# Build log hardening check, checks build logs for missing hardening flags.
-# Copyright (C) 2012-2021 Simon Ruderich
+# Copyright (C) 2012-2022 Simon Ruderich
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
use Getopt::Long ();
use Text::ParseWords ();
-our $VERSION = '0.12';
+our $VERSION = '0.13';
# CONSTANTS/VARIABLES
# @def_cxxflags_* is the same as @def_cflags_*.
my @def_cppflags = ();
my @def_cppflags_fortify = (
- '-D_FORTIFY_SOURCE=2', # must be first, see cppflags_fortify_broken()
+ '-D_FORTIFY_SOURCE=[23]', # must be first, see cppflags_fortify_broken()
# If you add another flag fix hack below (search for "Hack to fix") and
# $def_cppflags_fortify[0].
);
'-O(?:2|3)' => '-O2',
'-Wformat(?:=2)?' => '-Wformat',
'--param[= ]ssp-buffer-size=4' => '--param=ssp-buffer-size=4',
+ '-D_FORTIFY_SOURCE=[23]' => '-D_FORTIFY_SOURCE=2',
'-Wl,(?:-z,)?relro' => '-Wl,-z,relro',
'-Wl,(?:-z,)?now' => '-Wl,-z,now',
);
}
if ($option_version) {
print <<"EOF";
-blhc $VERSION Copyright (C) 2012-2021 Simon Ruderich
+blhc $VERSION Copyright (C) 2012-2022 Simon Ruderich
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
# C++ files. No hardening flags are relevant during this step,
# thus ignore `moc-qt*` lines. The resulting files will be
# compiled in a separate step (and therefore checked).
- next if $line =~ m{^\S+/bin/moc(?:-qt[45])?
+ next if $line =~ m{^\S+(?:/bin/moc(?:-qt[45])?|/lib/qt6/libexec/moc)
\s.+\s
-I\S+/mkspecs/[a-z]+-g\++(?:-64)?
\s}x;
+ # nvcc is not a regular C compiler
+ next if $line =~ m{^\S+/bin/nvcc\s};
# Ignore false positives when the line contains only CC=gcc but no
# other gcc command.
if ($line =~ /(.*)CC=$cc_regex_full(.*)/o) {
# Option or auto detected.
if ($arch) {
- # The following was partially copied from dpkg-dev 1.20.5
+ # The following was partially copied from dpkg-dev 1.21.13
# (/usr/share/perl5/Dpkg/Vendor/Debian.pm, _add_build_flags()),
# copyright Raphaƫl Hertzog <hertzog@debian.org>, Guillem Jover
# <guillem@debian.org>, Kees Cook <kees@debian.org>, Canonical, Ltd.
=head1 LICENSE AND COPYRIGHT
-Copyright (C) 2012-2020 by Simon Ruderich
+Copyright (C) 2012-2022 by Simon Ruderich
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by