Tags

v5.6.4+adelie2

* plugins/output/cli: fix bug where only first package's details were
  shown
* Fix boolean CLI options so that they are actually respected
* Move to NVD JSON 1.0 feed API
  * New dependency: jansson http://www.digip.org/jansson/
  * XML feed API is deprecated and will vanish on Oct 9:
    https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement
* Update tests to use JSON APIs

v5.6.4+adelie1

* Add APKBUILD support
* Add APKBUILD tests

v5.6.4

- Minor maintanence update to cve-check-tool due to NVD changes
- You MUST update to this release to continue using cve-check-tool!

Note this is now the last release of cve-check-tool in the current 5.x
series. Many requirements have begun to emerge of late, that the tool
in it's current form does not serve.

Consequently, cve-check-tool will be rebased upon libnica, to provide the
core type/library functionalities. This will reduce complexity by proxying
much development and testing to an isolated library.

The remainder of the tools innards will be cleaned up, and "libraryfied"
to form the basis of a cleanroom reimplementation of cve-check-tool.
This will fix the limited scope issue to serve more needs, as well as
drop old code and speed everything up, and add the long-awaited multiple
data sources.

v5.6.2

 - Small code cleanups
 - Support running from git tree properly
 - Enable relative plugin locations for ISAFW (--enable-relative-plugins)
 - Support older compilers and Clang

v5.6.2:

- Remove JIRA plugin for now due to many issues
- Further deglibification
- Fix segfault on forced types

Release simple update due to broken test suite

cve-check-tool v5.6

 - Many improvements to advisory locking support, for parallel usage
 - Many many code cleanups
 - Use NVD META file and check data integrity of XML downloads
 - Add "-o" option for all stdout using report plugins
 - Further deglibification (issue #21)
 - Further database optimisations
 - Be more considerate in I/O ops (posix_fadvise, malloc_trim, etc)

cve-check-tool v5.5

 - Many code cleanups
 - Completely modular approach to package formats
 - Full separation in API
 - Enable atomic operations for Yocto buildbot/bitbake environment
 - Enable direct inspection of .src.rpm
 - Enable direct inspection of faux.csv type file
 - Fix bugs relating to faux input
 - Fix overwrites in recursive scenarios

v5.4

Maintenance release: Simple cleanup, performance fixes and build fixes for
realpath issues

Maintainence release with cleanups, clang compatibility and relro.

Also sees the incorporation of a "faux" package type to enable integration
in more projects.

Quick maintainence release for distribution maintainers

Tag 5.1 for distribution releases, due to key fixes after v5

- Begin moving to plugin-based system
- Add global package name mapping support
- Migrated to sqlite database
- Split update step into cve-check-update binary
- De-glibify many parts of the project (dirty/leak)
- Large refactor enabling more coverage and testing
- Tracked down our leaks discovered in deglibification
- Many fixes, performance improvements
- Tagging to enable work to start on the complete refactor and deglibification

V3 - stable target for validation while devloping V4

Release v2

Initial v1 upload