X-Git-Url: https://ruderich.org/simon/gitweb/?p=blhc%2Fblhc.git;a=blobdiff_plain;f=NEWS;h=2a13ae6dbf53705b5cfff9a3efb38d14bc3ce173;hp=f980c0780c784fd2f3e3d8da890d06ee91762ec8;hb=HEAD;hpb=290a8e3484c700ebb91c3460820310e03ca38cb2 diff --git a/NEWS b/NEWS index f980c07..69f73f7 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,104 @@ NEWS ==== -Version 0.XX +Version 0.xx +------------ + +- Ignore another cargo/rust false positive; reported by Yogeswaran Umasankar + (see Debian Bug #1037521). +- Permit "no compiler commands" for cargo/rust projects. +- Fix false positive in C++ compiler detection; reported by Rafael Laboissière + (Debian Bug #1069576). + +Version 0.14 +------------ + +- Update moc handling for Qt6; reported by Ben Westover, patch from Ross + Vandegrift (Debian bug #1019521). +- Support -D_FORTIFY_SOURCE=3 added in glibc 2.35; reported by Christian + Göttsche (Debian bug #1027084). +- Fix false positive when using `nvcc`; reported by Andreas Beckmann (Debian + Bug #1033027). +- Fix tests in sid/testing by removing avr32 which is no longer supported + (Debian Bug #1050942). +- Accept -g3 instead of -g which enables more debug information; reported in + IRC OFTC/#debian-mentors. +- Properly ignore cargo/rust output; reported by Alexander Kjäll via email. +- Fix another false positives from cmake which probes for compiler flags + without setting CPPFLAGS; reported by Marco Mattiolo and Soren Stoutner + (Debian Bugs #1043522 and #1054882). +- Check for stack clash protection (-fstack-clash-protection); requested by + Emanuele Rocca (Debian Bug #1050909). +- Check for branch protection (amd64: -fcf-protection, arm64: + -mbranch-protection=standard); requested by Emanuele Rocca (Debian Bug + #1050912). + + +Version 0.13 +------------ + +- Also split commands on && and || (not only on ;) to detect more false + negatives. This could also trigger more false positives. +- Fix false positive when calling make; reported by Fabian Wolff (Debian Bug + #975650). +- Fix false positives from cmake which probes for compiler flags without + setting CPPFLAGS; reported and suggested fix by Joao Eriberto Mota Filho + (Debian Bug #994422). +- Properly handle quoted flags; reported by Olek Wojnar (see Debian Bug + #975650 message 45). +- Strip (basic) environment variables before compiler detection to reduce + false positives; reported by Fabian Wolff (Debian Bug #975650). + + +Version 0.12 +------------ + +- Add support to dynamically ignore lines from within the build log by + embedding the string "blhc: ignore-line-regexp:" (Debian Bug #725484). +- Fix false positive for meson build; reported by Yangfl (Debian Bug #953335). +- Fix false positive with embedded gcc -print-* commands; reported by Andreas + Beckmann (Debian Bug #964160). +- Detect non-verbose commands in waf builds. + + +Version 0.11 +------------ + +- Fix false positive in `dwz` lines; reported by Raphaël Hertzog (Debian Bug + #948009). + + +Version 0.10 +------------ + +- Sync architecture specific hardening support with dpkg 1.19.7. +- Fix architecture detection with recent dpkg-buildpackage versions; reported + by Ross Vandegrift, patch from Mathieu Parent (Debian bug #929503). +- Fix false positive in non-verbose check for python setuptools; reported by + Simon McVittie (Debian Bug #930993). +- Fix special handling of format CFLAGS for Ada/Fortran with build logs not + generated pbuilder/sbuild (pbuilder and sbuild provide build dependencies + but other do not); reported by Christoph Berg and Rafael Laboissière (Debian + bug #924387). +- Fix false positive in non-verbose check for cython's .pyx files; reported by + Picca Frédéric-Emmanuel (Debian Bug #939632). +- Fix false positive in libtool detection when the path to the libtool binary + is quoted; Yves-Alexis reported by Perez (Debian Bug #941836). + + +Version 0.09 +------------ + +- Detect restore of -D_FORTIFY_SOURCE=2 after it was overwritten by + -D_FORTIFY_SOURCE=0 or 1 or -U_FORTIFY_SOURCE; reported by Mike Hommey + (Debian bug #898332). +- Detect overwrite of -fstack-protector options with -fno-stack-protector + (same for -fstack-protector-all and -fstack-protector-strong). +- Don't treat hexdumps which contain "cc" as compiler lines; reported by Kurt + Roeckx (Debian bug #899137). + + +Version 0.08 ------------ - Support new dpkg versions which replaced Dpkg::Arch's debarch_to_debtriplet @@ -12,6 +109,15 @@ Version 0.XX - Add better support for Fortran (c.f. Debian Bug #853265). - Don't report missing PIE flags in buildd mode if GCC defaults to PIE (c.f. Debian Bug 845339). +- Add new --debian option to handle PIE flags like buildd mode, thanks to + Eriberto Mota for the suggestion. This is not enabled per default to prevent + false negatives as the flags are missing from the build log and blhc can't + detect if the compiler applied PIE internally (c.f. Debian Bug 845339). +- Add --line-numbers command line option +- Sync architecture specific hardening support with dpkg 1.19.0.5. +- Use proper look back for non-verbose detection if DEB_BUILD_OPTIONS=parallel + is present. Previously it was too small causing false-positives if the + option was detected. Version 0.07