds
Simon Ruderich [Wed, 29 Jul 2020 05:51:12 +0000 (07:51 +0200)]
Detect non-verbose commands in waf builds

4 years agoFix false positive with embedded gcc -print-* commands
Simon Ruderich [Sun, 26 Jul 2020 06:51:00 +0000 (08:51 +0200)]
Fix false positive with embedded gcc -print-* commands

4 years agoIgnore false positive from Meson build output
Simon Ruderich [Sun, 26 Jul 2020 06:36:48 +0000 (08:36 +0200)]
Ignore false positive from Meson build output

4 years agoSupport ignoring lines by embedding a string in the build log
Simon Ruderich [Sun, 26 Jul 2020 06:16:33 +0000 (08:16 +0200)]
Support ignoring lines by embedding a string in the build log

4 years agoSync architecture specific hardening support with dpkg 1.20.5
Simon Ruderich [Sun, 26 Jul 2020 05:29:56 +0000 (07:29 +0200)]
Sync architecture specific hardening support with dpkg 1.20.5

No changes

4 years agoRelease 0.11 0.11
Simon Ruderich [Sun, 5 Jan 2020 11:23:37 +0000 (12:23 +0100)]
Release 0.11

4 years agoUpdate copyright years
Simon Ruderich [Sun, 5 Jan 2020 11:23:16 +0000 (12:23 +0100)]
Update copyright years

4 years agoFix false positive in `dwz` lines
Simon Ruderich [Sat, 4 Jan 2020 11:12:41 +0000 (12:12 +0100)]
Fix false positive in `dwz` lines

5 years agoRelease 0.10 0.10
Simon Ruderich [Sun, 6 Oct 2019 19:36:04 +0000 (21:36 +0200)]
Release 0.10

5 years agoFix false positive in libtool detection with quoted path
Simon Ruderich [Sun, 6 Oct 2019 18:43:10 +0000 (20:43 +0200)]
Fix false positive in libtool detection with quoted path

5 years agoFix false positive in non-verbose check for cython's .pyx files
Simon Ruderich [Sat, 7 Sep 2019 10:50:53 +0000 (12:50 +0200)]
Fix false positive in non-verbose check for cython's .pyx files

5 years agoFix indentation
Simon Ruderich [Sat, 31 Aug 2019 08:47:06 +0000 (10:47 +0200)]
Fix indentation

5 years agoFix format CFLAGS for Ada/Fortran with some build logs
Simon Ruderich [Sat, 31 Aug 2019 08:44:44 +0000 (10:44 +0200)]
Fix format CFLAGS for Ada/Fortran with some build logs

No longer check for "gnat" and "gfortran" packages as dependency.
Instead, apply the special handling unconditionally. This might be
slightly slower but permits running blhc on Ada/Fortran build logs which
provide no information about dependencies (e.g. when running just
dpkg-buildpackage).

5 years agoFix false positive in non-verbose check for python setuptools
Simon Ruderich [Sat, 24 Aug 2019 10:15:56 +0000 (12:15 +0200)]
Fix false positive in non-verbose check for python setuptools

5 years agoMANIFEST: add t/logs/dpkg-buildpackage-architecture-new
Simon Ruderich [Sat, 24 Aug 2019 10:08:11 +0000 (12:08 +0200)]
MANIFEST: add t/logs/dpkg-buildpackage-architecture-new

Forgotten in 1b2ee66 ("Fix architecture detection with recent
dpkg-buildpackage versions", 2019-08-24).

5 years agoFix architecture detection with recent dpkg-buildpackage versions
Mathieu Parent [Sat, 24 Aug 2019 09:52:10 +0000 (11:52 +0200)]
Fix architecture detection with recent dpkg-buildpackage versions

[sr: Taken from patch in Debian package 0.09-2 and modified slightly;
added a test.]

5 years agoREADME: fix typo
Daniel Kahn Gillmor [Sat, 24 Aug 2019 09:35:25 +0000 (11:35 +0200)]
README: fix typo

[sr: Taken from patch in Debian package 0.09-2.]

5 years agoSync architecture specific hardening support with dpkg 1.19.7
Simon Ruderich [Sat, 24 Aug 2019 09:31:40 +0000 (11:31 +0200)]
Sync architecture specific hardening support with dpkg 1.19.7

No changes.

5 years agoUpdate copyright years
Simon Ruderich [Sat, 24 Aug 2019 09:31:29 +0000 (11:31 +0200)]
Update copyright years

5 years agoSync architecture specific hardening support with dpkg 1.19.5
Simon Ruderich [Sun, 24 Feb 2019 17:03:56 +0000 (18:03 +0100)]
Sync architecture specific hardening support with dpkg 1.19.5

6 years agoRelease 0.09 0.09
Simon Ruderich [Tue, 28 Aug 2018 06:03:39 +0000 (08:03 +0200)]
Release 0.09

6 years agoDon't treat hexdumps which contain "cc" as compiler lines
Simon Ruderich [Sun, 20 May 2018 11:00:24 +0000 (13:00 +0200)]
Don't treat hexdumps which contain "cc" as compiler lines

6 years agoAdd missing //o to regex
Simon Ruderich [Sun, 20 May 2018 10:47:00 +0000 (12:47 +0200)]
Add missing //o to regex

//o is a performance optimization which tells Perl to never recompile
the regex (per default it's recompiled if any used variable changes).
//o might not be necessary in recent Perl versions but in the past this
check had a measurable performance impact.

So add it for consistency and because we actually never change the
variable.

6 years agoDetect overwrite of -fstack-protector
Simon Ruderich [Thu, 10 May 2018 15:48:58 +0000 (17:48 +0200)]
Detect overwrite of -fstack-protector

6 years agoRefactor flag overwrite check into separate function
Simon Ruderich [Thu, 10 May 2018 15:39:00 +0000 (17:39 +0200)]
Refactor flag overwrite check into separate function

6 years agoDetect restore of -D_FORTIFY_SOURCE=2
Simon Ruderich [Thu, 10 May 2018 15:17:44 +0000 (17:17 +0200)]
Detect restore of -D_FORTIFY_SOURCE=2

6 years agoRelease 0.08 0.08
Simon Ruderich [Fri, 2 Mar 2018 08:29:28 +0000 (09:29 +0100)]
Release 0.08

6 years agoUse proper look back for non-verbose detection for DEB_BUILD_OPTIONS=parallel
Simon Ruderich [Thu, 1 Mar 2018 09:45:32 +0000 (10:45 +0100)]
Use proper look back for non-verbose detection for DEB_BUILD_OPTIONS=parallel

6 years agoNEWS: update
Simon Ruderich [Thu, 1 Mar 2018 09:31:14 +0000 (10:31 +0100)]
NEWS: update

6 years agoSync architecture specific hardening support with dpkg 1.19.0.5
Simon Ruderich [Thu, 1 Mar 2018 09:28:58 +0000 (10:28 +0100)]
Sync architecture specific hardening support with dpkg 1.19.0.5

6 years agoAdd --line-numbers option
Simon Ruderich [Thu, 1 Mar 2018 09:15:30 +0000 (10:15 +0100)]
Add --line-numbers option

Suggested and helped by Stefan Pöschel <stefan.poeschel@gmx.de>.

6 years agoUpdate copyright years
Simon Ruderich [Tue, 27 Feb 2018 18:17:37 +0000 (19:17 +0100)]
Update copyright years

7 years agoAdd example for --debian
Simon Ruderich [Tue, 5 Sep 2017 20:22:07 +0000 (22:22 +0200)]
Add example for --debian

7 years agoAdd --debian to handle PIE flags like buildd mode
Simon Ruderich [Thu, 17 Aug 2017 10:25:30 +0000 (12:25 +0200)]
Add --debian to handle PIE flags like buildd mode

7 years agoDon't report missing PIE flags in buildd mode if GCC defaults to PIE
Simon Ruderich [Sun, 23 Jul 2017 19:10:04 +0000 (21:10 +0200)]
Don't report missing PIE flags in buildd mode if GCC defaults to PIE

Dpkg since 1.8.15 respects GCC's settings and doesn't inject PIE flags
if GCC already applies them internally. Therefore don't require PIE
flags if a recent enough dpkg version is used and GCC applies PIE on the
current architecture.

7 years agoMANIFEST: add t/logs/fortran
Simon Ruderich [Sun, 23 Jul 2017 18:47:08 +0000 (20:47 +0200)]
MANIFEST: add t/logs/fortran

7 years agoImprove Fortran support, also for Open MPI (mpifort)
Simon Ruderich [Sun, 23 Jul 2017 15:59:16 +0000 (17:59 +0200)]
Improve Fortran support, also for Open MPI (mpifort)

7 years agoRefactor Ada handling of format CFLAGS
Simon Ruderich [Sun, 23 Jul 2017 15:56:23 +0000 (17:56 +0200)]
Refactor Ada handling of format CFLAGS

Will be used for Fortran flags in the next commit.

7 years agoNEWS: mention Debian Bug #853265
Simon Ruderich [Sun, 23 Jul 2017 14:45:25 +0000 (16:45 +0200)]
NEWS: mention Debian Bug #853265

I totally missed this bug report.

7 years agoHandle Open MPI mpicc/mpicxx compiler wrappers
Simon Ruderich [Sun, 23 Jul 2017 14:12:28 +0000 (16:12 +0200)]
Handle Open MPI mpicc/mpicxx compiler wrappers

The wrapper wasn't treated as compiler causing the non-verbose detection
to trigger as the next line seemingly contained no compiler command.

Reported by Nico Schlömer. See [1] for a build log which was affected.

[1]: https://buildd.debian.org/status/fetch.php?pkg=trilinos&arch=amd64&ver=12.10.1-4&stamp=1500253714&raw=1

7 years agoUpdate copyright years
Simon Ruderich [Sun, 23 Jul 2017 14:06:18 +0000 (16:06 +0200)]
Update copyright years

7 years agoSupport new dpkg versions which use debarch_to_debtuple
Simon Ruderich [Wed, 16 Nov 2016 11:40:10 +0000 (12:40 +0100)]
Support new dpkg versions which use debarch_to_debtuple

8 years agoREADME: update example to require current hardening flags
Simon Ruderich [Sun, 11 Sep 2016 09:40:32 +0000 (11:40 +0200)]
README: update example to require current hardening flags

8 years agoRelease 0.07 0.07
Simon Ruderich [Sun, 11 Sep 2016 00:20:46 +0000 (02:20 +0200)]
Release 0.07

8 years agoFix another Ada false positive for format flags
Simon Ruderich [Sat, 10 Sep 2016 16:09:43 +0000 (18:09 +0200)]
Fix another Ada false positive for format flags

8 years agoFix false positive in "gcc > file"
Simon Ruderich [Thu, 25 Aug 2016 15:46:46 +0000 (17:46 +0200)]
Fix false positive in "gcc > file"

8 years agoSync architecture specific hardening support with dpkg 1.18.10
Simon Ruderich [Thu, 25 Aug 2016 14:49:18 +0000 (16:49 +0200)]
Sync architecture specific hardening support with dpkg 1.18.10

8 years agoNEWS: fix typo in 0.06 release
Simon Ruderich [Thu, 25 Aug 2016 14:50:27 +0000 (16:50 +0200)]
NEWS: fix typo in 0.06 release

8 years agoRelease 0.06 0.06
Simon Ruderich [Sun, 5 Jun 2016 13:42:43 +0000 (15:42 +0200)]
Release 0.06

8 years agoImprove non-verbose detection for parallel builds
Simon Ruderich [Sun, 5 Jun 2016 13:37:48 +0000 (15:37 +0200)]
Improve non-verbose detection for parallel builds

Thanks to Julien Lamy for the initial patch.

Closes Debian Bug #801492.

8 years agoFix false positives for comment lines
Simon Ruderich [Sun, 5 Jun 2016 12:33:29 +0000 (14:33 +0200)]
Fix false positives for comment lines

Closes Debian bug #825671.

8 years agoNEWS: update
Simon Ruderich [Sun, 5 Jun 2016 12:28:11 +0000 (14:28 +0200)]
NEWS: update

8 years agoUpdate t/tests.t for new output of Pod::Usage in 1.65
Gregor Herrmann [Sun, 5 Jun 2016 10:27:25 +0000 (12:27 +0200)]
Update t/tests.t for new output of Pod::Usage in 1.65

[SR: Closes Debian bug #825428.]

8 years agoUpdate copyright years
Simon Ruderich [Sun, 5 Jun 2016 10:17:42 +0000 (12:17 +0200)]
Update copyright years

8 years agoSync architecture specific hardening support with dpkg 1.18.7
Simon Ruderich [Sun, 5 Jun 2016 10:16:32 +0000 (12:16 +0200)]
Sync architecture specific hardening support with dpkg 1.18.7

9 years agoREADME: add vim modeline
Simon Ruderich [Thu, 24 Sep 2015 11:55:15 +0000 (13:55 +0200)]
README: add vim modeline

9 years agofix false positive in `rm` lines
Simon Ruderich [Tue, 15 Sep 2015 08:28:49 +0000 (10:28 +0200)]
fix false positive in `rm` lines

Fixes Debian Bug #772853 reported by Jakub Wilk.

9 years agofix false positive with `gcc -v`
Simon Ruderich [Mon, 14 Sep 2015 22:22:00 +0000 (00:22 +0200)]
fix false positive with `gcc -v`

Fixes Debian Bug #765756, reported by Andreas Beckmann.

9 years agofix false positive in "libtool: link: g++ -include test.h .."
Simon Ruderich [Mon, 14 Sep 2015 16:10:44 +0000 (18:10 +0200)]
fix false positive in "libtool: link: g++ -include test.h .."

The .h extension causes detection as preprocess line which generates a
warning about missing CPPFLAGS. Fix this false positive for the
"libtool: link:" case. As long as GNU autotools generate sane output,
this should not cause false negatives.

Fixes Debian Bug #784959 reported by Raphaël Hertzog.

9 years agofix comments
Simon Ruderich [Mon, 14 Sep 2015 16:09:49 +0000 (18:09 +0200)]
fix comments

9 years agoupdate copyright years
Simon Ruderich [Fri, 11 Sep 2015 14:15:43 +0000 (16:15 +0200)]
update copyright years

9 years agosync architecture specific hardening support with dpkg 1.18.2
Simon Ruderich [Fri, 11 Sep 2015 14:13:12 +0000 (16:13 +0200)]
sync architecture specific hardening support with dpkg 1.18.2

10 years agorelease 0.05 0.05
Simon Ruderich [Tue, 19 Aug 2014 22:50:33 +0000 (00:50 +0200)]
release 0.05

10 years agoupdate copyright years
Simon Ruderich [Tue, 19 Aug 2014 22:49:21 +0000 (00:49 +0200)]
update copyright years

10 years agosync architecture specific hardening support with dpkg 1.17.13.
Simon Ruderich [Tue, 19 Aug 2014 22:44:31 +0000 (00:44 +0200)]
sync architecture specific hardening support with dpkg 1.17.13.

10 years agodon't check for source fortification in debug lines
Simon Ruderich [Wed, 13 Aug 2014 02:59:08 +0000 (04:59 +0200)]
don't check for source fortification in debug lines

Closes Debian bug #757683, reported by Matthias Klose.

10 years agocheck for -fstack-protector-strong
Simon Ruderich [Wed, 13 Aug 2014 02:40:01 +0000 (04:40 +0200)]
check for -fstack-protector-strong

Enabled since dpkg 1.17.11.

Closes Debian Bug #757885 reported by Markus Koschany.

10 years agosync architecture specific hardening support with dpkg 1.17.11.
Simon Ruderich [Sun, 10 Aug 2014 13:07:47 +0000 (15:07 +0200)]
sync architecture specific hardening support with dpkg 1.17.11.