CVS commit: pkgsrc/security/flawfinder

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/flawfinder
From: "Makoto Fujiwara" <mef%netbsd.org@localhost>
Date: Wed, 11 Mar 2015 00:51:06 +0000

Module Name:    pkgsrc
Committed By:   mef
Date:           Wed Mar 11 00:51:06 UTC 2015

Modified Files:
        pkgsrc/security/flawfinder: Makefile distinfo

Log Message:
(pkgsrc)
 - Add LICENSE= gnu-gpl-v2
(upstream)
 - Update 1.27 to 1.31
----------------------
2014-08-03 David A. Wheeler <dwheeler, at, dwheeler.com>
        * Release version 1.31, a set of small improvements mostly CWE-related.
        * Note that flawfinder is officially CWE-compatible.
        * Support GNU make install conventions (prefix, bindir, DESTDIR, etc.).
          The older program-specific conventions are still supported, but
          the documentation emphasizes using the standard conventions instead.
        * Simplified installation text.
        * Added more wide character function rules.
        * Add reference to info at "http://www.dwheeler.com/secure-programs";.
        * Document that hitlists should be trusted to be loaded or diffed.
          These are implented using Python's pickle module, and that module
          presumes the data is from a trustworthy source.  In the expected
          use case this is fine... but it needed to be documented.
        * Tweak/improve mappings to CWE.  E.G., strlen()
          better maps to CWE-126 (buffer over-read).  In a few cases the
          CWE mappings weren't reported as such; that is now fixed.
          CWEs are actually a hierarchy; expose a little of this so
          people can more easily search on them.
        * Improved error detection and reporting.  In particular, error
          messages are sent to standard errors, filenames listed but
          non-existent trigger a separate warning, and there's a warning
          about non-existent filenames listed on the command line that
          begin with the UTF-8 long dash sequence (users might not notice
          the difference between long dash and dash, and this can happen
          in some cases when copying and pasting).
        * Add "-H" option as synonym for "--html".

2014-07-19 David A. Wheeler <dwheeler, at, dwheeler.com>
        * Release 1.29, primarily for CWE improvements.
        * Multi-line formatting is faster and formats better.
        * Documentation about CWEs has been improved.
        * HTML format includes links from CWE identifiers to their definitions.
        * Tweak CWE mappings, e.g., strlen maps to CWE-126 (buffer over-read).
        * Option "--listrules" now gives default warning and is tab-delimited.
        * Regression test suite now also tests the generated HTML.

2014-07-13 David A. Wheeler <dwheeler, at, dwheeler.com>
        * Release 1.28
        * Common Weakness Enumeration (CWE) references are
          now included in most hits
        * Handle files not ending in newline (thanks to Alexis Wilke)
        * Documentation clarifications
        * Added support for "git diff" in patchfile processing
        * Handles unbalanced double-quotes in sprintf
        * Fix incorrect time executed report
        * Fix bug to allow "flawfinder ." (fix bug#3)
        * Fix ignore directive when filenames differ (fix bug#6)


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 pkgsrc/security/flawfinder/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/flawfinder/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index