NEWS
====

Version 0.05
------------

- Fix false positive in configure output if $CC contains options (Debian bug
  #710135), reported by Bastien Roucariès.
- Handle another case of Qt's `moc` (Debian bug #710780), reported by Felix
  Geyer.
- Fix detection of build dependencies for buildd logs (Debian bug #719656),
  reported by Nicolas Boulenguez.
- Fix buildd architecture detection. Only relevant if the chroot setup fails
  and dpkg-buildpackage is never run; therefore a minor issue.
- Fix false positive when "compiling" python files (Debian bugs #714630 and
  #753080), reported by Matthias Klose, patch by James McCoy.
- Don't check for hardening flags in non-verbose compiler commands spanning
  multiple lines.
- Better handling of libtool commands (Debug bug #717598), reported by Stefan
  Fritsch.

- Sync architecture specific hardening support with dpkg 1.17.13.
- Check for -fstack-protector-strong on supported platforms (since dpkg
  1.17.11) (Debian bug #757885), reported by Markus Koschany.
- Consider lines with -O0 or -Og debug builds and disable checks for -O2
  (Debian bug #714628), reported by Matthias Klose. Also don't check for
  fortification in those lines as it requires optimization (Debian bug
  #757683), also reported by Matthias Klose.


Version 0.04
------------

- Fix many false positives, this includes compiled header files, lines with
  only CC=gcc but no other compiler commands and `moc-qt4`/`moc-qt5` commands.
- Accept -Wformat=2 because it implies -Wformat.
- Accept --param ssp-buffer-size=4 (space instead of equals sign).
- Fix build dependency related checks (Ada, hardening-wrapper) for pbuilder
  build logs.
- Fix architecture detection in old buildd build logs which use an additional
  "is" in the "dpkg-buildpackage: host architecture" field.

- Updated output in buildd mode.
- Only return non-zero exit codes for errors in buildd mode, not for warnings.
- Minor performance improvements.
- Support for Ada files.


Version 0.03
------------

- Fix --ignore-flag with -fPIE.
- Detect overwrite of -D_FORTIFY_SOURCE=2 with -D_FORTIFY_SOURCE=0 or 1 or
  -U_FORTIFY_SOURCE.

- Add --ignore-arch-flag and --ignore-arch-line options to ignore flags and
  lines on certain architectures only.
- Buildd tags "no-compiler-commands" and "invalid-cmake-used" are now
  information ('I-') instead of warning ('W-').
- Ignore false positives when using moc-qt4.


Version 0.02
------------

- Fix --version, --help.

- Remove -Wformat-security from expected CFLAGS because it's already implied
  by -Werror=format-security (removed in dpkg-dev >= 1.16.3).


Version 0.01
------------

- Initial release.

// vim: ft=asciidoc
