check-all-the-things (2017.05.20+nmu1)
[PTS] [DDPO]
ERROR:
- Git: https://anonscm.debian.org/git/collab-maint/check-all-the-things.git
-
- Branch: master
- Path: debian/changelog
- Repo size:
- Browser: https://anonscm.debian.org/cgit/collab-maint/check-all-the-things.git
- Last scan: 2023-06-02 14:58:04+00
- Error: fatal: repository 'https://anonscm.debian.org/git/collab-maint/check-all-the-things.git/' not found
- Next scan: 2023-06-03 16:05:00+00
- Debian changelog in Git:
check-all-the-things (2017.05.20) unstable; urgency=medium
* New release.
- The "Check Things Securely Yet Again" release
- Support BSD versions of the find command
- Support running in more types of terminals/places
- Support running commands in other dirs for safety
- Support properly disabling flags/checks
- Disable remarks about already disabled checks
- Update documentation, TODO items and URLs
- Print remarks more nicely in certain situations
- Print filenames and line numbers where possible
- Flag checks:
+ dangerous - rpmlint ocaml-lintian
+ run-in-tmp-dir - luacheck puppet-lint epubcheck erl-tidy
+ fixme-silent - flawfinder gettext-lint-* luacheck hlint
+ network - cme-check-dpkg
+ manual - gettext-lint-spell
- Fix complexity - prevent arbitrary code execution
- Fix perlcritic - disable code execution, only run when perl present,
increase verbosity to be more useful
- Fix clang-tidy regression from version 2016.06.29
- Fix zzuf - incorrect path matches
- Fix yamllint - incorrect find argument grouping
- Fix ELF & Perl checks - add MIME types
- Fix grep checks - use short options for portability
- Fix xapian-check - crash due to use of format strings
- Fix uudecode - include filenames in command-line
- Fix insecure-recv-keys - typo in regex
- Fix appstreamcli - unknown command-line option
- Fix m64-m32 - reduce false positives
- Fix gettext-lint-spell - add missing dependency, drop *.pot
- Fix afl - check it is installed properly
- Fix embed-dirs - add inc/ dirs for Perl packages
- Add podchecker - check Perl POD documentation
- Add pscan - check C printf format strings
- Add leaktracer - check programs for memory leaks
- Add tmperamental - check programs for tmpfile issues
- Add govet - report suspicious Go source code
- Add golint - report Go source code lint
- Add goimports - check missing/unused Go import lines
- Add rubocop - check Ruby code against Ruby Style Guide
- Add roodi - check Ruby code for design issues
- Add gendarme - check Mono/.NET ECMA CIL files
- Add make-phony - find misspelled .PHONY targets
- Add mypy - check Python static typing hints
- Add pyroma - check Python packaging quality
- Add bandit - check Python security quality
- Add dodgy - check dodgy lines in Python code
- Add vulture - check for dead Python code
- Add pycodestyle - check Python code style
- Add pydocstyle - check Python documentation style
- Add proselint - check for English prose issues
- Add chktex - check typographic errors in LaTeX docs
- Add fitscheck/wcslint/volint - FITS/VOTable files
- Add putty-private-key & openssh-private-key-rsa1
- Remove ghc-mod - just a wrapper for hlint
- TODO items for wtf flake8-plugins xpi-addons-linter
go-fix libdetectcoll sha1collisiondetection giffix
haxelint dockerlint dockerfile_lint dockerfile_checker
truffleHog pyt chap Devel::Plumber
-- Paul Wise <pabs@debian.org> Sat, 20 May 2017 17:33:18 +0800
- This branch is 56 commits ahead of tag check-all-the-things-2017.05.20
- Git log:
commit e4c3cd189944e675946b77eceac18dfd486f070c
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Fri May 25 12:40:06 2018 +0800
Rename perl-bug-588017 flag to perl-inc-cwd-bug flag
The bug number is Debian-specific but
all distributions of perl have the issue.
Also reword the related comments to be less Debian-specific.
commit 40ddaa12924479fddf4d768b8dd629b49430874d
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Fri May 25 13:18:51 2018 +0800
Rename apt-suggests flag to debian-suggests
The flag is only used when setting Debian substvars
rather than on all distributions that use apt.
commit e42b4f2a039b2a26a8d8c7db7f3c52d421317cd4
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Fri May 25 12:25:04 2018 +0800
Rename apt dependencies to debian dependencies
It could be useful to differentiate between Debian and
apt-based distributions that are not Debian derivatives.
commit ef980c0836ab5dca19b95a09415226bad6d3017d
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 18:02:16 2018 +0800
Add TODO items for yapf/rustfmt/prettier
These are code formatters for Python, Rust and other languages.
commit 9881ef6e91135876f8f31940c832763d059ec01a
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:57:06 2018 +0800
Check MANIFEST.in files for completeness using check-manifest
This runs code from the current directory so it is potentially dangerous.
commit ca3b862b59c9602d38b77c48a9b9d052d0253f7b
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:55:28 2018 +0800
Pass /dev/null as the cache dir for mypy.
Prevents mypy from modifying the current directory.
commit 24a1db6a8c9a015372e0534c4193136e70218bc3
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:54:19 2018 +0800
Flag directories named 'externals' as containing embedded code copies
The non-plural version of this 'external' is already detected.
commit 62401c36a44563bb5e6ed8934c91ef310f3f068c
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:52:54 2018 +0800
Do not check editor swap files for UTF-8 compliance
These are binary files not text files.
commit 438ffde9de47a07b3ce5659c7472951e25f00635
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:50:58 2018 +0800
Do not check web fonts for UTF-8 compliance
These are binary files not text files.
commit 6c0f30cde82830a66790810ea29a66909bb40c2d
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:49:35 2018 +0800
Add TODO item for checking manual pages with man
Command-from: lintian
commit daa9f033d716589dead91a93bac43b0cec44586a
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:48:26 2018 +0800
Check GSettings XML schema files with glib-compile-schemas
commit 440b6f61f18166504d03b04a731467195642397d
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:45:51 2018 +0800
Add TODO item for glyphcheck
Detects malicious homoglyphs in Go source code
commit 80b5a328dbe051ed1cfa173cc620511b122ab395
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:44:58 2018 +0800
Add TODO items for some more spellcheckers
commit a83b6d15d94d5b52703f2396e1a1c11aa7bc77de
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:44:36 2018 +0800
Add TODO item for ShlibVisibilityChecker
Checks for symbols with inflated visibility.
Found-in: <CAJOtW+6rZ3cv0R6__xSqeHAoKBim41YHk1TZyBm0B9nhamhdHg@mail.gmail.com>
commit 10a2b5ef663c3019cf2da84bd71bd18f587db44c
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:42:42 2018 +0800
Add TODO item for empty-argv-segfault-check
Checks for ELF binaries that crash with a weird argv array.
commit c8ed7f7b96d8c14342fab3e539f8b3f833e9aceb
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:41:13 2018 +0800
wrap-and-sort: switch to using dry-run mode
devscripts 2.18.2 added a mode that does not modify any files.
devscripts 2.18.3 will make that usable without verbose mode.
Copy the old definition to Debian stretch overlay.
See-also: https://bugs.debian.org/808574
commit 2eee957d1b8c7f0cebfbd26e980bdba491a6642c
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:25:35 2018 +0800
Add TODO item for lizard compression format
commit bd0c0da29f7b0ba9fcca39051802f16bec554711
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:16:48 2018 +0800
Add TODO item for slowness
Finds C++ header files that are slow to compile.
commit 0b9cd599f08364aef925773b70c209d9c4f9d3d8
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:14:29 2018 +0800
Add *.cl to the list of file types checked by cppcheck
The upstream code checks these files.
commit ee6949db2cc068ef0ee0585ed6660a3da7808e05
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:13:55 2018 +0800
Update URL to cppcheck lib/path.cpp file
Use the upstream location instead of the Debian one for
more distro-neutrality and up-to-date-ness.
sources.debian.net was renamed to sources.debian.org.
sources.debian.org doesn't yet support 'latest' versions in download URLs.
commit 9f07d032d4dc0bafc19f0cbd0dac6c5205168c92
Author: Paul Wise <pabs3@bonedaddy.net>
Date: Mon May 21 17:04:42 2018 +0800
Update clang-check apt dependencies
clang-check moved from clang to clang-tools recently.
commit 5ebe52dac5704ecdf21379721ddfed49ebd5ec4b
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Thu May 17 18:14:34 2018 +0200
TODO: Add tidypy as source of new checks
commit 2e54a773c0dbc64a5ec45b79f9b1d15847114ca8
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Sat Apr 14 12:20:50 2018 +0200
Document Alioth -> GitHub migration
commit 0cb3f7ebe60a883b19d7db2f889bc00c4932dd02
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Fri Apr 13 12:49:14 2018 +0200
Add files for jlint
commit 9457585046d43018a82f0a2c7d7f8e643d5d12f2
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Tue Apr 3 17:07:53 2018 +0200
Update font embedding licensing URL
commit 5bc7371aaa006919cc550dce971bf47101517775
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Tue Apr 3 17:07:50 2018 +0200
Use HTTPS for udrepper.livejournal.com
commit 2df7f590b5db9add7d499525de5fa0adf66dd15d
Author: Paul Wise <pabs@debian.org>
Date: Mon Mar 26 12:56:28 2018 +0800
Always pass the all/disable arguments to FlagSelectionAction
The -a/--all option was broken by the addition of unknown flag checking.
Fixes: commit 91aa1ff809cd2cbd6c36dfe07cdd6724f0a64c5f
commit 3bab5dd39189ec6f449b0294e6be70b185183ba1
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Sat Feb 24 16:55:32 2018 +0100
Enable doc8
Marked as fixme-silent because it prints:
Scanning...
Validating...
========
Total files scanned = 1
Total files ignored = 0
Total accumulated errors = 0
Detailed error counts:
- CheckCarriageReturn = 0
- CheckIndentationNoTab = 0
- CheckMaxLineLength = 0
- CheckNewlineEndOfFile = 0
- CheckTrailingWhitespace = 0
- CheckValidity = 0
commit e5cf46914397c6d9e3c2580f18854a4e7180f79d
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Sat Feb 24 16:02:38 2018 +0100
Enable rst-lint
Marked as fixme-silent because it prints:
INFO File test.rst is clean.
commit fe1f4b815e6e149530c2db5987b44471341bc98c
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Mon Feb 5 21:12:18 2018 +0100
Update URL for CII Best Practices Badge
commit f8916923bac08d568e0adffd021d4f30201dc393
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Mon Feb 5 21:09:21 2018 +0100
Update URL for rust-clippy
commit 8a15ffc7949b54a9b2ac7306d8c397a68f6e836c
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Mon Feb 5 21:09:11 2018 +0100
Update URL for php-grinder
commit 7517c5be989fe1c2eadb1e7f024555c49f73c72c
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Mon Feb 5 21:08:50 2018 +0100
Update URL for js-standard
commit 5d01a8d67b9d7d582f51174b416625af7e210c24
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Mon Feb 5 21:07:49 2018 +0100
Update URL for hadolint
commit 7a2726cd796b5ce62e152a5ee40b33f8d4aaaa1b
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Mon Feb 5 21:07:33 2018 +0100
Update URL for tis-interpreter
commit fb3430dbb9047b59ad66ddb81c54c207c5b8701f
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Sun Jan 14 18:48:31 2018 +0100
Update my copyright notices
commit 6fc9c862924c87d6d19d38abff1ffea261b72eaa
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Thu Jan 4 23:05:37 2018 +0100
which() for Python 3.2: fall back to os.defpath if PATH is unset
commit 42c2ac75dfe8764fdcf4ab89686d18a8a39d4866
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Mon Sep 25 18:33:55 2017 +0200
Don't use empty subexpressions for "grep -E"
Fixes:
$ grep -nHrE '(wget|curl).*\|( *sudo)? *(ba|z|)sh' .
grep: empty (sub)expression
on OpenBSD.
commit 0e8fc250002537db0f9e318f33d6c33f1da3d59e
Author: Paul Wise <pabs@debian.org>
Date: Tue Sep 19 09:55:12 2017 +0800
Add TODO items for phpstan and psalm
Found-in: https://news.ycombinator.com/item?id=15278151
commit 8b6f78250407dfb72b80f2b26db6917d0f0ab83c
Author: Paul Wise <pabs@debian.org>
Date: Tue May 9 09:17:36 2017 +0800
Use {cwd} instead of . in all commands
Allows running all checks from an empty temporary directory but
still referring to the directory cats itself is run from.
commit 683ec01ea2552658d371cab159728cab02d5b936
Author: Paul Wise <pabs@debian.org>
Date: Fri Sep 15 17:08:05 2017 +0800
GFA: add TODO item for gfapy-validate
commit 6cdee0a336658abeb74e91c2a8553704d5edabbf
Author: Paul Wise <pabs@debian.org>
Date: Fri Sep 15 17:06:22 2017 +0800
QML: add TODO items for qmllint and xmlpatternsvalidator
commit d406eb385523b78bdc18d6487b0540eb5783216e
Author: Paul Wise <pabs@debian.org>
Date: Fri Sep 15 17:05:06 2017 +0800
ansible-lint: set apt deps, files and command since it is in Debian
commit fd370d8f72e8450c0e86d1e5e4cfd87a522f5b6b
Author: Paul Wise <pabs@debian.org>
Date: Fri Sep 15 17:03:29 2017 +0800
C: add TODO items for coccinelle, DR.CHECKER, RATS
commit d56f529ab9e96c180c095cf265a951758a9c1291
Author: Paul Wise <pabs@debian.org>
Date: Fri Sep 15 17:02:28 2017 +0800
Go: add TODO item for errcheck
commit 9c28b610864b01514830f9f96ac5a2e6b9db4951
Author: Paul Wise <pabs@debian.org>
Date: Fri Sep 15 16:57:50 2017 +0800
splint: switch from -standard to -strict
The -strict option is the most comprehensive option for splint.
commit 206c4ac7f82225c2d717cb332cdddbf3e864c553
Author: Paul Wise <pabs@debian.org>
Date: Fri Sep 15 16:55:47 2017 +0800
lz4-test: add lz4 to the apt dependencies
liblz4-tool was renamed to lz4 in 1.8.0-1 in Debian experimental.
commit 9cceca18a6058b5c6d773722c6546848d8d254fd
Author: Paul Wise <pabs@debian.org>
Date: Fri Sep 15 16:54:40 2017 +0800
hardening-check: add devscripts to the apt dependencies
devscripts 2.17.10 adopted the hardening-check script from
hardening-includes, which got removed from Debian.
commit df538fd180d62bdd1c5bc1b28d1d63bb5ed2d952
Author: Paul Wise <pabs@debian.org>
Date: Tue Jun 27 13:10:11 2017 +0800
Check the syntax of shell scripts using more shells
This may help to increase the portability of shell scripts.
Inspired-by: https://github.com/duggan/shlint/
commit 82a8f29c1534edf96e9411e694733ef35e71af7f
Author: Philippe Thierry <phil@reseau-libre.net>
Date: Thu Jun 15 19:36:04 2017 +0800
Check C code using splint
Closes: https://bugs.debian.org/864812
commit 80f1312fc745f73e041225eddbac70cdf2bd7530
Author: Paul Wise <pabs@debian.org>
Date: Thu Jun 15 12:28:24 2017 +0800
Scan all files for malware using clamdscan
Use clamdscan instead of clamscan because it is faster.
Add clamav-daemon to the apt dependencies because clamscan
only suggests clamav-daemon instead of recommending it,
so adding our own recommends makes it more likely that
the test will work at runtime on developer systems.
Use the --fdpass option to prevent errors on umask 077 systems.
Use --infected --no-summary options to print no output for normal files.
See-also: https://bugs.debian.org/864800
commit 4b8c043f2bd9b5a70742529f967d1a05d85df9f3
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Wed Jun 7 16:45:45 2017 +0200
Update markdownlint URL
commit 4bd4dc9fd4a9b6353934fab1d314ff56ec7f2deb
Author: Paul Wise <pabs@debian.org>
Date: Wed Jun 7 16:25:29 2017 +0800
Drop TODO item about glib g_spawn_command_line* functions
These functions do not use the shell after all.
commit 930d771a8f234603b00806c1cbddf138f4ebdf81
Author: Paul Wise <pabs@debian.org>
Date: Wed Oct 26 09:50:05 2016 +0800
Switch from vim dosini modelines to ini file extensions
This should not affect vim users in any way.
This should be portable to more kinds of editors.
This eliminates manually setting the modelines in every file
and the commits made to add modelines that were forgotten:
commit ee377e5ae51f32b53f43ada22f525c961bcb5b27
commit 904be2b30777252dd716cd0f6dc2d377d1ef9aaf
commit 4e343ff68cf43e76f2327d5519aebec047d6f6b7
commit f4bc1e7483f4b365d89c1b6ea27d477316becf2f
Allow files without ini extensions in $CATS_DATA for backwards compatibility.
commit cac8941ad80a790b6d88c349a033b394df6d5ab6
Author: Paul Wise <pabs@debian.org>
Date: Sun May 28 19:16:15 2017 +0800
Add some extra whitespace
This makes the code more readable and PEP 8.
Changes-by: autopep8
commit ee377e5ae51f32b53f43ada22f525c961bcb5b27
Author: Jakub Wilk <jwilk@jwilk.net>
Date: Sat May 20 14:11:05 2017 +0200
Add vim modelines to data files
