Sync architecture specific hardening support with dpkg 1.18.10

diff --git a/NEWS b/NEWS
index f6fa8ce4930052fa3812eb1e9a2c38ca86e7a5b4..8f6731cbc8e7f5e4bef2931e4ad43357ae5c319d 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
 NEWS
 ====
 
+Version 0.XX
+------------
+
+- Sync architecture specific hardening support with dpkg 1.18.10.
+
+
 Version 0.06
 ------------
 

diff --git a/bin/blhc b/bin/blhc
index e918ee85c3e713a96145b5cf439dc4be47f11e21..838f3c35a777c0f03aad99b6975970b7d0ccc77f 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -1012,8 +1012,8 @@ foreach my $file (@ARGV) {
 
     # Option or auto detected.
     if ($arch) {
-        # The following was partially copied from dpkg-dev 1.18.7
-        # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, add_hardening_flags()),
+        # The following was partially copied from dpkg-dev 1.18.10
+        # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, _add_hardening_flags()),
         # copyright Raphaël Hertzog <hertzog@debian.org>, Kees Cook
         # <kees@debian.org>, Canonical, Ltd. licensed under GPL version 2 or
         # later. Keep it in sync.
@@ -1022,7 +1022,8 @@ foreach my $file (@ARGV) {
         my ($abi, $os, $cpu) = Dpkg::Arch::debarch_to_debtriplet($arch);
 
         # Disable unsupported hardening options.
-        if ($os !~ /^(?:linux|knetbsd|hurd)$/ or $cpu =~ /^(?:hppa|avr32)$/) {
+        if ($os !~ /^(?:linux|kfreebsd|knetbsd|hurd)$/
+                or $cpu =~ /^(?:hppa|avr32)$/) {
             $harden_pie = 0;
         }
         if ($cpu =~ /^(?:ia64|alpha|hppa|nios2)$/ or $arch eq 'arm') {