From fb2c46d23c6052c714729d70d33d54011374689b Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Wed, 13 Sep 2023 08:01:41 +0200 Subject: [PATCH] Sync architecture specific hardening support with dpkg 1.22.0 Also remove avr32 architecture from tests which no longer exists. --- MANIFEST | 2 +- NEWS | 2 ++ bin/blhc | 28 ++++++++++++++++-------- t/logs/{arch-avr32 => arch-hppa} | 2 +- t/tests.t | 37 +++++++++++++++----------------- 5 files changed, 40 insertions(+), 31 deletions(-) rename t/logs/{arch-avr32 => arch-hppa} (88%) diff --git a/MANIFEST b/MANIFEST index 8a27a0b..4455bad 100644 --- a/MANIFEST +++ b/MANIFEST @@ -9,7 +9,7 @@ README t/logs/ada t/logs/ada-pbuilder t/logs/arch-amd64 -t/logs/arch-avr32 +t/logs/arch-hppa t/logs/arch-i386 t/logs/arch-ia64 t/logs/arch-mipsel diff --git a/NEWS b/NEWS index 27b7c1e..a9ed25d 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,8 @@ Version 0.XX Göttsche (Debian bug #1027084). - Fix false positive when using `nvcc`; reported by Andreas Beckmann (Debian Bug #1033027). +- Fix tests in sid/testing by removing avr32 which is no longer supported + (Debian Bug #1050942). Version 0.13 diff --git a/bin/blhc b/bin/blhc index ed0011f..5bbcae7 100755 --- a/bin/blhc +++ b/bin/blhc @@ -1153,11 +1153,12 @@ foreach my $file (@ARGV) { # Option or auto detected. if ($arch) { - # The following was partially copied from dpkg-dev 1.21.13 - # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, _add_build_flags()), - # copyright Raphaël Hertzog , Guillem Jover - # , Kees Cook , Canonical, Ltd. - # licensed under GPL version 2 or later. Keep it in sync. + # The following was partially copied from dpkg-dev 1.22.0 + # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, set_build_features and + # _add_build_flags()), copyright Raphaël Hertzog , + # Guillem Jover , Kees Cook , + # Canonical, Ltd. licensed under GPL version 2 or later. Keep it in + # sync. require Dpkg::Arch; my ($os, $cpu); @@ -1174,13 +1175,23 @@ foreach my $file (@ARGV) { arm64 armel armhf + hurd-amd64 hurd-i386 i386 kfreebsd-amd64 kfreebsd-i386 mips - mipsel + mips64 mips64el + mips64r6 + mips64r6el + mipsel + mipsn32 + mipsn32el + mipsn32r6 + mipsn32r6el + mipsr6 + mipsr6el powerpc ppc64 ppc64el @@ -1191,15 +1202,14 @@ foreach my $file (@ARGV) { ); # Disable unsupported hardening options. - if ($os !~ /^(?:linux|kfreebsd|knetbsd|hurd)$/ - or $cpu =~ /^(?:hppa|avr32)$/) { + if ($os !~ /^(?:linux|kfreebsd|knetbsd|hurd)$/ or $cpu eq 'hppa') { $harden_pie = 0; } if ($cpu =~ /^(?:ia64|alpha|hppa|nios2)$/ or $arch eq 'arm') { $harden_stack = 0; $harden_stack_strong = 0; } - if ($cpu =~ /^(?:ia64|hppa|avr32)$/) { + if ($cpu =~ /^(?:ia64|hppa)$/) { $harden_relro = 0; $harden_bindnow = 0; } diff --git a/t/logs/arch-avr32 b/t/logs/arch-hppa similarity index 88% rename from t/logs/arch-avr32 rename to t/logs/arch-hppa index 44b491d..ca444e5 100644 --- a/t/logs/arch-avr32 +++ b/t/logs/arch-hppa @@ -1,5 +1,5 @@ dpkg-buildpackage: source package test -dpkg-buildpackage: host architecture avr32 +dpkg-buildpackage: host architecture hppa # no relro,bindnow diff --git a/t/tests.t b/t/tests.t index 918b8f6..8102a7a 100644 --- a/t/tests.t +++ b/t/tests.t @@ -103,8 +103,9 @@ is_blhc 'empty', '', 1, # ANSI colored output. -is_blhc 'arch-avr32', '--color', 8, - "\033[31mCFLAGS missing\033[0m (-fstack-protector-strong)\033[33m:\033[0m gcc -D_FORTIFY_SOURCE=2 -g -O2 -Wformat -Wformat-security -Werror=format-security -Wall -c test.c +is_blhc 'arch-amd64', '--color', 8, + "\033[31mCFLAGS missing\033[0m (-fstack-protector-strong)\033[33m:\033[0m gcc -D_FORTIFY_SOURCE=2 -g -O2 -fPIE -Wformat -Wformat-security -Werror=format-security -Wall -c test.c +\033[31mLDFLAGS missing\033[0m (-pie)\033[33m:\033[0m gcc -fPIE -Wl,-z,relro -Wl,-z,now -o test test.o "; @@ -887,11 +888,9 @@ NONVERBOSE BUILD: /bin/bash ../libtool --silent --tag=CC --mode=link gcc -Wal # different architectures -my $arch_avr32 = - 'CFLAGS missing (-fstack-protector-strong): gcc -D_FORTIFY_SOURCE=2 -g -O2 -Wformat -Wformat-security -Werror=format-security -Wall -c test.c -'; -is_blhc 'arch-avr32', '', 8, - $arch_avr32; +my $arch_hppa = ''; +is_blhc 'arch-hppa', '', 0, + $arch_hppa; my $arch_i386 = 'CFLAGS missing (-fstack-protector-strong): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fPIE -Wformat -Wformat-security -Werror=format-security -Wall -c test.c @@ -934,11 +933,11 @@ is_blhc 'buildd-architecture-old', '', 0, ''; # ignore architecture -is_blhc ['arch-avr32', 'arch-i386', 'empty', 'arch-mipsel'], - '--ignore-arch avr32 --ignore-arch mipsel', +is_blhc ['arch-hppa', 'arch-i386', 'empty', 'arch-mipsel'], + '--ignore-arch hppa --ignore-arch mipsel', 9, - "checking './t/logs/arch-avr32'...\n" - . "ignoring architecture 'avr32'\n" + "checking './t/logs/arch-hppa'...\n" + . "ignoring architecture 'hppa'\n" . "checking './t/logs/arch-i386'...\n" . $arch_i386 . "checking './t/logs/empty'...\n" @@ -1081,42 +1080,40 @@ is_blhc ['arch-i386', 'arch-ia64'], '', 8, . $arch_ia64; # No exit when multiple files are specified. -is_blhc ['bad-ldflags', 'empty', 'arch-avr32', 'debian-hardening-wrapper'], '', 25, +is_blhc ['bad-ldflags', 'empty', 'arch-hppa', 'debian-hardening-wrapper'], '', 25, "checking './t/logs/bad-ldflags'...\n" . $bad_ldflags . "checking './t/logs/empty'...\n" . $empty - . "checking './t/logs/arch-avr32'...\n" - . $arch_avr32 + . "checking './t/logs/arch-hppa'...\n" + . $arch_hppa . "checking './t/logs/debian-hardening-wrapper'...\n" . $debian_hardening_wrapper ; # Ignore works correctly with multiple architectures. -is_blhc ['arch-i386', 'arch-amd64', 'arch-avr32', 'ignore-flag'], +is_blhc ['arch-i386', 'arch-amd64', 'arch-hppa', 'ignore-flag'], '--ignore-arch-flag i386:-fstack-protector-strong --ignore-arch-flag mipsel:-Werror=format-security', 8, "checking './t/logs/arch-i386'... LDFLAGS missing (-pie): gcc -fPIE -Wl,-z,relro -Wl,-z,now -o test test.o checking './t/logs/arch-amd64'... CFLAGS missing (-fstack-protector-strong): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fPIE -Wformat -Wformat-security -Werror=format-security -Wall -c test.c LDFLAGS missing (-pie): gcc -fPIE -Wl,-z,relro -Wl,-z,now -o test test.o -checking './t/logs/arch-avr32'... -CFLAGS missing (-fstack-protector-strong): gcc -D_FORTIFY_SOURCE=2 -g -O2 -Wformat -Wformat-security -Werror=format-security -Wall -c test.c +checking './t/logs/arch-hppa'... checking './t/logs/ignore-flag'... CFLAGS missing (-g): gcc -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c CFLAGS missing (-O2): gcc -g -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-c.c " ; -is_blhc ['arch-i386', 'arch-amd64', 'arch-avr32', 'ignore-line'], +is_blhc ['arch-i386', 'arch-amd64', 'arch-hppa', 'ignore-line'], '--ignore-arch-line "i386:gcc .+ -fPIE .+" --ignore-arch-line "mipsel:gcc .+ -Wl,-z,relro -Wl,-z,now .+"', 8, "checking './t/logs/arch-i386'... LDFLAGS missing (-pie): gcc -fPIE -Wl,-z,relro -Wl,-z,now -o test test.o checking './t/logs/arch-amd64'... CFLAGS missing (-fstack-protector-strong): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fPIE -Wformat -Wformat-security -Werror=format-security -Wall -c test.c LDFLAGS missing (-pie): gcc -fPIE -Wl,-z,relro -Wl,-z,now -o test test.o -checking './t/logs/arch-avr32'... -CFLAGS missing (-fstack-protector-strong): gcc -D_FORTIFY_SOURCE=2 -g -O2 -Wformat -Wformat-security -Werror=format-security -Wall -c test.c +checking './t/logs/arch-hppa'... checking './t/logs/ignore-line'... CFLAGS missing (-g -O2 -fstack-protector-strong -Wformat -Werror=format-security): ./prepare-script gcc test-a.c test-b.c test-c.c CPPFLAGS missing (-D_FORTIFY_SOURCE=2): ./prepare-script gcc test-a.c test-b.c test-c.c -- 2.45.2