X-Git-Url: https://ruderich.org/simon/gitweb/?p=blhc%2Fblhc.git;a=blobdiff_plain;f=NEWS;h=36aeb577e76366ee7bd8abcc6da294b75bcc9486;hp=f85fa1c3654d966b4cda1d2a9a773d3be8491410;hb=7f5037cc186261f1ecd243b6b432f01b3689c2a0;hpb=3e0e3f983bb324ab18d341323b7a06372e1ec78b diff --git a/NEWS b/NEWS index f85fa1c..36aeb57 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,84 @@ NEWS ==== +Version 0.06 +------------ + +- Sync architecture specific hardening support with dpkg 1.18.2. +- Fix false positive in "libtool: link: g++ -include test.h .." (Debian Bug + #784959), reported by Raphaël Hertzog. +- Fix false positive with `gcc -v` (Debian Bug #765756), reported by Andreas + Beckmann. +- Fix false positive in `rm` lines (Debian Bug #772853), reported by Jakub + Wilk. +- Sync architecture specific hardening support with dpkg 1.17.18. +- Update t/tests.t for new output of Pod::Usage in 1.65 (Debian Bug #825428), + reported by Niko Tyni, patch by Gregor Herrmann. +- Fix false positives for comment lines (Debian Bug #825671), reported by + Fabian Wolff. +- Improve non-verbose detection for parallel builds (Debian Bug #801492), + reported by Mattia Rizzolo, initial patch by Julien Lamy. + + +Version 0.05 +------------ + +- Fix false positive in configure output if $CC contains options (Debian bug + #710135), reported by Bastien Roucariès. +- Handle another case of Qt's `moc` (Debian bug #710780), reported by Felix + Geyer. +- Fix detection of build dependencies for buildd logs (Debian bug #719656), + reported by Nicolas Boulenguez. +- Fix buildd architecture detection. Only relevant if the chroot setup fails + and dpkg-buildpackage is never run; therefore a minor issue. +- Fix false positive when "compiling" python files (Debian bugs #714630 and + #753080), reported by Matthias Klose, patch by James McCoy. +- Don't check for hardening flags in non-verbose compiler commands spanning + multiple lines. +- Better handling of libtool commands (Debug bug #717598), reported by Stefan + Fritsch. + +- Sync architecture specific hardening support with dpkg 1.17.13. +- Check for -fstack-protector-strong on supported platforms (since dpkg + 1.17.11) (Debian bug #757885), reported by Markus Koschany. +- Consider lines with -O0 or -Og debug builds and disable checks for -O2 + (Debian bug #714628), reported by Matthias Klose. Also don't check for + fortification in those lines as it requires optimization (Debian bug + #757683), also reported by Matthias Klose. + + +Version 0.04 +------------ + +- Fix many false positives, this includes compiled header files, lines with + only CC=gcc but no other compiler commands and `moc-qt4`/`moc-qt5` commands. +- Accept -Wformat=2 because it implies -Wformat. +- Accept --param ssp-buffer-size=4 (space instead of equals sign). +- Fix build dependency related checks (Ada, hardening-wrapper) for pbuilder + build logs. +- Fix architecture detection in old buildd build logs which use an additional + "is" in the "dpkg-buildpackage: host architecture" field. + +- Updated output in buildd mode. +- Only return non-zero exit codes for errors in buildd mode, not for warnings. +- Minor performance improvements. +- Support for Ada files. + + +Version 0.03 +------------ + +- Fix --ignore-flag with -fPIE. +- Detect overwrite of -D_FORTIFY_SOURCE=2 with -D_FORTIFY_SOURCE=0 or 1 or + -U_FORTIFY_SOURCE. + +- Add --ignore-arch-flag and --ignore-arch-line options to ignore flags and + lines on certain architectures only. +- Buildd tags "no-compiler-commands" and "invalid-cmake-used" are now + information ('I-') instead of warning ('W-'). +- Ignore false positives when using moc-qt4. + + Version 0.02 ------------ @@ -9,7 +87,10 @@ Version 0.02 - Remove -Wformat-security from expected CFLAGS because it's already implied by -Werror=format-security (removed in dpkg-dev >= 1.16.3). + Version 0.01 ------------ - Initial release. + +// vim: ft=asciidoc