# Build log hardening check, checks build logs for missing hardening flags.
-# Copyright (C) 2012-2023 Simon Ruderich
+# Copyright (C) 2012-2024 Simon Ruderich
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# Expected (hardening) flags. All flags are used as regexps (and compiled to
# real regexps below for better execution speed).
my @def_cflags = (
- '-g',
+ '-g3?',
'-O(?:2|3)', # keep at index 1, search for @def_cflags_debug to change it
);
my @def_cflags_debug = (
# Renaming rules for the output so the regex parts are not visible. Also
# stores string values of flag regexps above, see compile_flag_regexp().
my %flag_renames = (
+ '-g3?' => '-g',
'-O(?:2|3)' => '-O2',
'-Wformat(?:=2)?' => '-Wformat',
'--param[= ]ssp-buffer-size=4' => '--param=ssp-buffer-size=4',
}
if ($option_version) {
print <<"EOF";
-blhc $VERSION Copyright (C) 2012-2023 Simon Ruderich
+blhc $VERSION Copyright (C) 2012-2024 Simon Ruderich
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
# Option or auto detected.
if ($arch) {
- # The following was partially copied from dpkg-dev 1.21.13
- # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, _add_build_flags()),
- # copyright Raphaël Hertzog <hertzog@debian.org>, Guillem Jover
- # <guillem@debian.org>, Kees Cook <kees@debian.org>, Canonical, Ltd.
- # licensed under GPL version 2 or later. Keep it in sync.
+ # The following was partially copied from dpkg-dev 1.22.0
+ # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, set_build_features and
+ # _add_build_flags()), copyright Raphaël Hertzog <hertzog@debian.org>,
+ # Guillem Jover <guillem@debian.org>, Kees Cook <kees@debian.org>,
+ # Canonical, Ltd. licensed under GPL version 2 or later. Keep it in
+ # sync.
require Dpkg::Arch;
my ($os, $cpu);
arm64
armel
armhf
+ hurd-amd64
hurd-i386
i386
kfreebsd-amd64
kfreebsd-i386
mips
- mipsel
+ mips64
mips64el
+ mips64r6
+ mips64r6el
+ mipsel
+ mipsn32
+ mipsn32el
+ mipsn32r6
+ mipsn32r6el
+ mipsr6
+ mipsr6el
powerpc
ppc64
ppc64el
);
# Disable unsupported hardening options.
- if ($os !~ /^(?:linux|kfreebsd|knetbsd|hurd)$/
- or $cpu =~ /^(?:hppa|avr32)$/) {
+ if ($os !~ /^(?:linux|kfreebsd|knetbsd|hurd)$/ or $cpu eq 'hppa') {
$harden_pie = 0;
}
if ($cpu =~ /^(?:ia64|alpha|hppa|nios2)$/ or $arch eq 'arm') {
$harden_stack = 0;
$harden_stack_strong = 0;
}
- if ($cpu =~ /^(?:ia64|hppa|avr32)$/) {
+ if ($cpu =~ /^(?:ia64|hppa)$/) {
$harden_relro = 0;
$harden_bindnow = 0;
}
=head1 LICENSE AND COPYRIGHT
-Copyright (C) 2012-2023 by Simon Ruderich
+Copyright (C) 2012-2024 by Simon Ruderich
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by