- Add LICENSE= gnu-gpl-v2
(upstream)
- Update 1.27 to 1.31
----------------------
2014-08-03 David A. Wheeler <dwheeler, at, dwheeler.com>
* Release version 1.31, a set of small improvements mostly CWE-related.
* Note that flawfinder is officially CWE-compatible.
* Support GNU make install conventions (prefix, bindir, DESTDIR, etc.).
The older program-specific conventions are still supported, but
the documentation emphasizes using the standard conventions instead.
* Simplified installation text.
* Added more wide character function rules.
* Add reference to info at "http://www.dwheeler.com/secure-programs".
* Document that hitlists should be trusted to be loaded or diffed.
These are implented using Python's pickle module, and that module
presumes the data is from a trustworthy source. In the expected
use case this is fine... but it needed to be documented.
* Tweak/improve mappings to CWE. E.G., strlen()
better maps to CWE-126 (buffer over-read). In a few cases the
CWE mappings weren't reported as such; that is now fixed.
CWEs are actually a hierarchy; expose a little of this so
people can more easily search on them.
* Improved error detection and reporting. In particular, error
messages are sent to standard errors, filenames listed but
non-existent trigger a separate warning, and there's a warning
about non-existent filenames listed on the command line that
begin with the UTF-8 long dash sequence (users might not notice
the difference between long dash and dash, and this can happen
in some cases when copying and pasting).
* Add "-H" option as synonym for "--html".
2014-07-19 David A. Wheeler <dwheeler, at, dwheeler.com>
* Release 1.29, primarily for CWE improvements.
* Multi-line formatting is faster and formats better.
* Documentation about CWEs has been improved.
* HTML format includes links from CWE identifiers to their definitions.
* Tweak CWE mappings, e.g., strlen maps to CWE-126 (buffer over-read).
* Option "--listrules" now gives default warning and is tab-delimited.
* Regression test suite now also tests the generated HTML.
2014-07-13 David A. Wheeler <dwheeler, at, dwheeler.com>
* Release 1.28
* Common Weakness Enumeration (CWE) references are
now included in most hits
* Handle files not ending in newline (thanks to Alexis Wilke)
* Documentation clarifications
* Added support for "git diff" in patchfile processing
* Handles unbalanced double-quotes in sprintf
* Fix incorrect time executed report
* Fix bug to allow "flawfinder ." (fix bug#3)
* Fix ignore directive when filenames differ (fix bug#6)
e9b11ec7ca