Fix non-verbose compiler commands spanning multiple lines.

diff --git a/NEWS b/NEWS
index 1440b0c7517f8036d9e74674d095d2b4d87ea54c..305a530fca60a48715d8d9c2b8a5ff6651756b49 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,8 @@ Version 0.XX
   and dpkg-buildpackage is never run; therefore a minor issue.
 - Fix false positive when "compiling" python files (Debian bug #714630),
   reported by Matthias Klose.
+- Don't check for hardening flags in non-verbose compiler commands spanning
+  multiple lines.
 
 - Sync architecture specific hardening support with dpkg 1.17.1.
 

diff --git a/bin/blhc b/bin/blhc
index 2bf99cc6145e6ca40459a253fab32103ba9afd0f..b45439ca9e533a7e01fbb2bc8759d5be8571d29e 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -775,6 +775,7 @@ foreach my $file (@ARGV) {
 
     my $continuation = 0;
     my $complete_line = undef;
+    my $non_verbose;
     while (my $line = <$fh>) {
         # And stop at the end of the build log. Package details (reported by
         # the buildd logs) are not important for us. This also prevents false
@@ -782,6 +783,10 @@ foreach my $file (@ARGV) {
         last if index($line, 'Build finished at ') == 0
                 and $line =~ /^Build finished at \d{8}-\d{4}$/;
 
+        if (not $continuation) {
+            $non_verbose = 0;
+        }
+
         # Detect architecture automatically unless overridden.
         if (not $arch
                 and index($line, 'dpkg-buildpackage: host architecture ') == 0) {
@@ -811,7 +816,7 @@ foreach my $file (@ARGV) {
         }
 
         # Check if this line indicates a non verbose build.
-        my $non_verbose = is_non_verbose_build($line);
+        $non_verbose |= is_non_verbose_build($line);
 
         # One line may contain multiple commands (";"). Treat each one as
         # single line. parse_line() is slow, only use it when necessary.

diff --git a/t/logs/verbose-build b/t/logs/verbose-build
index 050596fda24116f2a231639118b34fcded956908..fd14784ef3f9d42aba4f54ab4258f2193e29226a 100644 (file)
--- a/t/logs/verbose-build
+++ b/t/logs/verbose-build
@@ -92,6 +92,10 @@ cd /tmp/test/src && /usr/bin/c++ -g -O2 -fstack-protector --param=ssp-buffer-siz
 [ 83%] Building C object src/CMakeFiles/test-verbose-c.dir/verbose-c.c.o
 cd /tmp/test/src && /usr/bin/gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -o CMakeFiles/test-verbose-c.dir/verbose-c.c.o -c -D_FORTIFY_SOURCE=2 /tmp/test/src/test-verbose-c/verbose-c.c
 
+# Multi-line non-verbose-build.
+Compiling test.c \
+    gcc test.c
+
 # False positives.
 Compiling Test properties
 Compiling Test sources

diff --git a/t/tests.t b/t/tests.t
index 20d323cc142ff03ef39c997abec5e29148bb2e0b..42263dfc186d3e1e5519d96756478e66c1dc997b 100644 (file)
--- a/t/tests.t
+++ b/t/tests.t
@@ -643,6 +643,7 @@ NONVERBOSE BUILD: [ 22%] Building CXX object src/CMakeFiles/test/test.cpp.o
 NONVERBOSE BUILD: [ 82%] Building C object src/CMakeFiles/test/test.c.o
 CXXFLAGS missing (-Wformat): cd /tmp/test/src && /usr/bin/c++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-security -Werror=format-security -o CMakeFiles/test-verbose.dir/verbose.cpp.o -c -D_FORTIFY_SOURCE=2 /tmp/test/src/test-verbose/verbose.cpp
 CFLAGS missing (-Werror=format-security): cd /tmp/test/src && /usr/bin/gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -o CMakeFiles/test-verbose-c.dir/verbose-c.c.o -c -D_FORTIFY_SOURCE=2 /tmp/test/src/test-verbose-c/verbose-c.c
+NONVERBOSE BUILD: Compiling test.c \     gcc test.c
 ';