2001-12-18 David A. Wheeler <dwheeler@dwheeler.com>
	* Released version 0.21.
	* Fixed an error in the database entry for syslog(3), which
	  would cause incorrect hits.  This resolves the Debian bug
	  "Bug#124009: flawfinder: wrong reports of format
	   fulnerabilities for syslog".
	* Added simple "INSTALL" file.
	* Fixed documentation, documenting --version and fixing a
	  format problem with "--neverignore".
	* I accidentally wrote over version 0.20 with version 0.21's
	  contents. Sigh.

2001-12-11 David A. Wheeler <dwheeler@dwheeler.com>
	* Released version 0.20.
	* Added --version, which prints JUST the version number without
	  actually analyzing any programs.

2001-11-08 David A. Wheeler <dwheeler@dwheeler.com>
	* Fixed MANIFEST.in to include "flawfinder.1*"; that way the
	  compressed man page is included when using MANIFEST.in.
	  Thanks to Jon Nelson for noting this.
	  The effect of this is quite tiny -
	  my tar file & rpm files already included the compressed
	  man page, so this error affects very few people.
	  Note also that this just meant that only the uncompressed
	  man page was in the MANIFEST, so I don't expect that this
	  error had any user-visible effects other than a few more K of man
	  page space (and with multi-Gigabyte drives, that's hard to notice).

2001-11-04 David A. Wheeler <dwheeler@dwheeler.com>
	* Released version 0.19
	* Fixed a minor bug - flawfinder didn't realize that multiline strings
	  passed to gettext() are still constant strings.
	  My thanks to "Arthur", who reported this bug, and
	  Adam Lazur (Debian) who passed it on to me.
	  This closes Debian Bug#118025.
	* Minor change - precomputed internationalization pattern for
	  a minor performance improvement.
	* Output a reminder that not all hits are actually security
	  vulnerabilities, as well as that there may be other vulnerabilities.
	  The documentation mentioned this too, but including that in
	  the output of the program makes it clearer (apparantly some
	  expect flawfinder to perform amazing magic far beyond the
	  possible).

2001-11-03 David A. Wheeler <dwheeler@dwheeler.com>
	* Added a "help" option and support for DistUtils, as well as
	  modification of the RPM spec file so it can be built by non-root.
	  My thanks to Jon Nelson for the patches to do this.
	* Added "syslog" to the vulnerability database.
	  My thanks to Dave Aitel for this contribution.
	* Generate and install compressed man page, rather than uncompressed.
	  My thanks to Marius Tomaschewski for this suggestion.

2001-10-29 David A. Wheeler <dwheeler@dwheeler.com>
	* Released version 0.17.
	* Created an RPM package, to simplify installation.
	* Accepts RATS' "ignore" directive, as well as ITS4's, for
	  compatibility's sake with RATS.
	* Trivial change: shortened processing status phrase to
	  "Processing" so long filenames are more likely to fit on one line.
	* Modified the man page, in the hopes that the new one is even
	  easier to understand.

2001-10-28 David A. Wheeler <dwheeler@dwheeler.com>
	* Released version 0.16.
	* Added support for directories.  If a directory (instead of a
	  file) is given on the command line as something to examine,
	  C/C++ files in that directory and its subdirectories (recursively)
	  are examined.  This should make it easy to analyze entire projects,
	  and to make it easy to integrate flawfinder into project websites.
	* Added to the vulnerability database: randomizing functions & getenv.
	* Reports the number of hits at the end.
	* Minor cleanup of text output.
	* Print "processing" status every time a file is opened; this is
	  flushed, so that monitoring the status with "less" works well.
	* Added the "--quiet" option, so that status information can be
	  suppressed.

2001-06-06 David A. Wheeler <dwheeler@dwheeler.com>
	* Added support for file globbing on Windows/NT/DOS
	  (it's not needed for Cygwin - it's only needed when
	  run natively).  File globbing characters are
	  correctly ignored in Unix-like ("posix") systems, since
	  the Unix shell does this for us.

2001-05-29 David A. Wheeler <dwheeler@dwheeler.com>
	* Fixed manual page to close the "/*" comment with "*/".

2001-05-29 David A. Wheeler <dwheeler@dwheeler.com>
	* Fixed a bug in directive handling, now directives work properly.
	  I only noticed this AFTER release of 0.14, sigh.
	* Fixed the ChangeLog, to note the addition of --neverignore.
	* Released version 0.15.

2001-05-29 David A. Wheeler <dwheeler@dwheeler.com>
	* Fixed a minor problem in string handling; a string containing
	  \\ followed immediately by the double-quote mark (end of the string)
	  wasn't correctly handled.  Now it is.
	* Added information in the documentation describing how to ignore
	  hits on a specific line (a comment directive).  Flawfinder has
	  always had this ability (since 0.12), but now it's documented.
	  Before, you had to read the test file test.c or the actual
	  flawfinder code to learn about this ability.
 	* Added the "--neverignore" / "-n" option.
	* Having a number of conversations with John Viega comparing
	  RATS and flawfinder, with the goal of finding a way to
	  coordinate and have a "best of breed" scanner.  This hasn't
	  produced a concrete result, but Viega will soon post a comparison
	  paper that I've had input on.
	* Released version 0.14.

2001-05-25 David A. Wheeler <dwheeler@dwheeler.com>
	* Fixed a minor error in that parameter parser; previously it
	  might have trouble with embedded preprocessor commands in
	  the middle of parameter lists.
	* Added this ChangeLog.
	* Released version 0.13.

2001-05-21 David A. Wheeler <dwheeler@dwheeler.com>
	* Initial release of flawfinder version 0.12.


