Navigation:
Browse pkgsrc
(this page) 2020-06-29 15:06:51 by Thomas Klausner | Files touched by this commit (2) |  |
Log message:
cppcheck: update to 2.1.
2.1
This is a minor release.
We have tweaked build scripts.
* When you use USE_Z3=yes, we will handle new versions of z3 better.
If you have an old z3 library and get compilation problems you will
need to add a z3_version.h in externals.
* The cmake scripts were updated.
There was a couple of bug fixes.
New check:
* for "expression % 1" the result is always 0.
2.0
Overview
The command line is not changed drastically. Your old cppcheck
scripts should work as before.
Compiling: There is a new dependency Z3. When compiling with the
Makefile it is highly recommended to use "USE_Z3=yes".
Improved clang-tidy integration
Several fixes to;
improve parsing detect more bugs with existing checks fix false
alarms
Clang import
Clang is a C/C++ compiler that has a very robust and well made
parser.
Cppcheck will always use its internal parser by default. However
there is now an option to use the Clang parser instead.
It is recommended that you use the default internal Cppcheck parser
unless you notice that it fails to parse your code properly (syntax
errors, strange false alarms). Bug hunting
There is a new "soundy" analysis in Cppcheck that should detect
most bugs. You should expect false alarms, however the false alarms
will not be overwhelming.
This new "soundy" analysis is not intended to replace normal Cppcheck
analysis. There are use cases where false alarms can not be tolerated.
We have added 1 checker and that checks for division by zero:
It detects all "integer division by zero" bugs in the Juliet
test suite.
It detects all "division by zero" bugs in the ITC test suite.
There was 28 division by zero CVEs published in 2019 for C/C++
open source projects, and we could quickly see that 21 of the
bugs are found by Cppcheck. There is no CVE bug that we know
Cppcheck fails to diagnose. But there are 7 CVEs that would
require additional investigation to establish if it is really
detected or not.
You can read more about this analysis in the "Bug hunting" chapter
in the manual.
|
| 2020-06-23 22:46:50 by Thomas Klausner | Files touched by this commit (1) | |
Log message: cppcheck: update to 1.90nb2. The tinyxml2 override (to use the pkgsrc version) stopped working. Having both the pkgsrc version and the included copy used in the build made cppcheck dump core. Stop using the pkgsrc version since patching the build system to avoid using the included copy is a lot of effort. |
| 2020-06-02 10:25:05 by Adam Ciarcinski | Files touched by this commit (1689) |
Log message: Revbump for icu |
| 2020-04-16 23:50:36 by Thomas Klausner | Files touched by this commit (3) | |
Log message: cppcheck: update to 1.90. Based on wip/cppcheck by Apurva Nandan. Cppcheck-1.90 has been released. New check: * alias to vector element invalid after vector is changed Improved checking: * improved value flow analysis for struct members * improved value flow analysis for pointer alias CERT: * Added ENV33-C: Do not call system() MISRA: * Added rule 2.7 * Added rule 3.2 * Added rule 4.2 * Added rule 14.2 * Added rule 21.1 * Added rule 21.12 Addons: * Add --recursive option. You can check dump files recursively. |
| 2020-04-12 10:29:21 by Adam Ciarcinski | Files touched by this commit (956) | |
Log message: Recursive revision bump after textproc/icu update |
| 2020-03-10 23:11:24 by Thomas Klausner | Files touched by this commit (1681) | |
Log message: librsvg: update bl3.mk to remove libcroco in rust case recursive bump for the dependency change |
| 2020-03-08 17:51:54 by Thomas Klausner | Files touched by this commit (2833) |
Log message: *: recursive bump for libffi |
| 2020-01-26 06:26:29 by Roland Illig | Files touched by this commit (189) |
Log message: all: migrate some SourceForge homepage URLs back from https to http https://mail-index.netbsd.org/pkgsrc-changes/2020/01/18/msg205146.html In the above commit, the homepage URLs were migrated from http to https, assuming that SourceForge would use the same host names for both http and https connections. This assumption was wrong. Their documentation at https://sourceforge.net/p/forge/documentation/Custom%20VHOSTs/ states that the https URLs use the domain sourceforge.io instead. To make the homepages from the above commit reachable again, pkglint has been extended to check for reachable homepages. This check is only enabled when the --network command line option is given. Each of the homepages that referred to https://$project.sourceforge.net before was migrated to https://$project.sourceforge.io (27), and if that was not reachable, to the fallback URL http://$project.sourceforge.net (163). |
| 2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046) |
Log message: all: migrate several HOMEPAGEs to https pkglint --only "https instead of http" -r -F With manual adjustments afterwards since pkglint 19.4.4 fixed a few indentations in unrelated lines. This mainly affects projects hosted at SourceForce, as well as freedesktop.org, CTAN and GNU. |
| 2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836) |
Log message: *: Recursive revision bump for openssl 1.1.1. |
New packages: