Sync architecture specific hardening support with dpkg 1.18.7

[blhc/blhc.git] / bin / blhc

diff --git a/bin/blhc b/bin/blhc
index cc4f44bb723a2fc6c2321b08a84ce4c3f23a2cac..73b770df9e210c0f2139a62bc7622570a5890e71 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -952,6 +952,10 @@ foreach my $file (@ARGV) {
             # contains them.
             next if $line =~ m{^\s+/usr/lib/gcc/$cc_regex_full_prefix/
                                    [0-9.]+/cc1(?:plus)?}xo;
+            # Ignore false positive with `rm` which may remove files which
+            # look like a compiler executable thus causing the line to be
+            # treated as a normal compiler line.
+            next if $line =~ m{^\s*rm\s+};
 
             # Check if additional hardening options were used. Used to ensure
             # they are used for the complete build.
@@ -992,7 +996,7 @@ foreach my $file (@ARGV) {
 
     # Option or auto detected.
     if ($arch) {
-        # The following was partially copied from dpkg-dev 1.18.2
+        # The following was partially copied from dpkg-dev 1.18.7
         # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, add_hardening_flags()),
         # copyright Raphaël Hertzog <hertzog@debian.org>, Kees Cook
         # <kees@debian.org>, Canonical, Ltd. licensed under GPL version 2 or
@@ -1005,7 +1009,7 @@ foreach my $file (@ARGV) {
         if ($os !~ /^(?:linux|knetbsd|hurd)$/ or $cpu =~ /^(?:hppa|avr32)$/) {
             $harden_pie = 0;
         }
-        if ($cpu =~ /^(?:ia64|alpha|hppa)$/ or $arch eq 'arm') {
+        if ($cpu =~ /^(?:ia64|alpha|hppa|nios2)$/ or $arch eq 'arm') {
             $harden_stack = 0;
             $harden_stack_strong = 0;
         }