head 1.31; access; symbols pkgsrc-2023Q4:1.31.0.4 pkgsrc-2023Q4-base:1.31 pkgsrc-2023Q3:1.31.0.2 pkgsrc-2023Q3-base:1.31 pkgsrc-2023Q2:1.30.0.4 pkgsrc-2023Q2-base:1.30 pkgsrc-2023Q1:1.30.0.2 pkgsrc-2023Q1-base:1.30 pkgsrc-2022Q4:1.29.0.4 pkgsrc-2022Q4-base:1.29 pkgsrc-2022Q3:1.29.0.2 pkgsrc-2022Q3-base:1.29 pkgsrc-2022Q2:1.28.0.14 pkgsrc-2022Q2-base:1.28 pkgsrc-2022Q1:1.28.0.12 pkgsrc-2022Q1-base:1.28 pkgsrc-2021Q4:1.28.0.10 pkgsrc-2021Q4-base:1.28 pkgsrc-2021Q3:1.28.0.8 pkgsrc-2021Q3-base:1.28 pkgsrc-2021Q2:1.28.0.6 pkgsrc-2021Q2-base:1.28 pkgsrc-2021Q1:1.28.0.4 pkgsrc-2021Q1-base:1.28 pkgsrc-2020Q4:1.28.0.2 pkgsrc-2020Q4-base:1.28 pkgsrc-2020Q3:1.27.0.8 pkgsrc-2020Q3-base:1.27 pkgsrc-2020Q2:1.27.0.6 pkgsrc-2020Q2-base:1.27 pkgsrc-2020Q1:1.27.0.2 pkgsrc-2020Q1-base:1.27 pkgsrc-2019Q4:1.27.0.4 pkgsrc-2019Q4-base:1.27 pkgsrc-2019Q3:1.26.0.4 pkgsrc-2019Q3-base:1.26 pkgsrc-2019Q2:1.26.0.2 pkgsrc-2019Q2-base:1.26 pkgsrc-2019Q1:1.25.0.16 pkgsrc-2019Q1-base:1.25 pkgsrc-2018Q4:1.25.0.14 pkgsrc-2018Q4-base:1.25 pkgsrc-2018Q3:1.25.0.12 pkgsrc-2018Q3-base:1.25 pkgsrc-2018Q2:1.25.0.10 pkgsrc-2018Q2-base:1.25 pkgsrc-2018Q1:1.25.0.8 pkgsrc-2018Q1-base:1.25 pkgsrc-2017Q4:1.25.0.6 pkgsrc-2017Q4-base:1.25 pkgsrc-2017Q3:1.25.0.4 pkgsrc-2017Q3-base:1.25 pkgsrc-2017Q2:1.24.0.20 pkgsrc-2017Q2-base:1.24 pkgsrc-2017Q1:1.24.0.18 pkgsrc-2017Q1-base:1.24 pkgsrc-2016Q4:1.24.0.16 pkgsrc-2016Q4-base:1.24 pkgsrc-2016Q3:1.24.0.14 pkgsrc-2016Q3-base:1.24 pkgsrc-2016Q2:1.24.0.12 pkgsrc-2016Q2-base:1.24 pkgsrc-2016Q1:1.24.0.10 pkgsrc-2016Q1-base:1.24 pkgsrc-2015Q4:1.24.0.8 pkgsrc-2015Q4-base:1.24 pkgsrc-2015Q3:1.24.0.6 pkgsrc-2015Q3-base:1.24 pkgsrc-2015Q2:1.24.0.4 pkgsrc-2015Q2-base:1.24 pkgsrc-2015Q1:1.24.0.2 pkgsrc-2015Q1-base:1.24 pkgsrc-2014Q4:1.23.0.6 pkgsrc-2014Q4-base:1.23 pkgsrc-2014Q3:1.23.0.4 pkgsrc-2014Q3-base:1.23 pkgsrc-2014Q2:1.23.0.2 pkgsrc-2014Q2-base:1.23 pkgsrc-2014Q1:1.22.0.2 pkgsrc-2014Q1-base:1.22 pkgsrc-2013Q4:1.21.0.10 pkgsrc-2013Q4-base:1.21 pkgsrc-2013Q3:1.21.0.8 pkgsrc-2013Q3-base:1.21 pkgsrc-2013Q2:1.21.0.6 pkgsrc-2013Q2-base:1.21 pkgsrc-2013Q1:1.21.0.4 pkgsrc-2013Q1-base:1.21 pkgsrc-2012Q4:1.21.0.2 pkgsrc-2012Q4-base:1.21 pkgsrc-2012Q3:1.20.0.6 pkgsrc-2012Q3-base:1.20 pkgsrc-2012Q2:1.20.0.4 pkgsrc-2012Q2-base:1.20 pkgsrc-2012Q1:1.20.0.2 pkgsrc-2012Q1-base:1.20 pkgsrc-2011Q4:1.19.0.16 pkgsrc-2011Q4-base:1.19 pkgsrc-2011Q3:1.19.0.14 pkgsrc-2011Q3-base:1.19 pkgsrc-2011Q2:1.19.0.12 pkgsrc-2011Q2-base:1.19 pkgsrc-2011Q1:1.19.0.10 pkgsrc-2011Q1-base:1.19 pkgsrc-2010Q4:1.19.0.8 pkgsrc-2010Q4-base:1.19 pkgsrc-2010Q3:1.19.0.6 pkgsrc-2010Q3-base:1.19 pkgsrc-2010Q2:1.19.0.4 pkgsrc-2010Q2-base:1.19 pkgsrc-2010Q1:1.19.0.2 pkgsrc-2010Q1-base:1.19 pkgsrc-2009Q4:1.17.0.8 pkgsrc-2009Q4-base:1.17 pkgsrc-2009Q3:1.17.0.6 pkgsrc-2009Q3-base:1.17 pkgsrc-2009Q2:1.17.0.4 pkgsrc-2009Q2-base:1.17 pkgsrc-2009Q1:1.17.0.2 pkgsrc-2009Q1-base:1.17 pkgsrc-2008Q4:1.16.0.20 pkgsrc-2008Q4-base:1.16 pkgsrc-2008Q3:1.16.0.18 pkgsrc-2008Q3-base:1.16 cube-native-xorg:1.16.0.16 cube-native-xorg-base:1.16 pkgsrc-2008Q2:1.16.0.14 pkgsrc-2008Q2-base:1.16 cwrapper:1.16.0.12 pkgsrc-2008Q1:1.16.0.10 pkgsrc-2008Q1-base:1.16 pkgsrc-2007Q4:1.16.0.8 pkgsrc-2007Q4-base:1.16 pkgsrc-2007Q3:1.16.0.6 pkgsrc-2007Q3-base:1.16 pkgsrc-2007Q2:1.16.0.4 pkgsrc-2007Q2-base:1.16 pkgsrc-2007Q1:1.16.0.2 pkgsrc-2007Q1-base:1.16 pkgsrc-2006Q4:1.15.0.2 pkgsrc-2006Q4-base:1.15 pkgsrc-2006Q3:1.14.0.6 pkgsrc-2006Q3-base:1.14 pkgsrc-2006Q2:1.14.0.4 pkgsrc-2006Q2-base:1.14 pkgsrc-2006Q1:1.14.0.2 pkgsrc-2006Q1-base:1.14 pkgsrc-2005Q4:1.11.0.2 pkgsrc-2005Q4-base:1.11 pkgsrc-2005Q3:1.10.0.4 pkgsrc-2005Q3-base:1.10 pkgsrc-2005Q2:1.10.0.2 pkgsrc-2005Q2-base:1.10 pkgsrc-2005Q1:1.9.0.6 pkgsrc-2005Q1-base:1.9 pkgsrc-2004Q4:1.9.0.4 pkgsrc-2004Q4-base:1.9 pkgsrc-2004Q3:1.9.0.2 pkgsrc-2004Q3-base:1.9 pkgsrc-2004Q2:1.8.0.4 pkgsrc-2004Q2-base:1.8 pkgsrc-2004Q1:1.8.0.2 pkgsrc-2004Q1-base:1.8 pkgsrc-2003Q4:1.7.0.2 pkgsrc-2003Q4-base:1.7 netbsd-1-6-1:1.3.0.2 netbsd-1-6-1-base:1.3 netbsd-1-6:1.1.1.1.0.6 netbsd-1-6-RELEASE-base:1.1.1.1 pkgviews:1.1.1.1.0.2 pkgviews-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.31 date 2023.08.14.05.25.09; author wiz; state Exp; branches; next 1.30; commitid LOSB79OLVxvXjIAE; 1.30 date 2023.02.06.11.23.50; author nros; state Exp; branches; next 1.29; commitid UNr7CRYO7BkioscE; 1.29 date 2022.06.30.11.18.47; author nia; state Exp; branches; next 1.28; commitid AhctUV91Vubws3KD; 1.28 date 2020.12.04.20.45.39; author nia; state Exp; branches; next 1.27; commitid FPz71MqRX3WN0tyC; 1.27 date 2019.11.04.21.12.52; author rillig; state Exp; branches; next 1.26; commitid G51T39p39YNQTzJB; 1.26 date 2019.04.25.07.33.15; author maya; state Exp; branches; next 1.25; commitid 1FEMQBEPb9uTxHkB; 1.25 date 2017.08.01.14.59.04; author wiz; state Exp; branches; next 1.24; commitid WdGfxAP8wrFJlw1A; 1.24 date 2015.03.11.00.51.06; author mef; state Exp; branches; next 1.23; commitid 4XRecNFrIhDqK7dy; 1.23 date 2014.05.17.16.10.48; author wiz; state Exp; branches; next 1.22; commitid vZBubLIZiAZOpUAx; 1.22 date 2014.01.25.10.45.20; author wiz; state Exp; branches; next 1.21; commitid jFdMwV0xAIvkdumx; 1.21 date 2012.10.23.18.16.27; author asau; state Exp; branches; next 1.20; 1.20 date 2012.03.15.11.53.37; author obache; state Exp; branches; next 1.19; 1.19 date 2010.02.10.19.17.44; author joerg; state Exp; branches; next 1.18; 1.18 date 2010.01.27.17.21.29; author joerg; state Exp; branches; next 1.17; 1.17 date 2009.02.09.22.56.26; author joerg; state Exp; branches; next 1.16; 1.16 date 2007.01.17.21.48.25; author adrianp; state Exp; branches; next 1.15; 1.15 date 2006.12.02.16.01.45; author rillig; state Exp; branches; next 1.14; 1.14 date 2006.03.04.21.30.33; author jlam; state Exp; branches; next 1.13; 1.13 date 2006.02.15.13.43.35; author rillig; state Exp; branches; next 1.12; 1.12 date 2006.02.05.23.10.43; author joerg; state Exp; branches; next 1.11; 1.11 date 2005.09.28.20.52.26; author rillig; state Exp; branches; next 1.10; 1.10 date 2005.06.17.03.50.31; author jlam; state Exp; branches; next 1.9; 1.9 date 2004.06.23.16.19.41; author snj; state Exp; branches; next 1.8; 1.8 date 2004.02.14.14.21.17; author wiz; state Exp; branches; next 1.7; 1.7 date 2003.07.21.17.20.08; author martti; state Exp; branches; next 1.6; 1.6 date 2003.07.17.22.52.54; author grant; state Exp; branches; next 1.5; 1.5 date 2003.06.02.01.17.18; author jschauma; state Exp; branches; next 1.4; 1.4 date 2003.03.09.18.11.05; author wiz; state Exp; branches; next 1.3; 1.3 date 2002.09.23.15.19.37; author wiz; state Exp; branches; next 1.2; 1.2 date 2002.09.21.23.46.56; author jlam; state Exp; branches; next 1.1; 1.1 date 2002.07.14.13.02.23; author wiz; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2002.07.14.13.02.23; author wiz; state Exp; branches; next ; desc @@ 1.31 log @*: recursive bump for Python 3.11 as new default @ text @# $NetBSD: Makefile,v 1.30 2023/02/06 11:23:50 nros Exp $ DISTNAME= flawfinder-2.0.19 PKGREVISION= 1 CATEGORIES= security devel MASTER_SITES= https://www.dwheeler.com/flawfinder/ MAINTAINER= pkgsrc-users@@NetBSD.org HOMEPAGE= https://www.dwheeler.com/flawfinder/ COMMENT= Python program to find flaws in C/C++ programs LICENSE= gnu-gpl-v2 INSTALLATION_DIRS= ${PKGMANDIR}/man1 post-install: ${INSTALL_MAN} ${WRKSRC}/flawfinder.1 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1 .include "../../lang/python/egg.mk" .include "../../mk/bsd.pkg.mk" @ 1.30 log @Update flawfinder to version 2.0.19 The reason for the update is to get this package to work, version 1.31 crashed when I tried it, version 2.0.19 works. Changes from changelog: 2021-08-29 David A. Wheeler * Version 2.0.19 * Fix so we send error messages to stderr instead of stdout. Originally we sent some to stdout by mistake, which could mess up results since the error messages would be mixed up with the results. 2021-06-24 David A. Wheeler * Version 2.0.18 * Fix SARIF output. SARIF output is new to flawfinder, and there was a subtle error in its generation that causes GitHub to reject the SARIF file. 2021-06-02 David A. Wheeler * Version 2.0.17 * Fix the distributed tarball, which didn't include the key source file due to the earlier file restructure. * Minor code style fix, which simplifies the code slightly. * Update date in manual page to 2021. That's important because the documentation now includes information on `--sarif`. 2021-05-31 David A. Wheeler * Version 2.0.16 * The distributed source file is now flawfinder.py, not flawfinder. This is part of a change that improves improve cross-platform ease-of-use by using entry_points. That said, "make install" will still install it as "flawfinder" (so those who install it via "make install" will see no change). Many thanks to Ben Spoor! * Added support for generating SARIF output, use --sarif. A big thanks to Yong Yan for this work! * Track curly brace level to reduce some problems, my thanks to Greg Myers for the work! * Improved handling of Git patch format, thanks to Robin Geffroy. 2021-01-11 David A. Wheeler * Version 2.0.15 * Fixed some release problems in 2.0.14. * Improved handling of LoadLibraryEx; flawfinderr no longer complains about certain constructs that are known to be safe (eliminating some false positives). 2021-01-09 David A. Wheeler * Version 2.0.14 * If there are >0 hits, tell users how to ignore them as part of the tool output. * Various Windows improvments. Ignore LoadLibraryEx if its third parameter is LOAD_LIBRARY_SEARCH_SYSTEM32, as this is safe, and remove the rule for InitialCriticalSection (this is no longer a vulnerability on current widely-used versions of Windows) * Various C++ improvements. Add .hpp support for C++, ignore "system::" to reduce false positives, treat ' as digit separator when file extension is a C++ file (for C++14). * I had some release problems; this is identified as 2.0.14 (skipping a few minor numbers) to ensure that the version number uniquely identifies a specific release. 2020-02-17 David A. Wheeler * Version 2.0.11 * Provide a much more detailed error report, including recommended solutions, when character encoding problems hit. As Python3 has slowly gained in popularity, its failure to provide useful built-ins to handle real-world character encoding problems hurts more people. (E.g., many files don't comply with *any* character set encoding standard, and Python3 can't read them without enabling options that are wrong for others.) We can at least provide much more detailed feedback to help explain the various options available. 2019-06-22 David A. Wheeler * Version 2.0.10 * Use binary mode when reading a diffhitlist. My thanks to Michał Górny, who both reported the problem and provided the patch! 2019-05-19 David A. Wheeler * Version 2.0.9 * Fixes a serious defect in --diffhitlist 2019-05-17 Labidurie Jerome * Fixed a serious defect in --diffhitlist option and added a unit test 2019-01-21 David A. Wheeler * Version 2.0.8 * Don't warn if memcpy call includes sizeof(first arg). Thanks to Michael Clark for this improvement! * Bugfix (banned function _ftcsat should be _ftcscat). Thanks to Lucas Ramage for reporting this! * Documentation tweaks. Make it clear that GitHub issues and pull requests are supported, and use ~~~~ in markdown to ease copy-and-paste from documentation. 2018-09-30 David A. Wheeler * Incorporate many small improvements from nickthetait * Fix a number of bugs reported by philipp * Update URLs for www.dwheeler.com -> dwheeler.com 2018-04-04 David A. Wheeler * Version 2.0.6 2018-01-26 David A. Wheeler * Small fixes * Update cwe.mitre.org URLs to use https 2017-11-16 David A. Wheeler * add detection of crypt_r function * add detection of errant equal, mismatch, and is_permutation * update CWE, risk, and discussion for C++14 STL functions * Always report hit counts correctly, even if ignored using -m * Update www.dwheeler.com URLs to use https 2017-09-02 David A. Wheeler * Version 2.0.4 * Switch from distutils to setuptools * Directly support "pip" installs 2017-08-26 David A. Wheeler * Version 2.0.2 * Flawfinder can now run on either Python 2.7 or 3 * Added more tests * Implemented additional code cleanups recommended by Pylint * Modified documentation in various ways to clarify things 2017-08-13 David A. Wheeler * Version 2.0.1 * Tranform many internal constructs to work on Python 2 or 3, with the eventual goal of making it run on either. 2017-07-29 David A. Wheeler * Version 2.0.0 * Change version numbers to use Semantic Versioning (x.y.z) * Add support for generating CSV (comma-separated value) format, to make this tool easier to integrate into larger toolsuites. * Fixed a number of issues - and even a few bugs - found by the Python static analysis tool pylint. * Document in CONTRIBUTING.md how to contribute to the project. * Change version number to 2.0.0, because we have a subtle interface change that won't affect most people but it *may* affect those who use postprocess flawfinder data on CWEs. The fundamental issue is that in some cases a hit corresponds to multiple CWEs. As a result, in some cases flawfinder will list a sequence of CWEs in the format "more-general/more-specific", where the CWE actually being mapped is followed by a "!". This is always done whenever a flaw is not mapped directly to a top 25 CWE, but the mapping is related to such a CWE. So "CWE-119!/CWE-120" means that the vulnerability is mapped to CWE-119 and that CWE-120 is a subset of CWE-119. In contrast, "CWE-362/CWE-367!" means that the hit is mapped to CWE-367, a subset of CWE-362. Note that this is a subtle syntax change from flawfinder version 1.31; in flawfinder version 1.31, the form "more-general:more-specific" meant what is now listed as "more-general!/more-specific", while "more-general/more-specific" meant "more-general/more-specific!". Tools can handle both the version 1.31 and the current format, if they wish, by noting that the older format did not use "!" at all. These mapping mechanisms simplify searching for certain CWEs. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.29 2022/06/30 11:18:47 nia Exp $ d4 1 @ 1.29 log @*: Revbump packages that use Python at runtime without a PKGNAME prefix @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.28 2020/12/04 20:45:39 nia Exp $ d3 1 a3 2 DISTNAME= flawfinder-1.31 PKGREVISION= 3 d12 1 a12 3 NO_BUILD= yes REPLACE_PYTHON= flawfinder INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 d14 1 a14 2 do-install: ${INSTALL_SCRIPT} ${WRKSRC}/flawfinder ${DESTDIR}${PREFIX}/bin d17 1 a17 1 .include "../../lang/python/application.mk" @ 1.28 log @Revbump packages with a runtime Python dep but no version prefix. For the Python 3.8 default switch. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.27 2019/11/04 21:12:52 rillig Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.27 log @security: align variable assignments pkglint -Wall -F --only aligned --only indent -r No manual corrections. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.26 2019/04/25 07:33:15 maya Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.26 log @PKGREVISION bump for anything using python without a PYPKGPREFIX. This is a semi-manual PKGREVISION bump. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.25 2017/08/01 14:59:04 wiz Exp $ d14 1 a14 1 REPLACE_PYTHON= flawfinder @ 1.25 log @Follow some http -> https redirects. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24 2015/03/11 00:51:06 mef Exp $ d4 1 @ 1.24 log @(pkgsrc) - Add LICENSE= gnu-gpl-v2 (upstream) - Update 1.27 to 1.31 ---------------------- 2014-08-03 David A. Wheeler * Release version 1.31, a set of small improvements mostly CWE-related. * Note that flawfinder is officially CWE-compatible. * Support GNU make install conventions (prefix, bindir, DESTDIR, etc.). The older program-specific conventions are still supported, but the documentation emphasizes using the standard conventions instead. * Simplified installation text. * Added more wide character function rules. * Add reference to info at "http://www.dwheeler.com/secure-programs". * Document that hitlists should be trusted to be loaded or diffed. These are implented using Python's pickle module, and that module presumes the data is from a trustworthy source. In the expected use case this is fine... but it needed to be documented. * Tweak/improve mappings to CWE. E.G., strlen() better maps to CWE-126 (buffer over-read). In a few cases the CWE mappings weren't reported as such; that is now fixed. CWEs are actually a hierarchy; expose a little of this so people can more easily search on them. * Improved error detection and reporting. In particular, error messages are sent to standard errors, filenames listed but non-existent trigger a separate warning, and there's a warning about non-existent filenames listed on the command line that begin with the UTF-8 long dash sequence (users might not notice the difference between long dash and dash, and this can happen in some cases when copying and pasting). * Add "-H" option as synonym for "--html". 2014-07-19 David A. Wheeler * Release 1.29, primarily for CWE improvements. * Multi-line formatting is faster and formats better. * Documentation about CWEs has been improved. * HTML format includes links from CWE identifiers to their definitions. * Tweak CWE mappings, e.g., strlen maps to CWE-126 (buffer over-read). * Option "--listrules" now gives default warning and is tab-delimited. * Regression test suite now also tests the generated HTML. 2014-07-13 David A. Wheeler * Release 1.28 * Common Weakness Enumeration (CWE) references are now included in most hits * Handle files not ending in newline (thanks to Alexis Wilke) * Documentation clarifications * Added support for "git diff" in patchfile processing * Handles unbalanced double-quotes in sprintf * Fix incorrect time executed report * Fix bug to allow "flawfinder ." (fix bug#3) * Fix ignore directive when filenames differ (fix bug#6) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.23 2014/05/17 16:10:48 wiz Exp $ d5 1 a5 1 MASTER_SITES= http://www.dwheeler.com/flawfinder/ d8 1 a8 1 HOMEPAGE= http://www.dwheeler.com/flawfinder/ @ 1.23 log @Bump applications PKGREVISIONs for python users that might be using python3, since the default changed from python33 to python34. I probably bumped too many. I hope I got them all. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.22 2014/01/25 10:45:20 wiz Exp $ d3 1 a3 2 DISTNAME= flawfinder-1.27 PKGREVISION= 4 d10 1 @ 1.22 log @No need to have two variables for the same logic. Replace PYTHON_PATCH_SCRIPTS with REPLACE_PYTHON. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.21 2012/10/23 18:16:27 asau Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.21 log @Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.20 2012/03/15 11:53:37 obache Exp $ d13 1 a13 1 PYTHON_PATCH_SCRIPTS= flawfinder @ 1.20 log @Bump PKGREVISION from default python to 2.7. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.19 2010/02/10 19:17:44 joerg Exp $ a11 2 PKG_DESTDIR_SUPPORT= user-destdir @ 1.19 log @Bump revision for PYTHON_VERSION_DEFAULT change. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2010/01/27 17:21:29 joerg Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.18 log @DESTDIR support @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2009/02/09 22:56:26 joerg Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.17 log @Switch to Python 2.5 as default. Bump revision of all packages that have changed runtime dependencies now. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2007/01/17 21:48:25 adrianp Exp $ d12 2 d19 2 a20 2 ${INSTALL_SCRIPT} ${WRKSRC}/flawfinder ${PREFIX}/bin ${INSTALL_MAN} ${WRKSRC}/flawfinder.1 ${PREFIX}/${PKGMANDIR}/man1 @ 1.16 log @Update to 1.27 2007-01-16 David A. Wheeler * Release version 1.27 2007-01-16 Sebastien Tandel * Fix Debian bug 268236. This complains that flawfinder crashes when presented with a file it cannot read. The patch obviously can't prevent the problem, since the tool can't review what it can't read, but at least it halts with a cleaner error message. 2007-01-15 cmorgan * Fixed Debian bug 271287 (flawfinder). Fixed skipping newlines when line ended with \, which caused incorrect line number reporting. Skip multiple whitespace at one time. 2007-01-15 David A. Wheeler * Modified Sebastien Tandel's code so that it also supports GNU diff (his code worked only for svn diff) * When using a patchfile, skip analysis of any file not listed in the patchfile. 2007-01-15 Sebastien Tandel * By default, now skips directories beginning with "." (this makes it work nicely with many SCM systems). Added "--followdotdir" option if you WANT it to enter such directories. * Fixed divide-by-zero when no code found (not exactly common in normal use, but anyway!) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2006/12/02 16:01:45 rillig Exp $ d4 1 @ 1.15 log @Fixed PKGMANDIR. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.14 2006/03/04 21:30:33 jlam Exp $ d3 1 a3 2 DISTNAME= flawfinder-1.26 PKGREVISION= 1 @ 1.14 log @Point MAINTAINER to pkgsrc-users@@NetBSD.org in the case where no developer is officially maintaining the package. The rationale for changing this from "tech-pkg" to "pkgsrc-users" is that it implies that any user can try to maintain the package (by submitting patches to the mailing list). Since the folks most likely to care about the package are the folks that want to use it or are already using it, this would leverage the energy of users who aren't developers. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.13 2006/02/15 13:43:35 rillig Exp $ d14 1 a14 1 INSTALLATION_DIRS= bin man/man1 d17 2 a18 2 ${INSTALL_SCRIPT} ${WRKSRC:Q}/flawfinder ${PREFIX:Q}/bin ${INSTALL_MAN} ${WRKSRC:Q}/flawfinder.1 ${PREFIX:Q}/man/man1 @ 1.13 log @Fixed all pkglint warnings. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2006/02/05 23:10:43 joerg Exp $ d8 1 a8 1 MAINTAINER= tech-pkg@@NetBSD.org @ 1.12 log @Recursive revision bump / recommended bump for gettext ABI change. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2005/09/28 20:52:26 rillig Exp $ d12 3 a14 3 NO_BUILD= yes PYTHON_PATCH_SCRIPTS= flawfinder INSTALATION_DIRS= bin man/man1 d17 2 a18 2 ${INSTALL_SCRIPT} ${WRKSRC}/flawfinder ${PREFIX}/bin ${INSTALL_MAN} ${WRKSRC}/flawfinder.1 ${PREFIX}/man/man1 @ 1.11 log @Replaced "# defined" with "yes" in Makefile variables like GNU_CONFIGURE, NO_BUILD, USE_LIBTOOL. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.10 2005/06/17 03:50:31 jlam Exp $ d4 1 @ 1.10 log @Create directories before installing files into them. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 2004/06/23 16:19:41 snj Exp $ d11 1 a11 1 NO_BUILD= # defined @ 1.9 log @Update flawfinder to 1.26. Don't set PY_PATCHPLIST, as it is useless. Don't include python/extension.mk, as it is also useless. Don't set NO_CONFIGURE, because it makes PYTHON_PATCH_SCRIPTS useless. Don't set MAKEFILE, as we don't actually use the included makefile for anything. Changes since 1.24: * Added more support for Microsoft's approach to internationalization. * Added two new rules for GLib functions, "g_get_home_dir" and g_get_tmp_dir". * Added curl_getenv(). * Added several rules for input functions (for -I) - recv, recvfrom, recvmsg, fread, and readv. * Tightened the false positive test slightly; if a name is followed by = or - or + it's unlikely to be a function call, so it'll be quietly discarded. * Modified the summary report format slightly. * Modified the getpass text to remove an extraneous character. * Added rules for cuserid, getlogin, getpass, mkstemp, getpw, memalign, as well as the obsolete functions gsignal, ssignal, ulimit, usleep. * Modified text for strncat to clarify it. * Fixed error in --columns format, so that the output is simply "filename:linenumber:columnnumber" when --columns (-C) is used. * Eliminated "Number of" phrase in the footer report * Added more statistical information to the footer report. * Added shortcut single-letter commands (-D for --dataonly, -Q for --quiet, -C for --columns), so that invoking from editors is easier. * Tries to autoremove some false positives. In particular, a function name followed immediately by "=" (ignoring whitespace) is automatically considered to be a variable and NOT a function, and thus doesn't register as a hit. There are exotic cases where this won't be correct, but they're pretty unlikely in real code. * Added a "--falsepositive" (-F) option, which tries to remove many more likely false positives. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2004/02/14 14:21:17 wiz Exp $ d13 1 @ 1.8 log @Update to 1.24: 2003-10-29 David A. Wheeler * Fixed an incredibly obscure parsing error that caused some false positives. If a constant C string, after the closing double-quote, is followed by a \ and newline (instead of a comma), the string might not be recognized as a constant string (thus triggering warnings about non-constant values in some cases). This kind of formatting is quite ugly and rare. My thanks to Sascha Nitsch (sascha, at spsn.ath.cx) for pointing this bug out and giving me a test case to work with. * Added a warning for readlink. The implementation and warning are mine, but the idea of warning about readlink came from Stefan Kost (kost, at imn.htwk-leipzig.de). Thanks!! 2003-09-27 David A. Wheeler * Released version 1.23. Minor bugfixes. 2003-09-27 David A. Wheeler * Fixed subtle bug - in some circumstances single character constants wouldn't be parsed correctly. My thanks to Scott Renfro for notifying me about this bug. Scott Renfro also sent me a patch; I didn't use it (the patch didn't handle other cases), but I'm grateful since it illustrated the problem. * Fixed documentation bug in man page. The option "--minlevel=X" must be preceded by two dashes, as are all GNU-style long options. The man page accidentally only had one dash in the summary (it was correct elsewhere); it now correctly shows both dashes. * Modified man page to list filename extensions that are interpreted as C/C++. * Removed index.html from distribution - it's really only for the website. @ text @d1 1 a1 2 # $NetBSD: Makefile,v 1.7 2003/07/21 17:20:08 martti Exp $ # d3 1 a3 1 DISTNAME= flawfinder-1.24 d11 1 a12 5 PY_PATCHPLIST= yes NO_CONFIGURE= # defined NO_BUILD= # defined MAKEFILE= makefile a18 1 .include "../../lang/python/extension.mk" @ 1.7 log @COMMENT should start with a capital letter. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2003/07/17 22:52:54 grant Exp $ d4 1 a4 1 DISTNAME= flawfinder-1.22 @ 1.6 log @s/netbsd.org/NetBSD.org/ @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2003/06/02 01:17:18 jschauma Exp $ d10 1 a10 1 COMMENT= python program to find flaws in C/C++ programs @ 1.5 log @Use tech-pkg@@ in favor of packages@@ as MAINTAINER for orphaned packages. Should anybody feel like they could be the maintainer for any of thewe packages, please adjust. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2003/03/09 18:11:05 wiz Exp $ d8 1 a8 1 MAINTAINER= tech-pkg@@netbsd.org @ 1.4 log @Update to 1.22. This release changes the output format slightly to improve integration with other tools, and improves the RPM packaging. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2002/09/23 15:19:37 wiz Exp $ d8 1 a8 1 MAINTAINER= packages@@netbsd.org @ 1.3 log @Update to 1.21: * Improved the default output so it creates multiple formatted lines instead of single very long lines for each hit. Use the new "--singleline" (-S) option to get the original "long line" format. * Removed duplicate "getpass" entry in the ruleset; this didn't hurt anything, but was unnecessary. Thanks to the user who gave me that feedback, wish I'd kept your email address so I could credit you properly :-). * Added a short tutorial to man page. * Fixed initial upper/lower case on many entries in the ruleset. * Allow "--input" as a synonym for "--inputs". @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2002/09/21 23:46:56 jlam Exp $ d4 1 a4 1 DISTNAME= flawfinder-1.21 @ 1.2 log @Strip the ".buildlink" from the names of the python application and extension Makefile fragments, because they really don't have anything to do with the buildlink[12] frameworks. Change all the Makefiles that use application.buildlink.mk and extension.buildlink.mk to use application.mk and extension.mk instead. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1.1.1 2002/07/14 13:02:23 wiz Exp $ d4 1 a4 1 DISTNAME= flawfinder-1.20 @ 1.1 log @Initial revision @ text @d1 1 a1 1 # $NetBSD$ d23 2 a24 2 .include "../../lang/python/application.buildlink.mk" .include "../../lang/python/extension.buildlink.mk" @ 1.1.1.1 log @Initial import of flawfinder-1.20. flawfinder is a program that examines source code and reports possible security weaknesses (``flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public. @ text @@