diff options
Diffstat (limited to 'scripts/Dpkg')
| -rw-r--r-- | scripts/Dpkg/BuildOptions.pm | 10 | ||||
| -rw-r--r-- | scripts/Dpkg/Changelog/Entry.pm | 16 | ||||
| -rw-r--r-- | scripts/Dpkg/Deps/Simple.pm | 8 | ||||
| -rw-r--r-- | scripts/Dpkg/OpenPGP/Backend/GnuPG.pm | 4 | ||||
| -rw-r--r-- | scripts/Dpkg/OpenPGP/Backend/Sequoia.pm | 4 | ||||
| -rw-r--r-- | scripts/Dpkg/Shlibs/Symbol.pm | 28 | ||||
| -rw-r--r-- | scripts/Dpkg/Source/Package/V1.pm | 22 | ||||
| -rw-r--r-- | scripts/Dpkg/Vendor/Debian.pm | 49 | ||||
| -rw-r--r-- | scripts/Dpkg/Vendor/Default.pm | 13 | ||||
| -rw-r--r-- | scripts/Dpkg/Vendor/Ubuntu.pm | 66 |
10 files changed, 155 insertions, 65 deletions
diff --git a/scripts/Dpkg/BuildOptions.pm b/scripts/Dpkg/BuildOptions.pm index 5b53655..6c2a189 100644 --- a/scripts/Dpkg/BuildOptions.pm +++ b/scripts/Dpkg/BuildOptions.pm @@ -180,13 +180,11 @@ sub parse_features { my $value = ($1 eq '+') ? 1 : 0; if ($feature eq 'all') { $use_feature->{$_} = $value foreach keys %{$use_feature}; + } elsif (exists $use_feature->{$feature}) { + $use_feature->{$feature} = $value; } else { - if (exists $use_feature->{$feature}) { - $use_feature->{$feature} = $value; - } else { - warning(g_('unknown %s feature in %s variable: %s'), - $option, $self->{envvar}, $feature); - } + warning(g_('unknown %s feature in %s variable: %s'), + $option, $self->{envvar}, $feature); } } else { warning(g_('incorrect value in %s option of %s variable: %s'), diff --git a/scripts/Dpkg/Changelog/Entry.pm b/scripts/Dpkg/Changelog/Entry.pm index e572909..d55e5fd 100644 --- a/scripts/Dpkg/Changelog/Entry.pm +++ b/scripts/Dpkg/Changelog/Entry.pm @@ -154,16 +154,14 @@ sub extend_part { } else { push @{$self->{$part}}, $value; } + } elsif (defined $self->{$part}) { + if (ref($value)) { + $self->{$part} = [ $self->{$part}, @$value ]; + } else { + $self->{$part} .= $value; + } } else { - if (defined($self->{$part})) { - if (ref($value)) { - $self->{$part} = [ $self->{$part}, @$value ]; - } else { - $self->{$part} .= $value; - } - } else { - $self->{$part} = $value; - } + $self->{$part} = $value; } } diff --git a/scripts/Dpkg/Deps/Simple.pm b/scripts/Dpkg/Deps/Simple.pm index a2ab2b1..e4888ed 100644 --- a/scripts/Dpkg/Deps/Simple.pm +++ b/scripts/Dpkg/Deps/Simple.pm @@ -438,12 +438,10 @@ sub implies { if (defined $implication) { if (not defined $res) { $res = $implication; + } elsif ($implication) { + $res = 1; } else { - if ($implication) { - $res = 1; - } else { - $res = 0; - } + $res = 0; } last if defined $res and $res == 1; } diff --git a/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm b/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm index 9c53ef1..6c834be 100644 --- a/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm +++ b/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm @@ -46,7 +46,7 @@ use Dpkg::OpenPGP::ErrorCodes; use parent qw(Dpkg::OpenPGP::Backend); sub DEFAULT_CMDV { - return [ qw(gpgv) ]; + return [ qw(gpgv-sq gpgv) ]; } sub DEFAULT_CMDSTORE { @@ -54,7 +54,7 @@ sub DEFAULT_CMDSTORE { } sub DEFAULT_CMD { - return [ qw(gpg) ]; + return [ qw(gpg-sq gpg) ]; } sub has_backend_cmd { diff --git a/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm b/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm index ae4acc1..36801c9 100644 --- a/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm +++ b/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm @@ -69,7 +69,7 @@ sub armor return OPENPGP_MISSING_CMD unless $self->{cmd}; # We ignore the $type, and let "sq" handle this automatically. - my $rc = $self->_sq_exec(qw(armor --output), $out, $in); + my $rc = $self->_sq_exec(qw(toolbox armor --output), $out, $in); return OPENPGP_BAD_DATA if $rc; return OPENPGP_OK; } @@ -81,7 +81,7 @@ sub dearmor return OPENPGP_MISSING_CMD unless $self->{cmd}; # We ignore the $type, and let "sq" handle this automatically. - my $rc = $self->_sq_exec(qw(dearmor --output), $out, $in); + my $rc = $self->_sq_exec(qw(toolbox dearmor --output), $out, $in); return OPENPGP_BAD_DATA if $rc; return OPENPGP_OK; } diff --git a/scripts/Dpkg/Shlibs/Symbol.pm b/scripts/Dpkg/Shlibs/Symbol.pm index f4955bb..3b38a8c 100644 --- a/scripts/Dpkg/Shlibs/Symbol.pm +++ b/scripts/Dpkg/Shlibs/Symbol.pm @@ -115,23 +115,19 @@ sub parse_symbolspec { $symbol_templ = $2; $symbol = $2; $rest = $3; - } else { - if ($symbol =~ m/^(\S+)(.*)$/) { - $symbol_templ = $1; - $symbol = $1; - $rest = $2; - } + } elsif ($symbol =~ m/^(\S+)(.*)$/) { + $symbol_templ = $1; + $symbol = $1; + $rest = $2; } error(g_('symbol name unspecified: %s'), $symbolspec) if (!$symbol); - } else { + } elsif ($symbolspec =~ m/^(\S+)(.*)$/) { # No tag specification. Symbol name is up to the first space # foobarsymbol@Base 1.0 1 - if ($symbolspec =~ m/^(\S+)(.*)$/) { - $symbol = $1; - $rest = $2; - } else { - return 0; - } + $symbol = $1; + $rest = $2; + } else { + return 0; } $self->{symbol} = $symbol; $self->{symbol_templ} = $symbol_templ; @@ -463,12 +459,10 @@ sub mark_found_in_library { # Symbol reappeared somehow $self->{deprecated} = 0; $self->{minver} = $minver if (not $self->is_optional()); - } else { + } elsif (version_compare($minver, $self->{minver}) < 0) { # We assume that the right dependency information is already # there. - if (version_compare($minver, $self->{minver}) < 0) { - $self->{minver} = $minver; - } + $self->{minver} = $minver; } # Never remove arch tags from patterns if (not $self->is_pattern()) { diff --git a/scripts/Dpkg/Source/Package/V1.pm b/scripts/Dpkg/Source/Package/V1.pm index 170ffe1..bdf2c87 100644 --- a/scripts/Dpkg/Source/Package/V1.pm +++ b/scripts/Dpkg/Source/Package/V1.pm @@ -347,18 +347,16 @@ sub do_build { # creating a native .tar.gz if ($origtargz) { $sourcestyle =~ y/aA/pP/; # .orig.tar.<ext> - } else { - if (stat($origdir)) { - unless (-d _) { - error(g_("unpacked orig '%s' exists but is not a directory"), - $origdir); - } - $sourcestyle =~ y/aA/rR/; # .orig directory - } elsif ($! != ENOENT) { - syserr(g_("unable to stat putative unpacked orig '%s'"), $origdir); - } else { - $sourcestyle =~ y/aA/nn/; # Native tar.gz - } + } elsif (stat($origdir)) { + unless (-d _) { + error(g_("unpacked orig '%s' exists but is not a directory"), + $origdir); + } + $sourcestyle =~ y/aA/rR/; # .orig directory + } elsif ($! != ENOENT) { + syserr(g_("unable to stat putative unpacked orig '%s'"), $origdir); + } else { + $sourcestyle =~ y/aA/nn/; # Native tar.gz } } diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm index 2d07794..fcf5b1e 100644 --- a/scripts/Dpkg/Vendor/Debian.pm +++ b/scripts/Dpkg/Vendor/Debian.pm @@ -79,7 +79,7 @@ sub run_hook { } } elsif ($hook eq 'update-buildflags') { $self->set_build_features(@params); - $self->_add_build_flags(@params); + $self->add_build_flags(@params); } elsif ($hook eq 'builtin-system-build-paths') { return qw(/build/); } elsif ($hook eq 'build-tainted-by') { @@ -113,7 +113,8 @@ sub set_build_features { # XXX: This is set to undef so that we can handle the alias from # the future feature area. lfs => undef, - time64 => 0, + # XXX: This is set to undef to handle mask on the default setting. + time64 => undef, }, qa => { bug => 0, @@ -270,9 +271,36 @@ sub set_build_features { ## Area: abi + if (any { $arch eq $_ } qw(hurd-i386 kfreebsd-i386)) { + # Mask time64 on hurd-i386 and kfreebsd-i386, as their kernel lacks + # support for that arch and it will not be implemented. + $use_feature{abi}{time64} = 0; + } elsif (not defined $use_feature{abi}{time64}) { + # If the user has not requested a specific setting, by default only + # enable time64 everywhere except for i386, where we preserve it for + # binary backwards compatibility. + if ($arch eq 'i386') { + $use_feature{abi}{time64} = 0; + } else { + $use_feature{abi}{time64} = 1; + } + } + + # In Debian gcc enables time64 (and lfs) for the following architectures + # by injecting pre-processor flags, though the libc ABI has not changed. + if (any { $arch eq $_ } qw(armel armhf hppa m68k mips mipsel powerpc sh4)) { + $flags->set_option_value('cc-abi-time64', 1); + } else { + $flags->set_option_value('cc-abi-time64', 0); + } + if ($use_feature{abi}{time64} && ! $builtin_feature{abi}{time64}) { # On glibc 64-bit time_t support requires LFS. $use_feature{abi}{lfs} = 1 if $libc eq 'gnu'; + + # Require -Werror=implicit-function-declaration, to avoid linking + # against the wrong symbol. + $use_feature{qa}{'bug-implicit-func'} = 1; } # XXX: Handle lfs alias from future abi feature area. @@ -392,7 +420,7 @@ sub set_build_features { } } -sub _add_build_flags { +sub add_build_flags { my ($self, $flags) = @_; ## Global default flags @@ -425,13 +453,22 @@ sub _add_build_flags { ## Area: abi my %abi_builtins = $flags->get_builtins('abi'); + my $cc_abi_time64 = $flags->get_option_value('cc-abi-time64'); + if ($flags->use_feature('abi', 'lfs') && ! $abi_builtins{lfs}) { $flags->append('CPPFLAGS', '-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'); + } elsif (! $flags->use_feature('abi', 'lfs') && + ! $abi_builtins{lfs} && $cc_abi_time64) { + $flags->append('CPPFLAGS', + '-U_LARGEFILE_SOURCE -U_FILE_OFFSET_BITS'); } if ($flags->use_feature('abi', 'time64') && ! $abi_builtins{time64}) { $flags->append('CPPFLAGS', '-D_TIME_BITS=64'); + } elsif (! $flags->use_feature('abi', 'time64') && + ! $abi_builtins{time64} && $cc_abi_time64) { + $flags->append('CPPFLAGS', '-U_TIME_BITS'); } ## Area: qa @@ -586,7 +623,11 @@ sub _add_build_flags { } elsif ($cpu eq 'amd64') { $flag = '-fcf-protection'; } - $flags->append($_, $flag) foreach @compile_flags; + # The following should always be true on Debian, but it might not + # be on derivatives. + if (defined $flag) { + $flags->append($_, $flag) foreach @compile_flags; + } } } diff --git a/scripts/Dpkg/Vendor/Default.pm b/scripts/Dpkg/Vendor/Default.pm index fc0e6be..934953f 100644 --- a/scripts/Dpkg/Vendor/Default.pm +++ b/scripts/Dpkg/Vendor/Default.pm @@ -218,6 +218,19 @@ sub set_build_features { return; } +=item $vendor->add_build_flags($flags) + +Adds the vendor build flags to the compiler flag variables based on the +vendor defaults and previously set build features. + +=cut + +sub add_build_flags { + my ($self, $flags) = @_; + + return; +} + =back =head1 CHANGES diff --git a/scripts/Dpkg/Vendor/Ubuntu.pm b/scripts/Dpkg/Vendor/Ubuntu.pm index b50da37..f907fa9 100644 --- a/scripts/Dpkg/Vendor/Ubuntu.pm +++ b/scripts/Dpkg/Vendor/Ubuntu.pm @@ -95,14 +95,6 @@ sub run_hook { if (scalar(@$bugs)) { $fields->{'Launchpad-Bugs-Fixed'} = join(' ', @$bugs); } - } elsif ($hook eq 'update-buildflags') { - my $flags = shift @params; - - # Run the Debian hook to add hardening flags - $self->SUPER::run_hook($hook, $flags); - - # Per https://wiki.ubuntu.com/DistCompilerFlags - $flags->prepend('LDFLAGS', '-Wl,-Bsymbolic-functions'); } else { return $self->SUPER::run_hook($hook, @params); } @@ -137,6 +129,64 @@ sub set_build_features { $flags->set_option_value('fortify-level', 3); } +sub add_build_flags { + my ($self, $flags) = @_; + + my @compile_flags = qw( + CFLAGS + CXXFLAGS + OBJCFLAGS + OBJCXXFLAGS + FFLAGS + FCFLAGS + ); + + $self->SUPER::add_build_flags($flags); + + # Per https://wiki.ubuntu.com/DistCompilerFlags + $flags->prepend('LDFLAGS', '-Wl,-Bsymbolic-functions'); + + # In Ubuntu these flags are set by the compiler, so when disabling the + # features we need to pass appropriate flags to disable them. + if (!$flags->use_feature('hardening', 'stackprotectorstrong') && + !$flags->use_feature('hardening', 'stackprotector')) { + my $flag = '-fno-stack-protector'; + $flags->append($_, $flag) foreach @compile_flags; + } + + if (!$flags->use_feature('hardening', 'stackclash')) { + my $flag = '-fno-stack-clash-protection'; + $flags->append($_, $flag) foreach @compile_flags; + } + + if (!$flags->use_feature('hardening', 'fortify')) { + $flags->append('CPPFLAGS', '-D_FORTIFY_SOURCE=0'); + } + + if (!$flags->use_feature('hardening', 'format')) { + my $flag = '-Wno-format -Wno-error=format-security'; + $flags->append('CFLAGS', $flag); + $flags->append('CXXFLAGS', $flag); + $flags->append('OBJCFLAGS', $flag); + $flags->append('OBJCXXFLAGS', $flag); + } + + if (!$flags->use_feature('hardening', 'branch')) { + my $cpu = $flags->get_option_value('hardening-branch-cpu'); + my $flag; + if ($cpu eq 'arm64') { + $flag = '-mbranch-protection=none'; + } elsif ($cpu eq 'amd64') { + $flag = '-fno-cf-protection'; + } + if (defined $flag) { + $flags->append($_, $flag) foreach @compile_flags; + } + } + + return; +} + =head1 PUBLIC FUNCTIONS =over |