* Wed Dec 20 2023 Dirk Müller <dmueller@suse.com>
- add CVE-2023-39070.patch (CVE-2023-39070, bsc#1215233)
* Thu Nov 09 2023 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Replace disable-some-tests-about-char-signedness.patch with
upstream patch to fix tests on non-x86_64 (such as aarch64):
* eb076d87.patch
* Tue Sep 19 2023 Dirk Müller <dmueller@suse.com>
- update to 2.12.1:
* Support importing projects with project-name
* Thu Sep 14 2023 Dirk Müller <dmueller@suse.com>
- update to 2.12.0:
* uselessOverride finds overriding functions that either
duplicate code from or delegate back to the base class
implementation
* knownPointerToBool finds pointer to bool conversions that are
always true or false
* truncLongCastAssignment and truncLongCastReturn check
additional types, including float/double/long double
* duplInheritedMember also reports duplicated member functions
* constParameter*/constVariable* checks find more instances of
pointers/references that can be const, e.g. when calling
library functions
* Write how many checkers was activated after a run
* Added --checkers-report that can be used to generate a report
in a file that shows what checkers was activated and disabled
* The qmake build system has been deprecated and will be
removed in a future version.
* Command-line option '--template
- update to 2.11:
* pop_back on empty container is UB
* Improve useStlAlgorithm check to handle many more conditions
in the loop for any_of, all_of and none_of algorithms
* ValueFlow can evaluate the return value of functions even
when conditionals are used
* ValueFlow will now forward the container sizes being returned
from a function
* ValueFlow can infer possible values from possible symbolic
values
* Improve valueflow after pushing to container
* The new option --check-level= has been added that controls
how much checking is made by Cppcheck. The default checking
level is "normal". If you feel that you can wait longer on
results you can use --check-level=exhaustive.
* It is no longer necessary to run "--check-config" to get
detailed "missingInclude" and "missingIncludeSystem"
messages. They will always be issued in the regular analysis
if "missingInclude" is enabled.
* "missingInclude" and "missingIncludeSystem" are reported with
"-j" is > 1 and processes are used in the backend (default in
non-Windows binaries)
* "missingInclude" and "missingIncludeSystem" will now cause
the "--error-exitcode" to be applied
* "--enable=information" will no longer implicitly enable
"missingInclude" starting with 2.16. Please enable it
explicitly if you require it.
* The `constParameter` and `constVariable` checks have been
split into 3 different IDs based on if the variable is a
pointer, a reference, or local. The different IDs will allow
users to suppress different const warning based on variable
type.
* `constParameter`
* `constParameterReference`
* `constParameterPointer`
* `constVariable`
* `constVariableReference`
* `constVariablePointer`
* More command-line parameters will now check if the given
integer argument is actually valid. Several other internal
string-to-integer conversions will now be error checked.
* scanning projects (with -j1) will now defer the analysis of
markup files until the whole code was processed
- add werror-return-type.patch to fix false warnings where
gcc can not properly detect the "noreturn" nature of the function
* Tue May 30 2023 Manfred Schwarb <manfred99@gmx.ch>
- test suite quirks:
* Add patch disable-some-tests-about-char-signedness.patch, taken
from Debian, to disable test "TestCondition::alwaysTrueContainer"
which fails on "unsigned char" archs (arm, ppc)
* Run test suite with "-j1", as TestProcessExecutor test is flaky otherwise
* Wed Mar 29 2023 Dirk Müller <dmueller@suse.com>
- switch on Tumbleweed temporarily to gcc 12 to avoid
"allocator_traits<A>::rebind_alloc<A::value_type> must be A"
(as mentioned on https://gcc.gnu.org/gcc-13/porting_to.html)
* Wed Mar 15 2023 Dirk Müller <dmueller@suse.com>
- update to 2.10.3:
* SymbolDatabase: Fix handling of function pointer arguments
* Mon Feb 27 2023 Dirk Müller <dmueller@suse.com>
- update to 2.10.2:
* GUI: Set proper title for compliance report dialog
* GUI: Generate compliance report
* Tokenizer: tweaked simplification of function pointers
Version: 2.10-bp155.1.5
* Tue Jan 31 2023 PragmaticLinux <info@pragmaticlinux.com>
- install files from the addons/ and platforms/ directories - boo#1207806
- correct shebang fix for htmlreport/cppcheck-htmlreport
* Mon Jan 30 2023 Dirk Müller <dmueller@suse.com>
- update to 2.10.0:
* Many improvements and fixes in checkers.
* New check: use memset/memcpy instead of loop
CLI:
* if the file provided via "--file-list" cannot be opened it
will now error out
* add command-line option "--disable=" to individually disable
checks
GUI:
* Detect when installed version is old. There is setting in
Edit/Preferences to turn this on.
* Fix path issue with backslashes
* Cleanup *.ctu-info files after analysis
Build:
* the deprecated Makefile option SRCDIR is no longer accepted
* added CMake option BUILD_CORE_DLL to build lib as
cppcheck-core.dll with Visual Studio
* Wed Dec 07 2022 Dirk Müller <dmueller@suse.com>
- update to 2.9.3:
* various GUI and premium feature handling bugfixes
* Sat Sep 17 2022 Dirk Müller <dmueller@suse.com>
- update to 2.9:
* restored check for negative allocation (new[]) and negative VLA sizes from
cppcheck 1.87 (LCppC backport)
* replaced hardcoded check for pipe() buffer size by library configuration
option (LCppC backport)
* on Windows the callstack is now being written to the output specific via
"--exception-handling"
* make it possible to disable the various exception handling parts via the
CMake options "NO_UNIX_SIGNAL_HANDLING", "NO_UNIX_BACKTRACE_SUPPORT" and
"NO_WINDOWS_SEH"
* detect more redundant calls of std::string::c_str(), std::string::substr(),
and unnecessary copies of containers
* Add a match function to addon similiar to Token::Match used internally by
cppcheck:
* | for either-or tokens(ie struct|class to match either struct or class)
* !! to negate a token
* It supports the %any%, %assign%, %comp%, %name%, %op%, %or%, %oror%, and %var% keywords
* It supports (*), {*}, [*], and <*> to match links
* @ can be added to bind the token to a name
* ** can be used to match until a token
* Add math functions which can be used in library function definition. This
enables evaluation of more math functions in ValueFlow
* Further improve lifetime analysis with this pointers
* Propagate condition values from outer function calls
* Add debug intrinsics debug_valueflow and debug_valuetype to show more
detail including source backtraces
Version: 1.82-bp150.2.5
* Sun Feb 18 2018 aloisio@gmx.com
- Update to version 1.82
Bug fixes:
* Better handling of namespaces
* Fixed false positives
* Fixed parsing of compile databases
* Fixed parsing of visual studio projects
Enhancements
* New check; Detect mistakes when there are multiple strcmp() in
condition
Example:
if (strcmp(password,"A")==0 || strcmp(password,"B")==0 || strcmp(password,"C"))
There is a missing '==0', and therefore this condition is
always true except when password is "C".
* New check; pointer calculation result can't be NULL unless
there is overflow
Example:
someType **list_p = ...;
if ((list_p + 1) == NULL)
The result for '(list_p + 1)' can't be NULL unless there is
overflow (UB).
* New check; public interface of classes should be safe - detect
possible division by zero
Example:
class Fred {
public:
void setValue(int mul, int div) {
value = mul / div; // <- unsafe
}
...
This check does not consider how Fred::setValue() is really
called.
If you agree that the public interface of classes should
always be safe; it should be allowed to call all public
methods with arbitrary arguments, then this checker will be
useful.
* Fixed a few false negatives
* More information in the cfg files
version 1.81
CPPCHECK:
* New warning: Check if condition after an early return is
overlapping and therefore always false.
* Improved knowledge about C/C++ standard, windows, posix,
wxwidgets, gnu
* Better handling of Visual Studio projects
GUI:
* Compile: Qt5 is now needed to build the GUI
* Compile: New qmake flag HAVE_QCHART
* Project: You can now run cppcheck-addons
* Project: We have integrated clang-tidy
* Results view: Reload last results (if cppcheck build dir is
used) when GUI is started
* Results view: Tag the warnings with custom keywords
(bug/todo/not important/etc..)
* Results view: Shows when warning first appeared (since date)
* Results view: Suppress warnings through right-click menu
* Statistics: Added charts (shown if Qt charts module is enabled
during build)
version 1.80
Checking improvements:
* Added platform for Atmel AVR 8 bit microcontrollers (avr8)
* Better 'callstacks' in cppcheck messages
* Improved gnu.cfg, posix.cfg, wxwidgets.cfg and std.cfg, added
motif.cfg
* Various improvements to AST, ValueFlow analysis and template
parsing
Command line changes:
* Deprecated command line argument *-append has been removed
* New command line argument *-plist-output to create .plist
files
* New command line argument *-output-file to print output to
file directly
* Check OpenCL files (.cl)
GUI:
* Support export of statistics to PDF
* Several small usability improvements
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
version 1.79
General changes:
* C++ code in C files is rejected now (use *-language=c++ to
enforce checking the code as C++)
* Write function access type to XML dump
Checking improvements:
* Improved configuration extraction in preprocessor
* Improved accuracy of AST
* Improved template parsing
* Improved support for (STL) containers in SymbolDatabase
* Improved support for C++11's 'auto' type
* Experimental support for uninitialized variables in ValueFlow
analysis
* Added qt.cfg and sfml.cfg, improved several existing .cfg files
GUI:
* Use CFGDIR macro
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
version 1.78
General changes:
* Reduced memory usage by up to 10% by reducing size of token
list
New checks:
* Mismatching argument names between function declaration and
definition
* Detect classes which have a copy constructor but no copy
operator and vice versa
Checking improvements:
* Improved matching of overloaded functions
* Improved ValueType analysis, especially related to allocations
with "new" and C++11's "auto"
* Improved support for C++11 brace initialization
* Improved ValueFlow analysis
* Improved template parsing
* Improved detection of memory leaks
* Improved nullpointer checking when nullptr and NULL are used
* Detect array out of bounds across compilation units
* Extended windows.cfg, posix.cfg and std.cfg
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
* Tue Mar 21 2017 mpluskal@suse.com
- Use qmake macros
- Run spec-cleaner
* Tue Mar 21 2017 fvogt@suse.com
- Update to version 1.77:
* Added flag --cppcheck-build-dir to allow incremental analysis and inter-file checking
* Improved --project support for Visual Studio solutions
* Detect pointer overflow
* Detect usage of variable after std::move or std::forward
* Warn about number and char literals in boolean expressions
* Improved checking for variables modified but not used again
* Libraries: Added support to specify <returnValue>
* Improved ValueFlow, especially related to function return values and casts
* Improved simplification of Null values to allow more accurate checking
* Several improvements to windows.cfg, posix.cfg, gnu.cfg and std.cfg
* Reimplemented check for using iterators of mismatching containers... read more
- Always build Qt5 GUI
* Sat Feb 20 2016 crrodriguez@opensuse.org
- Build the GUI against QT5 in newish products.
* Tue Sep 15 2015 Adam Mizerski <adam@mizerski.pl>
- update to 1.70
* General changes:
- New version of .cfg file format, adding support for
namespaces and declaring several functions at once
- Support building x64 installer for Windows; Both x64 and x86
builds are now provided
- Warn about deprecated options --suppressions and
- -exitcode-suppressions. They will be removed in future
- Added debugging option --debug-normal, which prints out debug
output before second stage simplification
* New checks:
- Warn about modifying string literals
- Detect declaration of variable length arrays with negative
size
- Warn about implicit type conversion from int to long
- Warn about redundant code in conditions like (y || (!y && z))
- Detect conditions with known result
- Race condition: non-interlocked access after
InterlockedDecrement()
- Detect unused 'goto' labels
* Removed checks:
- Do no longer warn about a bug in scanf implementation of
ancient glibc versions
- Multifile analysis (added in 1.69) has been removed because
it did not work
- Removed ExecutionPath checker, which has been superseeded by
ValueFlow analysis
* Improvements:
- Support hexadecimal floating point numbers (C99)
- Support [[deprecated]] (C++14)
- Improved handling of sizeof()
- Improved handling of reserved keywords
- Better handling of C declaration specifiers; support
complex/_Complex (C99)
- Better handling of ternary operator in ValueFlow analysis
- Lots of improvements to .cfg files, especially std.cfg, which
now supports namespace std
- Improved performance and memory usage of Preprocessor
- Improved performance of matchcompiler
- Reduced Disk IO when ignoring paths
- Removed several obsolete simplifications
- Added python addons: naming.py, threadsafety.py and cert.py
* GUI:
- Support printing
- Added item "Open containing folder" to context menu
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
* Fri May 15 2015 Adam Mizerski <adam@mizerski.pl>
- update do 1.69
* General changes:
- Added flag --platform=native, when it is used type sizes and
behaviour of host system are used
- Backward compatibility for Libary files is now working.
Future cppcheck versions will be able to use libraries
written for previous versions
- Windows 32 bit builds now set /LARGEADDRESSAWARE, so that
they can use up to 4 GiB
* New checks:
- Detect bad bitmask checks (usage of | where & should be used)
- Suggest usage of "explicit" for constructors with a single
parameter
- Suggest usage of make_shared/make_unique
- Warn about usage of malloc with auto_ptr
- Detect redundant pointer operations like &*ptr
* Improvements:
- Support std::array (C++11)
- Detect same expressions in both branches of a ternary
operator
- New <container>-tags in libraries to configure STL (and
similar) container types
- Several improvements to ValueFlow analysis (for example
support for default function arguments)
- Improved buffer overrun and memory leak checking
- Removed a bunch of redundant checking code
- Removed several simplifications
- Stronger matching of library functions
- Lots of additions to std.cfg and posix.cfg
- New library for Microsoft SAL (microsoft_sal.cfg)
- Improved C++11 template parsing (">>" as closing brackets,
variadic templates)
- Added statistics to htmlreport
* GUI:
- Fixed language selection
* Thu Jan 08 2015 danny.al-gaaf@bisect.de
- update to 1.68:
* New checks:
- Multifile checking for buffer overruns and uninitialized
variables
* Improvements:
- Libraries are now able to contain platform specific types
- Improved handling of function overloads
- Improved handling of integer literal suffixes
- Improved stability of template parsing
- Improved accuracy of ValueFlow analysis
- Improved checking of pointer overflow
- Support noexcept(false)
- Support __attribute__((noreturn))
- A bunch of additions to several Libraries, especially
posix.cfg and qt.cfg
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
* Wed Oct 22 2014 danny.al-gaaf@bisect.de
- update to 1.67:
* General changes:
- Library files have now a 'format' attribute. Format version
1 is assumed by default
- Cppcheck does no longer abort checking if unhandled
characters (Non-ASCII) are found
* New checks:
- Check for unused return values
- Detect shift by too many bits, signed integer overflow and
dangerous sign conversion
- Recommend usage of expm1(), log1p(), erfc()
- Division by sizeof() as parameter to memset/memcpy/
memmove/etc. as they expect a size in bytes
- Several new va_arg related checks:
- - Wrong parameter passed to va_start()
- - Reference passed to va_start()
- - Missing va_end()
- - Using va_list before it is opened
- - Subsequent calls to va_start/va_copy()
- Initialization by itself in initializer list
- Dead pointer usage when pointer alias local variable that
has gone out of scope
* Improvements:
- Support uniform initialization syntax (C++11)
- Much improvements to value flow analysis
- Improved AST creation (support placement new, C++-style
casts, templates, operator new[], ...)
- Improved lambda support
- Support GCC extension __attriute__((used)) and MSVC
extension __declspec(property)
- Better support for static member variables, inherited
variables and namespaces
- Improved typedef support where multiple variables are
declared at once
- Avoid checking code multiple times by calculating a checksum.
Duplicate preprocessor configurations are eliminated by this.
- Support C++03/C 'auto' keyword
- HTML report: display 'verbose' message using clickable
expandable divs
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
* Mon Sep 01 2014 danny.al-gaaf@bisect.de
- update to 1.66:
* new checks added:
- Compare pointer with '\0'
- Assigning boolean expression to floating point variables
* Improvements:
- Much improved AST
- Much improved ValueFlow analysis
- ValueFlow and AST now used by much more checks, improving
checking accuracy and performance
- Checking for self assignment now supports more complex
expressions
- Returning references to literals or references to calculation
results is detected
- Enhanced support for commutative operators in duplicate
expression checking
- Improved template/enum parsing
- Much improved htmlreport
- Definition of POD types in .cfg files
- Definition of minsize for buffer arguments in .cfg files
for buffer overflow checking
- Fixed handling of #error: Do not report them if -f and -D
are used together
- New .cfg file for AVR platform
- Generate xml dump of AST/ValueFlow/SymbolDatabase/TokenList
if --dump is given
- Improved performance in several cases
* Sun May 11 2014 danny.al-gaaf@bisect.de
- update to 1.65:
* General changes:
- Cppcheck requires a C++11 compiler supporting the common
subset of features supported by GCC 4.4, Visual Studio 2010
and Clang 2.9
* Improvements:
- Much improved support of complex combinations of function
pointers, arrays and references
- Better handling of syntax errors
- Better detection of stack variables passed to free()
- Much improved value flow analysis
- More robust error detection in several checks due to usage
of AST
- Better handling of unknown Macros in function declarations
- Allocation/Deallocation functions can be extend across
different .cfg files
- Better handling of some C++11 language features like enum
class, in-class member initializers
- Detect calling (std::)abs() with bool argument
* New checks:
- Check for noexcept and __attribute__((nothrow)) correctness
- Check for unhandled exceptions when exception specifiers
are used
- Access to empty STL containers
- Repositioning operation on a file opened in append mode
- Find nested redundant if-statements (was experimental before)
* Additionally, a large number of false positives and crashs
has been fixed.
* Thu May 01 2014 danny.al-gaaf@bisect.de
- update to 1.64
* See http://sourceforge.net/p/cppcheck/news/ for changes.
* Mon Jan 13 2014 adam@mizerski.pl
- Bundle config files.
* Fri Jan 10 2014 adam@mizerski.pl
- update to 1.63
* See http://sourceforge.net/p/cppcheck/news/ for changes.
- spec cleanups:
* Used format_spec_file service for general cleanup.
* Everything compiles with %optflags now.
* Added SRCDIR=build CFGDIR=cfg HAVE_RULES=yes options as suggested
in the readme.txt
* Added cppcheck.1 man page creation.
* Cleaned up BuildRequires tags.
* Added missing Requires: python* tags.
* Removed unneded "python ./setup.py install".
* Added COPYING to installed docs.
* Updated homepage URL.
* Thu Apr 11 2013 dalgaaf@suse.de
- update to 1.59:
* Commandline/Settings changes:
- New option to enable warnings but not style messages:
- -enable=warning
- Cppcheck used to skip includes where the header filename
is enclosed in <>. You can now include these headers also by
using -I.
* New checks:
- New POSIX checks: pipe() buffer size, redundant calls of
set/get user id, too big value passed to usleep(), buffer
overflow when using write()
- Storing getc() return value in char variable and comparing
to EOF.
- Detect redundant bitand operations
- Find suspicious equality comparisons like: if(a == 0) a == 1;
- Warn about using malloc() for classes containing virtual
methods, std::-objects or constructors
- Portability check that warns when using NULL as argument to
variadic function. It has undefined behaviour on some
implementations.
* Improvements:
- Improved lookup for functions and types
- Switched to TinyXml2 as XML library
- Improved checking for uninitialized struct members,
variable scopes that can be reduced and unused functions
* GUI:
- Remember last path in open file dialog
- Added command line parameter to open a results file
- Bug in statistic calculation fixed
* Fri Feb 08 2013 highwaystar.ru@gmail.com
- update to 1.58
* Commandline/Settings changes:
- Added --include to the cppcheck command line client. This forces
inclusion of the given file. This can for instance be used
instead of --append and will then allow you to use #define etc also.
- The threads handling has been improved. Using -jN now works in
windows also.
* Improvements:
- NULL pointers: Improved checking of default function
argument values.
* Wed Dec 26 2012 mrdocs@opensuse.org
- update to 1.57
* Many bug fixes and additions
* Now requires Qt 4.8.3+
* Complete versioned change log from 1.53-1.57:
https://sourceforge.net/news/?group_id=195752
* Sat Mar 10 2012 jslaby@suse.de
- update to 1.53
* 1.53: improved existing checks to detect more errors
* 1.52: added new checks
* 1.51: added new checks and fixed many false positives and false
negatives
* Sun Aug 28 2011 asn@cryptomilk.org
- update to 1.50
* Check for std::auto_ptr misuse (related to strict ownership).
* Read array and then immediately check if the array index is
within limits.
* Assign pointer to int/long.
* Assign bool to pointer.
* Duplicate "break" statements in switch.
* Matching "if" and "else if" conditions when using bitwise and.
* Matching assigment and condition when using bitwise and test if
unsigned value is less than zero
* Mon Aug 08 2011 mrdocs@opensuse.org
- version bump to 1.49
- full change log
http://raw.github.com/danmar/cppcheck/master/Changelog
* Mon Apr 11 2011 asn@cryptomilk.org
- update to 1.48