Subject: CVS commit: pkgsrc/security/flawfinder
From: Makoto Fujiwara
Date: 2015-03-11 01:51:06
Message id:

Log Message:
 - Add LICENSE= gnu-gpl-v2
 - Update 1.27 to 1.31
2014-08-03 David A. Wheeler <dwheeler, at,>
        * Release version 1.31, a set of small improvements mostly CWE-related.
        * Note that flawfinder is officially CWE-compatible.
        * Support GNU make install conventions (prefix, bindir, DESTDIR, etc.).
          The older program-specific conventions are still supported, but
          the documentation emphasizes using the standard conventions instead.
        * Simplified installation text.
        * Added more wide character function rules.
        * Add reference to info at \ 
        * Document that hitlists should be trusted to be loaded or diffed.
          These are implented using Python's pickle module, and that module
          presumes the data is from a trustworthy source.  In the expected
          use case this is fine... but it needed to be documented.
        * Tweak/improve mappings to CWE.  E.G., strlen()
          better maps to CWE-126 (buffer over-read).  In a few cases the
          CWE mappings weren't reported as such; that is now fixed.
          CWEs are actually a hierarchy; expose a little of this so
          people can more easily search on them.
        * Improved error detection and reporting.  In particular, error
          messages are sent to standard errors, filenames listed but
          non-existent trigger a separate warning, and there's a warning
          about non-existent filenames listed on the command line that
          begin with the UTF-8 long dash sequence (users might not notice
          the difference between long dash and dash, and this can happen
          in some cases when copying and pasting).
        * Add "-H" option as synonym for "--html".

2014-07-19 David A. Wheeler <dwheeler, at,>
        * Release 1.29, primarily for CWE improvements.
        * Multi-line formatting is faster and formats better.
        * Documentation about CWEs has been improved.
        * HTML format includes links from CWE identifiers to their definitions.
        * Tweak CWE mappings, e.g., strlen maps to CWE-126 (buffer over-read).
        * Option "--listrules" now gives default warning and is \ 
        * Regression test suite now also tests the generated HTML.

2014-07-13 David A. Wheeler <dwheeler, at,>
        * Release 1.28
        * Common Weakness Enumeration (CWE) references are
          now included in most hits
        * Handle files not ending in newline (thanks to Alexis Wilke)
        * Documentation clarifications
        * Added support for "git diff" in patchfile processing
        * Handles unbalanced double-quotes in sprintf
        * Fix incorrect time executed report
        * Fix bug to allow "flawfinder ." (fix bug#3)
        * Fix ignore directive when filenames differ (fix bug#6)