Fix --ignore-flag with -fPIE.

[blhc/blhc.git] / bin / blhc

diff --git a/bin/blhc b/bin/blhc
index 70f814d954826ec36842c083e9df173eb195ac68..a51c860158608a12116c60a5d5113d182014dbb0 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -202,11 +202,11 @@ my @flag_refs = (
     \@def_ldflags,
     \@def_ldflags_relro,
     \@def_ldflags_bindnow,
+    \@def_ldflags_pie,
 );
 # References to all used flags.
 my @flag_refs_all = (
     @flag_refs,
-    \@def_ldflags_pie,
     \@def_ldflags_pic,
 );
 # Renaming rules for the output so the regex parts are not visible. Also
@@ -533,7 +533,7 @@ FILE:
 foreach my $file (@ARGV) {
     print "checking '$file'...\n" if scalar @ARGV > 1;
 
-    open my $fh, '<', $file or die "$!: $file";
+    open my $fh, '<', $file or die $!;
 
     # Architecture of this file.
     my $arch = $option_arch;
@@ -1155,6 +1155,13 @@ CPPFLAGS, CFLAGS, CXXFLAGS, LDFLAGS missing.
 
 =item B<I-invalid-cmake-used> (version)
 
+By default CMake ignores CPPFLAGS thus missing those hardening flags. Debian
+patched CMake in versions 2.8.7-1 and 2.8.7-2 to respect CPPFLAGS, but this
+patch was rejected by upstream and later reverted in Debian. Thus those two
+versions show correct usage of CPPFLAGS even if the package doesn't correctly
+handle them (for example by passing them to CFLAGS). To prevent false
+negatives just blacklist those two versions.
+
 =item B<I-no-compiler-commands>
 
 No compiler commands were detected. Either the log contains none or they were
@@ -1193,6 +1200,11 @@ Missing hardening flags.
 
 Hardening wrapper detected, no tests performed.
 
+=item B<32>
+
+Invalid CMake version used. See B<I-invalid-cmake-used> under L</"BUILDD
+TAGS"> for a detailed explanation.
+
 =back
 
 =head1 AUTHOR