From 06b7783ef223d0f58804f3f08d27c45dc3b97351 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Tue, 5 Oct 2021 13:16:07 +0200 Subject: [PATCH] Properly handle quoted flags Add an additional test to make sure we won't accidentally accept environment variables as flags. This does not fix Debian bug #975650. For that environment variables must be properly handled. --- MANIFEST | 1 + NEWS | 2 ++ bin/blhc | 2 +- t/logs/env | 3 +++ t/logs/false-positives | 2 ++ t/tests.t | 6 +++++- 6 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 t/logs/env diff --git a/MANIFEST b/MANIFEST index a453de4..8a27a0b 100644 --- a/MANIFEST +++ b/MANIFEST @@ -48,6 +48,7 @@ t/logs/debug-build t/logs/dpkg-buildpackage-architecture-new t/logs/dpkg-buildpackage-architecture-old t/logs/empty +t/logs/env t/logs/false-positives t/logs/fortran t/logs/fortran-no-build-deps diff --git a/NEWS b/NEWS index 1d73ccd..2ff7055 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,8 @@ Version 0.XX - Fix false positives from cmake which probes for compiler flags without setting CPPFLAGS; reported and suggested fix by Joao Eriberto Mota Filho (Debian Bug #994154). +- Properly handle quoted flags; reported by Olek Wojnar (see Debian Bug + #975650 message 45). Version 0.12 diff --git a/bin/blhc b/bin/blhc index 8606368..2f8da5f 100755 --- a/bin/blhc +++ b/bin/blhc @@ -616,7 +616,7 @@ sub compile_flag_regexp { my @result = (); foreach my $flag (@flags) { # Compile flag regexp for faster execution. - my $regex = qr/\s$flag(?:\s|\\)/; + my $regex = qr/\s(['"]?)$flag\1(?:\s|\\)/; # Store flag name in replacement string for correct flags in messages # with qr//ed flag regexps. diff --git a/t/logs/env b/t/logs/env new file mode 100644 index 0000000..6b2a908 --- /dev/null +++ b/t/logs/env @@ -0,0 +1,3 @@ +dpkg-buildpackage: source package test + +VERSION=v-amd64-linux CPP="gcc -x assembler-with-cpp -E -P -Wdate-time -D_FORTIFY_SOURCE=2" CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" ../../config/gen-posix-names.sh _SC_ ml_sysconf.h diff --git a/t/logs/false-positives b/t/logs/false-positives index a9e461b..1db4f04 100644 --- a/t/logs/false-positives +++ b/t/logs/false-positives @@ -74,3 +74,5 @@ mv -f /build/nvidia-cuda-toolkit-10.1.243/debian/tmp/usr/lib/x86_64-linux-gnu/`g (cd ../c-libs/posix-os; make VERSION="v-amd64-linux" MAKE="make" CC="gcc -std=gnu99 -Wall" CFLAGS="-O2 -m64 -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-z,relro" DEFS="-DARCH_AMD64 -DSIZE_64 -DOPSYS_UNIX -DOPSYS_LINUX -D_GNU_SOURCE -DGNU_ASSEMBLER -DDLOPEN -DINDIRECT_CFUNC" CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" LDFLAGS="-Wl,-z,relro" AR="ar" ARFLAGS="rcv" RANLIB="ranlib" INCLUDES="-I../../objs -I../../include -I.." libposix-os.a) /usr/lib/ccache/c++ -dM -E -c /usr/share/cmake-3.16/Modules/CMakeCXXCompilerABI.cpp -DKCOREADDONS_LIB -DQT_CORE_LIB -DQT_GUI_LIB -DQT_NETWORK_LIB -DQT_NO_DEBUG -DQT_QML_LIB -DQT_QUICK_LIB -DQT_WIDGETS_LIB -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -Dlatte2plugin_EXPORTS -I/builds/qt-kde-team/extras/latte-dock/debian/output/latte-dock-0.9.11/obj-x86_64-linux-gnu/liblatte2 -I/builds/qt-kde-team/extras/latte-dock/debian/output/latte-dock-0.9.11/liblatte2 -I/usr/include/x86_64-linux-gnu/qt5 -I/usr/include/x86_64-linux-gnu/qt5/QtQuick -I/usr/include/x86_64-linux-gnu/qt5/QtQml -I/usr/include/x86_64-linux-gnu/qt5/QtNetwork -I/usr/include/x86_64-linux-gnu/qt5/QtCore -I/usr/lib/x86_64-linux-gnu/qt5/mkspecs/linux-g++ -I/usr/include/x86_64-linux-gnu/qt5/QtGui -I/usr/include/KF5/KCoreAddons -I/usr/include/KF5 -I/usr/include/KF5/Plasma -I/usr/include/KF5/KService -I/usr/include/KF5/KConfigCore -I/usr/include/KF5/KPackage -I/usr/include/KF5/KWindowSystem -I/usr/include/x86_64-linux-gnu/qt5/QtWidgets -I/usr/include/KF5/KDeclarative -I/usr/include/KF5/KIconThemes -I/usr/include -I/usr/include/c++/9 -I/usr/include/x86_64-linux-gnu/c++/9 -I/usr/include/c++/9/backward -I/usr/lib/gcc/x86_64-linux-gnu/9/include -I/usr/local/include -I/usr/include/x86_64-linux-gnu + +(cd /tmp/bazel_7uh2rFwh/out/execroot/io_bazel && \ exec env - \ CCACHE_DISABLE=1 \ CCACHE_TEMPDIR=/builds/bazel-team/bazel-bootstrap/debian/output/source_dir/debian/ccachetmp \ LD_LIBRARY_PATH=/usr/lib/libeatmydata \ PATH=/usr/lib/ccache/:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ PWD=/proc/self/cwd \ /usr/lib/ccache/gcc -U_FORTIFY_SOURCE -fstack-protector -Wall -Wunused-but-set-parameter -Wno-free-nonheap-object -fno-omit-frame-pointer -g '-std=c++0x' -Wdate-time '-D_FORTIFY_SOURCE=2' -g -O2 '-ffile-prefix-map=/builds/bazel-team/bazel-bootstrap/debian/output/source_dir=.' -fstack-protector-strong -Wformat '-Werror=format-security' -MD -MF bazel-out/k8-dbg/bin/src/main/cpp/util/_objs/md5/md5.pic.d '-frandom-seed=bazel-out/k8-dbg/bin/src/main/cpp/util/_objs/md5/md5.pic.o' -fPIC -iquote . -iquote bazel-out/k8-dbg/bin -fno-canonical-system-headers -Wno-builtin-macro-redefined '-D__DATE__="redacted"' '-D__TIMESTAMP__="redacted"' '-D__TIME__="redacted"' -c src/main/cpp/util/md5.cc -o bazel-out/k8-dbg/bin/src/main/cpp/util/_objs/md5/md5.pic.o) diff --git a/t/tests.t b/t/tests.t index 5996604..b4c0352 100644 --- a/t/tests.t +++ b/t/tests.t @@ -19,7 +19,7 @@ use strict; use warnings; -use Test::More tests => 244; +use Test::More tests => 246; sub is_blhc { @@ -633,6 +633,10 @@ CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -fstack-protector-strong -Wfo LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security test.c -o lib`basename test/test`.so '; +is_blhc 'env', '--all', 8, + 'CPPFLAGS missing (-D_FORTIFY_SOURCE=2): VERSION=v-amd64-linux CPP="gcc -x assembler-with-cpp -E -P -Wdate-time -D_FORTIFY_SOURCE=2" CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" ../../config/gen-posix-names.sh _SC_ ml_sysconf.h +'; + # check the build log is verbose -- 2.45.2