Flawfinder version 1.26 released!I’ve released yet another new version of flawfinder - now it’s version 1.26. Flawfinder is a simple program that examines C/C++ source code and reports on likely security flaws in the program, ranked by risk level. When I announced flawfinder version 1.25, people responded with a flurry of useful improvements, so I thought I’d incorporate those right away for all to enjoy.
You can view the Flawfinder ChangeLog for the details. Here are some of the highlights:
NOTE: Due to an error on my part, the tar file for version 1.25 on my website was for a short period (between 2004-06-05 and 2004-06-15) actually a functional equivalent of version 1.26 (without some stuff that only affects me), incorrectly labelled as 1.25. This wasn’t true for the RPM packages (the 1.25s stayed as 1.25), so suspicious people could look inside the RPM packages to see if the tar file within was correct. In some sense this wasn’t a serious problem - tar users got the latest version of flawfinder a little sooner than I intended. But I really want version numbers to mean what they say, and I know others do too; for those folks, my sincere apologies!! Please upgrade to 1.26, since that way you’ll be SURE to get the right version. If you want to check, here are the md5sum’s of various correct files:
dcdd0a7a5b9dc8d0ffc85c1a5833bc43 flawfinder-1.25-1.noarch.rpm 744f0cc317c583de6d295860db3c7cbe flawfinder-1.25-1.src.rpm fa5b644e00aa4862de5b790f0e1a3ad7 flawfinder-1.25.tar.gz (the real 1.25) 530b11016c52d473ebb7bc9639d4338b flawfinder-1.26-1.noarch.rpm cbc61513620bc7b17bcc29f8eb50fb9f flawfinder-1.26-1.src.rpm 242a90ecf2f21a709a2425c8771ef38e flawfinder-1.26.tar.gzHere’s the md5sum of the file that was briefly labelled as flawfinder-1.25.tar.gz, but was actually a functional equivalent of 1.26:
Just go to the flawfinder home page to get the latest version.
path: /security | Current Weblog | permanent link to this entry