Fix false positive in "gcc > file"

[blhc/blhc.git] / bin / blhc

diff --git a/bin/blhc b/bin/blhc
index fa0f8a396baa04fcfccbe4e9208f6a392898bf84..c4e814c0cae8275355fdea6ca996170982c9a90f 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -24,7 +24,7 @@ use warnings;
 use Getopt::Long ();
 use Text::ParseWords ();
 
-our $VERSION = '0.05';
+our $VERSION = '0.06';
 
 
 # CONSTANTS/VARIABLES
@@ -972,6 +972,8 @@ foreach my $file (@ARGV) {
             # look like a compiler executable thus causing the line to be
             # treated as a normal compiler line.
             next if $line =~ m{^\s*rm\s+};
+            # Some build systems emit "gcc > file".
+            next if $line =~ m{$cc_regex_normal\s*>\s*\S+};
 
             # Check if additional hardening options were used. Used to ensure
             # they are used for the complete build.
@@ -1012,8 +1014,8 @@ foreach my $file (@ARGV) {
 
     # Option or auto detected.
     if ($arch) {
-        # The following was partially copied from dpkg-dev 1.18.7
-        # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, add_hardening_flags()),
+        # The following was partially copied from dpkg-dev 1.18.10
+        # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, _add_hardening_flags()),
         # copyright Raphaël Hertzog <hertzog@debian.org>, Kees Cook
         # <kees@debian.org>, Canonical, Ltd. licensed under GPL version 2 or
         # later. Keep it in sync.
@@ -1022,7 +1024,8 @@ foreach my $file (@ARGV) {
         my ($abi, $os, $cpu) = Dpkg::Arch::debarch_to_debtriplet($arch);
 
         # Disable unsupported hardening options.
-        if ($os !~ /^(?:linux|knetbsd|hurd)$/ or $cpu =~ /^(?:hppa|avr32)$/) {
+        if ($os !~ /^(?:linux|kfreebsd|knetbsd|hurd)$/
+                or $cpu =~ /^(?:hppa|avr32)$/) {
             $harden_pie = 0;
         }
         if ($cpu =~ /^(?:ia64|alpha|hppa|nios2)$/ or $arch eq 'arm') {