|File Search||Catalog||Content Search|
Because most build systems are quite complicated there are many places where compiler flags from the environment might be ignored. The parser verifies that all compiler commands use the correct hardening flags and thus all hardening features are correctly used.
It's designed to check build logs generated by Debian's dpkg-buildpackage (or tools using dpkg-buildpackage like pbuilder or the official buildd build logs) to help maintainers detect missing hardening flags in their packages.
README ====== blhc (build log hardening check) is a small tool which checks build logs for missing hardening flags. It's licensed under the GPL 3 or later. Hardening flags enable additional security features in the compiler to prevent e.g. stack overflows, format string vulnerabilities, GOT overwrites, etc. Because most build systems are quite complicated there are many places where compiler fl more»
NEWS ==== Version 0.03 ------------ - Fix --ignore-flag with -fPIE. - Detect overwrite of -D_FORTIFY_SOURCE=2 with -D_FORTIFY_SOURCE=0 or 1 or -U_FORTIFY_SOURCE. - Add --ignore-arch-flag and --ignore-arch-line options to ignore flags and lines on certain architectures only. - Buildd tags "no-compiler-commands" and "invalid-cmake-used" are now information ('I-') instead of warning ('W-'). more»
BLHC(1) User Contributed Perl Documentation BLHC(1) NAME blhc - build log hardening check, checks build logs for missing hardening flags SYNOPSIS blhc [options] <dpkg-buildpackage build log file>.. DESCRIPTION blhc is a small tool which checks build logs for missing hardening flags. It's licensed under the GPL 3 or later. It's design more»
blhc (0.03+20120626+git93afe23-1) unstable; urgency=low * New upstream release - Fixes for fa more»
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0 Upstream-Name: blhc Upstrea more»