Change version number to 2.0.0 - use Semantic Versioning

This switches flawfinder's version naming conventions to comply with Semantic Versioning. We change the first digit to "2" because there's a subtle change in how CWEs are reported - see the ChangeLog or documentation for more information. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-29 13:24:25 -04:00 · 2017-07-29 13:24:25 -04:00 · 872109f230
parent 8f62d4290b
commit 872109f230
9 changed files with 44 additions and 17 deletions
--- a/25
+++ b/25
@ -1,3 +1,28 @@
 2017-07-29 David A. Wheeler <dwheeler, at, dwheeler.com>
 	* Change version numbers to use Semantic Versioning (x.y.z)
 	* Change version number to 2.0.0, because we have a subtle
 	  interface change that won't affect most people but it
 	  *may* affect those who use postprocess
 	  flawfinder data on CWEs. The fundamental issue is that
 	  in some cases a hit corresponds to multiple CWEs. As a result,
 	  in some cases flawfinder will list a sequence of CWEs
 	  in the format "more-general/more-specific", where the CWE actually
 	  being mapped is followed by a "!".
 	  This is always done whenever a flaw is not mapped directly to
 	  a top 25 CWE, but the mapping is related to such a CWE.
 	  So "CWE-119!/CWE-120" means that the vulnerability is mapped
 	  to CWE-119 and that CWE-120 is a subset of CWE-119.
 	  In contrast, "CWE-362/CWE-367!" means that the hit is mapped to
 	  CWE-367, a subset of CWE-362.
 	  Note that this is a subtle syntax change from flawfinder
 	  version 1.31; in flawfinder version 1.31,
 	  the form "more-general:more-specific" meant what is now listed as
 	  "more-general!/more-specific", while
 	  "more-general/more-specific" meant "more-general/more-specific!".
 	  Tools can handle both the version 1.31 and the current format,
 	  if they wish, by noting that the older format did not use "!" at all.
 	  These mapping mechanisms simplify searching for certain CWEs.
 2014-08-03 David A. Wheeler <dwheeler, at, dwheeler.com>
 	* Release version 1.31, a set of small improvements mostly CWE-related.
 	* Note that flawfinder is officially CWE-compatible.
--- a/2
+++ b/2
@ -43,6 +43,6 @@ vulnerabilities in programs that cannot be built or cannot be linked.
 Flawfinder also doesn't get as confused by macro definitions
 and other oddities that more sophisticated tools have trouble with.
-Flawfinder is released under the GNU GPL license version 2 or later (GPLv2+).
+Flawfinder is released under the GNU GPL license version 2 or later (GPL-2.0+).
 See the COPYING file for license information.
--- a/correct-results.html
+++ b/correct-results.html
@ -9,8 +9,8 @@
 <body>
 <h1>Flawfinder Results</h1>
 Here are the security scan results from
-<a href="http://www.dwheeler.com/flawfinder">Flawfinder version 1.32</a>,
+<a href="http://www.dwheeler.com/flawfinder">Flawfinder version 2.0.0</a>,
-(C) 2001-2014 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
+(C) 2001-2017 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
 Number of rules (primarily dangerous function names) in C/C++ ruleset: 209
 <p>
 Examining test.c <br>
--- a/correct-results.txt
+++ b/correct-results.txt
@ -1,4 +1,4 @@
-Flawfinder version 1.32, (C) 2001-2014 David A. Wheeler.
+Flawfinder version 2.0.0, (C) 2001-2017 David A. Wheeler.
 Number of rules (primarily dangerous function names) in C/C++ ruleset: 209
 Examining test.c
 Examining test2.c
--- a/10
+++ b/10
@ -8,7 +8,7 @@ from __future__ import division
 See the man page for a description of the options."""
-version="1.32"
+version="2.0.0"
 # The default output is as follows:
 # filename:line_number [risk_level] (type) function_name: message
@ -18,9 +18,9 @@ version="1.32"
 #
 # Currently this program can only analyze C/C++ code.
 #
-# Copyright (C) 2001-2014 David A. Wheeler.
+# Copyright (C) 2001-2017 David A. Wheeler.
 # This is released under the
-# GNU General Public License (GPL) version 2 or later (GPLv2+):
+# GNU General Public License (GPL) version 2 or later (GPL-2.0+):
 #
 #    This program is free software; you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@ -1523,9 +1523,9 @@ def display_header():
      print "<h1>Flawfinder Results</h1>"
      print "Here are the security scan results from"
      print '<a href="http://www.dwheeler.com/flawfinder">Flawfinder version %s</a>,' % version
-      print '(C) 2001-2014 <a href="http://www.dwheeler.com">David A. Wheeler</a>.'
+      print '(C) 2001-2017 <a href="http://www.dwheeler.com">David A. Wheeler</a>.'
    else:
-      print "Flawfinder version %s, (C) 2001-2014 David A. Wheeler." % version
+      print "Flawfinder version %s, (C) 2001-2017 David A. Wheeler." % version
    displayed_header = 1
--- a/flawfinder.1
+++ b/flawfinder.1
@ -791,10 +791,11 @@ CWE-367, a subset of CWE-362.
 Note that this is a subtle syntax change from flawfinder version 1.31;
 in flawfinder version 1.31,
 the form "more-general:more-specific" meant what is now listed as
-"more-general!:more-specific", while
+"more-general!/more-specific", while
 "more-general/more-specific" meant "more-general/more-specific!".
 Tools can handle both the version 1.31 and the current format,
-if they wish, by noting that the older format did not use "!" at all.
+if they wish, by noting that the older format did not use "!" at all
 (and thus this is easy to distinguish).
 These mapping mechanisms simplify searching for certain CWEs.
 .PP
 CWE version 2.7 (released June 23, 2014) was used for the mapping.
--- a/flawfinder.spec
+++ b/flawfinder.spec
@ -1,6 +1,6 @@
 Name: flawfinder
 Summary: Examines C/C++ source code for security flaws
-Version: 1.32
+Version: 2.0.0
 Release: 1%{?dist}
 License: GPLv2+
 Group: Development/Tools
--- a/7
+++ b/7
@ -1,5 +1,6 @@
-# Flawfinder.  Released under the General Public License (GPL).
+# Flawfinder.
-# (C) 2001-2014 David A. Wheeler.
+# Released under the General Public License (GPL) version 2 or later.
 # (C) 2001-2017 David A. Wheeler.
 # To change version number, edit this here, the beginning of the
 # "flawfinder" script, flawfinder.spec, setup.py, and index.html.
@ -9,7 +10,7 @@
 # Eventually switch to using DistUtils to autogenerate.
 NAME=flawfinder
-VERSION=1.32
+VERSION=2.0.0
 RPM_VERSION=1
 VERSIONEDNAME=$(NAME)-$(VERSION)
 ARCH=noarch
--- a/setup.py
+++ b/setup.py
@ -25,11 +25,11 @@ import commands
 setup (# Distribution meta-data
       name = "flawfinder",
-       version = "1.32",
+       version = "2.0.0",
       description = "a program that examines source code looking for security weaknesses",
       author = "David A. Wheeler",
       author_email = "dwheeler@dwheeler.com",
-       license = 'GPL',
+       license = 'GPL-2.0+',
       long_description = """Flawfinder is a program that can scan
 C/C++ source code and identify out potential security flaws,
 ranking them by likely severity.