Update copyright years

[blhc/blhc.git] / bin / blhc

diff --git a/bin/blhc b/bin/blhc
index 0c2ba90e922ba4e6a4887f8d98cf7561825bbccf..efb7f3b20aa6c98a812dfe8fcadcaa141d249c4d 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -2,7 +2,7 @@
 
 # Build log hardening check, checks build logs for missing hardening flags.
 
-# Copyright (C) 2012-2015  Simon Ruderich
+# Copyright (C) 2012-2016  Simon Ruderich
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -38,8 +38,11 @@ my $cc_regex = qr/
     /x;
 # Full regex which matches the complete compiler name. Used in a few places to
 # prevent false negatives.
+my $cc_regex_full_prefix = qr/
+    [a-z0-9_]+-(?:linux-|kfreebsd-)?gnu(?:eabi|eabihf)?
+    /x;
 my $cc_regex_full = qr/
-    (?:[a-z0-9_]+-(?:linux-|kfreebsd-)?gnu(?:eabi|eabihf)?-)?
+    (?:$cc_regex_full_prefix-)?
     $cc_regex
     /x;
 # Regex to check if a line contains a compiler command.
@@ -602,7 +605,7 @@ if ($option_help) {
 }
 if ($option_version) {
     print <<"EOF";
-blhc $VERSION  Copyright (C) 2012-2015  Simon Ruderich
+blhc $VERSION  Copyright (C) 2012-2016  Simon Ruderich
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -943,6 +946,16 @@ foreach my $file (@ARGV) {
                 next if     not $before =~ /$cc_regex_normal/o
                         and not $after  =~ /$cc_regex_normal/o;
             }
+            # Ignore false positives caused by gcc -v. It outputs a line
+            # looking like a normal compiler line but which is sometimes
+            # missing hardening flags, although the normal compiler line
+            # contains them.
+            next if $line =~ m{^\s+/usr/lib/gcc/$cc_regex_full_prefix/
+                                   [0-9.]+/cc1(?:plus)?}xo;
+            # Ignore false positive with `rm` which may remove files which
+            # look like a compiler executable thus causing the line to be
+            # treated as a normal compiler line.
+            next if $line =~ m{^\s*rm\s+};
 
             # Check if additional hardening options were used. Used to ensure
             # they are used for the complete build.
@@ -983,7 +996,7 @@ foreach my $file (@ARGV) {
 
     # Option or auto detected.
     if ($arch) {
-        # The following was partially copied from dpkg-dev 1.18.2
+        # The following was partially copied from dpkg-dev 1.18.7
         # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, add_hardening_flags()),
         # copyright Raphaël Hertzog <hertzog@debian.org>, Kees Cook
         # <kees@debian.org>, Canonical, Ltd. licensed under GPL version 2 or
@@ -996,7 +1009,7 @@ foreach my $file (@ARGV) {
         if ($os !~ /^(?:linux|knetbsd|hurd)$/ or $cpu =~ /^(?:hppa|avr32)$/) {
             $harden_pie = 0;
         }
-        if ($cpu =~ /^(?:ia64|alpha|hppa)$/ or $arch eq 'arm') {
+        if ($cpu =~ /^(?:ia64|alpha|hppa|nios2)$/ or $arch eq 'arm') {
             $harden_stack = 0;
             $harden_stack_strong = 0;
         }
@@ -1579,7 +1592,7 @@ E<lt>jari.aalto@cante.netE<gt> for their valuable input and suggestions.
 
 =head1 LICENSE AND COPYRIGHT
 
-Copyright (C) 2012-2015 by Simon Ruderich
+Copyright (C) 2012-2016 by Simon Ruderich
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by