From c4814aa2ad8a7a35e71839347b7fae2507be2ded Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 6 Oct 2019 20:43:10 +0200 Subject: [PATCH 01/16] Fix false positive in libtool detection with quoted path --- NEWS | 2 ++ bin/blhc | 2 +- t/logs/libtool | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index fcfcbeb..32459b1 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,8 @@ Version 0.XX bug #924387). - Fix false positive in non-verbose check for cython's .pyx files; reported by Picca Frédéric-Emmanuel (Debian Bug #939632). +- Fix false positive in libtool detection when the path to the libtool binary + is quoted; Yves-Alexis reported by Perez (Debian Bug #941836). Version 0.09 diff --git a/bin/blhc b/bin/blhc index fba278f..d6e2690 100755 --- a/bin/blhc +++ b/bin/blhc @@ -53,7 +53,7 @@ my $cc_regex_normal = qr/ my $warning_regex = qr/^(.+?):(\d+):\d+: warning: (.+?) \[(.+?)\]$/; # Regex to catch libtool commands and not lines which show commands executed # by libtool (e.g. libtool: link: ...). -my $libtool_regex = qr/\blibtool\s.*--mode=/; +my $libtool_regex = qr/\blibtool["']?\s.*--mode=/; my $libtool_link_regex = qr/\blibtool: link: /; # List of source file extensions which require preprocessing. diff --git a/t/logs/libtool b/t/logs/libtool index aec9602..4867b76 100644 --- a/t/logs/libtool +++ b/t/logs/libtool @@ -73,3 +73,5 @@ libtool: link: ( cd ".libs" && rm -f "libcoloredstderr.la" && ln -s "../libcolor /bin/bash ../libtool --silent --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -D_FORTIFY_SOURCE=2 -Wall -Wextra -Wconversion -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -MT coloredstderr.lo -MD -MP -MF .deps/coloredstderr.Tpo -c -o coloredstderr.lo coloredstderr.c mv -f .deps/coloredstderr.Tpo .deps/coloredstderr.Plo /bin/bash ../libtool --silent --tag=CC --mode=link gcc -Wall -Wextra -Wconversion -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fPIE -pie -Wl,-z,relro -Wl,-z,now -o libcoloredstderr.la -rpath /usr/local/lib coloredstderr.lo -ldl + +/bin/bash "/builds/debian/strongswan/debian/output/strongswan-5.8.0/libtool" --tag CC --mode=relink gcc -g -O2 -fdebug-prefix-map=/builds/debian/strongswan/debian/output/strongswan-5.8.0=. -fstack-protector-strong -Wformat -Werror=format-security -include /builds/debian/strongswan/debian/output/strongswan-5.8.0/config.h -no-undefined -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -Wl,-O1 -o libipsec.la -rpath /usr/lib/ipsec ipsec.lo esp_context.lo esp_packet.lo ip_packet.lo ipsec_event_relay.lo ipsec_policy.lo ipsec_policy_mgr.lo ipsec_processor.lo ipsec_sa.lo ipsec_sa_mgr.lo ../../src/libstrongswan/libstrongswan.la -inst-prefix-dir /builds/debian/strongswan/debian/output/strongswan-5.8.0/debian/tmp) -- 2.44.2 From 11bb7123847f86127e7f3d551761d2532db233e3 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 6 Oct 2019 21:36:04 +0200 Subject: [PATCH 02/16] Release 0.10 --- NEWS | 2 +- bin/blhc | 2 +- t/tests.t | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 32459b1..df6f7a5 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,7 @@ NEWS ==== -Version 0.XX +Version 0.10 ------------ - Sync architecture specific hardening support with dpkg 1.19.7. diff --git a/bin/blhc b/bin/blhc index d6e2690..5fabc39 100755 --- a/bin/blhc +++ b/bin/blhc @@ -24,7 +24,7 @@ use warnings; use Getopt::Long (); use Text::ParseWords (); -our $VERSION = '0.09'; +our $VERSION = '0.10'; # CONSTANTS/VARIABLES diff --git a/t/tests.t b/t/tests.t index 76e90e7..3dd2ff2 100644 --- a/t/tests.t +++ b/t/tests.t @@ -67,7 +67,7 @@ is_blhc '', '', 2, $usage; is_blhc '', '--version', 0, - 'blhc 0.09 Copyright (C) 2012-2019 Simon Ruderich + 'blhc 0.10 Copyright (C) 2012-2019 Simon Ruderich This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- 2.44.2 From f0a9d412466ca504fb2e279e1d98718a9c2bab28 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 4 Jan 2020 12:12:41 +0100 Subject: [PATCH 03/16] Fix false positive in `dwz` lines --- NEWS | 7 +++++++ bin/blhc | 1 + t/logs/false-positives | 3 +++ 3 files changed, 11 insertions(+) diff --git a/NEWS b/NEWS index df6f7a5..097d76b 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,13 @@ NEWS ==== +Version 0.XX +------------ + +- Fix false positive in `dwz` lines; reported by Raphaël Hertzog (Debian Bug + #948009). + + Version 0.10 ------------ diff --git a/bin/blhc b/bin/blhc index 5fabc39..e84b12b 100755 --- a/bin/blhc +++ b/bin/blhc @@ -1061,6 +1061,7 @@ foreach my $file (@ARGV) { # look like a compiler executable thus causing the line to be # treated as a normal compiler line. next if $line =~ m{^\s*rm\s+}; + next if $line =~ m{^\s*dwz\s+}; # Some build systems emit "gcc > file". next if $line =~ m{$cc_regex_normal\s*>\s*\S+}o; # Hex output may contain "cc". diff --git a/t/logs/false-positives b/t/logs/false-positives index d21f4f7..8e7d6c3 100644 --- a/t/logs/false-positives +++ b/t/logs/false-positives @@ -8,6 +8,9 @@ swig -Wall -c++ -python test.i rm -f afl-gcc afl-as afl-fuzz afl-showmap as afl-g++ afl-clang afl-clang++ *.o *~ a.out core core.[1-9][0-9]* *.stackdump test .test test-instr .test-instr0 .test-instr1 + dwz -mdebian/afl\+\+/usr/lib/debug/.dwz/x86_64-linux-gnu/afl\+\+.debug -M/usr/lib/debug/.dwz/x86_64-linux-gnu/afl\+\+.debug -- debian/afl\+\+/usr/bin/afl-analyze debian/afl\+\+/usr/bin/afl-fuzz debian/afl\+\+/usr/bin/afl-gcc debian/afl\+\+/usr/bin/afl-gotcpu debian/afl\+\+/usr/bin/afl-showmap debian/afl\+\+/usr/bin/afl-tmin debian/afl\+\+/usr/lib/afl/afl-as debian/afl\+\+/usr/lib/afl/libdislocator.so debian/afl\+\+/usr/lib/afl/libtokencap.so + dwz -mdebian/afl\+\+-clang/usr/lib/debug/.dwz/x86_64-linux-gnu/afl\+\+-clang.debug -M/usr/lib/debug/.dwz/x86_64-linux-gnu/afl\+\+-clang.debug -- debian/afl\+\+-clang/usr/bin/afl-clang-fast debian/afl\+\+-clang/usr/lib/afl/afl-llvm-pass.so + # "Missing" flags in comments should be ignored. # gcc -E tag_tree.list does not work, so use a .c name -- 2.44.2 From 74008a4373f685a862518f8fe3298c6752fac0ce Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 5 Jan 2020 12:23:16 +0100 Subject: [PATCH 04/16] Update copyright years --- Build.PL | 2 +- README | 2 +- bin/blhc | 6 +++--- t/tests.t | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Build.PL b/Build.PL index 02796f5..021e788 100644 --- a/Build.PL +++ b/Build.PL @@ -1,6 +1,6 @@ #!/usr/bin/perl -# Copyright (C) 2012-2019 Simon Ruderich +# Copyright (C) 2012-2020 Simon Ruderich # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/README b/README index c7212ee..b60004c 100644 --- a/README +++ b/README @@ -174,7 +174,7 @@ LICENSE blhc is licensed under GPL version 3 or later. -Copyright (C) 2012-2019 Simon Ruderich +Copyright (C) 2012-2020 Simon Ruderich This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/bin/blhc b/bin/blhc index e84b12b..8cbee81 100755 --- a/bin/blhc +++ b/bin/blhc @@ -2,7 +2,7 @@ # Build log hardening check, checks build logs for missing hardening flags. -# Copyright (C) 2012-2019 Simon Ruderich +# Copyright (C) 2012-2020 Simon Ruderich # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -684,7 +684,7 @@ if ($option_help) { } if ($option_version) { print <<"EOF"; -blhc $VERSION Copyright (C) 2012-2019 Simon Ruderich +blhc $VERSION Copyright (C) 2012-2020 Simon Ruderich This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1759,7 +1759,7 @@ Ejari.aalto@cante.netE for their valuable input and suggestions. =head1 LICENSE AND COPYRIGHT -Copyright (C) 2012-2019 by Simon Ruderich +Copyright (C) 2012-2020 by Simon Ruderich This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/t/tests.t b/t/tests.t index 3dd2ff2..a43625a 100644 --- a/t/tests.t +++ b/t/tests.t @@ -1,6 +1,6 @@ # Tests for blhc. # -# Copyright (C) 2012-2019 Simon Ruderich +# Copyright (C) 2012-2020 Simon Ruderich # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -67,7 +67,7 @@ is_blhc '', '', 2, $usage; is_blhc '', '--version', 0, - 'blhc 0.10 Copyright (C) 2012-2019 Simon Ruderich + 'blhc 0.10 Copyright (C) 2012-2020 Simon Ruderich This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- 2.44.2 From 248695547c4305a7dbff3f74e6cd5e1135ae38f3 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 5 Jan 2020 12:23:37 +0100 Subject: [PATCH 05/16] Release 0.11 --- NEWS | 2 +- bin/blhc | 2 +- t/tests.t | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 097d76b..1620fc8 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,7 @@ NEWS ==== -Version 0.XX +Version 0.11 ------------ - Fix false positive in `dwz` lines; reported by Raphaël Hertzog (Debian Bug diff --git a/bin/blhc b/bin/blhc index 8cbee81..5dd454c 100755 --- a/bin/blhc +++ b/bin/blhc @@ -24,7 +24,7 @@ use warnings; use Getopt::Long (); use Text::ParseWords (); -our $VERSION = '0.10'; +our $VERSION = '0.11'; # CONSTANTS/VARIABLES diff --git a/t/tests.t b/t/tests.t index a43625a..77b8f2a 100644 --- a/t/tests.t +++ b/t/tests.t @@ -67,7 +67,7 @@ is_blhc '', '', 2, $usage; is_blhc '', '--version', 0, - 'blhc 0.10 Copyright (C) 2012-2020 Simon Ruderich + 'blhc 0.11 Copyright (C) 2012-2020 Simon Ruderich This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- 2.44.2 From dd0fe03f3a6cbf13d0ea4f327662a3ffaca881e1 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 26 Jul 2020 07:29:56 +0200 Subject: [PATCH 06/16] Sync architecture specific hardening support with dpkg 1.20.5 No changes --- bin/blhc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/blhc b/bin/blhc index 5dd454c..8c1d1fb 100755 --- a/bin/blhc +++ b/bin/blhc @@ -1107,7 +1107,7 @@ foreach my $file (@ARGV) { # Option or auto detected. if ($arch) { - # The following was partially copied from dpkg-dev 1.19.7 + # The following was partially copied from dpkg-dev 1.20.5 # (/usr/share/perl5/Dpkg/Vendor/Debian.pm, _add_build_flags()), # copyright Raphaël Hertzog , Guillem Jover # , Kees Cook , Canonical, Ltd. -- 2.44.2 From 7325cb77886763eb0884f0aa22ab18425fdd64f3 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 26 Jul 2020 08:16:33 +0200 Subject: [PATCH 07/16] Support ignoring lines by embedding a string in the build log --- MANIFEST | 2 ++ NEWS | 7 +++++++ bin/blhc | 26 ++++++++++++++++++++++++++ t/logs/ignore-line-inline | 12 ++++++++++++ t/logs/ignore-line-inline2 | 13 +++++++++++++ t/tests.t | 13 ++++++++++++- 6 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 t/logs/ignore-line-inline create mode 100644 t/logs/ignore-line-inline2 diff --git a/MANIFEST b/MANIFEST index b4b05d3..a453de4 100644 --- a/MANIFEST +++ b/MANIFEST @@ -62,6 +62,8 @@ t/logs/good-pie t/logs/ignore-flag t/logs/ignore-flag-ldflags t/logs/ignore-line +t/logs/ignore-line-inline +t/logs/ignore-line-inline2 t/logs/libtool t/logs/make t/logs/parallel diff --git a/NEWS b/NEWS index 1620fc8..2a586e8 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,13 @@ NEWS ==== +Version 0.XX +------------ + +- Add support to dynamically ignore lines from within the build log by + embedding the string "blhc: ignore-line-regexp:" (Debian Bug #725484). + + Version 0.11 ------------ diff --git a/bin/blhc b/bin/blhc index 8c1d1fb..0d7276d 100755 --- a/bin/blhc +++ b/bin/blhc @@ -750,6 +750,7 @@ foreach my $flags (@flag_refs_all) { } # Precompile ignore line regexps, also anchor at beginning and end of line. +# Additional entries are also extracted from the build log, see below. foreach my $ignore (@option_ignore_line) { $ignore = qr/^$ignore$/; } @@ -954,6 +955,15 @@ foreach my $file (@ARGV) { } } + # Permit dynamic excludes from within the build log to ignore false + # positives. Cannot use a separate config file as we often only have + # the build log itself. + if (index($line, 'blhc: ignore-line-regexp: ') == 0) { + my $ignore = substr $line, 26, -1; # -1 to ignore '\n' at the end + push @option_ignore_line, qr/^$ignore$/; + next; + } + next if $line =~ /^\s*#/; # Ignore compiler warnings for now. next if $line =~ /$warning_regex/o; @@ -1514,6 +1524,22 @@ If there's no output, no flags are missing and the build log is fine. See F for details about performed checks, auto-detection and limitations. +=head1 FALSE POSITIVES + +To suppress false positives you can embed the following string in the build +log: + + blhc: ignore-line-regexp: REGEXP + +All lines fully matching REGEXP (see B<--ignore-line> for details) will be +ignored. + +Please use this feature sparingly so that missing flags are not overlooked. If +you find false positives which affect more packages please report a bug. + +To generate this string simply use echo in C; make sure to use @ +to suppress the echo command itself as it could also trigger a false positive. + =head1 OPTIONS =over 8 diff --git a/t/logs/ignore-line-inline b/t/logs/ignore-line-inline new file mode 100644 index 0000000..fea3fa1 --- /dev/null +++ b/t/logs/ignore-line-inline @@ -0,0 +1,12 @@ +dpkg-buildpackage: source package test + +blhc: ignore-line-regexp: \./prepare-script gcc test-[a-z]\.c + + ./prepare-script gcc test-a.c test-b.c test-c.c + +./prepare-script gcc test-a.c +gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c +./prepare-script gcc test-b.c +gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c +./prepare-script gcc test-c.c +gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-c.c diff --git a/t/logs/ignore-line-inline2 b/t/logs/ignore-line-inline2 new file mode 100644 index 0000000..8432a16 --- /dev/null +++ b/t/logs/ignore-line-inline2 @@ -0,0 +1,13 @@ +dpkg-buildpackage: source package test + +blhc: ignore-line-regexp: \./prepare-script gcc test-[a-z]\.c +blhc: ignore-line-regexp: \s*\./prepare-script gcc test-[a-z]\.c .+ + + ./prepare-script gcc test-a.c test-b.c test-c.c + +./prepare-script gcc test-a.c +gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c +./prepare-script gcc test-b.c +gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c +./prepare-script gcc test-c.c +gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-c.c diff --git a/t/tests.t b/t/tests.t index 77b8f2a..57ab3fb 100644 --- a/t/tests.t +++ b/t/tests.t @@ -19,7 +19,7 @@ use strict; use warnings; -use Test::More tests => 240; +use Test::More tests => 244; sub is_blhc { @@ -162,6 +162,17 @@ is_blhc 'arch-i386', '--ignore-arch-flag amd64:-fstack-protector-strong --ignore LDFLAGS missing (-pie): gcc -fPIE -Wl,-z,relro -Wl,-z,now -o test test.o '; +# Ignore certain lines (through inline command). + +is_blhc 'ignore-line-inline', '', 8, + 'CFLAGS missing (-g -O2 -fstack-protector-strong -Wformat -Werror=format-security): ./prepare-script gcc test-a.c test-b.c test-c.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): ./prepare-script gcc test-a.c test-b.c test-c.c +LDFLAGS missing (-Wl,-z,relro): ./prepare-script gcc test-a.c test-b.c test-c.c +'; + +is_blhc 'ignore-line-inline2', '', 0, + ''; + # Ignore certain lines. -- 2.44.2 From 3c58bb7a1e0b6d9a67b8cba18affe657b2aecbbf Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 26 Jul 2020 08:36:48 +0200 Subject: [PATCH 08/16] Ignore false positive from Meson build output --- NEWS | 1 + bin/blhc | 2 ++ t/logs/false-positives | 2 ++ 3 files changed, 5 insertions(+) diff --git a/NEWS b/NEWS index 2a586e8..575310f 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,7 @@ Version 0.XX - Add support to dynamically ignore lines from within the build log by embedding the string "blhc: ignore-line-regexp:" (Debian Bug #725484). +- Fix false positive for meson build; reported by Yangfl (Debian Bug #953335). Version 0.11 diff --git a/bin/blhc b/bin/blhc index 0d7276d..44fa3ce 100755 --- a/bin/blhc +++ b/bin/blhc @@ -1076,6 +1076,8 @@ foreach my $file (@ARGV) { next if $line =~ m{$cc_regex_normal\s*>\s*\S+}o; # Hex output may contain "cc". next if $line =~ m#(?:\b[0-9a-fA-F]{2,}\b\s*){5}#; + # Meson build output + next if $line =~ /^C\+\+ linker for the host machine: /; # Check if additional hardening options were used. Used to ensure # they are used for the complete build. diff --git a/t/logs/false-positives b/t/logs/false-positives index 8e7d6c3..3b7d18d 100644 --- a/t/logs/false-positives +++ b/t/logs/false-positives @@ -66,3 +66,5 @@ Compiler executable checksum: 26648cf2c5cb5e5907eedabc7a0be2ce 03d0 - 6e 57 7b cb f1 2d ec 4a-82 b6 b6 49 be 63 56 1a nW{..-.J...I.cV. 03e0 - 8c 1d af 9a e6 5c 5f 6e-03 f8 8e 9b 0b 30 b6 c0 .....\_n.....0.. 03f0 - 42 b6 a1 d9 b0 59 09 81-74 b1 1f c0 9c 3f c6 f1 B....Y..t....?.. + +C++ linker for the host machine: c++ ld.bfd 2.34 -- 2.44.2 From 2468c015390d5de096a2b9ca15e6744eb0fb0447 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 26 Jul 2020 08:51:00 +0200 Subject: [PATCH 09/16] Fix false positive with embedded gcc -print-* commands --- NEWS | 2 ++ bin/blhc | 2 ++ t/logs/false-positives | 2 ++ 3 files changed, 6 insertions(+) diff --git a/NEWS b/NEWS index 575310f..023548b 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,8 @@ Version 0.XX - Add support to dynamically ignore lines from within the build log by embedding the string "blhc: ignore-line-regexp:" (Debian Bug #725484). - Fix false positive for meson build; reported by Yangfl (Debian Bug #953335). +- Fix false positive with embedded gcc -print-* commands; reported by Andreas + Beckmann (Debian Bug #964160) Version 0.11 diff --git a/bin/blhc b/bin/blhc index 44fa3ce..81d3b12 100755 --- a/bin/blhc +++ b/bin/blhc @@ -1078,6 +1078,8 @@ foreach my $file (@ARGV) { next if $line =~ m#(?:\b[0-9a-fA-F]{2,}\b\s*){5}#; # Meson build output next if $line =~ /^C\+\+ linker for the host machine: /; + # Embedded `gcc -print-*` commands + next if $line =~ /`$cc_regex_normal\s*[^`]*-print-\S+`/; # Check if additional hardening options were used. Used to ensure # they are used for the complete build. diff --git a/t/logs/false-positives b/t/logs/false-positives index 3b7d18d..81343dc 100644 --- a/t/logs/false-positives +++ b/t/logs/false-positives @@ -68,3 +68,5 @@ Compiler executable checksum: 26648cf2c5cb5e5907eedabc7a0be2ce 03f0 - 42 b6 a1 d9 b0 59 09 81-74 b1 1f c0 9c 3f c6 f1 B....Y..t....?.. C++ linker for the host machine: c++ ld.bfd 2.34 + +mv -f /build/nvidia-cuda-toolkit-10.1.243/debian/tmp/usr/lib/x86_64-linux-gnu/`gcc -g -O2 -fdebug-prefix-map=/build/nvidia-cuda-toolkit-10.1.243=. -fstack-protector-strong -Wformat -Werror=format-security -print-multi-os-directory`/./libiberty.an /build/nvidia-cuda-toolkit-10.1.243/debian/tmp/usr/lib/x86_64-linux-gnu/`gcc -g -O2 -fdebug-prefix-map=/build/nvidia-cuda-toolkit-10.1.243=. -fstack-protector-strong -Wformat -Werror=format-security -print-multi-os-directory`/./libiberty.a -- 2.44.2 From a4712dd7fab2e1e14ba27894279dc793d1944536 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Wed, 29 Jul 2020 07:51:12 +0200 Subject: [PATCH 10/16] Detect non-verbose commands in waf builds --- NEWS | 1 + bin/blhc | 2 +- t/logs/verbose-build | 5 +++++ t/tests.t | 2 ++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 023548b..b579b11 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,7 @@ Version 0.XX - Fix false positive for meson build; reported by Yangfl (Debian Bug #953335). - Fix false positive with embedded gcc -print-* commands; reported by Andreas Beckmann (Debian Bug #964160) +- Detect non-verbose commands in waf builds. Version 0.11 diff --git a/bin/blhc b/bin/blhc index 81d3b12..3b7f746 100755 --- a/bin/blhc +++ b/bin/blhc @@ -532,7 +532,7 @@ sub is_non_verbose_build { if (not (index($line, 'checking if you want to see long compiling messages... no') == 0 or $line =~ /^\s*\[?(?:CC|CCLD|C\+\+|CXX|CXXLD|LD|LINK)\]?\s+(.+?)$/ - or $line =~ /^\s*[Cc]ompiling\s+(.+?)(?:\.\.\.)?$/ + or $line =~ /^\s*[][\/0-9 ]*[Cc]ompiling\s+(.+?)(?:\.\.\.)?$/ or $line =~ /^\s*[Bb]uilding (?:program|shared library)\s+(.+?)$/ or $line =~ /^\s*\[[\d ]+%\] Building (?:C|CXX) object (.+?)$/)) { return 0; diff --git a/t/logs/verbose-build b/t/logs/verbose-build index 07476f5..2c9cf7b 100644 --- a/t/logs/verbose-build +++ b/t/logs/verbose-build @@ -180,3 +180,8 @@ cd /build/scribus-1.4.5+dfsg1/obj-x86_64-linux-gnu/scribus/desaxe && /usr/lib/cc compiling catalog tap/locale/ja/LC_MESSAGES/tappy.po to tap/locale/ja/LC_MESSAGES/tappy.mo compiling catalog tap/locale/nl/LC_MESSAGES/tappy.po to tap/locale/nl/LC_MESSAGES/tappy.mo Compiling pyzoltan/core/carray.pyx because it changed. + +[ 1/13] Compiling src/instance.c +08:17:31 runner ['/usr/lib/ccache/gcc', '-I/build/suil-0.10.4', '-g', '-O2', '-fdebug-prefix-map=/build/suil-0.10.4=.', '-fstack-protector-strong', '-Wformat', '-Werror=format-security', '-DNDEBUG', '-pedantic', '-Wshadow', '-Wall', '-Wcast-align', '-Wextra', '-Wmissing-declarations', '-Wno-unused-parameter', '-Wno-parentheses', '-Wstrict-overflow', '-Wundef', '-Wwrite-strings', '-fstrict-overflow', '-Wlogical-op', '-Wsuggest-attribute=noreturn', '-Wunsafe-loop-optimizations', '-fshow-column', '-std=c99', '-fvisibility=hidden', '-fPIC', '-I.', '-I..', '-I/build/suil-0.10.4/build', '-DSUIL_VERSION="0.10.4"', '-DHAVE_LV2=1', '-DHAVE_X11=1', '-DHAVE_GTK3=1', '-DHAVE_GTK3_X11=1', '-DHAVE_QT5=1', '-DHAVE_LIBDL=1', '-DSUIL_MODULE_DIR="/usr/lib/x86_64-linux-gnu/suil-0"', '-DSUIL_DIR_SEP="/"', '-DSUIL_GTK2_LIB_NAME="libgtk-x11-2.0.so.0"', '-DSUIL_GTK3_LIB_NAME="libgtk-x11-3.0.so.0"', '-DSUIL_WITH_X11_IN_GTK3=1', '-DSUIL_WITH_QT5_IN_GTK3=1', '-DSUIL_WITH_X11_IN_QT5=1', '-DSUIL_WITH_X11=1', '-DSUIL_MODULE_PREFIX="lib"', '-DSUIL_MODULE_EXT=".so"', '-DSUIL_SHARED', '-DSUIL_INTERNAL', '../src/instance.c', '-c', '-o/build/suil-0.10.4/build/src/instance.c.3.o', '-Wdate-time', '-D_FORTIFY_SOURCE=2'] +[11/13] Compiling suil.pc.in +[12/13] Linking build/libsuil_x11.so diff --git a/t/tests.t b/t/tests.t index 57ab3fb..a1ee8b5 100644 --- a/t/tests.t +++ b/t/tests.t @@ -648,6 +648,8 @@ CXXFLAGS missing (-Wformat): cd /tmp/test/src && /usr/bin/c++ -g -O2 -fstack-pro CFLAGS missing (-Werror=format-security): cd /tmp/test/src && /usr/bin/gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -o CMakeFiles/test-verbose-c.dir/verbose-c.c.o -c -D_FORTIFY_SOURCE=2 /tmp/test/src/test-verbose-c/verbose-c.c NONVERBOSE BUILD: Compiling test.c \ gcc test.c NONVERBOSE BUILD: [ 3%] Building CXX object scribus/text/CMakeFiles/scribus_text_lib.dir/frect.cpp.o +NONVERBOSE BUILD: [ 1/13] Compiling src/instance.c +NONVERBOSE BUILD: [11/13] Compiling suil.pc.in '; is_blhc 'parallel', '', 0, ''; -- 2.44.2 From c2874d0d8e4579450add73e804f400fdd7f2f456 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Wed, 29 Jul 2020 07:55:23 +0200 Subject: [PATCH 11/16] Release 0.12 --- NEWS | 2 +- bin/blhc | 2 +- t/tests.t | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index b579b11..a933cb9 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,7 @@ NEWS ==== -Version 0.XX +Version 0.12 ------------ - Add support to dynamically ignore lines from within the build log by diff --git a/bin/blhc b/bin/blhc index 3b7f746..2ea54d4 100755 --- a/bin/blhc +++ b/bin/blhc @@ -24,7 +24,7 @@ use warnings; use Getopt::Long (); use Text::ParseWords (); -our $VERSION = '0.11'; +our $VERSION = '0.12'; # CONSTANTS/VARIABLES diff --git a/t/tests.t b/t/tests.t index a1ee8b5..9dc8975 100644 --- a/t/tests.t +++ b/t/tests.t @@ -67,7 +67,7 @@ is_blhc '', '', 2, $usage; is_blhc '', '--version', 0, - 'blhc 0.11 Copyright (C) 2012-2020 Simon Ruderich + 'blhc 0.12 Copyright (C) 2012-2020 Simon Ruderich This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- 2.44.2 From 189d593d45a3cab37a1908c2ae6c0c0d0916d60d Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 28 Nov 2020 11:29:01 +0100 Subject: [PATCH 12/16] Remove unused function array_equal() Unused since 42b57fd ("Fix another Ada false positive for format flags", 2016-09-10) --- bin/blhc | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/bin/blhc b/bin/blhc index 2ea54d4..140d2ad 100755 --- a/bin/blhc +++ b/bin/blhc @@ -341,20 +341,6 @@ my $option_color; # FUNCTIONS -# Only works for single-level arrays with no undef values. Thanks to perlfaq4. -sub array_equal { - my ($first_ref, $second_ref) = @_; - - return 0 if scalar @{$first_ref} != scalar @{$second_ref}; - - my $length = scalar @{$first_ref}; - for (my $i = 0; $i < $length; $i++) { - return 0 if $first_ref->[$i] ne $second_ref->[$i]; - } - - return 1; -} - sub error_flags { my ($message, $missing_flags_ref, $flag_renames_ref, $line, $number) = @_; -- 2.44.2 From ceef2f83a375cace7ee2e1fc7a27dadcbc75737a Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 28 Nov 2020 12:06:31 +0100 Subject: [PATCH 13/16] Also split commands on && and || Ignore `echo` commands to prevent false positives. Splitting only on ; can hide false negatives. --- NEWS | 7 +++++++ bin/blhc | 36 +++++++++++++++++++++++++++--------- t/logs/bad-cflags | 4 ++++ t/tests.t | 40 ++++++++++++++++++++++++++++++++++++++-- 4 files changed, 76 insertions(+), 11 deletions(-) diff --git a/NEWS b/NEWS index a933cb9..c42fbf1 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,13 @@ NEWS ==== +Version 0.XX +------------ + +- Also split commands on && and || (not only on ;) to detect more false + negatives. This could also trigger more false positives. + + Version 0.12 ------------ diff --git a/bin/blhc b/bin/blhc index 140d2ad..52a8469 100755 --- a/bin/blhc +++ b/bin/blhc @@ -341,6 +341,26 @@ my $option_color; # FUNCTIONS +sub split_line { + my ($line) = @_; + + my @work = ($line); + foreach my $delim (';', '&&', '||') { + my @x; + foreach (@work) { + push @x, Text::ParseWords::parse_line(qr/\Q$delim\E/, 1, $_); + } + @work = @x; + } + + return map { + # Ensure newline at the line end - necessary for + # correct parsing later. + $_ =~ s/\s+$//; + $_ .= "\n"; + } @work; +} + sub error_flags { my ($message, $missing_flags_ref, $flag_renames_ref, $line, $number) = @_; @@ -971,16 +991,12 @@ foreach my $file (@ARGV) { $non_verbose |= is_non_verbose_build($line, \$skip); next if $skip; - # One line may contain multiple commands (";"). Treat each one as - # single line. parse_line() is slow, only use it when necessary. - my @line = (index($line, ';') == -1) + # Treat each command as a single line so we don't ignore valid + # commands when handling false positives. split_line() is slow, only + # use it when necessary. + my @line = ($line !~ /(?:;|&&|\|\|)/) ? ($line) - : map { - # Ensure newline at the line end - necessary for - # correct parsing later. - $_ =~ s/\s+$//; - $_ .= "\n"; - } Text::ParseWords::parse_line(';', 1, $line); + : split_line($line); foreach my $line (@line) { if ($continuation) { $continuation = 0; @@ -1029,6 +1045,8 @@ foreach my $file (@ARGV) { # optional compiler options, don't allow # "everything" here to prevent false negatives \s*(?:\s-\S+)*\s*$}xo; + # `echo` is never a compiler command + next if $line =~ /^\s*echo\s/; # `moc-qt4`/`moc-qt5` contain '-I.../linux-g++' in their command # line (or similar for other architectures) which gets recognized # as a compiler line, but `moc-qt*` is only a preprocessor for Qt diff --git a/t/logs/bad-cflags b/t/logs/bad-cflags index f2bc378..d06cfd1 100644 --- a/t/logs/bad-cflags +++ b/t/logs/bad-cflags @@ -14,3 +14,7 @@ gcc -fPIC -g -O2 -fstack-protector-strong -Wformat-security -Werror=format-secur gcc test.c -o test.output (gcc -Wl,-z,relro -o test.output test.c) + +rm whatever ; gcc test-comma.c +rm whatever && gcc test-and.c +rm whatever || gcc test-or.c diff --git a/t/tests.t b/t/tests.t index 9dc8975..7e0a7ed 100644 --- a/t/tests.t +++ b/t/tests.t @@ -446,6 +446,15 @@ CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test.c -o test.output LDFLAGS missing (-Wl,-z,relro): gcc test.c -o test.output CFLAGS missing (-g -O2 -fstack-protector-strong -Wformat -Werror=format-security): (gcc -Wl,-z,relro -o test.output test.c) CPPFLAGS missing (-D_FORTIFY_SOURCE=2): (gcc -Wl,-z,relro -o test.output test.c) +CFLAGS missing (-g -O2 -fstack-protector-strong -Wformat -Werror=format-security): gcc test-comma.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test-comma.c +LDFLAGS missing (-Wl,-z,relro): gcc test-comma.c +CFLAGS missing (-g -O2 -fstack-protector-strong -Wformat -Werror=format-security): gcc test-and.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test-and.c +LDFLAGS missing (-Wl,-z,relro): gcc test-and.c +CFLAGS missing (-g -O2 -fstack-protector-strong -Wformat -Werror=format-security): gcc test-or.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test-or.c +LDFLAGS missing (-Wl,-z,relro): gcc test-or.c '; is_blhc 'bad-cflags', '--pie', 8, 'CFLAGS missing (-fPIE -Wformat): gcc -g -O2 -fstack-protector-strong -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c @@ -464,6 +473,15 @@ LDFLAGS missing (-fPIE -pie -Wl,-z,relro): gcc test.c -o test.output CFLAGS missing (-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security): (gcc -Wl,-z,relro -o test.output test.c) CPPFLAGS missing (-D_FORTIFY_SOURCE=2): (gcc -Wl,-z,relro -o test.output test.c) LDFLAGS missing (-fPIE -pie): (gcc -Wl,-z,relro -o test.output test.c) +CFLAGS missing (-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security): gcc test-comma.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test-comma.c +LDFLAGS missing (-fPIE -pie -Wl,-z,relro): gcc test-comma.c +CFLAGS missing (-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security): gcc test-and.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test-and.c +LDFLAGS missing (-fPIE -pie -Wl,-z,relro): gcc test-and.c +CFLAGS missing (-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security): gcc test-or.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test-or.c +LDFLAGS missing (-fPIE -pie -Wl,-z,relro): gcc test-or.c '; is_blhc 'bad-cflags', '--bindnow', 8, 'CFLAGS missing (-Wformat): gcc -g -O2 -fstack-protector-strong -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c @@ -483,6 +501,15 @@ LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): gcc test.c -o test.output CFLAGS missing (-g -O2 -fstack-protector-strong -Wformat -Werror=format-security): (gcc -Wl,-z,relro -o test.output test.c) CPPFLAGS missing (-D_FORTIFY_SOURCE=2): (gcc -Wl,-z,relro -o test.output test.c) LDFLAGS missing (-Wl,-z,now): (gcc -Wl,-z,relro -o test.output test.c) +CFLAGS missing (-g -O2 -fstack-protector-strong -Wformat -Werror=format-security): gcc test-comma.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test-comma.c +LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): gcc test-comma.c +CFLAGS missing (-g -O2 -fstack-protector-strong -Wformat -Werror=format-security): gcc test-and.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test-and.c +LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): gcc test-and.c +CFLAGS missing (-g -O2 -fstack-protector-strong -Wformat -Werror=format-security): gcc test-or.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test-or.c +LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): gcc test-or.c '; is_blhc 'bad-cflags', '--pie --bindnow', 8, 'CFLAGS missing (-fPIE -Wformat): gcc -g -O2 -fstack-protector-strong -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c @@ -502,6 +529,15 @@ LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc test.c -o test.output CFLAGS missing (-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security): (gcc -Wl,-z,relro -o test.output test.c) CPPFLAGS missing (-D_FORTIFY_SOURCE=2): (gcc -Wl,-z,relro -o test.output test.c) LDFLAGS missing (-fPIE -pie -Wl,-z,now): (gcc -Wl,-z,relro -o test.output test.c) +CFLAGS missing (-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security): gcc test-comma.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test-comma.c +LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc test-comma.c +CFLAGS missing (-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security): gcc test-and.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test-and.c +LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc test-and.c +CFLAGS missing (-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security): gcc test-or.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc test-or.c +LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): gcc test-or.c '; is_blhc 'bad-cflags-stackprotector', '', 8, 'CFLAGS missing (-fstack-protector-strong): gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector test-a.c @@ -644,8 +680,8 @@ NONVERBOSE BUILD: Compiling test_file.cxx... CXXFLAGS missing (-fstack-protector-strong): g++ -g -O2 -fPIC -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test_file.cxx NONVERBOSE BUILD: [ 22%] Building CXX object src/CMakeFiles/test/test.cpp.o NONVERBOSE BUILD: [ 82%] Building C object src/CMakeFiles/test/test.c.o -CXXFLAGS missing (-Wformat): cd /tmp/test/src && /usr/bin/c++ -g -O2 -fstack-protector-strong -Wformat-security -Werror=format-security -o CMakeFiles/test-verbose.dir/verbose.cpp.o -c -D_FORTIFY_SOURCE=2 /tmp/test/src/test-verbose/verbose.cpp -CFLAGS missing (-Werror=format-security): cd /tmp/test/src && /usr/bin/gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -o CMakeFiles/test-verbose-c.dir/verbose-c.c.o -c -D_FORTIFY_SOURCE=2 /tmp/test/src/test-verbose-c/verbose-c.c +CXXFLAGS missing (-Wformat): /usr/bin/c++ -g -O2 -fstack-protector-strong -Wformat-security -Werror=format-security -o CMakeFiles/test-verbose.dir/verbose.cpp.o -c -D_FORTIFY_SOURCE=2 /tmp/test/src/test-verbose/verbose.cpp +CFLAGS missing (-Werror=format-security): /usr/bin/gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -o CMakeFiles/test-verbose-c.dir/verbose-c.c.o -c -D_FORTIFY_SOURCE=2 /tmp/test/src/test-verbose-c/verbose-c.c NONVERBOSE BUILD: Compiling test.c \ gcc test.c NONVERBOSE BUILD: [ 3%] Building CXX object scribus/text/CMakeFiles/scribus_text_lib.dir/frect.cpp.o NONVERBOSE BUILD: [ 1/13] Compiling src/instance.c -- 2.44.2 From ee8f350576149b3cccaf0dacf11e35660209ff7d Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 28 Nov 2020 12:07:29 +0100 Subject: [PATCH 14/16] Fix indentation --- bin/blhc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/bin/blhc b/bin/blhc index 52a8469..eacf541 100755 --- a/bin/blhc +++ b/bin/blhc @@ -354,10 +354,10 @@ sub split_line { } return map { - # Ensure newline at the line end - necessary for - # correct parsing later. - $_ =~ s/\s+$//; - $_ .= "\n"; + # Ensure newline at the line end - necessary for + # correct parsing later. + $_ =~ s/\s+$//; + $_ .= "\n"; } @work; } -- 2.44.2 From 79d3a9eaaffbb1c593adf715fa5055a4a91ed0af Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 28 Nov 2020 12:10:43 +0100 Subject: [PATCH 15/16] Fix false positive when calling make --- NEWS | 2 ++ bin/blhc | 3 +++ t/logs/false-positives | 2 ++ 3 files changed, 7 insertions(+) diff --git a/NEWS b/NEWS index c42fbf1..9c9f8bc 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,8 @@ Version 0.XX - Also split commands on && and || (not only on ;) to detect more false negatives. This could also trigger more false positives. +- Fix false positive when calling make; reported by Fabian Wolff (Debian Bug + #975650). Version 0.12 diff --git a/bin/blhc b/bin/blhc index eacf541..3611c6d 100755 --- a/bin/blhc +++ b/bin/blhc @@ -1047,6 +1047,9 @@ foreach my $file (@ARGV) { \s*(?:\s-\S+)*\s*$}xo; # `echo` is never a compiler command next if $line =~ /^\s*echo\s/; + # Ignore calls to `make` because they can contain environment + # variables which look like compiler commands, e.g. CC=). + next if $line =~ /^\s*make\s/; # `moc-qt4`/`moc-qt5` contain '-I.../linux-g++' in their command # line (or similar for other architectures) which gets recognized # as a compiler line, but `moc-qt*` is only a preprocessor for Qt diff --git a/t/logs/false-positives b/t/logs/false-positives index 81343dc..467ab6a 100644 --- a/t/logs/false-positives +++ b/t/logs/false-positives @@ -70,3 +70,5 @@ Compiler executable checksum: 26648cf2c5cb5e5907eedabc7a0be2ce C++ linker for the host machine: c++ ld.bfd 2.34 mv -f /build/nvidia-cuda-toolkit-10.1.243/debian/tmp/usr/lib/x86_64-linux-gnu/`gcc -g -O2 -fdebug-prefix-map=/build/nvidia-cuda-toolkit-10.1.243=. -fstack-protector-strong -Wformat -Werror=format-security -print-multi-os-directory`/./libiberty.an /build/nvidia-cuda-toolkit-10.1.243/debian/tmp/usr/lib/x86_64-linux-gnu/`gcc -g -O2 -fdebug-prefix-map=/build/nvidia-cuda-toolkit-10.1.243=. -fstack-protector-strong -Wformat -Werror=format-security -print-multi-os-directory`/./libiberty.a + +(cd ../c-libs/posix-os; make VERSION="v-amd64-linux" MAKE="make" CC="gcc -std=gnu99 -Wall" CFLAGS="-O2 -m64 -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-z,relro" DEFS="-DARCH_AMD64 -DSIZE_64 -DOPSYS_UNIX -DOPSYS_LINUX -D_GNU_SOURCE -DGNU_ASSEMBLER -DDLOPEN -DINDIRECT_CFUNC" CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" LDFLAGS="-Wl,-z,relro" AR="ar" ARFLAGS="rcv" RANLIB="ranlib" INCLUDES="-I../../objs -I../../include -I.." libposix-os.a) -- 2.44.2 From 6ea14d4128deca3af04b103d1920bb565b62a62e Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Tue, 5 Oct 2021 12:07:03 +0200 Subject: [PATCH 16/16] Update copyright years --- Build.PL | 2 +- README | 2 +- bin/blhc | 4 ++-- t/tests.t | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Build.PL b/Build.PL index 021e788..8400444 100644 --- a/Build.PL +++ b/Build.PL @@ -1,6 +1,6 @@ #!/usr/bin/perl -# Copyright (C) 2012-2020 Simon Ruderich +# Copyright (C) 2012-2021 Simon Ruderich # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/README b/README index b60004c..60a4370 100644 --- a/README +++ b/README @@ -174,7 +174,7 @@ LICENSE blhc is licensed under GPL version 3 or later. -Copyright (C) 2012-2020 Simon Ruderich +Copyright (C) 2012-2021 Simon Ruderich This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/bin/blhc b/bin/blhc index 3611c6d..2c51ce4 100755 --- a/bin/blhc +++ b/bin/blhc @@ -2,7 +2,7 @@ # Build log hardening check, checks build logs for missing hardening flags. -# Copyright (C) 2012-2020 Simon Ruderich +# Copyright (C) 2012-2021 Simon Ruderich # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -690,7 +690,7 @@ if ($option_help) { } if ($option_version) { print <<"EOF"; -blhc $VERSION Copyright (C) 2012-2020 Simon Ruderich +blhc $VERSION Copyright (C) 2012-2021 Simon Ruderich This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/t/tests.t b/t/tests.t index 7e0a7ed..5996604 100644 --- a/t/tests.t +++ b/t/tests.t @@ -1,6 +1,6 @@ # Tests for blhc. # -# Copyright (C) 2012-2020 Simon Ruderich +# Copyright (C) 2012-2021 Simon Ruderich # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -67,7 +67,7 @@ is_blhc '', '', 2, $usage; is_blhc '', '--version', 0, - 'blhc 0.12 Copyright (C) 2012-2020 Simon Ruderich + 'blhc 0.12 Copyright (C) 2012-2021 Simon Ruderich This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- 2.44.2