Changelog for
bulk_extractor-1.3.1-2.el5.i686.rpm :
Tue Nov 27 23:00:00 2012 Lawrence Rogers
- 1.3.1-2
* Release 1.3.1-2
Included necessary dependencies to build and install BEViewer
Sun Nov 25 23:00:00 2012 Lawrence Rogers - 1.3.1-1
* Release 1.3.1-1
Various miscellaneous changes
Tue Jun 5 00:00:00 2012 Lawrence Rogers - 1.2.2-3
* Release 1.2.2-3
Python scripts now installed with the original .py suffix.
Fri Jun 1 00:00:00 2012 Lawrence Rogers - 1.2.2-2
* Release 1.2.2-2
Replaced /usr/bin/bulk_extrator with the binary and not the python script.
Sun Apr 29 00:00:00 2012 Lawrence Rogers - 1.2.2-1
* Release 1.2.2-1
* src/threadpool.cpp (threadpool::win32_init): created for administrative simplification.
* src/threadpool.h (class cppmutex): moved cppmutex to this file.
* src/feature_recorder.h: replaced #include \"cppmutex.h\" with #include \"threadpool.h\"
* src/xml.cpp (xml::close): removed dtd making
* src/cppmutex.h: added cppmutex.h
* src/feature_recorder.h (class feature_recorder): replaced pthread_mutex_t with cppmutex, a C++ cover class for mutexes.
* src/bulk_extractor.cpp (phase1): added #ifdef HAVE_LOCALTIME_R to cover systems that do not have localtime_r.
* src/aftimer.h (aftimer::eta_time): changed from \'when\' to \'t\' for consistency.
* src/scan_aes.cpp (scan_aes): added check -- if sp.buf.bufsize
* src/regex_list.h (class regex_list): removed globbing
* src/scan_zip.cpp (scan_zip): now detects decmopression bomb attack and changes mode of operation so that buffers are hashed prior to being decompressed and the same buffer will only be hashed just one.
* src/feature_recorder_set.cpp (scan_zip): alert_recorder is now in feature_recorder_set.
* src/feature_recorder.cpp (feature_recorder::banner_stamp): banner_stamp moved to feature_recorder
* src/bulk_extractor.h: opt_banner_file moved to feature_recorder
* src/bulk_extractor.cpp (main): outdir now an instance variable
* src/feature_recorder_set.h (class feature_recorder_set): outdir now an instance variable
* src/feature_recorder_set.cpp (feature_recorder_set::feature_recorder_set): outdir now an instance variable
* src/feature_recorder.h (class feature_recorder): outdir now an instance variables
* src/feature_recorder.cpp (feature_recorder::feature_recorder): outdir now an instance variable
* src/scan_net.cpp (class packet_carver): outdir now read from feature recorder.
* src/scan_wordlist.cpp (wordlist_split_and_dedup): outdir now read from feature recorder.
* src/MANY - outdir is no longer global.
* src/bulk_extractor.cpp (main): added -G to specify page size
2012-01-29 Simson Garfinkel
* src/xml.h (class xml): added svn_version to DFXML output.
* src/scan_net.cpp: now carries its own ipv6 implementation.
Sat Feb 11 23:00:00 2012 Lawrence Rogers - 1.2.0-1
* Release 1.2.0-1
* src/regex_list.h (class regex_list): removed globbing
* src/scan_zip.cpp (scan_zip): now detects decmopression bomb attack and changes mode of operation so that buffers
are hashed prior to being decompressed and the same buffer will only be hashed just one.
* src/feature_recorder_set.cpp (scan_zip): alert_recorder is now in feature_recorder_set.
* src/feature_recorder.cpp (feature_recorder::banner_stamp): banner_stamp moved to feature_recorder
* src/bulk_extractor.h: opt_banner_file moved to feature_recorder
* src/bulk_extractor.cpp (main): outdir now an instance variable
* src/feature_recorder_set.h (class feature_recorder_set): outdir now an instance variable
* src/feature_recorder_set.cpp (feature_recorder_set::feature_recorder_set): outdir now an instance variable
* src/feature_recorder.h (class feature_recorder): outdir now an instance variables
* src/feature_recorder.cpp (feature_recorder::feature_recorder): outdir now an instance variable
* src/scan_net.cpp (class packet_carver): outdir now read from feature recorder.
* src/scan_wordlist.cpp (wordlist_split_and_dedup): outdir now read from feature recorder.
* src/MANY - outdir is no longer global.
* src/bulk_extractor.cpp (main): added -G to specify page size
* src/xml.h (class xml): added svn_version to DFXML output.
* src/scan_net.cpp: now carries its own ipv6 implementation.
* configure.ac: advanced version number to 1.2.0RC1 GNUC_HAS_DIAGNOSTIC_PRAGMA now set in configure.ac
* src/bulk_extractor.cpp (main): the -s (context-sensitive stop list) option is removed. The -r (alert list) and
-w (stop list) will now take a list of regular expressions, a list of globs or feature files.
* src/feature_recorder.cpp (feature_recorder::make_histogram): removed get_line_offset(); no longer needed
* src/scan_email.flex: eliminated an increment in LexerInput() validate_email now inline.
find_domain_in_email now inline.
find_domain_in_url now inline
* src/scan_aes.cpp (scan_aes): scan_aes now runs in 15% the time of the original version. It is now, therefore, enabled by default.
* src/feature_recorder_set.cpp (feature_recorder_set::dump_stats): seconds scanners in states changed to scanner_times
* src/bulk_extractor.h: removed gnuexif
* src/bulk_extractor.cpp (scanners_builtin): removed gnuexif info.
* src/scan_gnuexif.cpp: removed file.
* src/xml.cpp (xml::add_DFXML_build_environment): removed gnuexif support.
* configure.ac (HAVE_LIBEWF_H): removed gnuexif support.
* configure.ac: removed check for libpcap because we don\'t actually use it.
* src/scan_net.cpp: removed #include for libpcap because we didn\'t actually use it.
* Makefile.am (EXTRA_DIST): added m4/ax_pthread.m4 to EXTRA_DIST.
* src/scan_exif.cpp (scan_exif): removed md5hex_4k since the code was already in sbuf_t.
* src/sbuf.h (class sbuf_t): whoops. should have been assert(bufsize>=pagesize), not vice-versa (class pos0_t): stoi64() moved to pos0_t.
* src/sbuf.h (class sbuf_t): When we create a new sbuf with the + operator, we need to also add +i to the pos0.
(class sbuf_t): + now asserts that bufsize cannot be smaller than pagesize.
* src/scan_exif.cpp (md5hex_4k): Whoops. Should be hashing min of the pagesize and 4096, not max.
Wed Dec 14 23:00:00 2011 Lawrence Rogers - 1.1.3-1
* Release 1.1.3-1
* src/xml.cpp: now works with older and newer versions of exiv2
* src/histogram.cpp (HistogramMaker::add): looks for \\000 in utf16 strings converted to utf8 and erases them (We were getting them in histograms)
* src/scan_wordlist.cpp (wordlist_split_and_dedup): no longer adds zero-length words to wordlist
* src/feature_recorder.cpp (feature_recorder::make_histogram): histograms no longer banner stamp or version stamp if there is no corresponding feature.
* src/scan_net.cpp (pcap_writepkt): changed file extension from .dmp to .pcap for packets
* src/bulk_extractor.cpp (phase1): added -A offset to add an offset.
* src/bulk_extractor.cpp (phase1): added -Y start-end notation in addition to -Y start notation.
* src/feature_recorder.cpp (feature_recorder::write): added support for opt_offset_add to allow output to be shifted (for parallelizing across multiple systems.)
* src/sbuf.h (class pos0_t): removed snprintf; now uses stringstream.
(operator +): changed most functions to take const & rather than a new object.
* src/feature_recorder.cpp (feature_recorder::write): now always writes out the second \\t for the context, even if there is no context.
* configure.ac: added AC_PROG_CC AC_PROG_CXX and AC_PROG_INSTALL
* src/Makefile.am (.flex.o): FlexLexer.h moved to MyFlexLexer.h to support CentOS where an out-of-date flex is installed.
* src/bulk_extractor.cpp (process_path): fixed handling of /h and /r with -p option
* configure.ac: removed pcap.h tests becuase its not needed
* src/scan_email.flex (Host): now only writes domains>0.
* src/scan_zip.cpp (scan_zip): zip components with no name are now given
* src/scan_winprefetch.cpp (scan_winprefetch): modified to only write out prefect files with non-zero exec name
* src/scan_net.cpp (scan_net): significant update --- I don\'t need libpcap to do packet carving!
* src/image_process.cpp (sbuf_alloc): added a new iterator method it->pos0() returns the pos0 of the sbuf to be allocated by it->sbuf_alloc()
(sbuf_alloc): changed calloc to malloc for performance
(process_aff::sbuf_alloc): now thorws bad_alloc if an exception is encountered
(process_ewf::sbuf_alloc): now thorws bad_alloc
(process_raw::sbuf_alloc): now thorws bad_alloc
* src/bulk_extractor.cpp: removed scanner_enabled().
* src/Makefile.am (bulk_extractor_SOURCES): removed checkpoint.h
* src/bulk_extractor.cpp (main): checkpoint removed; restarting now done through dfxml file.
(phase1): do_phase1 renamed phase1; just_phase1 renamed do_phase1. phase1 and phase2 flags removed. Now automatic.
(main): -2 option removed
* src/image_process_fts.cpp (process_dir::process_dir): added E01 detection.
* src/scan_email.flex (Host): fixed crashing bug on context extraction in MAKESTRING6.
* configure.ac: fixed conforming/non-conforming test for strchr
* src/bulk_extractor.cpp: added HTTP_EOL which is \\r\
in Unix and Mac and
* src/histogram.cpp (HistogramMaker::looks_like_utf16): now recognizes both little-endian and big-endian UTF-16 strings and properly converts them.
* regress.py (analyze): now enables all scanners including wordlist
* python/bulk_extractor.py (BulkReport.open): openfile renamed open
* src/bulk_extractor.cpp (process_find_file): now ignores lines that begin with #
* src/scan_winprefetch.cpp (P): changed utf16_string to wstring (which is the standard).
* src/scan_accts.flex: replaced unicode16_to_string with utf16to8
* src/checkpoint.h (load): named and val no longer shadow values
* src/histogram.h (>): big surprise: it turns out that you should not subclass STL containers! Who knew? Well, a lot of people, apparently:
http://stackoverflow.com/questions/4353203/thou-shalt-not-inherit-from-stdvector
http://stackoverflow.com/questions/245475/how-do-i-create-a-generic-stdvector-destructor
http://stackoverflow.com/questions/3601431/base-class-class-stdvector-has-a-non-virtual-destructor
http://stackoverflow.com/questions/1647298/why-dont-stl-containers-have-virtual-destructors
* src/threadpool.cpp (threadpool): modified so that master and worker are now references, rather than pointers.
* configure.ac (HAVE_PTHREAD): added warnings for C++
* src/base64_forensic.cpp: cleaned up prototypes.
* src/scan_aes.cpp (valid_aes256_schedule): updated off-by-one problem.
(valid_aes192_schedule): updated off-by-one problem.
(valid_aes128_schedule): updated off-by-one problem.
Sat Jul 30 00:00:00 2011 Morgan Weetman - 0.7.24-1
- Initial package
