|
|
|
|
Changelog for bulk_extractor-1.5.5-2.el6.x86_64.rpm :
Sun Sep 28 14:00:00 2014 Lawrence Rogers - 1.5.5-2
* Release 1.5.5-2 report_encodings.py specified python3.2. Changed to just python3.
Tue Sep 16 14:00:00 2014 Lawrence Rogers - 1.5.5-1
* Release 1.5.5-1 Version 1.5.5
Tue Aug 12 14:00:00 2014 Lawrence Rogers - 1.5.3-1
* Release 1.5.3-1 Version 1.5.3
Tue Aug 12 14:00:00 2014 Lawrence Rogers - 1.5.2-1
* Release 1.5.2-1 Version 1.5.2
Sun Aug 3 14:00:00 2014 Lawrence Rogers - 1.5.1-1
* Release 1.5.1-1 * configure.ac: incremented version number * src/image_process.cpp: multi-split files was not working properly on Windows. Fixed * src/scan_rar.cpp (scan_rar): fixed typo. raw_find_volume becomes rar_find_volume * src/scan_base16.flex (public): fixed decoder so that what is decoded is a child sbuf with a specific offset and length * src/be13_api/feature_recorder.cpp (hexval): fixed hexval(); it was not working properly for letters A through F. (I wrote this myself becuase it isn\'t present on mingw.) * src/be13_api/feature_recorder.h (f): several of the flags were the same, resulting in behavior that was incorrect. * src/be13_api/feature_recorder_set.cpp (feature_recorder_set::unset_flag): changed clear_flag to unset_flag for consistency. * bugfix: featurefiles for carved elements no longer include the name of the -o directory. * src/scan_vcard.cpp (scan_vcard): removed string myString; * src/image_process.h (class process_dir): changed blocks() to max_blocks(). * src/be13_api/feature_recorder.cpp (feature_recorder::dump_histogram): moved regex into histogram_def so that it could be run in write(), rather than in post-processing. * src/be13_api/feature_recorder.h (class feature_recorder): removed outdir and input_fname from feature_recorder, since they are in the feature_recorder_set * src/be13_api/feature_recorder.h (class feature_recorder): carve no longer needs hasher passed in, becuase it is in the feature_recorder_set * src/be13_api/bulk_extractor_i.h (be13): hash_def moved from be13 namespace to feature_recorder_set * src/image_process.h (class process_dir): implemented const correctness for a whole bunch of methods * src/be13_api/feature_recorder.h: removed using namespace std * src/be13_api/feature_recorder_set.h (class feature_recorder_set): process_histograms changed to make_histograms, because that\'s what it is doing * src/be13_api/feature_recorder.h (class feature_recorder): make_histogram renamed to dump_histogram (because that\'s what it\'s doing; callback function added) * src/be13_api: USE_HISTOGRAMS is gone; everybody uses them now. * src/main.cpp (main): alert_list and stop_list are no longer global variables; they are now local to main() and added to the feature_recorder_set * src/be13_api/feature_recorder_set.cpp (feature_recorder_set::init): stop_list and alert_list are now part of the feature_recorder_set. * src/be13_api/Makefile.defs: moved word_and_context_list. * from bulk_extractor to be13_api * src/be13_api/feature_recorder.cpp (feature_recorder::feature_recorder): now has reference to feature_recorder_set * src/stand.cpp (main): replaced manual histogram generator in stand with call to phase_histogram in be13::plugin * src/be13_api/bulk_extractor_i.h (be13): added proper #ifdefs for each type * src/be13_api/feature_recorder_set.h (class feature_recorder_set): more functions were made virtual and more instance values were made private * src/be13_api/bulk_extractor_i.h: process_packet_info renamed to process_packet. * src/be13_api/sbuf.h (class sbuf_t): removed pos0_t from map_file because it can be inferred. * python/bulk_extractor_reader.py (BulkReport): changed .imagefile() to .image_filename * python/identify_filenames.py: changed .imagefile to .image_filename * configure.ac: updated for C++ and MacOS Mavericks. Changed version to 1.4.2 * src/main.cpp (main): removed BULK_EXTRACTOR_DEBUG. * src/scan_net.cpp (p): removed packetset (no longer used) * src/be13_api/sbuf.h (stoi64): stoi() removed because it is part of stdc11 * src/be13_api/feature_recorder.h (f): removed tags * src/be13_api/plugin.cpp (plugin::phase_histogram): cleaned up printing of newlines during histogram output printing. * src/be13_api/feature_recorder.cpp (feature_recorder::write): replace substr with in-place resize * src/be13_api/feature_recorder.h (class feature_recorder): added MAINTHREAD() to set_flag(), becuase flags should only be set in the main thread. lso moved definition into feature_recorder.cpp, so that the in-memory histogram can be created if that flag is set. * src/bulk_extractor.cpp (main): added reporting of MD5 of disk image * src/be13_api/feature_recorder.cpp (carve): valid_dosname has to be applied to ext, since ext may come with slashes in it. * src/scan_bulk.cpp (dfrws2012_bulk_process_dump): removed DFRWS code. * configure.ac: incremented version to 1.4.1-dev. Enabled LT_INIT support; removed RANLIB support. * src/scan_accts.flex (dob): DOBs, Fedex#s, and SSNs are now recorded to a feature recorder called \'pii.txt\'. * configure.ac: updated to beta6 * src/be13_api/feature_recorder.cpp (feature_recorder::write_tag): disabled recorders no longer carve or have tag support. * src/be13_api/feature_recorder_set.cpp (feature_recorder_set::create_name): added warning if feature recorder already exists. * src/bulk_extractor.cpp (main): removed explicit creation of alert recorder; no longer needed. * src/be13_api/feature_recorder_set.h (class feature_recorder_set): alert_recorder should not be a global static; it is now per feature_recorder_set. * src/be13_api/feature_recorder.cpp (feature_recorder::feature_recorder): removed carved_set that was keeping track of what was carved, as it is no longer necessary. * src/scan_exif.cpp (scan_exif): jpeg carver feature recorder renamed to jpeg_carved. * src/be13_api/plugin.cpp (info_scanners): now only prints -H info if it is provided by the scanner. * src/scan_zip.cpp (scan_zip_component): now records general_purpose_bit_flags in XML. Bit 1 indicates that a component is encrypted (scan_zip_component): removed max_depth check; it\'s in plugin system * src/scan_net.cpp (scan_net): the -S variable carve_tcp is now implemented by the scan_net scanner to enable or disable TCP/IP memory structure carving. It is disabled by default. * src/scan_windirs.cpp (scan_windirs): windirs now only runs at top level * src/scan_zip.cpp (scan_zip_component): now prints mtime in ISO8601 format (scan_zip_component): (previously mtime and ctime were wrong parts) * src/scan_xor.cpp (scan_xor): will not XOR on either side of a ZIP. improved error handling * tests/regress.py: updated numbers for 1.4 release * configure.ac: updated to beta4 * configure.ac: updated to beta3 * src/scan_exif.cpp: fixed jpeg validation. carving now works. * src/be13_api/plugin.cpp (GET_CONFIG): fixed bug in handling of uint8_t config values. They weren\'t getting set properly.. Ugh. * src/scan_xor.cpp (scan_xor): fixed error when XOR mask was specified as 0. Previously it recused; now it does not. * configure.ac: removed defines we aren\'t using anymore * src/be13_api/feature_recorder.h (class feature_recorder): as a result of popular demand, the UTF8 BOM and BOM EXPLAINATION have been removed from the feature files * src/be13_api/feature_recorder_set.cpp (feature_recorder_set::get_name): get_name() now returns NULL if feature recorder does not exist. * src/be13_api/feature_recorder.h (class feature_recorder): added context_window_before() and context_window_after(). * src/bulk_extractor.cpp (main): replaced context_window with context_window_default. * src/be13_api/bulk_extractor_i.h (class scanner_params): made more variables const. (class recursion_control_block): removed returnAfterFound(raf); now implemented with exceptions * src/bulk_extractor.cpp (]): fixed handling of LIB_EXPAT (b): restart logic did not compile. Now it is fixed. * configure.ac: fixed bug in which expat.h was not being checked for. use AC_CHECK_HEADERS() instead of AC_CHECK_HEADER(), as AC_CHECK_HEADER() requires that you add additional logic and AC_CHECK_HEADERS() automatically adds HAVE_HEADER_H. * src/scan_zip.cpp (scan_zip): removed name_len (not needed) * src/pyxpress.h: removed \'extern\' designation * src/image_process.h (i): removed extern size_t opt_pagesize and extern size_t opt_margin. These are now phase1 configuration variables that are passed into the image_iterator. * src/scan_email.flex (Host): removed ip_written and ip_tested (always remove dead code) * src/be13_api/feature_recorder.cpp (feature_recorder::carve): changed carving so that carved files are stored with the filename of their location. Also, fixed check-then-access race error in feature_record.cpp (feature_recorder::carve): fixed race conditon in carving. * feature_recorder_set.cpp - debug is now a static variable * src/image_process.h (image_process): debug is now a local variable for image_process.h * src/be13_api/bulk_extractor_i.h (DEBUG_EXIT_EARLY): removed DEBUG_MALLOC and DEBUG_MALLOC_FAIL_FREQUENCY; now is handled with -S system * src/bulk_extractor.h: removed all global options; replaced with the be config system * src/pyxpress.c: added OpenSSL exemption per email from Matthieu Suiche * src/be13_api/sbuf.h: md5 support removed from sbuf * src/be13_api/plugin.cpp (plugin::get_scanner_feature_file_names): extensive changes to make the global functions part of the be13::plugin class. * src/bulk_extractor.cpp (main): -S now sets options; -s now sets sampling fraction. * src/bulk_extractor.cpp (usage): The -B option for specifying the blocksize for bulk data analysis has been removed. Instead specify it with -S block_size=NN. * src/be13_api/xml.cpp (xml::xml): Routine for opening an existing DFXML file is removed. Anyone who processes XML with regular expressions is in a state of sin. * src/be13_api/plugin.cpp: max_depth changed to 7 * src/scan_winpe.cpp (scan_winpe_verify): added verification of section names and DLL names to reject false positives. * src/scan_net.cpp (p): carved ethernet packets are now properly recorded in ether.txt and tcp.txt * packet carving for disembodied ethernet packets fixed! In 3ad21780, simsong was creating the hz structure but not setting it, so all carved packets had zero length * src/be13_api/feature_recorder.cpp (banner_stamp): added \ to # BANNER FILE NOT PROVIDED * src/scan_elf.cpp (scan_elf_verify): fixed bug in scan_elf where XML was incorrect and being generated for invalid ELF headers. * src/bulk_extractor.cpp (main): -Z is no longer fatal if directory does not exist. * configure.ac: fixed AX_PTHREAD test to fail if pthreads are not found. * src/be13_api/feature_recorder_set.cpp (get_name): renamed Mstats to Mlock. Added Mlock to get_name() (apparently this isn\'t thread safe?) * src/threadpool.h (class worker): removed pesky noreturn problem with threadpool. * python/identify_filenames.py (process_featurefile): added #\'s to report printed at bottom (process_featurefile): added format * python/bulk_extractor_reader.py (is_feature_line): Now handles annotated feature files. (BulkReport.__init__.validate): added programmer notice for error of providing a feature file instead of a report directory
Tue Nov 27 13:00:00 2012 Lawrence Rogers - 1.3.1-2
* Release 1.3.1-2 Included necessary dependencies to build and install BEViewer
Sun Nov 25 13:00:00 2012 Lawrence Rogers - 1.3.1-1
* Release 1.3.1-1 Various miscellaneous changes
Mon Jun 4 14:00:00 2012 Lawrence Rogers - 1.2.2-3
* Release 1.2.2-3 Python scripts now installed with the original .py suffix.
Thu May 31 14:00:00 2012 Lawrence Rogers - 1.2.2-2
* Release 1.2.2-2 Replaced /usr/bin/bulk_extrator with the binary and not the python script.
Sat Apr 28 14:00:00 2012 Lawrence Rogers - 1.2.2-1
* Release 1.2.2-1 * src/threadpool.cpp (threadpool::win32_init): created for administrative simplification. * src/threadpool.h (class cppmutex): moved cppmutex to this file. * src/feature_recorder.h: replaced #include \"cppmutex.h\" with #include \"threadpool.h\" * src/xml.cpp (xml::close): removed dtd making * src/cppmutex.h: added cppmutex.h * src/feature_recorder.h (class feature_recorder): replaced pthread_mutex_t with cppmutex, a C++ cover class for mutexes. * src/bulk_extractor.cpp (phase1): added #ifdef HAVE_LOCALTIME_R to cover systems that do not have localtime_r. * src/aftimer.h (aftimer::eta_time): changed from \'when\' to \'t\' for consistency. * src/scan_aes.cpp (scan_aes): added check -- if sp.buf.bufsize * src/regex_list.h (class regex_list): removed globbing * src/scan_zip.cpp (scan_zip): now detects decmopression bomb attack and changes mode of operation so that buffers are hashed prior to being decompressed and the same buffer will only be hashed just one. * src/feature_recorder_set.cpp (scan_zip): alert_recorder is now in feature_recorder_set. * src/feature_recorder.cpp (feature_recorder::banner_stamp): banner_stamp moved to feature_recorder * src/bulk_extractor.h: opt_banner_file moved to feature_recorder * src/bulk_extractor.cpp (main): outdir now an instance variable * src/feature_recorder_set.h (class feature_recorder_set): outdir now an instance variable * src/feature_recorder_set.cpp (feature_recorder_set::feature_recorder_set): outdir now an instance variable * src/feature_recorder.h (class feature_recorder): outdir now an instance variables * src/feature_recorder.cpp (feature_recorder::feature_recorder): outdir now an instance variable * src/scan_net.cpp (class packet_carver): outdir now read from feature recorder. * src/scan_wordlist.cpp (wordlist_split_and_dedup): outdir now read from feature recorder. * src/MANY - outdir is no longer global. * src/bulk_extractor.cpp (main): added -G to specify page size
2012-01-29 Simson Garfinkel * src/xml.h (class xml): added svn_version to DFXML output. * src/scan_net.cpp: now carries its own ipv6 implementation.
Sat Feb 11 13:00:00 2012 Lawrence Rogers - 1.2.0-1
* Release 1.2.0-1 * src/regex_list.h (class regex_list): removed globbing * src/scan_zip.cpp (scan_zip): now detects decmopression bomb attack and changes mode of operation so that buffers are hashed prior to being decompressed and the same buffer will only be hashed just one. * src/feature_recorder_set.cpp (scan_zip): alert_recorder is now in feature_recorder_set. * src/feature_recorder.cpp (feature_recorder::banner_stamp): banner_stamp moved to feature_recorder * src/bulk_extractor.h: opt_banner_file moved to feature_recorder * src/bulk_extractor.cpp (main): outdir now an instance variable * src/feature_recorder_set.h (class feature_recorder_set): outdir now an instance variable * src/feature_recorder_set.cpp (feature_recorder_set::feature_recorder_set): outdir now an instance variable * src/feature_recorder.h (class feature_recorder): outdir now an instance variables * src/feature_recorder.cpp (feature_recorder::feature_recorder): outdir now an instance variable * src/scan_net.cpp (class packet_carver): outdir now read from feature recorder. * src/scan_wordlist.cpp (wordlist_split_and_dedup): outdir now read from feature recorder. * src/MANY - outdir is no longer global. * src/bulk_extractor.cpp (main): added -G to specify page size * src/xml.h (class xml): added svn_version to DFXML output. * src/scan_net.cpp: now carries its own ipv6 implementation. * configure.ac: advanced version number to 1.2.0RC1 GNUC_HAS_DIAGNOSTIC_PRAGMA now set in configure.ac * src/bulk_extractor.cpp (main): the -s (context-sensitive stop list) option is removed. The -r (alert list) and -w (stop list) will now take a list of regular expressions, a list of globs or feature files. * src/feature_recorder.cpp (feature_recorder::make_histogram): removed get_line_offset(); no longer needed * src/scan_email.flex: eliminated an increment in LexerInput() validate_email now inline. find_domain_in_email now inline. find_domain_in_url now inline * src/scan_aes.cpp (scan_aes): scan_aes now runs in 15% the time of the original version. It is now, therefore, enabled by default. * src/feature_recorder_set.cpp (feature_recorder_set::dump_stats): seconds scanners in states changed to scanner_times * src/bulk_extractor.h: removed gnuexif * src/bulk_extractor.cpp (scanners_builtin): removed gnuexif info. * src/scan_gnuexif.cpp: removed file. * src/xml.cpp (xml::add_DFXML_build_environment): removed gnuexif support. * configure.ac (HAVE_LIBEWF_H): removed gnuexif support. * configure.ac: removed check for libpcap because we don\'t actually use it. * src/scan_net.cpp: removed #include for libpcap because we didn\'t actually use it. * Makefile.am (EXTRA_DIST): added m4/ax_pthread.m4 to EXTRA_DIST. * src/scan_exif.cpp (scan_exif): removed md5hex_4k since the code was already in sbuf_t. * src/sbuf.h (class sbuf_t): whoops. should have been assert(bufsize>=pagesize), not vice-versa (class pos0_t): stoi64() moved to pos0_t. * src/sbuf.h (class sbuf_t): When we create a new sbuf with the + operator, we need to also add +i to the pos0. (class sbuf_t): + now asserts that bufsize cannot be smaller than pagesize. * src/scan_exif.cpp (md5hex_4k): Whoops. Should be hashing min of the pagesize and 4096, not max.
Wed Dec 14 13:00:00 2011 Lawrence Rogers - 1.1.3-1
* Release 1.1.3-1 * src/xml.cpp: now works with older and newer versions of exiv2 * src/histogram.cpp (HistogramMaker::add): looks for \\000 in utf16 strings converted to utf8 and erases them (We were getting them in histograms) * src/scan_wordlist.cpp (wordlist_split_and_dedup): no longer adds zero-length words to wordlist * src/feature_recorder.cpp (feature_recorder::make_histogram): histograms no longer banner stamp or version stamp if there is no corresponding feature. * src/scan_net.cpp (pcap_writepkt): changed file extension from .dmp to .pcap for packets * src/bulk_extractor.cpp (phase1): added -A offset to add an offset. * src/bulk_extractor.cpp (phase1): added -Y start-end notation in addition to -Y start notation. * src/feature_recorder.cpp (feature_recorder::write): added support for opt_offset_add to allow output to be shifted (for parallelizing across multiple systems.) * src/sbuf.h (class pos0_t): removed snprintf; now uses stringstream. (operator +): changed most functions to take const & rather than a new object. * src/feature_recorder.cpp (feature_recorder::write): now always writes out the second \\t for the context, even if there is no context. * configure.ac: added AC_PROG_CC AC_PROG_CXX and AC_PROG_INSTALL * src/Makefile.am (.flex.o): FlexLexer.h moved to MyFlexLexer.h to support CentOS where an out-of-date flex is installed. * src/bulk_extractor.cpp (process_path): fixed handling of /h and /r with -p option * configure.ac: removed pcap.h tests becuase its not needed * src/scan_email.flex (Host): now only writes domains>0. * src/scan_zip.cpp (scan_zip): zip components with no name are now given * src/scan_winprefetch.cpp (scan_winprefetch): modified to only write out prefect files with non-zero exec name * src/scan_net.cpp (scan_net): significant update --- I don\'t need libpcap to do packet carving! * src/image_process.cpp (sbuf_alloc): added a new iterator method it->pos0() returns the pos0 of the sbuf to be allocated by it->sbuf_alloc() (sbuf_alloc): changed calloc to malloc for performance (process_aff::sbuf_alloc): now thorws bad_alloc if an exception is encountered (process_ewf::sbuf_alloc): now thorws bad_alloc (process_raw::sbuf_alloc): now thorws bad_alloc * src/bulk_extractor.cpp: removed scanner_enabled(). * src/Makefile.am (bulk_extractor_SOURCES): removed checkpoint.h * src/bulk_extractor.cpp (main): checkpoint removed; restarting now done through dfxml file. (phase1): do_phase1 renamed phase1; just_phase1 renamed do_phase1. phase1 and phase2 flags removed. Now automatic. (main): -2 option removed * src/image_process_fts.cpp (process_dir::process_dir): added E01 detection. * src/scan_email.flex (Host): fixed crashing bug on context extraction in MAKESTRING6. * configure.ac: fixed conforming/non-conforming test for strchr * src/bulk_extractor.cpp: added HTTP_EOL which is \\r\ in Unix and Mac and * src/histogram.cpp (HistogramMaker::looks_like_utf16): now recognizes both little-endian and big-endian UTF-16 strings and properly converts them. * regress.py (analyze): now enables all scanners including wordlist * python/bulk_extractor.py (BulkReport.open): openfile renamed open * src/bulk_extractor.cpp (process_find_file): now ignores lines that begin with # * src/scan_winprefetch.cpp (P): changed utf16_string to wstring (which is the standard). * src/scan_accts.flex: replaced unicode16_to_string with utf16to8 * src/checkpoint.h (load): named and val no longer shadow values * src/histogram.h (>): big surprise: it turns out that you should not subclass STL containers! Who knew? Well, a lot of people, apparently: http://stackoverflow.com/questions/4353203/thou-shalt-not-inherit-from-stdvector http://stackoverflow.com/questions/245475/how-do-i-create-a-generic-stdvector-destructor http://stackoverflow.com/questions/3601431/base-class-class-stdvector-has-a-non-virtual-destructor http://stackoverflow.com/questions/1647298/why-dont-stl-containers-have-virtual-destructors * src/threadpool.cpp (threadpool): modified so that master and worker are now references, rather than pointers. * configure.ac (HAVE_PTHREAD): added warnings for C++ * src/base64_forensic.cpp: cleaned up prototypes. * src/scan_aes.cpp (valid_aes256_schedule): updated off-by-one problem. (valid_aes192_schedule): updated off-by-one problem. (valid_aes128_schedule): updated off-by-one problem.
Fri Jul 29 14:00:00 2011 Morgan Weetman - 0.7.24-1 - Initial package
|
|
|