The NetBSD Project

CVS log for pkgsrc/security/flawfinder/Makefile

[BACK] Up to [] / pkgsrc / security / flawfinder

Request diff between arbitrary revisions

Default branch: MAIN

Revision 1.30 / (download) - annotate - [select for diffs], Mon Feb 6 11:23:50 2023 UTC (4 months ago) by nros
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1, HEAD
Changes since 1.29: +5 -9 lines
Diff to previous 1.29 (colored)

Update flawfinder to version 2.0.19

The reason for the update is to get this package to work,
version 1.31 crashed when I tried it, version 2.0.19 works.

Changes from changelog:

2021-08-29 David A. Wheeler
	* Version 2.0.19
	* Fix so we send error messages to stderr instead of stdout.
	  Originally we sent some to stdout by mistake, which could
	  mess up results since the error messages would be mixed up
	  with the results.

2021-06-24 David A. Wheeler
	* Version 2.0.18
	* Fix SARIF output. SARIF output is new to flawfinder, and
	  there was a subtle error in its generation that causes GitHub
	  to reject the SARIF file.

2021-06-02 David A. Wheeler
	* Version 2.0.17
	* Fix the distributed tarball, which didn't include the
	   key source file due to the earlier file restructure.
	* Minor code style fix, which simplifies the code slightly.
	* Update date in manual page to 2021. That's important because
	  the documentation now includes information on `--sarif`.

2021-05-31 David A. Wheeler
	* Version 2.0.16
	* The distributed source file is now, not flawfinder.
	  This is part of a change that improves
	  improve cross-platform ease-of-use by using entry_points.
	  That said, "make install" will still
	  install it as "flawfinder" (so those who install it via
	  "make install" will see no change). Many thanks to Ben Spoor!
	* Added support for generating SARIF output, use --sarif.
	  A big thanks to Yong Yan for this work!
	* Track curly brace level to reduce some problems, my thanks to
	  Greg Myers for the work!
	* Improved handling of Git patch format, thanks to
	  Robin Geffroy.

2021-01-11 David A. Wheeler
	* Version 2.0.15
	* Fixed some release problems in 2.0.14.
	* Improved handling of LoadLibraryEx; flawfinderr no longer complains
	  about certain constructs that are known to be safe (eliminating
	  some false positives).

2021-01-09 David A. Wheeler
	* Version 2.0.14
	* If there are >0 hits, tell users how to ignore them as part of the
	  tool output.
	* Various Windows improvments.
	  Ignore LoadLibraryEx if its third parameter is
	  LOAD_LIBRARY_SEARCH_SYSTEM32, as this is safe, and
	  remove the rule for InitialCriticalSection
	  (this is no longer a vulnerability on current widely-used versions
	  of Windows)
	* Various C++ improvements.  Add .hpp support for C++,
	  ignore "system::" to reduce false positives,
	  treat ' as digit separator when file extension is a C++ file
	  (for C++14).
	* I had some release problems; this is identified as 2.0.14
	  (skipping a few minor numbers) to ensure that the version
	  number uniquely identifies a specific release.

2020-02-17 David A. Wheeler
	* Version 2.0.11
	* Provide a much more detailed error report, including recommended
	  solutions, when character encoding problems hit.
	  As Python3 has slowly gained in popularity, its failure to provide
	  useful built-ins to handle real-world character encoding problems
	  hurts more people. (E.g., many files don't comply with *any*
	  character set encoding standard, and Python3 can't read them
	  without enabling options that are wrong for others.)
	  We can at least provide much more detailed feedback to help
	  explain the various options available.

2019-06-22 David A. Wheeler
	* Version 2.0.10
	* Use binary mode when reading a diffhitlist.
	  My thanks to Micha Górny, who both reported the problem
	  and provided the patch!

2019-05-19 David A. Wheeler
	* Version 2.0.9
	* Fixes a serious defect in --diffhitlist

2019-05-17 Labidurie Jerome
	* Fixed a serious defect in --diffhitlist option and added a unit test

2019-01-21 David A. Wheeler <dwheeler, at,>
	* Version 2.0.8
	* Don't warn if memcpy call includes sizeof(first arg).
	  Thanks to Michael Clark for this improvement!
	* Bugfix (banned function _ftcsat should be _ftcscat).
	  Thanks to Lucas Ramage for reporting this!
	* Documentation tweaks. Make it clear that GitHub issues and
	  pull requests are supported, and use ~~~~ in markdown
	  to ease copy-and-paste from documentation.

2018-09-30 David A. Wheeler <dwheeler, at,>
	* Incorporate many small improvements from nickthetait
	* Fix a number of bugs reported by philipp
	* Update URLs for ->

2018-04-04 David A. Wheeler <dwheeler, at,>
	* Version 2.0.6

2018-01-26 David A. Wheeler <dwheeler, at,>
	* Small fixes
	* Update URLs to use https

2017-11-16 David A. Wheeler <dwheeler, at,>
	* add detection of crypt_r function
	* add detection of errant equal, mismatch, and is_permutation
	* update CWE, risk, and discussion for C++14 STL functions
	* Always report hit counts correctly, even if ignored using -m
	* Update URLs to use https

2017-09-02 David A. Wheeler <dwheeler, at,>
	* Version 2.0.4
	* Switch from distutils to setuptools
	* Directly support "pip" installs

2017-08-26 David A. Wheeler <dwheeler, at,>
	* Version 2.0.2
	* Flawfinder can now run on either Python 2.7 or 3
	* Added more tests
	* Implemented additional code cleanups recommended by Pylint
	* Modified documentation in various ways to clarify things

2017-08-13 David A. Wheeler <dwheeler, at,>
	* Version 2.0.1
	* Tranform many internal constructs to work on Python 2 or 3,
          with the eventual goal of making it run on either.

2017-07-29 David A. Wheeler <dwheeler, at,>
	* Version 2.0.0
	* Change version numbers to use Semantic Versioning (x.y.z)
	* Add support for generating CSV (comma-separated value) format,
	  to make this tool easier to integrate into larger toolsuites.
	* Fixed a number of issues - and even a few bugs - found by the
	  Python static analysis tool pylint.
	* Document in how to contribute to the project.
	* Change version number to 2.0.0, because we have a subtle
	  interface change that won't affect most people but it
	  *may* affect those who use postprocess
	  flawfinder data on CWEs. The fundamental issue is that
	  in some cases a hit corresponds to multiple CWEs. As a result,
	  in some cases flawfinder will list a sequence of CWEs
	  in the format "more-general/more-specific", where the CWE actually
	  being mapped is followed by a "!".
	  This is always done whenever a flaw is not mapped directly to
	  a top 25 CWE, but the mapping is related to such a CWE.
	  So "CWE-119!/CWE-120" means that the vulnerability is mapped
	  to CWE-119 and that CWE-120 is a subset of CWE-119.
	  In contrast, "CWE-362/CWE-367!" means that the hit is mapped to
	  CWE-367, a subset of CWE-362.
	  Note that this is a subtle syntax change from flawfinder
	  version 1.31; in flawfinder version 1.31,
	  the form "more-general:more-specific" meant what is now listed as
	  "more-general!/more-specific", while
	  "more-general/more-specific" meant "more-general/more-specific!".
	  Tools can handle both the version 1.31 and the current format,
	  if they wish, by noting that the older format did not use "!" at all.
	  These mapping mechanisms simplify searching for certain CWEs.

Revision 1.29 / (download) - annotate - [select for diffs], Thu Jun 30 11:18:47 2022 UTC (11 months, 1 week ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)

*: Revbump packages that use Python at runtime without a PKGNAME prefix

Revision 1.28 / (download) - annotate - [select for diffs], Fri Dec 4 20:45:39 2020 UTC (2 years, 6 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)

Revbump packages with a runtime Python dep but no version prefix.

For the Python 3.8 default switch.

Revision 1.27 / (download) - annotate - [select for diffs], Mon Nov 4 21:12:52 2019 UTC (3 years, 7 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)

security: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.

Revision 1.26 / (download) - annotate - [select for diffs], Thu Apr 25 07:33:15 2019 UTC (4 years, 1 month ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored)

PKGREVISION bump for anything using python without a PYPKGPREFIX.

This is a semi-manual PKGREVISION bump.

Revision 1.25 / (download) - annotate - [select for diffs], Tue Aug 1 14:59:04 2017 UTC (5 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3
Changes since 1.24: +3 -3 lines
Diff to previous 1.24 (colored)

Follow some http -> https redirects.

Revision 1.24 / (download) - annotate - [select for diffs], Wed Mar 11 00:51:06 2015 UTC (8 years, 3 months ago) by mef
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (colored)

 - Add LICENSE= gnu-gpl-v2
 - Update 1.27 to 1.31
2014-08-03 David A. Wheeler <dwheeler, at,>
        * Release version 1.31, a set of small improvements mostly CWE-related.
        * Note that flawfinder is officially CWE-compatible.
        * Support GNU make install conventions (prefix, bindir, DESTDIR, etc.).
          The older program-specific conventions are still supported, but
          the documentation emphasizes using the standard conventions instead.
        * Simplified installation text.
        * Added more wide character function rules.
        * Add reference to info at "".
        * Document that hitlists should be trusted to be loaded or diffed.
          These are implented using Python's pickle module, and that module
          presumes the data is from a trustworthy source.  In the expected
          use case this is fine... but it needed to be documented.
        * Tweak/improve mappings to CWE.  E.G., strlen()
          better maps to CWE-126 (buffer over-read).  In a few cases the
          CWE mappings weren't reported as such; that is now fixed.
          CWEs are actually a hierarchy; expose a little of this so
          people can more easily search on them.
        * Improved error detection and reporting.  In particular, error
          messages are sent to standard errors, filenames listed but
          non-existent trigger a separate warning, and there's a warning
          about non-existent filenames listed on the command line that
          begin with the UTF-8 long dash sequence (users might not notice
          the difference between long dash and dash, and this can happen
          in some cases when copying and pasting).
        * Add "-H" option as synonym for "--html".

2014-07-19 David A. Wheeler <dwheeler, at,>
        * Release 1.29, primarily for CWE improvements.
        * Multi-line formatting is faster and formats better.
        * Documentation about CWEs has been improved.
        * HTML format includes links from CWE identifiers to their definitions.
        * Tweak CWE mappings, e.g., strlen maps to CWE-126 (buffer over-read).
        * Option "--listrules" now gives default warning and is tab-delimited.
        * Regression test suite now also tests the generated HTML.

2014-07-13 David A. Wheeler <dwheeler, at,>
        * Release 1.28
        * Common Weakness Enumeration (CWE) references are
          now included in most hits
        * Handle files not ending in newline (thanks to Alexis Wilke)
        * Documentation clarifications
        * Added support for "git diff" in patchfile processing
        * Handles unbalanced double-quotes in sprintf
        * Fix incorrect time executed report
        * Fix bug to allow "flawfinder ." (fix bug#3)
        * Fix ignore directive when filenames differ (fix bug#6)

Revision 1.23 / (download) - annotate - [select for diffs], Sat May 17 16:10:48 2014 UTC (9 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)

Bump applications PKGREVISIONs for python users that might be using
python3, since the default changed from python33 to python34.

I probably bumped too many. I hope I got them all.

Revision 1.22 / (download) - annotate - [select for diffs], Sat Jan 25 10:45:20 2014 UTC (9 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)

No need to have two variables for the same logic.

Revision 1.21 / (download) - annotate - [select for diffs], Tue Oct 23 18:16:27 2012 UTC (10 years, 7 months ago) by asau
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4
Changes since 1.20: +1 -3 lines
Diff to previous 1.20 (colored)

Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.20 / (download) - annotate - [select for diffs], Thu Mar 15 11:53:37 2012 UTC (11 years, 2 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)

Bump PKGREVISION from default python to 2.7.

Revision 1.19 / (download) - annotate - [select for diffs], Wed Feb 10 19:17:44 2010 UTC (13 years, 3 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)

Bump revision for PYTHON_VERSION_DEFAULT change.

Revision 1.18 / (download) - annotate - [select for diffs], Wed Jan 27 17:21:29 2010 UTC (13 years, 4 months ago) by joerg
Branch: MAIN
Changes since 1.17: +5 -3 lines
Diff to previous 1.17 (colored)

DESTDIR support

Revision 1.17 / (download) - annotate - [select for diffs], Mon Feb 9 22:56:26 2009 UTC (14 years, 4 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1
Changes since 1.16: +2 -1 lines
Diff to previous 1.16 (colored)

Switch to Python 2.5 as default. Bump revision of all packages that have
changed runtime dependencies now.

Revision 1.16 / (download) - annotate - [select for diffs], Wed Jan 17 21:48:25 2007 UTC (16 years, 4 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1, cwrapper, cube-native-xorg-base, cube-native-xorg
Changes since 1.15: +2 -3 lines
Diff to previous 1.15 (colored)

Update to 1.27

2007-01-16 David A. Wheeler <dwheeler, at,>
* Release version 1.27

2007-01-16 Sebastien Tandel <sebastien, at, tandel (doht) be)
* Cleaned up code for patch handling, fix bug in subdir handling,
include patch info in help.

2007-01-15 Steve Kemp <steve at shellcode dot org>
* Fix Debian bug 268236.
This complains that flawfinder crashes when presented with a
file it cannot read.  The patch obviously can't prevent
the problem, since the tool can't review what it can't read,
but at least it halts with a cleaner error message.

2007-01-15 cmorgan <cmorgan47, at earthlink dooot net>
* Fixed Debian bug 271287 (flawfinder).
Fixed skipping newlines when line ended with \,
which caused incorrect line number reporting.
Skip multiple whitespace at one time.

2007-01-15 David A. Wheeler <dwheeler, at,>
* Modified Sebastien Tandel's code so that it also supports GNU diff
(his code worked only for svn diff)
* When using a patchfile, skip analysis of any file not
listed in the patchfile.

2007-01-15 Sebastien Tandel <sebastien, at, tandel (doht) be)
* Add support for using "svn diff" created patch files, based
on the approach described by David A. Wheeler on how it
could be done.

2007-01-15 David A. Wheeler <dwheeler, at,>
* By default, now skips directories beginning with "."
(this makes it work nicely with many SCM systems).
Added "--followdotdir" option if you WANT it to enter
such directories.
* Fixed divide-by-zero when no code found (not exactly common
in normal use, but anyway!)

Revision 1.15 / (download) - annotate - [select for diffs], Sat Dec 2 16:01:45 2006 UTC (16 years, 6 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base, pkgsrc-2006Q4
Changes since 1.14: +4 -4 lines
Diff to previous 1.14 (colored)


Revision 1.14 / (download) - annotate - [select for diffs], Sat Mar 4 21:30:33 2006 UTC (17 years, 3 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base, pkgsrc-2006Q3, pkgsrc-2006Q2-base, pkgsrc-2006Q2, pkgsrc-2006Q1-base, pkgsrc-2006Q1
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)

Point MAINTAINER to in the case where no
developer is officially maintaining the package.

The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list).  Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't

Revision 1.13 / (download) - annotate - [select for diffs], Wed Feb 15 13:43:35 2006 UTC (17 years, 3 months ago) by rillig
Branch: MAIN
Changes since 1.12: +6 -6 lines
Diff to previous 1.12 (colored)

Fixed all pkglint warnings.

Revision 1.12 / (download) - annotate - [select for diffs], Sun Feb 5 23:10:43 2006 UTC (17 years, 4 months ago) by joerg
Branch: MAIN
Changes since 1.11: +2 -1 lines
Diff to previous 1.11 (colored)

Recursive revision bump / recommended bump for gettext ABI change.

Revision 1.11 / (download) - annotate - [select for diffs], Wed Sep 28 20:52:26 2005 UTC (17 years, 8 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base, pkgsrc-2005Q4
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)

Replaced "# defined" with "yes" in Makefile variables like GNU_CONFIGURE,

Revision 1.10 / (download) - annotate - [select for diffs], Fri Jun 17 03:50:31 2005 UTC (17 years, 11 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base, pkgsrc-2005Q3, pkgsrc-2005Q2-base, pkgsrc-2005Q2
Changes since 1.9: +2 -1 lines
Diff to previous 1.9 (colored)

Create directories before installing files into them.

Revision 1.9 / (download) - annotate - [select for diffs], Wed Jun 23 16:19:41 2004 UTC (18 years, 11 months ago) by snj
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base, pkgsrc-2005Q1, pkgsrc-2004Q4-base, pkgsrc-2004Q4, pkgsrc-2004Q3-base, pkgsrc-2004Q3
Changes since 1.8: +3 -9 lines
Diff to previous 1.8 (colored)

Update flawfinder to 1.26.  Don't set PY_PATCHPLIST, as it is useless.
Don't include python/, as it is also useless.  Don't set
NO_CONFIGURE, because it makes PYTHON_PATCH_SCRIPTS useless.  Don't set
MAKEFILE, as we don't actually use the included makefile for anything.

Changes since 1.24:
* Added more support for Microsoft's approach to internationalization.
* Added two new rules for GLib functions, "g_get_home_dir" and
* Added curl_getenv().
* Added several rules for input functions (for -I) -
  recv, recvfrom, recvmsg, fread, and readv.
* Tightened the false positive test slightly; if a name is
  followed by = or - or + it's unlikely to be a function call,
  so it'll be quietly discarded.
* Modified the summary report format slightly.
* Modified the getpass text to remove an extraneous character.
* Added rules for cuserid, getlogin, getpass, mkstemp, getpw, memalign,
  as well as the obsolete functions gsignal, ssignal, ulimit, usleep.
* Modified text for strncat to clarify it.
* Fixed error in --columns format, so that the output is simply
  "filename:linenumber:columnnumber" when --columns (-C) is used.
* Eliminated "Number of" phrase in the footer report
* Added more statistical information to the footer report.
* Added shortcut single-letter commands (-D for --dataonly,
  -Q for --quiet, -C for --columns), so that invoking from
  editors is easier.
* Tries to autoremove some false positives.  In particular, a function
  name followed immediately by "=" (ignoring whitespace)
  is automatically considered to be a variable and NOT a function,
  and thus doesn't register as a hit.  There are exotic cases
  where this won't be correct, but they're pretty unlikely in
  real code.
* Added a "--falsepositive" (-F) option, which tries to remove
  many more likely false positives.

Revision 1.8 / (download) - annotate - [select for diffs], Sat Feb 14 14:21:17 2004 UTC (19 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base, pkgsrc-2004Q2, pkgsrc-2004Q1-base, pkgsrc-2004Q1
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)

Update to 1.24:
2003-10-29 David A. Wheeler
        * Fixed an incredibly obscure parsing error that caused some
          false positives.  If a constant C string, after the closing
          double-quote, is followed by a \ and newline (instead of a comma),
          the string might not be recognized as a constant string
          (thus triggering warnings about non-constant values in some cases).
          This kind of formatting is quite ugly and rare.
          My thanks to Sascha Nitsch (sascha, at for pointing
          this bug out and giving me a test case to work with.
        * Added a warning for readlink.  The implementation and warning
          are mine, but the idea of warning about readlink came from
           Stefan Kost (kost, at  Thanks!!

2003-09-27 David A. Wheeler
        * Released version 1.23.  Minor bugfixes.

2003-09-27 David A. Wheeler
        * Fixed subtle bug - in some circumstances single character constants
          wouldn't be parsed correctly.  My thanks to Scott Renfro
          <scottdonotspam, at> for notifying me about this bug.
          Scott Renfro also sent me a patch; I didn't use it
          (the patch didn't handle other cases), but I'm grateful since it
          illustrated the problem.
        * Fixed documentation bug in man page.
          The option "--minlevel=X" must be preceded by two dashes,
          as are all GNU-style long options. The man page accidentally only
          had one dash in the summary (it was correct elsewhere); it now
          correctly shows both dashes.
        * Modified man page to list filename extensions that are
          interpreted as C/C++.
        * Removed index.html from distribution - it's really only for the

Revision 1.7 / (download) - annotate - [select for diffs], Mon Jul 21 17:20:08 2003 UTC (19 years, 10 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base, pkgsrc-2003Q4
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)

COMMENT should start with a capital letter.

Revision 1.6 / (download) - annotate - [select for diffs], Thu Jul 17 22:52:54 2003 UTC (19 years, 10 months ago) by grant
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)


Revision 1.5 / (download) - annotate - [select for diffs], Mon Jun 2 01:17:18 2003 UTC (20 years ago) by jschauma
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)

Use tech-pkg@ in favor of packages@ as MAINTAINER for orphaned packages.
Should anybody feel like they could be the maintainer for any of thewe packages,
please adjust.

Revision 1.4 / (download) - annotate - [select for diffs], Sun Mar 9 18:11:05 2003 UTC (20 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)

Update to 1.22.
This release changes the output format slightly to improve integration with
other tools, and improves the RPM packaging.

Revision 1.3 / (download) - annotate - [select for diffs], Mon Sep 23 15:19:37 2002 UTC (20 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: netbsd-1-6-1-base, netbsd-1-6-1
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

Update to 1.21:
        * Improved the default output so it creates multiple formatted lines
          instead of single very long lines for each hit.
          Use the new "--singleline" (-S) option to get the original
          "long line" format.
        * Removed duplicate "getpass" entry in the ruleset;
          this didn't hurt anything, but was unnecessary.
          Thanks to the user who gave me that feedback, wish I'd kept your
          email address so I could credit you properly :-).
        * Added a short tutorial to man page.
        * Fixed initial upper/lower case on many entries in the ruleset.
        * Allow "--input" as a synonym for "--inputs".

Revision 1.2 / (download) - annotate - [select for diffs], Sat Sep 21 23:46:56 2002 UTC (20 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.1: +3 -3 lines
Diff to previous 1.1 (colored)

Strip the ".buildlink" from the names of the python application and
extension Makefile fragments, because they really don't have anything to
do with the buildlink[12] frameworks.  Change all the Makefiles that use and to use
and instead.

Revision / (download) - annotate - [select for diffs] (vendor branch), Sun Jul 14 13:02:23 2002 UTC (20 years, 10 months ago) by wiz
Branch: TNF
CVS Tags: pkgviews-base, pkgviews, pkgsrc-base, netbsd-1-6-RELEASE-base, netbsd-1-6
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Initial import of flawfinder-1.20.
flawfinder is a program that examines source code and reports
possible security weaknesses (``flaws'') sorted by risk level. It's
very useful for quickly finding and removing at least some potential
security problems before a program is widely released to the public.

Revision 1.1 / (download) - annotate - [select for diffs], Sun Jul 14 13:02:23 2002 UTC (20 years, 10 months ago) by wiz
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

CVSweb <>