NEWS ==== Version 0.XX ------------ - Support new dpkg versions which replaced Dpkg::Arch's debarch_to_debtriplet with debarch_to_debtuple (Debian Bug #844393), reported by Johannes Schauer. - Support Open MPI mpicc/mpicxx compiler wrappers to prevent false positives in non-verbose-build detection, reported by Boud Roukema and Nico Schlömer (Debian Bug #853265). - Add better support for Fortran (c.f. Debian Bug #853265). - Don't report missing PIE flags in buildd mode if GCC defaults to PIE (c.f. Debian Bug 845339). Version 0.07 ------------ - Sync architecture specific hardening support with dpkg 1.18.10. - Fix false positive in "gcc > file" (Debian Bug #828789), reported by Mathieu Parent. - Fix another Ada false positive for format flags (Debian Bug #833939), reported by Nicolas Boulenguez. Version 0.06 ------------ - Sync architecture specific hardening support with dpkg 1.18.7. - Fix false positive in "libtool: link: g++ -include test.h .." (Debian Bug #784959), reported by Raphaël Hertzog. - Fix false positive with `gcc -v` (Debian Bug #765756), reported by Andreas Beckmann. - Fix false positive in `rm` lines (Debian Bug #772853), reported by Jakub Wilk. - Update t/tests.t for new output of Pod::Usage in 1.65 (Debian Bug #825428), reported by Niko Tyni, patch by Gregor Herrmann. - Fix false positives for comment lines (Debian Bug #825671), reported by Fabian Wolff. - Improve non-verbose detection for parallel builds (Debian Bug #801492), reported by Mattia Rizzolo, initial patch by Julien Lamy. Version 0.05 ------------ - Fix false positive in configure output if $CC contains options (Debian bug #710135), reported by Bastien Roucariès. - Handle another case of Qt's `moc` (Debian bug #710780), reported by Felix Geyer. - Fix detection of build dependencies for buildd logs (Debian bug #719656), reported by Nicolas Boulenguez. - Fix buildd architecture detection. Only relevant if the chroot setup fails and dpkg-buildpackage is never run; therefore a minor issue. - Fix false positive when "compiling" python files (Debian bugs #714630 and #753080), reported by Matthias Klose, patch by James McCoy. - Don't check for hardening flags in non-verbose compiler commands spanning multiple lines. - Better handling of libtool commands (Debug bug #717598), reported by Stefan Fritsch. - Sync architecture specific hardening support with dpkg 1.17.13. - Check for -fstack-protector-strong on supported platforms (since dpkg 1.17.11) (Debian bug #757885), reported by Markus Koschany. - Consider lines with -O0 or -Og debug builds and disable checks for -O2 (Debian bug #714628), reported by Matthias Klose. Also don't check for fortification in those lines as it requires optimization (Debian bug #757683), also reported by Matthias Klose. Version 0.04 ------------ - Fix many false positives, this includes compiled header files, lines with only CC=gcc but no other compiler commands and `moc-qt4`/`moc-qt5` commands. - Accept -Wformat=2 because it implies -Wformat. - Accept --param ssp-buffer-size=4 (space instead of equals sign). - Fix build dependency related checks (Ada, hardening-wrapper) for pbuilder build logs. - Fix architecture detection in old buildd build logs which use an additional "is" in the "dpkg-buildpackage: host architecture" field. - Updated output in buildd mode. - Only return non-zero exit codes for errors in buildd mode, not for warnings. - Minor performance improvements. - Support for Ada files. Version 0.03 ------------ - Fix --ignore-flag with -fPIE. - Detect overwrite of -D_FORTIFY_SOURCE=2 with -D_FORTIFY_SOURCE=0 or 1 or -U_FORTIFY_SOURCE. - Add --ignore-arch-flag and --ignore-arch-line options to ignore flags and lines on certain architectures only. - Buildd tags "no-compiler-commands" and "invalid-cmake-used" are now information ('I-') instead of warning ('W-'). - Ignore false positives when using moc-qt4. Version 0.02 ------------ - Fix --version, --help. - Remove -Wformat-security from expected CFLAGS because it's already implied by -Werror=format-security (removed in dpkg-dev >= 1.16.3). Version 0.01 ------------ - Initial release. // vim: ft=asciidoc