Changelog
check-all-the-things (2015.12.10ubuntu3.is.2017.05.20) xenial-security; urgency=medium
* SRU to Ubuntu 16.04, from Ubuntu artful,
fixing security issues (LP: #1597245)
check-all-the-things (2017.05.20) unstable; urgency=medium
* New release.
- The "Check Things Securely Yet Again" release
- Support BSD versions of the find command
- Support running in more types of terminals/places
- Support running commands in other dirs for safety
- Support properly disabling flags/checks
- Disable remarks about already disabled checks
- Update documentation, TODO items and URLs
- Print remarks more nicely in certain situations
- Print filenames and line numbers where possible
- Flag checks:
+ dangerous - rpmlint ocaml-lintian
+ run-in-tmp-dir - luacheck puppet-lint epubcheck erl-tidy
+ fixme-silent - flawfinder gettext-lint-* luacheck hlint
+ network - cme-check-dpkg
+ manual - gettext-lint-spell
- Fix complexity - prevent arbitrary code execution
- Fix perlcritic - disable code execution, only run when perl present,
increase verbosity to be more useful
- Fix clang-tidy regression from version 2016.06.29
- Fix zzuf - incorrect path matches
- Fix yamllint - incorrect find argument grouping
- Fix ELF & Perl checks - add MIME types
- Fix grep checks - use short options for portability
- Fix xapian-check - crash due to use of format strings
- Fix uudecode - include filenames in command-line
- Fix insecure-recv-keys - typo in regex
- Fix appstreamcli - unknown command-line option
- Fix m64-m32 - reduce false positives
- Fix gettext-lint-spell - add missing dependency, drop *.pot
- Fix afl - check it is installed properly
- Fix embed-dirs - add inc/ dirs for Perl packages
- Add podchecker - check Perl POD documentation
- Add pscan - check C printf format strings
- Add leaktracer - check programs for memory leaks
- Add tmperamental - check programs for tmpfile issues
- Add govet - report suspicious Go source code
- Add golint - report Go source code lint
- Add goimports - check missing/unused Go import lines
- Add rubocop - check Ruby code against Ruby Style Guide
- Add roodi - check Ruby code for design issues
- Add gendarme - check Mono/.NET ECMA CIL files
- Add make-phony - find misspelled .PHONY targets
- Add mypy - check Python static typing hints
- Add pyroma - check Python packaging quality
- Add bandit - check Python security quality
- Add dodgy - check dodgy lines in Python code
- Add vulture - check for dead Python code
- Add pycodestyle - check Python code style
- Add pydocstyle - check Python documentation style
- Add proselint - check for English prose issues
- Add chktex - check typographic errors in LaTeX docs
- Add fitscheck/wcslint/volint - FITS/VOTable files
- Add putty-private-key & openssh-private-key-rsa1
- Remove ghc-mod - just a wrapper for hlint
- TODO items for wtf flake8-plugins xpi-addons-linter
go-fix libdetectcoll sha1collisiondetection giffix
haxelint dockerlint dockerfile_lint dockerfile_checker
truffleHog pyt chap Devel::Plumber
check-all-the-things (2017.01.15) unstable; urgency=high
* New release.
- The "Check Things Securely Not Portably" release
- Reset terminal modes after commands to avoid colour spew
- Improve compatibility with Python 3.6
- Update python checks to not work on other distros
because the `python -m` command is insecure
- Update checkers removed from Debian - allow to run if installed
- Update lrzip-test/zstd-test - add MIME types
- Add lz4-test - check lz4 compressed files
- Add path-max - check for non-portable path size macros
- TODO items for deep-text-correcter sblint decopy
check-all-the-things (2016.12.25) unstable; urgency=medium
* New release.
- The "Check Everywhere For Tangerines" release
- Improve the 'no specific checks' remark
- Update php-syntax-check - ignore no files warning
- Update empty - never print inode/x-empty as unchecked
- Update pylint - check text/x-python files too
- Update python checks to work on other distros
- Add make - check Makefiles with GNU make
- Add pkg-config - check pkg-config .pc files
- Add t1lint - check Type 1 font files
- Add zstd-test - check zstd compressed files validity
- TODO items for urlycue multivalent pdf-hul pdfavalidation
huntbugs spotbugs find-sec-bugs binskim
check-all-the-things (2016.09.03) unstable; urgency=medium
* New release.
- The "Reproducibly Depend On Thing Checkers" release
- Fixes reproducible builds by sorting Recommends/Suggests (Closes: #829297)
- Rename an option in line with final 'Remarks' section rename
- Allow autocompletion with alias cats=check-all-the-things
- Ignore quilt .pc directories in all the places VCSen are ignored
- Eliminate terminal crunk for certain situations
- Update spellintian - ignore *.wav files too
- Update unzip-test - check *.zhfst files too
- Update embed-dirs - warn about deps and 3rdp dirs too
- Update cppcheck - check *.hxx *.hh files too
- Add cypher-lint - check Cypher Query Language files
- Add bitmap-synfig - ask where Synfig SIF source files are
- Add bitmap-povray - ask where POV-Ray POV source files are
- Add bitmap-gnuplot - ask where gnuplot scripts are
- Add bitmap-base64 - check files for embedded base64 images
- Add dsniff - check for passwords in packet capture files
- Add web-to-apt-key - check for blindly installing gpg keys
- Add insecure-recv-keys - check for insecure downloads of gpg keys
- TODO items for rstcheck anorack fuzz linklint webcheck doctorj xmlwf
checkit_tiff pylint-celery pylint-flask pep8-naming vint flay mdetect
markdownlint haxe-checkstyle cmake-lint stylelint httpolice pedant
check-manifest rxp
check-all-the-things (2016.06.29.1) unstable; urgency=medium
* New release.
- The "Check A Few More Things Slightly More Securely" release
- More mitigations for Debian perl bug #588017
- Fix dependencies for uscan based checks
check-all-the-things (2016.06.29) unstable; urgency=medium
* Upload to unstable
* New release.
- The "Check Some Things Slightly More Securely" release
- Warn that running cats in untrusted dirs could have consequences
- Does not enable checks with disabled flags unless choosing those flags
This prevents running dangerous checks with -f perl (Closes: #826089)
- Mitigate Debian perl bug #588017 by passing -m-lib=. to perl-based checks
This prevents perl-based commands from running code from the current dir
- Fix MIME support: disable MIME in commands when MIME is turned off
- Give an error with checks/flags options without check names
- Fixes crash when interrupting the first command that is run
- Fix checking prerequisites for "cat ... | foo" command-lines
- Update dependencies for licensecheck-based checks (see #828830, #828872)
- Disable KWStyle - should only be run manually
- Add clang-tidy - tidy C++ code using LLVM
- Add clang-check - check C++ code using LLVM
- Add clang-modernize (jessie-only) - modernize C++ code
- Add ocaml-unsafe-features - check compiled OCaml for unsafe features
check-all-the-things (2016.06.25) experimental; urgency=medium
* New release.
- The "Check A Bunch Of Things" release
- The official abbreviation is now cats. Meow!
- Bump Standards-Version, no changes needed
- Use https for Vcs-Git and other URLs
- Warn away the busy, lazy or noise intolerant
- Drop the separation between groups/flags
- Drop todo item deps down to Suggests
- Fix file matching in a number of cases
- Add argument completion for bash
- Add an indicator of the currently running command
- Add (slow) support for matching files based on MIME type (Closes: #791722)
- Add better advice for style/complexity/other checks
- Disable network checks when there is no default gateway
- Trim check output to 10 lines by default
- Support overlays for older distros
- Add 'modify' flag for commands that modify files and
thus should not be run by default
- Add 'manual' flag for commands that must be manually run
- Handle 'todo' flagged checks properly
- Show list of found file extensions that were not checked
- Rename final section to 'Remarks' since the name grew long
- Give an error when choosing unknown checks/flags
- Report when help is needed for some existing checks
- Match more ZIP-based files for the unzip-test check
- Document the use of usertags for this package
- Document places where more check tools can be found
- Add appstreamcli validate - check AppStream files
- Add appstream-util validate - check AppStream files
- Add bls-standalone - check build logs for issues
- Add build-log-static-library - warn against static linking
- Add complexity - check C code for function complexity
- Add kwstyle - check C code for style conformance
- Add opencolladavalidator - check COLLADA files
- Add csslint-0.6 - check CSS files
- Add wrap-and-sort - wrap and sort various debian/ files
- Add license-reconcile - check debian/copyright files
- Add debmake-k - check debian/copyright files
- Add autodep8 - check if DEP-8 tests can be created
- Add lockdep - check pthread-using programs
- Add zzuf - fuzz program input
- Add afl - intelligently fuzz program input
- Add hardening-check - check programs for hardening
- Add spellintian - check spelling using lintian dictionaries
- Add flightcrew - check epub e-book files
- Add erlang-shell-inject - check for Erlang shell metachar injection
- Add erl-tidy - check Erlang code
- Add font-embedding-restrictions - check TTF embedding restrictions
- Add two jsonlints - check JSON files
- Add autoupdate - update autotools files
- Add autoscan - check completeness of configure.ac
- Add timeless - check for macros that break reproducible builds
- Add http - check for http URLs to switch to https
- Add embed checks - heuristics for embedded code copies
- Add mailto - check mailto: links
- Add ocaml-shell-injection - check for OCaml shell metachar injection
- Add pylint - check Python code for various issues
- Add rpmlint - check RPM files
- Add web-to-shell - check for `curl | sudo sh` antipattern
- Add ssl-cert-check - check SSL key/cert files
- Add yamllint - check YAML files
- TODO items for android-lint smatch rzip-test lrzip-test
csslint scan-copyrights licensecheck2dep5 debian-tracker
erlang-elvis opentype-sanitiser bugpicker nit librejs-cli
jpegoptim lisp-critic project-flint scheck ocaml-unsafe
ocaml-mascot cpants-lint php7cc pngcrush optipng advpng
mypy pycodestyle pydocstyle python3-requirements-detector
pydiatra pytype ruby-reek ruby-sadist ruby-derailer
ruby-space swiftlint x509lint certlint
-- Gianfranco Costamagna <email address hidden> Tue, 06 Jun 2017 19:19:16 +0200
