From c3edfcb8350482755554fea4bcf45973f02137f8 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 31 Mar 2012 15:10:14 +0200 Subject: [PATCH] Check for CMake version which obeyed CPPFLAGS. Thanks to Aron Xu for informing me of this issue. For more information see Debian bug #653916. --- MANIFEST | 1 + bin/blhc | 26 ++++++++++++++++++++++++++ t/logs/debian-cmake | 11 +++++++++++ t/tests.t | 10 +++++++++- 4 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 t/logs/debian-cmake diff --git a/MANIFEST b/MANIFEST index 9764e06..0102914 100644 --- a/MANIFEST +++ b/MANIFEST @@ -22,6 +22,7 @@ t/logs/c++ t/logs/cc t/logs/configure t/logs/debian +t/logs/debian-cmake t/logs/debian-hardening-wrapper t/logs/empty t/logs/g++ diff --git a/bin/blhc b/bin/blhc index 7f1fd84..5bbfe73 100755 --- a/bin/blhc +++ b/bin/blhc @@ -209,6 +209,7 @@ my %exit_code = ( non_verbose_build => 1 << 2, flags_missing => 1 << 3, hardening_wrapper => 1 << 4, + invalid_cmake => 1 << 5, ); # Statistics of missing flags and non-verbose build commands. Used for @@ -253,6 +254,14 @@ sub error_non_verbose_build { error_color(':', 'yellow'), $line; } +sub error_invalid_cmake { + my ($version) = @_; + + printf "%s%s %s\n", + error_color('INVALID CMAKE', 'red'), + error_color(':', 'yellow'), + $version; +} sub error_hardening_wrapper { printf "%s%s %s\n", error_color('HARDENING WRAPPER', 'red'), @@ -494,6 +503,23 @@ FILE: foreach my $file (@ARGV) { } } + # The following two versions of CMake in Debian obeyed CPPFLAGS, but + # this was later dropped because upstream rejected the patch. Thus + # build logs with these versions will have fortify hardening flags + # enabled, even though they may be not correctly set and are missing + # when build with later CMake versions. Thanks to Aron Xu for letting + # me know. + if ($line =~ /^Package versions: / + and $line =~ /\bcmake_(\S+)/ + and ($1 eq '2.8.7-1' or $1 eq '2.8.7-2')) { + if (not $option_buildd) { + error_invalid_cmake($1); + } else { + print "W-invalid-cmake-used $1\n"; + } + $exit |= $exit_code{invalid_cmake}; + } + # If hardening wrapper is used (wraps calls to gcc and adds hardening # flags automatically) we can't perform any checks, abort. if ($line =~ /^Build-Depends: .*\bhardening-wrapper\b/) { diff --git a/t/logs/debian-cmake b/t/logs/debian-cmake new file mode 100644 index 0000000..20b4072 --- /dev/null +++ b/t/logs/debian-cmake @@ -0,0 +1,11 @@ +Package versions: ... cmake_2.8.7-2 cmake-data_2.8.7-2 ... + +dpkg-buildpackage: source package test + +gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c +gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c +gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-c.c +gcc -g -O3 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-d.c +gcc -Wl,-z,relro -o test test-a.o test-b.o test-c.o -ltest + +Build finished at 20120308-1648 diff --git a/t/tests.t b/t/tests.t index 0d9281a..a4ccf60 100644 --- a/t/tests.t +++ b/t/tests.t @@ -19,7 +19,7 @@ use strict; use warnings; -use Test::More tests => 104; +use Test::More tests => 108; sub is_blhc { @@ -565,6 +565,10 @@ CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -c `dpkg-buildflags --get LDFLAGS` t LDFLAGS missing (-Wl,-z,relro): gcc -o test test.o `dpkg-buildflags --get CFLAGS` '; +is_blhc 'debian-cmake', '', 32, + 'INVALID CMAKE: 2.8.7-2 +'; + my $debian_hardening_wrapper = 'HARDENING WRAPPER: no checks possible, aborting '; @@ -597,6 +601,10 @@ is_blhc 'make', '--buildd', 1, 'W-no-compiler-commands '; +is_blhc 'debian-cmake', '--buildd', 32, + 'W-invalid-cmake-used 2.8.7-2 +'; + # multiple files -- 2.43.2