[ITA] splint 3.1.1 - Check C programs for security vulnerabilities

[ITA] splint 3.1.1 - Check C programs for security vulnerabilities

[Jari Aalto]

Adopted from Elfyn McBratney

Jari

sdesc: "Check C programs for security vulnerabilities and programming
mistakes."
ldesc: "Splint does many of the traditional lint checks including
unused declarations, type inconsistencies, use before definition,
unreachable code, ignored return values, execution paths with no
return, likely infinite loops, and fall through cases. More powerful
checks are made possible by additional information given in source
code annotations. Annotations are stylized comments that document
assumptions about functions, variables, parameters and types. In
addition to the checks specifically enabled by annotations, many of
the traditional lint checks are improved by exploiting this additional
information."
category: Devel
requires: cygwin

a) manual

  wget        \
    http://cygwin.cante.net/splint/splint-3.1.1-2.tar.bz2 \
    http://cygwin.cante.net/splint/splint-3.1.1-2-src.tar.bz2 \
    http://cygwin.cante.net/splint/setup.hint

b) automated: get.sh displays further instructions

  gpg --keyserver wwwkeys.pgp.net --recv-keys 955A92D8

  mkdir splint ; cd splint
  rm -f get.sh get.sh.sig
  wget    http://cygwin.cante.net/splint/get.sh \
          http://cygwin.cante.net/splint/get.sh.sig
  gpg --verify get.sh.sig get.sh &&
  sh get.sh

Re: [ITA] splint 3.1.1 - Check C programs for security vulnerabilities

[Mark Harig]

Jari Aalto wrote:
>   wget        \
>     http://cygwin.cante.net/splint/splint-3.1.1-2.tar.bz2 \
>     http://cygwin.cante.net/splint/splint-3.1.1-2-src.tar.bz2 \
>     http://cygwin.cante.net/splint/setup.hint
>
>   
In case you were not aware,  splint 3.1.2 has been released 
(www.splint.org).

Thank you for taking this package on.

---

Re: [ITA] splint 3.1.1 - Check C programs for security vulnerabilities

[Dr. Volker Zell]

>>>>> Jari Aalto writes:

    > Adopted from Elfyn McBratney

When building from source with ./splint-3.1.1-2.sh all
I do not get the same package contents as you.
    
tar -tvjf splint-3.1.1-2.tar.bz2 
drwxr-xr-x vzell/admin       0 2007-08-15 16:14 usr/
drwxr-xr-x vzell/admin       0 2007-08-15 16:17 usr/bin/
-rwxr-xr-x vzell/admin 1697792 2007-08-15 16:17 usr/bin/splint.exe
drwxr-xr-x vzell/admin       0 2007-08-15 16:14 usr/local/
drwxr-xr-x vzell/admin       0 2007-08-15 16:14 usr/local/src/
drwxr-xr-x vzell/admin       0 2007-08-15 16:14 usr/local/src/splint-3.1.1/
drwxr-xr-x vzell/admin       0 2007-08-15 16:14 usr/share/
drwxr-xr-x vzell/admin       0 2007-08-15 16:13 usr/share/doc/
drwxr-xr-x vzell/admin       0 2007-08-15 16:13 usr/share/doc/Cygwin/
-rw-r--r-- vzell/admin    4246 2007-08-15 16:13 usr/share/doc/Cygwin/splint-3.1.1.README
drwxr-xr-x vzell/admin       0 2007-08-15 16:13 usr/share/doc/splint-3.1.1/
-rw-r--r-- vzell/admin    2109 2003-04-29 00:42 usr/share/doc/splint-3.1.1/darwin.html
drwxr-xr-x vzell/admin       0 2003-04-29 06:42 usr/share/doc/splint-3.1.1/html/
-rw-r--r-- vzell/admin    1937 2003-03-24 08:50 usr/share/doc/splint-3.1.1/html/footer.html
-rw-r--r-- vzell/admin    1612 2003-03-24 08:50 usr/share/doc/splint-3.1.1/html/header.html
-rw-r--r-- vzell/admin  929433 2003-04-29 00:00 usr/share/doc/splint-3.1.1/html/manual.htm
-rw-r--r-- vzell/admin    4390 2003-03-24 08:53 usr/share/doc/splint-3.1.1/html/realloc.htm
-rw-r--r-- vzell/admin    3756 2007-08-15 16:13 usr/share/doc/splint-3.1.1/install.html
-rw-r--r-- vzell/admin    2104 2003-04-29 00:40 usr/share/doc/splint-3.1.1/linux.html
-rw-r--r-- vzell/admin     840 2003-03-24 08:50 usr/share/doc/splint-3.1.1/manual.css
-rw-r--r-- vzell/admin  756318 2003-04-29 04:52 usr/share/doc/splint-3.1.1/manual.pdf
-rw-r--r-- vzell/admin    2110 2003-04-29 00:40 usr/share/doc/splint-3.1.1/sunos.html
drwxr-xr-x vzell/admin       0 2007-08-15 16:14 usr/share/man/
drwxr-xr-x vzell/admin       0 2007-08-15 16:14 usr/share/man/man1/
-rw-r--r-- vzell/admin    3378 2007-08-15 16:14 usr/share/man/man1/splint.1.gz
    
    > Jari

Ciao
  Volker
  

Re: [ITA] splint 3.1.1 - Check C programs for security vulnerabilities

[Jari Aalto]

Mark Harig <idirectscm-CZK690njTpI@public.gmane.org> writes:
> In case you were not aware,  splint 3.1.2 has been released
> (www.splint.org).

I took a look at it and there are some issues that need to be resolved


"Dr. Volker Zell" <Dr.Volker.Zell-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org> writes:
> When building from source with ./splint-3.1.1-2.sh all
> I do not get the same package contents as you.

I repackaged 3.1.1, could you try again

Jari

  wget        \
    http://cygwin.cante.net/splint/splint-3.1.1-2.tar.bz2 \
    http://cygwin.cante.net/splint/splint-3.1.1-2-src.tar.bz2 \
    http://cygwin.cante.net/splint/setup.hint

[GTG] Re: [ITA] splint 3.1.1 - Check C programs for security vulnerabilities

[Dr. Volker Zell]

>>>>> Jari Aalto writes:

    > Mark Harig <idirectscm-CZK690njTpI@public.gmane.org> writes:
    >> In case you were not aware,  splint 3.1.2 has been released
    >> (www.splint.org).

    > I took a look at it and there are some issues that need to be resolved


    > "Dr. Volker Zell" <Dr.Volker.Zell-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org> writes:
    >> When building from source with ./splint-3.1.1-2.sh all
    >> I do not get the same package contents as you.

    > I repackaged 3.1.1, could you try again

GTG now.

    > Jari

Ciao
  Volker
  

Re: [ITA] splint 3.1.1 - Check C programs for security vulnerabilities

[idirectscm]

Jari Aalto wrote:
> Mark Harig <idirectscm-CZK690njTpI@public.gmane.org> writes:
>   
>> In case you were not aware,  splint 3.1.2 has been released
>> (www.splint.org).
>>     
>
> I took a look at it and there are some issues that need to be resolved
>
>
>   
OK.  Splint version 3.1.1-1 already is available via setup.  Is 
something missing
from version 3.1.1-1 that would be added in 3.1.1-2?

Re: [ITA] splint 3.1.1 - Check C programs for security vulnerabilities

[Jari Aalto]

idirectscm <idirectscm-CZK690njTpI@public.gmane.org> writes:
>> 3.1.2: I took a look at it and there are some issues that need to be resolved>>
> OK.  Splint version 3.1.1-1 already is available via setup.  Is
> something missing
> from version 3.1.1-1 that would be added in 3.1.1-2?

*-2 is just ITA (adoption) with refined Cygwin/splint*.README (added
License information, detailed contact addresses etc.)

Jari

Re: [ITA] splint 3.1.1 - Check C programs for security vulnerabilities

[Dr. Volker Zell]

>>>>> Jari Aalto writes:

    > idirectscm <idirectscm-CZK690njTpI@public.gmane.org> writes:
    >>> 3.1.2: I took a look at it and there are some issues that need to be resolved>>
    >> OK.  Splint version 3.1.1-1 already is available via setup.  Is
    >> something missing
    >> from version 3.1.1-1 that would be added in 3.1.1-2?

    > *-2 is just ITA (adoption) with refined Cygwin/splint*.README (added
    > License information, detailed contact addresses etc.)

It also uses the /usr/share/{man/doc} filesystem hirarchy.

Ciao
  Volker
  

Re: [GTG] Re: [ITA] splint 3.1.1 - Check C programs for security vulnerabilities

[Eric Blake]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Dr. Volker Zell on 8/26/2007 4:08 AM:
>     > "Dr. Volker Zell" <Dr.Volker.Zell-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org> writes:
>     >> When building from source with ./splint-3.1.1-2.sh all
>     >> I do not get the same package contents as you.
> 
>     > I repackaged 3.1.1, could you try again
> 
> GTG now.

Uploaded, leaving 3.1.1-1 as previous.

- --
Don't work too hard, make some time for fun as well!

Eric Blake             ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG0sMI84KuGfSFAYARAl3gAKCYiNdkzAK15RypyAuiDuziB2gPEgCeITRb
EpRzoC10vOKSSzNDjr1ncUU=
=FVhJ
-----END PGP SIGNATURE-----