+ # The following two versions of CMake in Debian obeyed CPPFLAGS, but
+ # this was later dropped because upstream rejected the patch. Thus
+ # build logs with these versions will have fortify hardening flags
+ # enabled, even though they may be not correctly set and are missing
+ # when build with later CMake versions. Thanks to Aron Xu for letting
+ # me know.
+ if (index($line, 'Package versions: ') == 0
+ and $line =~ /\bcmake_(\S+)/
+ and ($1 eq '2.8.7-1' or $1 eq '2.8.7-2')) {
+ if (not $option_buildd) {
+ error_invalid_cmake($1);
+ $exit |= $exit_code{invalid_cmake};
+ } else {
+ print "$buildd_tag{invalid_cmake}|$1|\n";
+ }
+ }
+
+ if (index($line, 'Build-Depends: ') == 0) {
+ # If hardening wrapper is used (wraps calls to gcc and adds
+ # hardening flags automatically) we can't perform any checks,
+ # abort.
+ if ($line =~ /\bhardening-wrapper\b/) {
+ if (not $option_buildd) {
+ error_hardening_wrapper();
+ $exit |= $exit_code{hardening_wrapper};
+ } else {
+ print "$buildd_tag{hardening_wrapper}||\n";
+ }
+ next FILE;
+ }
+
+ # Ada compiler.
+ if ($line =~ /\bgnat\b/) {
+ $ada = 1;
+ }
+ }
+
+ # We skip over unimportant lines at the beginning of the log to
+ # prevent false positives.
+ last if index($line, 'dpkg-buildpackage: ') == 0;
+ }
+
+ # Input lines, contain only the lines with compiler commands.
+ my @input = ();
+ # Non-verbose lines in the input. Used to reduce calls to
+ # is_non_verbose_build() (which is quite slow) in the second loop when
+ # it's already clear if a line is non-verbose or not.
+ my @input_nonverbose = ();
+
+ my $continuation = 0;
+ my $complete_line = undef;
+ while (my $line = <$fh>) {
+ # And stop at the end of the build log. Package details (reported by
+ # the buildd logs) are not important for us. This also prevents false
+ # positives.
+ last if index($line, 'Build finished at ') == 0
+ and $line =~ /^Build finished at \d{8}-\d{4}$/;
+
+ # Detect architecture automatically unless overridden.
+ if (not $arch
+ and index($line, 'dpkg-buildpackage: host architecture ') == 0) {
+ $arch = substr $line, 37, -1; # -1 to ignore '\n' at the end
+ }
+
+ # Ignore compiler warnings for now.
+ next if $line =~ /$warning_regex/o;
+
+ if (not $option_buildd and index($line, "\033") != -1) { # \033 = esc
+ # Remove all ANSI color sequences which are sometimes used in
+ # non-verbose builds.
+ $line = Term::ANSIColor::colorstrip($line);
+ # Also strip '\0xf' (delete previous character), used by Elinks'
+ # build system.
+ $line =~ s/\x0f//g;
+ # And "ESC(B" which seems to be used on armhf and hurd (not sure
+ # what it does).
+ $line =~ s/\033\(B//g;
+ }
+
+ # Check if this line indicates a non verbose build.
+ my $non_verbose = is_non_verbose_build($line);
+
+ # One line may contain multiple commands (";"). Treat each one as
+ # single line. parse_line() is slow, only use it when necessary.
+ my @line = (index($line, ';') == -1)
+ ? ($line)
+ : map {
+ # Ensure newline at the line end - necessary for
+ # correct parsing later.
+ $_ =~ s/\s+$//;
+ $_ .= "\n";
+ } Text::ParseWords::parse_line(';', 1, $line);
+ foreach my $line (@line) {
+ if ($continuation) {
+ $continuation = 0;
+
+ # Join lines, but leave the "\" in place so it's clear where
+ # the original line break was.
+ chomp $complete_line;
+ $complete_line .= ' ' . $line;
+ }
+ # Line continuation, line ends with "\".
+ if ($line =~ /\\$/) {
+ $continuation = 1;
+ # Start line continuation.
+ if (not defined $complete_line) {
+ $complete_line = $line;
+ }
+ next;
+ }
+