X-Git-Url: https://ruderich.org/simon/gitweb/?p=blhc%2Fblhc.git;a=blobdiff_plain;f=NEWS;h=223de68b6ddd3afd26cdc7f973e783406841f465;hp=92e1e52e7831090e0a111d4486d962e10c921686;hb=848cc5dffc059fa04e263e7287d0d0a780afe6ea;hpb=7bff3a8f927367067116104fb0b6e934e5e0eed3 diff --git a/NEWS b/NEWS index 92e1e52..223de68 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,77 @@ NEWS ==== +Version 0.XX +------------ + +- Sync architecture specific hardening support with dpkg 1.18.2. +- Fix false positive in "libtool: link: g++ -include test.h .." (Debian Bug + #784959), reported by Raphaël Hertzog. +- Fix false positive with `gcc -v` (Debian Bug #765756), reported by Andreas + Beckmann. +- Fix false positive in `rm` lines (Debian Bug #772853), reported by Jakub + Wilk. + + +Version 0.05 +------------ + +- Fix false positive in configure output if $CC contains options (Debian bug + #710135), reported by Bastien Roucariès. +- Handle another case of Qt's `moc` (Debian bug #710780), reported by Felix + Geyer. +- Fix detection of build dependencies for buildd logs (Debian bug #719656), + reported by Nicolas Boulenguez. +- Fix buildd architecture detection. Only relevant if the chroot setup fails + and dpkg-buildpackage is never run; therefore a minor issue. +- Fix false positive when "compiling" python files (Debian bugs #714630 and + #753080), reported by Matthias Klose, patch by James McCoy. +- Don't check for hardening flags in non-verbose compiler commands spanning + multiple lines. +- Better handling of libtool commands (Debug bug #717598), reported by Stefan + Fritsch. + +- Sync architecture specific hardening support with dpkg 1.17.13. +- Check for -fstack-protector-strong on supported platforms (since dpkg + 1.17.11) (Debian bug #757885), reported by Markus Koschany. +- Consider lines with -O0 or -Og debug builds and disable checks for -O2 + (Debian bug #714628), reported by Matthias Klose. Also don't check for + fortification in those lines as it requires optimization (Debian bug + #757683), also reported by Matthias Klose. + + +Version 0.04 +------------ + +- Fix many false positives, this includes compiled header files, lines with + only CC=gcc but no other compiler commands and `moc-qt4`/`moc-qt5` commands. +- Accept -Wformat=2 because it implies -Wformat. +- Accept --param ssp-buffer-size=4 (space instead of equals sign). +- Fix build dependency related checks (Ada, hardening-wrapper) for pbuilder + build logs. +- Fix architecture detection in old buildd build logs which use an additional + "is" in the "dpkg-buildpackage: host architecture" field. + +- Updated output in buildd mode. +- Only return non-zero exit codes for errors in buildd mode, not for warnings. +- Minor performance improvements. +- Support for Ada files. + + +Version 0.03 +------------ + +- Fix --ignore-flag with -fPIE. +- Detect overwrite of -D_FORTIFY_SOURCE=2 with -D_FORTIFY_SOURCE=0 or 1 or + -U_FORTIFY_SOURCE. + +- Add --ignore-arch-flag and --ignore-arch-line options to ignore flags and + lines on certain architectures only. +- Buildd tags "no-compiler-commands" and "invalid-cmake-used" are now + information ('I-') instead of warning ('W-'). +- Ignore false positives when using moc-qt4. + + Version 0.02 ------------