Releases: rpminspect/rpminspect
rpminspect-1.12.1
General release and build process changes:
- Be sure to use 'sort -V' on git tags in .copr/Makefile
- Use 'sort -V' when determining tags in mkannounce.sh
NOTE: This is really just the 1.12 release with a corrected tarball. The scripts I use to cut a new release were not sorting the git tags correctly so the tarball for 1.12 was really the v1.9 tag.
DO NOT USE THE 1.12 RELEASE. USE THIS RELEASE INSTEAD.
rpminspect-1.12
General release and build process changes:
- check the results of meson's run_command()
- Change clamav-data to Recommends in the spec file (#861)
- Increase libabigail version dependency to 2.1
- Add a Makefile target and script to update uthash.h
- Use SPDX license identifiers in rpminspect.spec.in
- Adjust BuildRequires for libannocheck requirement
- BuildRequires: annobin-libannocheck
- On FreeBSD, look for and add -lintl to the linker args
- Change how test_env is defined.
- Remove unnecessary dependencies from src/meson.build
- On FreeBSD add -D__BSD_VISIBLE to the CFLAGS
- Get strverscmp() from libiberty.a on FreeBSD
- _HAVE_LIBIBERTY -> _FREEBSD_LIBIBERTY
- Fix builds on EPEL >= 7 and Fedora >= 35
- Default to with_annocheck rather than with_libannocheck
- Add BSD-2-Clause to the License list in the spec file
- Some meson.build improvements
- Adjust the CURLINFO_CONTENT_LENGTH_DOWNLOAD_T test
- Add 'BuildRequires: libcdson-devel' to the spec file
- BuildRequires: libcdson-devel
- Support skipping pip package installation in 'make instreqs'
- Update RELEASE instructions
- Rename Makefile to GNUmakefile
- shellcheck fixes for utils/determine-os.sh
- rpminspect requires libabigail >= 2.3
- Check for reallocarray() and only use if available
- Default to REALPATH=grealpath on NetBSD
- Recognize Debian trixie as the Debian testing release
- Use pre-commit
- Don't assume x86_64 in utils/gate.sh
- Have utils/mkannounce.sh read CONTRIBUTING.md
Config file or data/ file changes:
- Clarify the 'ignore' block in comments
- Correct one small comment error in data/security/GENERIC
- Update comments for the annocheck inspection in generic.yaml
- Update the comment for the licensedb setting
- Drop '.gdb_index' from the example debuginfo section list
- Update config file examples with latest security rules
- Drop entries from the example global ignore list
Changes to the GitHub Actions CI scripts and files:
- Enable Fedora rawhide again for x86_64 and i686
- Do not use a specific actions/checkout version for alpinelinux
- Use actions/checkout@v3 in alpinelinux.yml
- On alpinelinux, run git config to define the safe directory
- Run git config command on all GitHub Actions jobs
- Make sure 'git' is installed for the fedora GHA jobs
- Update the Slackware Linux GHA job
- Build clamav with '-D ENABLE_JSON_SHARED=ON' on Slackware
- opensuse does not use yum
- Ensure manual install of 'rc' on OpenSUSE Leap works
- Install automake and automake for opensuse-leap job
- Add bison and html2text to opensuse-leap reqs.txt list
- Update GitHub Action yml files with correct branch name
- s/annobin/annobin-annocheck/g for Fedora CI targets
- Prevent RPMTAG_VENDOR override on OpenSUSE Leap jobs
- python3-Pygments added to reqs.txt for opensuse-leap
- Use vbatts/slackware:latest in GitHub Actions (#868)
- Add annobin-annocheck to reqs.txt for almalinux8
- Add Alma Linux 9 job to GHA
- Add detection of Alma Linux 9 to utils/determine-os.sh
- Modify test_annocheck.py a bit for Slackware Linux
- Fix Alma Linux detection is utils/determine-os.sh
- Disable annocheck tests on Amazon Linux 2
- Do not run annocheck inspection tests on CentOS 7
- Run ldconfig as last command in post.sh on Slackware Linux
- Update FreeBSD files in osdeps/freebsd/
- Add annobin-libannocheck to reqs.txt files for Fedora rawhide
- Add annobin-libannocheck to reqs.txt files for Fedora latest
- 32-bit Fedora CI jobs need to install annobin-libannocheck.i686
- The i686 Fedora CI jobs need binutils-devel.i686
- Add more settings to the FreeBSD osdeps files
- Initial GitHub Actions file for FreeBSD CI for rpminspect
- Use latest stable FreeBSD vmaction in FreeBSD CI
- Set PATH environment variable for FreeBSD CI job
- Another slight adjustment on the FreeBSD CI job
- Need to install git explicitly for the FreeBSD CI job
- s/-D with_annocheck/-D with_libannocheck/g in freebsd.yml
- Use 'gmake check' to run the test suite on FreeBSD CI
- Process build and step exit codes on the VM host for FreeBSD
- OK, put exitcodes/ under build/
- Drop verbose tar extract in osdeps/freebsd/post.sh
- Make sure FreeBSD CI gets a 'ksh' symlink
- hostname workaround for rpmbuild on FreeBSD CI
- Slightly different way to add hostname and IP on FreeBSD CI
- Write to /etc/hosts in the correct order in FreeBSD CI
- Do not run FreeBSD CI on pull requests
- Add 'env CRYPTOGRAPHY_DONT_BUILD_RUST=1' to PIP_CMD for fedora
- Fix up the Alpine Linux post.sh script and reqs.txt list
- Fix Slackware Linux CI job
- Do not make the gcovr step fail a CI job
- Do not make the gcovr step fail for the rest of the CI jobs
- Fix Debian stable and testing CI jobs
- Fix Ubuntu latest CI job
- Minor updates to quiet the OpenSUSE Leap CI job
- Remove ALT Linux from the CI job collection
- Fix Gentoo Linux CI job
- Quiet some tar and git operations
- Fix CentOS 7 and CentOS Stream 8 jobs; add CentOS Stream 9
- Use gcc for the FreeBSD CI job
- Pass CRYPTOGRAPHY_DONT_BUILD_RUST=1 to pip on FreeBSD CI job
- Do not run 'rpm --import /etc/pki/rpm-gpg/*' on CentOS jobs
- Update the FreeBSD repo catalog before running the CI job
- Fix the FreeBSD job
- Do not carry the old find-debuginfo.sh for FreeBSD CI
- Install cdson from git on Debian and Ubuntu CI jobs
- Install cdson on various CI jobs
- Install cdson from git on Oracle Linux
- Remove invalid 'cd "${TAG}" || exit 1' lines from post.sh
- Use ninja instead of meson when building cdson
- Install rc and cdson to /usr on Arch Linux
- Fixes for CI job on Oracle Linux 8
- Expand PATH in pre.sh for Debian CI jobs
- Install cdson to /usr for the Amazon Linux CI jobs
- Install cdson on the Slackware Linux CI job
- Install cdson on the Gentoo Linux CI job
- Configure and run freshclan on the Slackware Linux CI job
- Install cdson in the FreeBSD CI job
- Link ninja-build to ninja early in post.sh for Amazon Linux
- Install rpm4 from source on FreeBSD CI job
- shellcheck fixes for osdeps/freebsd/post.sh
- Run 'gmake check' for the test suite in the FreeBSD CI job
- Fix Debian CI job and pip module installation
- Add 'debug' and 'setup-debug' targets to Makefile
- Convert CentOS and FreeBSD jobs to use 'make debug/check'
- s/PYTHONG/PYTHON/g
- Use uraimo/run-on-arch-action@v2 on non-x86 jobs
- Split the Debian jobs in to stable and testing
- Small fix up for the FreeBSD CI job
- CentOS 7 job fixes
- Remove CRYPTOGRAPHY_DONT_BUILD_RUST=1 from Fedora CI defs.mk
- Quote ${ec} in .github/workflows/freebsd.yml
- Run 'make instreqs SKIP_PIP=y ; make' on s390x, ppc64le, aarch64
- Do not run coverage target on FreeBSD CI
- clamav-update.i686 -> clamav-update on Fedora i386 jobs
- Get rpminspect building with clang on FreeBSD 13.1
- More improvements for the FreeBSD CI job
- Skip the virus tests in the FreeBSD CI job
- Use -std=c99 on CentOS 7 jobs
- Fix the Gentoo Linux CI job
- use ShellCheck with SARIF support
- Deal with mandoc upstream server being down
- Remove block that imports gpg-key files for Alma and Rocky Linux
- Remove libdson-devel from osdeps/amzn2/reqs.txt
- Add Rocky Linux 9 job to GitHub Actions
- Account for dnf5 presence in Fedora rawhide
- And fix the Fedora rawhide dnf5 stuff for i386
- Use --break-system-packages on pip command in Arch Linux
- Define a %dist tag on Arch Linux systems
- Define a %dist tag on Alpine Linux systems
- Define a %dist tag on Ubuntu Linux systems
- Define a %dist tag on Debian Linux testing systems
- Define a %dist tag on Debian Linux stable systems
- Define a %dist tag on Slackware Linux systems
- Combine the two ~/.rpmmacros lines on Alpine Linux
- Define a %dist tag on Gentoo Linux systems
- Remove any bad udev rules files on Fedora rawhide
- Remove Rocky Linux from the Extra CI job collection
- Minor GitHub Actions job definition cleanups
- Updates for the FreeBSD CI job in GHA
- Small fixes for the CentOS 7 job
- Replace tox CI job with pre-commit
- Can't use distutils with Python 3.12 on CentOS 7
- Final fixes for the CentOS 7 CI job
- Update mandoc and rc installation
rpminspect(1) changes or improvements related to it:
- Add missing format string to errx() calls
- For fetch-only, do not override the argv counter in the loop
- Match products with dist tags containing periods
- Careful cleanup with rmtree() on exit
- Honor the -s/--suppress option on json, xunit, and summary modes
- Use errx() for RI_PROGRAM_ERROR conditions in rpminspect(1)
- Do not assume before_product and after_product exist
- Improve product release detection for build comparisons
- Restore product release matching for single build analysis
- Handle build comparisons where product release is half known
- Fix handling of the -s and -t command line options
- Support Koji task ID number for non-scratch builds
- Small memory leak fix in rpminspect.c for the -w option
- Add the -b/--build-type command line option to rpminspect
- Trim the leading period from the product_release string
- Trim leading period(s) after product release string matching
- Fix double free on ri->product_release
- Report skipped inspections in verbose mode and in results
- Add dynamic HTML viewer
- Add SKIP result type to viewer
- Include string.h for strverscmp()
- Just add the prototype for strverscmp() in libiberty
- On FreeBSD, rpminspect must link with libintl
- Handle missing after_product in get_product_release()
- Removed unnecessary reset of i to 0
- Do not crash when user tries to compare two incompatible builds
- Error out on invalid -w values if wordexp() and/or stat() fail
- Add build NVRs to the diagnostics output section
- Free before_product after performing product string matching
- Fix severity_t enum placement of RESULT_DIAG
Documentation changes:
- Large set of Doxygen comments in header files
- Add Doxygen comments for include/readelf.h
- More Doxygen comment header...
rpminspect-1.11
General release and build process changes:
- check the results of meson's run_command()
- Change clamav-data to Recommends in the spec file (#861)
- Increase libabigail version dependency to 2.1
- Add a Makefile target and script to update uthash.h
- Use SPDX license identifiers in rpminspect.spec.in
- Adjust BuildRequires for libannocheck requirement
- BuildRequires: annobin-libannocheck
- On FreeBSD, look for and add -lintl to the linker args
- Change how test_env is defined.
- Remove unnecessary dependencies from src/meson.build
- On FreeBSD add -D__BSD_VISIBLE to the CFLAGS
- Get strverscmp() from libiberty.a on FreeBSD
- _HAVE_LIBIBERTY -> _FREEBSD_LIBIBERTY
- Fix builds on EPEL >= 7 and Fedora >= 35
- Default to with_annocheck rather than with_libannocheck
- Add BSD-2-Clause to the License list in the spec file
- Some meson.build improvements
- Adjust the CURLINFO_CONTENT_LENGTH_DOWNLOAD_T test
- Add 'BuildRequires: libcdson-devel' to the spec file
- BuildRequires: libcdson-devel
- Support skipping pip package installation in 'make instreqs'
- Update RELEASE instructions
Config file or data/ file changes:
- Clarify the 'ignore' block in comments
- Correct one small comment error in data/security/GENERIC
- Update comments for the annocheck inspection in generic.yaml
- Update the comment for the licensedb setting
- Drop '.gdb_index' from the example debuginfo section list
- Correct documentation of addedfiles.forbidden_path_prefixes
- Fix invalid YAML definition of badfuncs
- Fix invalid YAML definition of javabytecode
- Simplify definition of pathmigration.migrated_paths
- Simplify definition of annocheck.{jobs,extra_opts}
- Simplify definition of products
Changes to the GitHub Actions CI scripts and files:
- Enable Fedora rawhide again for x86_64 and i686
- Do not use a specific actions/checkout version for alpinelinux
- Use actions/checkout@v3 in alpinelinux.yml
- On alpinelinux, run git config to define the safe directory
- Run git config command on all GitHub Actions jobs
- Make sure 'git' is installed for the fedora GHA jobs
- Update the Slackware Linux GHA job
- Build clamav with '-D ENABLE_JSON_SHARED=ON' on Slackware
- opensuse does not use yum
- Ensure manual install of 'rc' on OpenSUSE Leap works
- Install automake and automake for opensuse-leap job
- Add bison and html2text to opensuse-leap reqs.txt list
- Update GitHub Action yml files with correct branch name
- s/annobin/annobin-annocheck/g for Fedora CI targets
- Prevent RPMTAG_VENDOR override on OpenSUSE Leap jobs
- python3-Pygments added to reqs.txt for opensuse-leap
- Use vbatts/slackware:latest in GitHub Actions (#868)
- Add annobin-annocheck to reqs.txt for almalinux8
- Add Alma Linux 9 job to GHA
- Add detection of Alma Linux 9 to utils/determine-os.sh
- Modify test_annocheck.py a bit for Slackware Linux
- Fix Alma Linux detection is utils/determine-os.sh
- Disable annocheck tests on Amazon Linux 2
- Do not run annocheck inspection tests on CentOS 7
- Run ldconfig as last command in post.sh on Slackware Linux
- Update FreeBSD files in osdeps/freebsd/
- Add annobin-libannocheck to reqs.txt files for Fedora rawhide
- Add annobin-libannocheck to reqs.txt files for Fedora latest
- 32-bit Fedora CI jobs need to install annobin-libannocheck.i686
- The i686 Fedora CI jobs need binutils-devel.i686
- Add more settings to the FreeBSD osdeps files
- Initial GitHub Actions file for FreeBSD CI for rpminspect
- Use latest stable FreeBSD vmaction in FreeBSD CI
- Set PATH environment variable for FreeBSD CI job
- Another slight adjustment on the FreeBSD CI job
- Need to install git explicitly for the FreeBSD CI job
- s/-D with_annocheck/-D with_libannocheck/g in freebsd.yml
- Use 'gmake check' to run the test suite on FreeBSD CI
- Process build and step exit codes on the VM host for FreeBSD
- OK, put exitcodes/ under build/
- Drop verbose tar extract in osdeps/freebsd/post.sh
- Make sure FreeBSD CI gets a 'ksh' symlink
- hostname workaround for rpmbuild on FreeBSD CI
- Slightly different way to add hostname and IP on FreeBSD CI
- Write to /etc/hosts in the correct order in FreeBSD CI
- Do not run FreeBSD CI on pull requests
- Add 'env CRYPTOGRAPHY_DONT_BUILD_RUST=1' to PIP_CMD for fedora
- Fix up the Alpine Linux post.sh script and reqs.txt list
- Fix Slackware Linux CI job
- Do not make the gcovr step fail a CI job
- Do not make the gcovr step fail for the rest of the CI jobs
- Fix Debian stable and testing CI jobs
- Fix Ubuntu latest CI job
- Minor updates to quiet the OpenSUSE Leap CI job
- Remove ALT Linux from the CI job collection
- Fix Gentoo Linux CI job
- Quiet some tar and git operations
- Fix CentOS 7 and CentOS Stream 8 jobs; add CentOS Stream 9
- Use gcc for the FreeBSD CI job
- Pass CRYPTOGRAPHY_DONT_BUILD_RUST=1 to pip on FreeBSD CI job
- Do not run 'rpm --import /etc/pki/rpm-gpg/*' on CentOS jobs
- Update the FreeBSD repo catalog before running the CI job
- Fix the FreeBSD job
- Do not carry the old find-debuginfo.sh for FreeBSD CI
- Install cdson from git on Debian and Ubuntu CI jobs
- Install cdson on various CI jobs
- Install cdson from git on Oracle Linux
- Remove invalid 'cd "${TAG}" || exit 1' lines from post.sh
- Use ninja instead of meson when building cdson
- Install rc and cdson to /usr on Arch Linux
- Fixes for CI job on Oracle Linux 8
- Expand PATH in pre.sh for Debian CI jobs
- Install cdson to /usr for the Amazon Linux CI jobs
- Install cdson on the Slackware Linux CI job
- Install cdson on the Gentoo Linux CI job
- Configure and run freshclan on the Slackware Linux CI job
- Install cdson in the FreeBSD CI job
- Link ninja-build to ninja early in post.sh for Amazon Linux
- Install rpm4 from source on FreeBSD CI job
- shellcheck fixes for osdeps/freebsd/post.sh
- Run 'gmake check' for the test suite in the FreeBSD CI job
- Fix Debian CI job and pip module installation
- Add 'debug' and 'setup-debug' targets to Makefile
- Convert CentOS and FreeBSD jobs to use 'make debug/check'
- s/PYTHONG/PYTHON/g
- Use uraimo/run-on-arch-action@v2 on non-x86 jobs
- Split the Debian jobs in to stable and testing
- Small fix up for the FreeBSD CI job
- CentOS 7 job fixes
- Remove CRYPTOGRAPHY_DONT_BUILD_RUST=1 from Fedora CI defs.mk
- Quote ${ec} in .github/workflows/freebsd.yml
- Run 'make instreqs SKIP_PIP=y ; make' on s390x, ppc64le, aarch64
- Do not run coverage target on FreeBSD CI
rpminspect(1) changes or improvements related to it:
- Add missing format string to errx() calls
- For fetch-only, do not override the argv counter in the loop
- Match products with dist tags containing periods
- Careful cleanup with rmtree() on exit
- Honor the -s/--suppress option on json, xunit, and summary modes
- Use errx() for RI_PROGRAM_ERROR conditions in rpminspect(1)
- Do not assume before_product and after_product exist
- Improve product release detection for build comparisons
- Restore product release matching for single build analysis
- Handle build comparisons where product release is half known
- Fix handling of the -s and -t command line options
- Support Koji task ID number for non-scratch builds
- Small memory leak fix in rpminspect.c for the -w option
- Add the -b/--build-type command line option to rpminspect
- Trim the leading period from the product_release string
- Trim leading period(s) after product release string matching
- Fix double free on ri->product_release
- Report skipped inspections in verbose mode and in results
- Add dynamic HTML viewer
- Add SKIP result type to viewer
- Include string.h for strverscmp()
- Just add the prototype for strverscmp() in libiberty
- On FreeBSD, rpminspect must link with libintl
- Handle missing after_product in get_product_release()
- Removed unnecessary reset of i to 0
- Do not crash when user tries to compare two incompatible builds
Documentation changes:
- Large set of Doxygen comments in header files
- Add Doxygen comments for include/readelf.h
- More Doxygen comment headers in include/
- Expand build input description in the rpminspect(1) man page (#863)
- Adjust git.md category description for cmd
- Add link to rpminspect-report project page
- Update the table of build requirements in README.md
- Add FreeBSD to the list of CI platforms
- Add cdson to the list of requirements in README.md
General bug fix in the library or frontend program:
- Normalize the KABI path and do not warn on access(3) failures
- Do not try to mmap() zero length files in read_file()
- Do not use warn() if read_file() returns NULL in get_patch_stats()
- Handle NULL result->msg in output_xunit()
- Reset the tmp pointer on realloc() in strxmlescape()
- On stat() failure in read_file_bytes(), just return NULL
- Use CURLINFO_CONTENT_LENGTH_DOWNLOAD on older libcurl releases
- Correct the reporting of kmod parameter differences
- Do not report fallthrough changes as VERIFY in changedfiles
- Stop resetting the patch_ignore_list when reading config files
- Honor all per-inspection ignore lists; match path prefix
- Remove temporary files in the 'changelog' inspection
- Carefully filter debug packages in gather_deprules_by_type()
- Double free removed in match_fileinfo_mode()
- read_file_bytes() must be restricted to S_ISREG() files
- In rpmdeps, do not report new explicit Requires as VERIFY
- Do not incorrectly report security-related files as new
- Correctly handle addedfiles edge cases
- Security path checking only applies to comparisons in addedfiles
- Missing free() calls in the new list_remove() function
- Use a long rather than int64_t for the patch number
- Correct RPM dependency rule peering
- Prevent double free() in the patches inspection
- Correct handling of kmidiff(1) exit codes
- Correctly check for forbidden directories in RPM payloads
- Handle PatchN: lines in spec files with no space after ':'
- Address ...
rpminspect-1.10
General release and build process changes:
- check the results of meson's run_command()
Config file or data/ file changes:
- Clarify the 'ignore' block in comments
Changes to the GitHub Actions CI scripts and files:
- Enable Fedora rawhide again for x86_64 and i686
- Do not use a specific actions/checkout version for alpinelinux
- Use actions/checkout@v3 in alpinelinux.yml
- On alpinelinux, run git config to define the safe directory
- Run git config command on all GitHub Actions jobs
- Make sure 'git' is installed for the fedora GHA jobs
- Update the Slackware Linux GHA job
- Build clamav with '-D ENABLE_JSON_SHARED=ON' on Slackware
- opensuse does not use yum
- Ensure manual install of 'rc' on OpenSUSE Leap works
- Install automake and automake for opensuse-leap job
- Add bison and html2text to opensuse-leap reqs.txt list
rpminspect(1) changes:
- Add missing format string to errx() calls
- For fetch-only, do not override the argv counter in the loop
- Match products with dist tags containing periods
- Careful cleanup with rmtree() on exit
- Honor the -s/--suppress option on json, xunit, and summary modes
- Use errx() for RI_PROGRAM_ERROR conditions in rpminspect(1)
- Do not assume before_product and after_product exist
- Improve product release detection for build comparisons
- Restore product release matching for single build analysis
- Handle build comparisons where product release is half known
- Fix handling of the -s and -t command line options
Documentation changes:
- Large set of Doxygen comments in header files
- Add Doxygen comments for include/readelf.h
- More Doxygen comment headers in include/
General bug fix in the library or frontend program:
- Normalize the KABI path and do not warn on access(3) failures
- Do not try to mmap() zero length files in read_file()
- Do not use warn() if read_file() returns NULL in get_patch_stats()
- Handle NULL result->msg in output_xunit()
- Reset the tmp pointer on realloc() in strxmlescape()
- On stat() failure in read_file_bytes(), just return NULL
- Use CURLINFO_CONTENT_LENGTH_DOWNLOAD on older libcurl releases
- Correct the reporting of kmod parameter differences
- Do not report fallthrough changes as VERIFY in changedfiles
- Stop resetting the patch_ignore_list when reading config files
- Honor all per-inspection ignore lists; match path prefix
- Remove temporary files in the 'changelog' inspection
- Carefully filter debug packages in gather_deprules_by_type()
- Double free removed in match_fileinfo_mode()
- read_file_bytes() must be restricted to S_ISREG() files
- In rpmdeps, do not report new explicit Requires as VERIFY
- Do not incorrectly report security-related files as new
- Correctly handle addedfiles edge cases
- Security path checking only applies to comparisons in addedfiles
- Missing free() calls in the new list_remove() function
- Use a long rather than int64_t for the patch number
- Correct RPM dependency rule peering
- Prevent double free() in the patches inspection
- Correct handling of kmidiff(1) exit codes
- Correctly check for forbidden directories in RPM payloads
- Handle PatchN: lines in spec files with no space after ':'
- Address some additional Patch and %patch line reading issues
- strtrim() and strsplit() memory management fixes
- Handle more auto deps in the kernel package correctly
- Make sure INFO results in metadata do not fail rpminspect
- Relax the 'types' inspection a bit
- Try FNM_LEADING_DIR matches when patterns end in wildcard
- Correctly pick up the use of %autopatch or %autosetup
- strcmp() -> !strcmp() in the patches inspection
- Memory management fix for the changelog inspection
- Remove temporary files in the changelog inspection
- Do not fail 'runpath' when comparing kernel builds
- free before_output and after_output after using them
- Do not fail dsodeps if ELF type is not ET_DYN
- Tie the annocheck inspection result to reporting severity
- Only report forbidden path additions as VERIFY in addedfiles
- In 'removedfiles' report VERIFY and BAD for security paths
- Account for leading executables in Exec= (e.g., "env VAR=VAL")
- Output unified diff correctly in delta_out()
- Simplify severity reporting in the changedfiles inspection
- Add missing free(tmp) calls in the desktop inspection
- Minimize total_width initialization for download progress bar
- Fail if we cannot read RPMs before downloading
- Adjust reporting severity in the permissions inspection
- Prevent repetitive results reporting in 'types'
- Correct rpmdeps inspection reporting levels
- Correct results reporting for the permissions inspection
- Correct results reporting for the types inspection
- Correct results reporting for the filesize inspection
- Allow NULL inputs to strprefix() and strsuffix()
- Get per-inspection ignore list working in 'upstream'
- Support per-file allowed lists for the badfuncs inspection
- Use allowed_arch() in the arch and subpackages inspections
- Remove unnecessary warning from failed chdir() call
- Process per-inspection ignore blocks first in init.c
librpminspect feature or significant change:
- Drop dependency on the external 'diffstat' command
- Remove init_elf_data() function
- Verify enough local disk space exists before downloading
- Check for enough disk space before unpacking RPMs
- Add strexitcode() and RI_INSUFFICIENT_SPACE exit code
- Display insufficient space messages in human readable sizes
- Doxygen comment work but also add and use missing remedy strings
- Update to uthash 2.3.0
- Drop the file count and line count checks in 'patches'
- Default the filesize inspection size_threshold to 'info'
- Rename init_rpmpeer() and free_rpmpeer() functions
- Restrict the annocheck and lto inspections to ELF files
- Simplify the librpm initialization call
- Make the rpmdeps handle expected config() autodeps correctly
- Adjust how the rpmdeps inspections trims ISA substrings
- Add list_remove() function to librpminspect
- Expand the patches inspection to verify patches are applied
- Change how debuginfo dirs are matched for files
- Add strtrim() function to librpminspect
- In strsplit(), skip empty string tokens
- Replace rpmDefineMacro usage with rpmPushMacro
- In diagnostics, display download and unpack space reqs
- Make the kmod inspection report changes as INFO only
- Remove unnecessary archive_read_open_filename() warning
- Always output 'diagnostics' results even if -s specified
- Move ./rpminspect.yaml reading to init_rpminspect()
- Support optional product release configuration files
- Allow local rpminspect.yaml files to extend annocheck options
- Use REG_EXTENDED in match_product()
- In match_path(), honor common syntax of /path/to/dir/*
- Add ints to the BLOCK_ enum in init.c
Test suite commits:
- Adjust the addedfiles tests to handle new default size threshold
- Disable all MultipleProvidersCompareRPMs test cases
- Fix the MultipleProvidersCompareRPMs test cases
- Correct the %autopatch and %autosetup test cases
- Skip %autopatch and %autosetup tests on systems without lua
- Update the test_addedfiles.py test cases
- Verify automatic ELF Requires handle subpackage changes
- Support optional rpminspect.yaml overrides per test
- Use .update() rather than |= to merge dicts
- export QA_RPATHS from the top level Makefile
rpminspect-1.9
General release and build process changes:
- Improve call with koji list-targets
- Skip GPG signing the source archives for Copr builds
- Use rpmspec to gather BuildRequires for Copr
- Allow 'python_program' meson configuration option
- Add 'copr-srpm' Makefile target
Config file or data/ file changes:
- Skip *.html files in the xml inspection
- Drop diff(1) command setting from generic.yaml
Changes to the GitHub Actions CI scripts and files:
- Fix pre.sh for Extra CI on Gentoo Linux
- Fix the CentOS 7 Extra CI job
- Small cleanups to the Extra CI definitions
- Fix post.sh for centos 7 Extra CI job
- Expand PATH in post.sh for centos7 Extra CI
- Make sure /usr/local/bin is in the centos7 Extra CI PATH
- Match the matrix.container name correctly in extra-ci.yml
- Support special RPM vendor handling on ALT Linux
- Fix ALT Linux job in Extra CI
- Drop Open Euler stuff from utils/determine-os.sh
- Patch source and build system for FreeBSD
- shellcheck fixes for osdeps post.sh scripts
- Break out the CI and Extra CI configs in to separate files
- "/etc/pkg" -> "/etc/pki" in some GitHub Actions
- Fix /usr/lib/rpm/*/macros modification for ALT Linux
- Pull CentOS images from quay.io, prepare for CentOS 9 Stream
- Add Slackware Linux 15.0 to the GitHub Actions collection
- Use -checkgpg=off with slackpkg initially on Slackware Linux
- More minor fixes to the Slackware Linux GitHub Action
- Just set GPGCHECK=off for the Slackware Linux GitHub Action
- Run 'slackpkg update' before install git and requirements
- Try to instruct slackpkg to, yes, import the GPG key
- Install libxdiff-devel in Fedora-derived GitHub Actions jobs
- Drop libxdiff-devel package installation
- Drop diffutils from all CI job reqs.txt files
rpminspect(1) changes:
- Prevent SIGSEGV when get_product_release() fails
- Default favor_release setting to 'newest'
- Default favor_release setting to 'newest'
- Fix two small memory leaks in rpminspect(1)
- Exit with code 3 if the named profile (-p) is not found
- Fix -Werror=use-after-free findings from gcc 12
- Fix get_product_release() for single build jobs
- Implement the -s/--suppress option in rpminspect
- Do not remove default or user-specified --workdir paths
- Pretend that TTY has 80 columns, if the real width is unknown
Documentation changes:
- Small tweaks to the RELEASE checklist
- Update usage examples in README.md
- Update usage.rst to reflect current inspections
General bug fix in the library or frontend program:
- Make sure is_elf() returns true for ELF archives (*.a)
- Match MIME type on Icons in the desktop inspection
- Report removed files at INFO level in rebase comparisons
- Handle single build runs in is_rebase()
- Handle the -w option correctly for fetch and non-fetch modes
- Code formatting
- Read ABI level blocks with "level N" or "level-N" names
- Ensure summary mode output works for a number of inspections
- Prevent SIGSEGV in rpminspect is the configuration is incomplete
- Prevent SIGSEGV when bad_functions is empty for -D
- Avoid stairstepping the text in summary output mode
- Make sure multiple package providers are collected in rpmdeps
- Correct the name of RPM weak dep macros in deprules.c
- Do not incorrectly report added files for single builds
- Cleaner error reporting when elf_version() returns EV_NONE
- Strip workdir from the Details in shellsyntax reports
- Some build comparisons with missing peers crash 'rpmdeps'
- Close a number of non-fatal memory leaks
- Remove unnecessary free() calls in librpminspect and rpminspect
- Match shared lib Requires correctly & handle multiple Provides
- Handle explicit shared lib deps with %{_isa} notation
- Handle packages that provide automatic shared lib deps
- Correct the addedfiles reporting messages
- Memory management fixes with trim_rich_dep() function
- Minor improvements to delta_out() in librpminspect
- Skip deprule version matching on NULL in expected_deprule_change()
- Change = -> == in an if expression
- Fix three small memory leaks originating in init.c
- Honor explicit Requires deps that use zero-epoch syntax
- Patch a number of non-fatal valgrind findings
- Do not assume peer is not NULL in set_peer()
- Minor librpm interaction fixes for the unicode inspection
- Variable initialization fixes for libxdiff
- YAML parsing error for the failure_severity setting
- Do not call rpmFreeMacros() in load_macros()
librpminspect feature or significant change:
- Expand the emptyrpm inspection to handle %ghost entries
- Replace direct use of "diagnostics" with NAME_DIAGNOSTICS
- Add new 'summary' output mode (#26)
- Final update for librpminspect inspections and summary mode
- Use the -o option on msgunfmt(1) in 'changedfiles'
- Default annocheck results to RESULT_INFO
- Guard capabilities and kmod stuff in inspect.c
- Add 'rpmdeps' inspection
- Support new config file section for 'rpmdeps'
- Add 'rpmdeps' inspection
- Completed 57 test cases for 'rpmdeps' for Requires dependencies
- Set 'addedfiles' to work for single and compare jobs
- Drop use_ignore parameter from foreach_peer_file()
- Remove legacy _FORTIFY_SOURCE check in the elf inspection
- Begin handling of rich dependency syntax in 'rpmdeps'
- Add is_rich_dep() to mark rich dependency strings in deprules
- Use libxdiff instead of relying on /usr/bin/diff
- Add libxdiff directly to the source tree
- Report annocheck failures as RESULT_VERIFY
- Make annocheck failure reporting severity a config file setting
Test suite commits:
- Support older versions of rpmfluff in baseclass.py
- Use the codecs module in test_unicode.py
- Create ProvidedSourceFile for use in test_unicode.py
- Set QA_RPATHS=63 to disable check-rpaths in rpmbuild
- Improve the debugging output for failing tests
- Add test cases for the rpmdeps inspection
- In rpmdeps_requires tests, expect OK and not INFO for two
- Ensure rpmdeps Requires test bins link with test lib
- Skip tests in test_rpmdeps_requires.py that need 'elfdeps'
- Fix a few small bugs in the Alpine Linux post.sh script
- Add six remaining test_rpmdeps_requires.py test cases
- Added 54 tests for Provides dependencies in 'rpmdeps'
- Added 54 tests for Conflicts dependencies in 'rpmdeps'
- Add remaining 270 test cases for the rpmdeps inspection
- Correct weak dep test cases for 'rpmdeps'
- Skip weak dependency rpmdeps test cases for older librpm versions
- Pass --nodeps to rpmbuild in the test suite
- Force the use of %attr for add_installed_directory()
- Skip unexpanded macro test cases on ALT Linux for rpmdeps
- Use '=' and not '>=' for Provides in rpmdeps test cases
- Skip most weak dependency tests on ALT Linux
- Account for ALT Linux including Epoch values in dependencies
- Remove old have_caps_support block from test_capabilities.py
rpminspect-1.8
General release and build process changes:
- Updates to how Koji jobs are prepared and submitted
- Add RELEASE checklist
Changes to the GitHub Actions CI scripts and files:
- Add 'make shellcheck' target and update ShellCheck CI job
- Install findutils for the shellcheck GitHub Action
Documentation changes:
- Add changes for the 1.7 release
- Note additional dependencies in README.md
- Reformat OS list in README.md
General bug fix in the library or frontend program:
- Handle unexecutable %prep sections in 'unicode'
- Remove hardcoded maximum version check on Java bytecode
- Correct everything shellcheck found in shell scripts
- Exit the manual_prep_source() child process correctly
- Use archive_read_free() in unpack.c
librpminspect feature or significant change:
- Convert RPM header cache to a hash table, fix leak
Test suite commits:
- Define SimpleSrpmBuild for tests that only need an SRPM
- Add unicode test cases covering rpmSpecBuild() failures
rpminspect-1.7
General release and build process changes:
- Update the spec file template
- Drop mkrpmchangelog.sh use for Copr builds
- Remove mkrpmchangelog.sh from the source tree
- Increment version to 1.7
- s/.gz/.xz/ in .copr/Makefile
- Additional Copr build fixes
- Adjust %autosetup line for Copr builds
- Fix output formatting in utils/mkannounce.sh
- Add libicu-devel as a BuildRequires in the spec file
- Add some additional comments to the Makefile
- Add 'MIT' to the project license string
Config file or data/ file changes:
- Add a new 'macrofiles' section to the config file
- Quote forbidden Unicode code points in generic.yaml
- Comment fixes for the 'unicode' section in generic.yaml
Changes to the GitHub Actions CI scripts and files:
- Install the rust package on Alpine Linux
- Add 'cargo' to the reqs.txt list for Alpine Linux
- Install rustc and cargo on all systems now for Python cryptography
- Make sure Fedora CI instances have 'libicu-devel' installed
- Make sure ICU is installed for Extra CI targets
- Disable the Alt Linux job in Extra CI for now
- Enable Alt Linux, disable CentOS 7 in Extra CI
- Set LANG=en_US.UTF-8 when running the test suite
- icu -> icu-dev in reqs.txt for Alpine Linux
- Rename 'x86_64' job category to 'linux'
rpminspect(1) changes:
- Call load_macros() and rpmFreeMacros() from rpminspect
Documentation changes:
- Add CHANGES.md file summarizing changes per release
General bug fix in the library or frontend program:
- Fix small memory leak in macros.c
- Call rpmFreeMacros() after the disttag inspection runs
- TryExec= line parsing for .desktop files
- Remove unnecessary assert() on fname in match_fileinfo_mode
- Do not report 'OK' result in emptyrpm for expected empties
- addedfiles requires a before and after build
- Minor improvement to the text in REMEDY_ADDEDFILES
- Correctly match debuginfo trees to subpackages
- Simiply the copytree() function to remove malloc errors
- Remove unnecessary '()' from function names in error messages
- Allow exitcode parameter to be NULL in run_cmd_vpe()
- Non-zero exit from desktop-file-validate is an error
- Use realloc() instead of reallocarray()
- Remove incorrect free() call in inspect_unicode.c
- Set seen and globalresult in inspect_unicode.c
- Use a long int for linenum and colnum in inspect_unicode.c
- Comment clarification in include/constants.h
- Support rpm < 4.15.0 in the unicode inspection
- Fallback on fedora_name only if the _abbrev fields are empty
librpminspect feature or significant change:
- Support %autorelease and other macros in disttag inspection
- Check subpackages when running the 'desktop' inspection
- Support standard system icons in the 'desktop' inspection
- In 'annocheck', report the commands and exit codes
- Add list_add() to listfuncs() in librpminspect
- Use fork()/execvpe() in runcmd.c instead of popen()
- Modify inspect_annocheck.c to use run_cmd_vpe()
- Allow an optional subdirectory on run_cmd() and run_cmd_vpe()
- Use the new run_cmd_vpe() API in 'abidiff' and 'kmidiff'
- Update all run_cmd() calls to the new API
- Add load_macros() function to macros.c
- Remove code from inspect_disttag.c that's in load_macros()
- Introduce mime_type() function in magic.c
- Change UChar usage to UChar32
- Expand dump_cfg() for the -D debug mode output
- Use u_strchr32() when searching for forbidden code points
- Improve reporting in unicode with prep_source() fails
New inspections or inspection changes (not bug fixes):
- Add the 'unicode' inspection to check source code
Test suite commits:
- Collect subpackages when performing Koji build tests
- Remove musl special handling in test_abidiff.py
- Remove unused 'import subprocess' from test_abidiff.py
- Get the tearDown() functions all working correctly
- Begin test_unicode.py with unicode inspection tests
- Complete test_unicode.py and use different example code
- Add additional known bad unicode test cases
rpminspect-1.6
General release and build process changes:
- Expand determine-os.sh to detect Crux Linux and Alt Linux
- Add %find_lang to the package spec file
Changes to the GitHub Actions CI scripts and files:
- Support older libraries on CentOS 7
- Define OPENSSL_VERSION to 0 if it's undefined
- Initial set of changes for Alpine Linux
- Python black formatting fixes
- Install epel-release in pre.sh on centos7
- Pass CRYPTOGRAPHY_DONT_BUILD_RUST=1 to pip on centos7
- Add AlmaLinux 8 to the GitHub Actions extra-ci job
- Restore previous centos7 pip and setuptools behavior
- Add almalinux handling to extra-ci.yml
- s/dnf/yum/g in pre.sh for centos7
- Add an i386 job to extra-ci.yml
- Try using i386 command for the i386 jobs
- Install util-linux for /usr/bin/i386
- Just handle i386 build in the qemu job
- Fix 32-bit builds and add Fedora i686 CI targets
- OS_SUBDIR clean up in the Makefile
- Fixed typo in the Makefile
- Need libffi-devel even for i686 builds
- Set 32-bit build flags in ci.yml
- Fix installing libffi-devel on i686 jobs
- Add Rocky Linux 8 to the Extra CI job collection
- Fix name of Rocky Linux Docker image
- Add missing Amazon Linux CI files
- Amazon Linux lacks glibc-devel.i686, so disable some tests
- Python flake8 and black formatting fixes
- Install tar before git task on amzn
- Correct Amazon Linux name in extra-ci.yml
- Add Mageia Linux to Extra CI
- Must use dnf on Mageia Linux, not yum
- clamav-dd -> clamav-db on Mageia Linux
- Ignore top level docs in CI jobs
- Add Alt Linux coverage to Extra CI
- Remove /usr/lib/rpm/shell.req on Alt Linux
- Remove forced RPMTAG_VENDOR value on Alt Linux
- Install gcovr via pip for Alt Linux
- Add Oracle Linux 8 to the extra-ci collection
- Fix syntax error in utils/determine-os.sh
- Output "oraclelinux" instead of ${ID} for Oracle Linux
- Disable fedora:rawhide in ci.yml
- Support Alt Linux p10 (platform 10)
- Add openEuler Linux 20.03 to the extra-ci collection
- Fix openEuler detection in utils/determine-os.sh
- ShellCheck fixes for determine-os.sh
- Run extra-ci jobs for changes to utils/ files
- Disable openEuler 2.0 in extra-ci
rpminspect(1) changes:
- Handle SIGWINCH in the download progress bar display
- Use sigaction() instead of signal() in rpminspect(1)
- Discontinue realpath() call on argv[0
- Honor -T/-E correctly even with security-focused checks
- Fix the progress bar display problems for '-f -v' mode.
Documentation changes:
- Update the AUTHORS.md file
- Drop mention of LibreSSL from README.md
- Add readthedocs rst source files
- Update translation template
- Link to generic.yaml from configuration.rst
- Mention readthedocs.io in README.md
- Update list of CI Linux distributions in README.md
General bug fix in the library or frontend program:
- Only look at RPMTAG_SOURCE entries for removed sources
- Remove unnecessary empty list check in inspect_upstream.c
- Ignore noarch packages in the 'arch' inspection
- Drop all HEADER_* defines, switch to NAME_* (#397)
- desktop: demote as INFO a missing Exec w/ TryExec (#395)
- Add 'types' block support for the config file (#404)
- Check return code of yaml_scan_parser()
- Use a simpler and correct regexp for the disttag inspection (#412)
- Translate some additional warning messages
- Use cap_compare() when comparing file capabilities (#410)
- Skip .spec files in the types inspection
- Description and Summary changes are reported as INFO
- Fall back on full license name if there are no abbrevs
- Follow-on to the license inspection changes for fedora_name
- Ignore "complex" spec file macros in get_macros()
- Fix a lot of xmlrpc-c memory leaks in builds.c
- Support the legacy libcurl API in librpminspect
- Fix SIGSEGV caused by misplaced xmlrpc_DECREF() call
- Adjust where the 'good' bool is set in the emptyrpm loop
- Slight code reformatting in inspect_disttag.c
- Read file capabilities from the RPM header
- Size origin_matches at 3 rather than 1.
- Non well-formed XML fails xml, but invalid is info
- Handle DT_RUNPATH/DT_RPATH owned directories correctly
- Convert the security rules from a hash table to a list
- Ensure the annocheck inspection behaves for build comparisons
librpminspect feature or significant change:
- Add list_contains() to librpminspect
- Skip source packages in 'emptyrpm'
- desktop: factor check for Exec
- desktop: factor check for Icon
- desktop: reset severity/waiverauth before add_result()
- Add debugging output to the YAML config parsing code
- Support relative ignore globs (#404)
- Report new patches at the INFO level only
- Allow directories owned by the build in 'runpath'
- Always run inspections with possible security results
- Define security_t and secrule_t in librpminspect
- Add strshorten() to strfuncs.c
- Add libcurl download progress bars for 'rpminspect -v'
- Document the escape sequences used for the progress bar
- Replace get_header_value() with get_rpm_header_value()
- Remove get_cap() function and fix test_ownership.py
- Add security rule reading code to librpminspect
- Removed RESULT_WAIVED from severity_t
- Improve remedy reporting to tell users what data file to edit
- Improve permission and ownership reporting strings w/ fileinfo
- Properly override config file blocks in subsequent reads
- Move match_path() and ignore_path() to paths.c
- Set OPENSSL_API_COMPAT in lib/checksums.c
- Add product security workflow functions and test cases
- Product security workflow enhancement for SECRULE_SECURITYPATH
- Product security workflow handling for SECRULE_MODES
- Product security workflow handling for SECRULE_CAPS
- Product security workflow handling for SECRULE_SETUID
- Product security workflow handling for SECRULE_WORLDWRITABLE
- Product security workflow handling for SECRULE_EXECSTACK
- Product security workflow handling for inspect_elf.c
- Do not warn if RPM header is missing a tag
- Suppress debug output for the config file parsing by default
New inspections or inspection changes (not bug fixes):
- Output new 'diagnostics' section in rpminspect report (#280)
Test suite commits:
- Python black fixes for baseclass.py
- Update unit tests for removal of RESULT_WAIVED
- Modify the 'ownership' tests for old rpm releases and non-root
- Increase test suite timeout to 900
- Support really old versions of RPM (4.0.4) and Alt Linux
rpminspect-1.5
General release and build process changes:
- Generate regular changelog in utils/srpm.h
- Skip branches without targets in submit-koji-builds.sh
- Simplify the utils/determine-os.sh script
- Fix $(OS) check in the Makefile
- BuildRequires libmandoc-devel >= 1.14.5
Config file or data/ file changes:
- Add commented out per-inspection ignore blocks
-Note all regular expression settings use regex(7) syntax - Note size_threshold can be the keyword ‘info’
Changes to the GitHub Actions CI scripts and files:
- Fedora and CentOS systems in ci need ‘diffstat’
- opensuse-leap CI job requires ‘diffstat’
- Fix the Debian CI jobs in GitHub Actions
- Fix and enable the Ubuntu extra-ci job in GitHub Actions
- Use ‘pip’ instead of ‘pip3’ for the Ubuntu command
- Use ‘apt-get -y install’ in ubuntu’s pre.sh
- Enable the opensuse-tumbleweed GHA job again
- Make sure the Gentoo GHA job has ‘diffstat’
- Get the Arch Linux GHA job working again
- Use ubuntu:latest for the ubuntu GHA image
- Fix the ubuntu GitHub Actions extra-ci job
- Make sure the centos8 job has git available before cloning
- Install cpp-coveralls using pacman on Arch Linux
- Install cpp-coveralls using pip on Arch Linux
- Install cpp-coveralls in pre.sh on Arch Linux
- Install required Python modules in pre.sh on Arch Linux
- Do not upgrade pip on Arch Linux, go back to using pip.txt
- Do not run ‘apt-get update’ as a second time on Debians systems
- Update the OpenSUSE Tumbleweed files, but disable it anyway
- Manually install mandoc on centos7 for now
rpminspect(1) changes:
- Allow any number of builds specified for fetch only mode
- Fix fetch only mode download directory
- Do not crash with the -c option specifies a non-existent file
- Remove what working directories we can
Documentation changes:
- Update license table in README.md
- Update GitHub Action status badges in README.md
- Update TODO list
General bug fix in the library or frontend program:
- Use llabs() instead of labs() in the filesize inspection
- Improve ‘has invalid execstack flags’ reporting
- Use long unsigned int to report size changes in ‘patches’
- Fix some errors in the changedfiles inspection
- Check DT_SONAME in is_elf_shared_library()
- Skip debuginfo and debugsource files in abidiff
- Report INFO level for patches findings by default
- Handle old or broken versions of libmagic in ‘changedfiles’
- Use json_tokener_parse_ex() to get better error reporting
- Fix reading of the javabytecode block in the config file
- Catch missing/losing -fPIC correctly on .a ELF objects (#352)
- Refactor elf_archive_tests() and its helper functions
- Followup fix for find_no_pic, find_pic, and find_all
- Drop DEBUG_PRINT from source generated by pic_bits.sh
- Clean up the config file section reading code
- Perform symbolic owner and group matching in ‘ownership’ (#364)
- Restrict download_progress() to systems with CURLOPT_XFERINFOFUNCTION
- Report annocheck failures correctly in librpminspect.
- Call mparse_reset() before mparse_readfd()
- Ensure ctxt->lastError.message is not NULL before strdup (#382)
- Handle corrupt compressed files in ‘changedfiles’ (#382)
- Correctly find icons for desktop files in subpackages (#367)
- Followup to the Icon= check in the desktop inspection (#367)
librpminspect feature or significant change:
- Change strappend() to work as a variadic function
- Define inspection_ignores in struct rpminspect
- Add add_ignore() to init.c
- Stub out libcurl download progress callback function
- Read per-inspection ignore lists from the config file.
- Implement per-inspection path ignore support (#351)
- Allow ‘size_threshold: info’ in the config file (#261)
- Check ignore list in ‘files’ for path prefixes to ignore (#360)
- Support a list of expected empty RPMs in the config file (#355)
- Disable debugging output for the ignore lists in init.c
- Drop debugging output in the ‘xml’ inspection
Test suite commits:
- Update the ‘changedfiles’ test cases
- Make sure abidiff test cases add a DT_SONAME to the test lib
- Update the test/test_patches.py cases for patches changes
- The lost PIC tests need to invoke gcc with -fno-PIC
- Make sure brp-compress is disabled in test_manpage.py
rpminspect-1.4
General release and build process changes:
- Trim git commit summary prefix from changelog lines
- Recommend or Require libabigail >= 1.8.2
- Enable werror=true and warning_level=3 in default_options
- Improve mkannounce.sh to handle stable and devel releases
Changes to the GitHub Actions CI scripts and files:
- Restrict style checks to specific directories
- Adjust lib/meson.build for Fedora rawhide
- Drop gate.yml and begin non-x86_64 arches in ci.yml
- Add armv7, aarch64, and s390x to the other_arches job
- Modify file triggers and matrix use in ci.yml
- Split 32-bit osdeps out to post.sh scripts in osdeps/
- Split style.yml in to shellcheck.yml and python.yml
- Rewrite extra-ci.yml to use the matrix strategy method for GHA
- Move the emulated CI jobs to extra-ci.yml
- s/pkg/pki/ for the centos jobs
- Debian and Ubuntu fixes for CI
- Python pip on Debian is called pip
- Try to fix just debian:stable
- Enable debian:testing in extra-ci.yml
- Enable centos8 in extra-ci.yml again
- Enable centos7 in extra-ci.yml again
- Enable opensuse-leap and gentoo in extra-ci.yml again
- Run each test script individually on emulated targets
- Try a different syntax for the emulated matrix jobs
- Install s390 glibc headers on s390x fedora systems
- Add stretch and buster to the emulated targets list
- Drop Debian buster from the emulated targets
- Install gcc-multilib only on Debian x86_64 and s390x systems
- libc-dev:i386 -> libc6-dev:i386
- Disable Debian targets in extra-ci temporarily
- s/AUR/git/g in osdeps/arch/post.sh
Documentation changes:
- Update TEST_METADATA status in TODO and MISSING
General bug fix in the library or frontend program:
- Handle compressed but otherwise empty man pages (#308)
- Correct misuse of entry with hentry variables (#321)
- Use hentry->key over hentry->value in pathmigration
- Change init.c error reporting over to err/warn functions
- In read_cfgfile(), keep track of block depth correctly (#329)
- A few more yaml parsing fixes for block vs group
- Report libclamav version and CVD versions (#258)
- Ensure first argument of warn(3) is a format string.
- Get rid of invalid free() in get_product_release()
librpminspect feature or significant change:
- Migrate more code off hsearch and to uthash
- Replace hsearch() with uthash in the kmod inspection
- Replace hsearch() with uthash in the abidiff inspection
- Change tsearch/twalk use to uthash
- Finish normalizing all the error reporting statements
- Add inspection_id() to librpminspect
New inspections or inspection changes (not bug fixes):
- Report the program version number in the results (#309)
- Disable broken ELF heurisitic and size limit in libclamav
- Modify dump_cfg() to write valid YAML to stdout (#306)
Test suite commits:
- Flake8 fixes for test_manpage.py
- s/self.rpm/self.after_rpm/ in two test_manpage.py tests
- Detect 32-bit and musl presence in test_elf.py
- Skip lost -fPIC tests if gcc lacks -m32 support