Fix architecture detection when checking multiple files.

diff --git a/bin/blhc b/bin/blhc
index 028dfbe53190d67f1a70768098fba0c3bfb33531..eb803248d784514aff2143a3c4835d475daa25db 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -475,6 +475,9 @@ my $exit = 0;
 FILE: foreach my $file (@ARGV) {
     open my $fh, '<', $file or die "$!: $file";
 
+    # Architecture of this file.
+    my $arch = $option_arch;
+
     # Hardening options. Not all architectures support all hardening options.
     my $harden_format  = 1;
     my $harden_fortify = 1;
@@ -549,9 +552,9 @@ FILE: foreach my $file (@ARGV) {
         last if $line =~ /^Build finished at \d{8}-\d{4}$/;
 
         # Detect architecture automatically unless overridden.
-        if (not $option_arch
+        if (not $arch
                 and $line =~ /^dpkg-buildpackage: host architecture (.+)$/) {
-            $option_arch = $1;
+            $arch = $1;
         }
 
         # Ignore compiler warnings for now.
@@ -655,7 +658,7 @@ FILE: foreach my $file (@ARGV) {
     }
 
     # Option or auto detected.
-    if ($option_arch) {
+    if ($arch) {
         # The following was partially copied from dpkg-dev 1.16.1.2
         # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, add_hardening_flags()),
         # copyright Raphaël Hertzog <hertzog@debian.org>, Kees Cook
@@ -663,10 +666,10 @@ FILE: foreach my $file (@ARGV) {
         # later. Keep it in sync.
 
         require Dpkg::Arch;
-        my ($abi, $os, $cpu) = Dpkg::Arch::debarch_to_debtriplet($option_arch);
+        my ($abi, $os, $cpu) = Dpkg::Arch::debarch_to_debtriplet($arch);
 
         # Disable unsupported hardening options.
-        if ($cpu =~ /^(ia64|alpha|mips|mipsel|hppa)$/ or $option_arch eq 'arm') {
+        if ($cpu =~ /^(ia64|alpha|mips|mipsel|hppa)$/ or $arch eq 'arm') {
             $harden_stack = 0;
         }
         if ($cpu =~ /^(ia64|hppa|avr32)$/) {

diff --git a/t/tests.t b/t/tests.t
index a4ccf604757fccd969d96b6e95abdfb59bd40f97..0b98fe3648a00e9be9a70b02bbc605d6308642be 100644 (file)
--- a/t/tests.t
+++ b/t/tests.t
@@ -19,7 +19,7 @@
 use strict;
 use warnings;
 
-use Test::More tests => 108;
+use Test::More tests => 110;
 
 
 sub is_blhc {
@@ -531,15 +531,19 @@ my $arch_avr32 =
 is_blhc 'arch-avr32', '', 8,
         $arch_avr32;
 
-is_blhc 'arch-i386', '', 8,
+my $arch_i386 =
         'CFLAGS missing (-fstack-protector): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fPIE --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wall -c test.c
 LDFLAGS missing (-pie): gcc -fPIE -Wl,-z,relro -Wl,-z,now -o test test.o
 ';
+is_blhc 'arch-i386', '', 8,
+        $arch_i386;
 
-is_blhc 'arch-ia64', '', 8,
+my $arch_ia64 =
         'CFLAGS missing (-fPIE): gcc -D_FORTIFY_SOURCE=2 -g -O2 -Wformat -Wformat-security -Werror=format-security -Wall -c test.c
 LDFLAGS missing (-pie): gcc -fPIE -o test test.o
 ';
+is_blhc 'arch-ia64', '', 8,
+        $arch_ia64;
 
 is_blhc 'arch-mipsel', '', 8,
         'CFLAGS missing (-Werror=format-security): gcc -D_FORTIFY_SOURCE=2 -g -O2 -Wformat -Wformat-security -Wall -c test.c
@@ -613,6 +617,9 @@ is_blhc ['good', 'good-pie', 'good-bindnow', 'good-all', 'good-multiline', 'good
 is_blhc ['good-all', 'good-library'], '--all', 0,
         '';
 
+is_blhc ['arch-i386', 'arch-ia64'], '', 8,
+        $arch_i386 . $arch_ia64;
+
 # No exit when multiple files are specified.
 is_blhc ['bad-ldflags', 'empty', 'arch-avr32', 'debian-hardening-wrapper'], '', 25,
         $bad_ldflags