SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for bulk_extractor-1.5.5-2.fc23.x86_64.rpm :

* Sun Sep 28 2014 Lawrence Rogers - 1.5.5-2
* Release 1.5.5-2 report_encodings.py specified python3.2. Changed to just python3.
* Tue Sep 16 2014 Lawrence Rogers - 1.5.5-1
* Release 1.5.5-1 Version 1.5.5
* Tue Aug 12 2014 Lawrence Rogers - 1.5.3-1
* Release 1.5.3-1 Version 1.5.3
* Tue Aug 12 2014 Lawrence Rogers - 1.5.2-1
* Release 1.5.2-1 Version 1.5.2
* Sun Aug 03 2014 Lawrence Rogers - 1.5.1-1
* Release 1.5.1-1
* configure.ac: incremented version number
* src/image_process.cpp: multi-split files was not working properly on Windows. Fixed
* src/scan_rar.cpp (scan_rar): fixed typo. raw_find_volume becomes rar_find_volume
* src/scan_base16.flex (public): fixed decoder so that what is decoded is a child sbuf with a specific offset and length
* src/be13_api/feature_recorder.cpp (hexval): fixed hexval(); it was not working properly for letters A through F. (I wrote this myself becuase it isn\'t present on mingw.)
* src/be13_api/feature_recorder.h (f): several of the flags were the same, resulting in behavior that was incorrect.
* src/be13_api/feature_recorder_set.cpp (feature_recorder_set::unset_flag): changed clear_flag to unset_flag for consistency.
* bugfix: featurefiles for carved elements no longer include the name of the -o directory.
* src/scan_vcard.cpp (scan_vcard): removed string myString;
* src/image_process.h (class process_dir): changed blocks() to max_blocks().
* src/be13_api/feature_recorder.cpp (feature_recorder::dump_histogram): moved regex into histogram_def so that it could be run in write(), rather than in post-processing.
* src/be13_api/feature_recorder.h (class feature_recorder): removed outdir and input_fname from feature_recorder, since they are in the feature_recorder_set
* src/be13_api/feature_recorder.h (class feature_recorder): carve no longer needs hasher passed in, becuase it is in the feature_recorder_set
* src/be13_api/bulk_extractor_i.h (be13): hash_def moved from be13 namespace to feature_recorder_set
* src/image_process.h (class process_dir): implemented const correctness for a whole bunch of methods
* src/be13_api/feature_recorder.h: removed using namespace std
* src/be13_api/feature_recorder_set.h (class feature_recorder_set): process_histograms changed to make_histograms, because that\'s what it is doing
* src/be13_api/feature_recorder.h (class feature_recorder): make_histogram renamed to dump_histogram (because that\'s what it\'s doing; callback function added)
* src/be13_api: USE_HISTOGRAMS is gone; everybody uses them now.
* src/main.cpp (main): alert_list and stop_list are no longer global variables; they are now local to main() and added to the feature_recorder_set
* src/be13_api/feature_recorder_set.cpp (feature_recorder_set::init): stop_list and alert_list are now part of the feature_recorder_set.
* src/be13_api/Makefile.defs: moved word_and_context_list.
* from bulk_extractor to be13_api
* src/be13_api/feature_recorder.cpp (feature_recorder::feature_recorder): now has reference to feature_recorder_set
* src/stand.cpp (main): replaced manual histogram generator in stand with call to phase_histogram in be13::plugin
* src/be13_api/bulk_extractor_i.h (be13): added proper #ifdefs for each type
* src/be13_api/feature_recorder_set.h (class feature_recorder_set): more functions were made virtual and more instance values were made private
* src/be13_api/bulk_extractor_i.h: process_packet_info renamed to process_packet.
* src/be13_api/sbuf.h (class sbuf_t): removed pos0_t from map_file because it can be inferred.
* python/bulk_extractor_reader.py (BulkReport): changed .imagefile() to .image_filename
* python/identify_filenames.py: changed .imagefile to .image_filename
* configure.ac: updated for C++ and MacOS Mavericks. Changed version to 1.4.2
* src/main.cpp (main): removed BULK_EXTRACTOR_DEBUG.
* src/scan_net.cpp (p): removed packetset (no longer used)
* src/be13_api/sbuf.h (stoi64): stoi() removed because it is part of stdc11
* src/be13_api/feature_recorder.h (f): removed tags
* src/be13_api/plugin.cpp (plugin::phase_histogram): cleaned up printing of newlines during histogram output printing.
* src/be13_api/feature_recorder.cpp (feature_recorder::write): replace substr with in-place resize
* src/be13_api/feature_recorder.h (class feature_recorder): added MAINTHREAD() to set_flag(), becuase flags should only be set in the main thread. lso moved definition into feature_recorder.cpp, so that the in-memory histogram can be created if that flag is set.
* src/bulk_extractor.cpp (main): added reporting of MD5 of disk image
* src/be13_api/feature_recorder.cpp (carve): valid_dosname has to be applied to ext, since ext may come with slashes in it.
* src/scan_bulk.cpp (dfrws2012_bulk_process_dump): removed DFRWS code.
* configure.ac: incremented version to 1.4.1-dev. Enabled LT_INIT support; removed RANLIB support.
* src/scan_accts.flex (dob): DOBs, Fedex#s, and SSNs are now recorded to a feature recorder called \'pii.txt\'.
* configure.ac: updated to beta6
* src/be13_api/feature_recorder.cpp (feature_recorder::write_tag): disabled recorders no longer carve or have tag support.
* src/be13_api/feature_recorder_set.cpp (feature_recorder_set::create_name): added warning if feature recorder already exists.
* src/bulk_extractor.cpp (main): removed explicit creation of alert recorder; no longer needed.
* src/be13_api/feature_recorder_set.h (class feature_recorder_set): alert_recorder should not be a global static; it is now per feature_recorder_set.
* src/be13_api/feature_recorder.cpp (feature_recorder::feature_recorder): removed carved_set that was keeping track of what was carved, as it is no longer necessary.
* src/scan_exif.cpp (scan_exif): jpeg carver feature recorder renamed to jpeg_carved.
* src/be13_api/plugin.cpp (info_scanners): now only prints -H info if it is provided by the scanner.
* src/scan_zip.cpp (scan_zip_component): now records general_purpose_bit_flags in XML. Bit 1 indicates that a component is encrypted (scan_zip_component): removed max_depth check; it\'s in plugin system
* src/scan_net.cpp (scan_net): the -S variable carve_tcp is now implemented by the scan_net scanner to enable or disable TCP/IP memory structure carving. It is disabled by default.
* src/scan_windirs.cpp (scan_windirs): windirs now only runs at top level
* src/scan_zip.cpp (scan_zip_component): now prints mtime in ISO8601 format (scan_zip_component): (previously mtime and ctime were wrong parts)
* src/scan_xor.cpp (scan_xor): will not XOR on either side of a ZIP. improved error handling
* tests/regress.py: updated numbers for 1.4 release
* configure.ac: updated to beta4
* configure.ac: updated to beta3
* src/scan_exif.cpp: fixed jpeg validation. carving now works.
* src/be13_api/plugin.cpp (GET_CONFIG): fixed bug in handling of uint8_t config values. They weren\'t getting set properly.. Ugh.
* src/scan_xor.cpp (scan_xor): fixed error when XOR mask was specified as 0. Previously it recused; now it does not.
* configure.ac: removed defines we aren\'t using anymore
* src/be13_api/feature_recorder.h (class feature_recorder): as a result of popular demand, the UTF8 BOM and BOM EXPLAINATION have been removed from the feature files
* src/be13_api/feature_recorder_set.cpp (feature_recorder_set::get_name): get_name() now returns NULL if feature recorder does not exist.
* src/be13_api/feature_recorder.h (class feature_recorder): added context_window_before() and context_window_after().
* src/bulk_extractor.cpp (main): replaced context_window with context_window_default.
* src/be13_api/bulk_extractor_i.h (class scanner_params): made more variables const. (class recursion_control_block): removed returnAfterFound(raf); now implemented with exceptions
* src/bulk_extractor.cpp (]): fixed handling of LIB_EXPAT (b): restart logic did not compile. Now it is fixed.
* configure.ac: fixed bug in which expat.h was not being checked for. use AC_CHECK_HEADERS() instead of AC_CHECK_HEADER(), as AC_CHECK_HEADER() requires that you add additional logic and AC_CHECK_HEADERS() automatically adds HAVE_HEADER_H.
* src/scan_zip.cpp (scan_zip): removed name_len (not needed)
* src/pyxpress.h: removed \'extern\' designation
* src/image_process.h (i): removed extern size_t opt_pagesize and extern size_t opt_margin. These are now phase1 configuration variables that are passed into the image_iterator.
* src/scan_email.flex (Host): removed ip_written and ip_tested (always remove dead code)
* src/be13_api/feature_recorder.cpp (feature_recorder::carve): changed carving so that carved files are stored with the filename of their location. Also, fixed check-then-access race error in feature_record.cpp (feature_recorder::carve): fixed race conditon in carving.
* feature_recorder_set.cpp - debug is now a static variable
* src/image_process.h (image_process): debug is now a local variable for image_process.h
* src/be13_api/bulk_extractor_i.h (DEBUG_EXIT_EARLY): removed DEBUG_MALLOC and DEBUG_MALLOC_FAIL_FREQUENCY; now is handled with -S system
* src/bulk_extractor.h: removed all global options; replaced with the be config system
* src/pyxpress.c: added OpenSSL exemption per email from Matthieu Suiche
* src/be13_api/sbuf.h: md5 support removed from sbuf
* src/be13_api/plugin.cpp (plugin::get_scanner_feature_file_names): extensive changes to make the global functions part of the be13::plugin class.
* src/bulk_extractor.cpp (main): -S now sets options; -s now sets sampling fraction.
* src/bulk_extractor.cpp (usage): The -B option for specifying the blocksize for bulk data analysis has been removed. Instead specify it with -S block_size=NN.
* src/be13_api/xml.cpp (xml::xml): Routine for opening an existing DFXML file is removed. Anyone who processes XML with regular expressions is in a state of sin.
* src/be13_api/plugin.cpp: max_depth changed to 7
* src/scan_winpe.cpp (scan_winpe_verify): added verification of section names and DLL names to reject false positives.
* src/scan_net.cpp (p): carved ethernet packets are now properly recorded in ether.txt and tcp.txt
* packet carving for disembodied ethernet packets fixed! In 3ad21780, simsong was creating the hz structure but not setting it, so all carved packets had zero length
* src/be13_api/feature_recorder.cpp (banner_stamp): added \
to # BANNER FILE NOT PROVIDED
* src/scan_elf.cpp (scan_elf_verify): fixed bug in scan_elf where XML was incorrect and being generated for invalid ELF headers.
* src/bulk_extractor.cpp (main): -Z is no longer fatal if directory does not exist.
* configure.ac: fixed AX_PTHREAD test to fail if pthreads are not found.
* src/be13_api/feature_recorder_set.cpp (get_name): renamed Mstats to Mlock. Added Mlock to get_name() (apparently this isn\'t thread safe?)
* src/threadpool.h (class worker): removed pesky noreturn problem with threadpool.
* python/identify_filenames.py (process_featurefile): added #\'s to report printed at bottom (process_featurefile): added format
* python/bulk_extractor_reader.py (is_feature_line): Now handles annotated feature files. (BulkReport.__init__.validate): added programmer notice for error of providing a feature file instead of a report directory
* Tue Nov 27 2012 Lawrence Rogers - 1.3.1-2
* Release 1.3.1-2 Included necessary dependencies to build and install BEViewer
* Sun Nov 25 2012 Lawrence Rogers - 1.3.1-1
* Release 1.3.1-1 Various miscellaneous changes
* Mon Jun 04 2012 Lawrence Rogers - 1.2.2-3
* Release 1.2.2-3 Python scripts now installed with the original .py suffix.
* Thu May 31 2012 Lawrence Rogers - 1.2.2-2
* Release 1.2.2-2 Replaced /usr/bin/bulk_extrator with the binary and not the python script.
* Sat Apr 28 2012 Lawrence Rogers - 1.2.2-1
* Release 1.2.2-1
* src/threadpool.cpp (threadpool::win32_init): created for administrative simplification.
* src/threadpool.h (class cppmutex): moved cppmutex to this file.
* src/feature_recorder.h: replaced #include \"cppmutex.h\" with #include \"threadpool.h\"
* src/xml.cpp (xml::close): removed dtd making
* src/cppmutex.h: added cppmutex.h
* src/feature_recorder.h (class feature_recorder): replaced pthread_mutex_t with cppmutex, a C++ cover class for mutexes.
* src/bulk_extractor.cpp (phase1): added #ifdef HAVE_LOCALTIME_R to cover systems that do not have localtime_r.
* src/aftimer.h (aftimer::eta_time): changed from \'when\' to \'t\' for consistency.
* src/scan_aes.cpp (scan_aes): added check -- if sp.buf.bufsize* src/regex_list.h (class regex_list): removed globbing
* src/scan_zip.cpp (scan_zip): now detects decmopression bomb attack and changes mode of operation so that buffers are hashed prior to being decompressed and the same buffer will only be hashed just one.
* src/feature_recorder_set.cpp (scan_zip): alert_recorder is now in feature_recorder_set.
* src/feature_recorder.cpp (feature_recorder::banner_stamp): banner_stamp moved to feature_recorder
* src/bulk_extractor.h: opt_banner_file moved to feature_recorder
* src/bulk_extractor.cpp (main): outdir now an instance variable
* src/feature_recorder_set.h (class feature_recorder_set): outdir now an instance variable
* src/feature_recorder_set.cpp (feature_recorder_set::feature_recorder_set): outdir now an instance variable
* src/feature_recorder.h (class feature_recorder): outdir now an instance variables
* src/feature_recorder.cpp (feature_recorder::feature_recorder): outdir now an instance variable
* src/scan_net.cpp (class packet_carver): outdir now read from feature recorder.
* src/scan_wordlist.cpp (wordlist_split_and_dedup): outdir now read from feature recorder.
* src/MANY - outdir is no longer global.
* src/bulk_extractor.cpp (main): added -G to specify page size2012-01-29 Simson Garfinkel
* src/xml.h (class xml): added svn_version to DFXML output.
* src/scan_net.cpp: now carries its own ipv6 implementation.
* Sat Feb 11 2012 Lawrence Rogers - 1.2.0-1
* Release 1.2.0-1
* src/regex_list.h (class regex_list): removed globbing
* src/scan_zip.cpp (scan_zip): now detects decmopression bomb attack and changes mode of operation so that buffers are hashed prior to being decompressed and the same buffer will only be hashed just one.
* src/feature_recorder_set.cpp (scan_zip): alert_recorder is now in feature_recorder_set.
* src/feature_recorder.cpp (feature_recorder::banner_stamp): banner_stamp moved to feature_recorder
* src/bulk_extractor.h: opt_banner_file moved to feature_recorder
* src/bulk_extractor.cpp (main): outdir now an instance variable
* src/feature_recorder_set.h (class feature_recorder_set): outdir now an instance variable
* src/feature_recorder_set.cpp (feature_recorder_set::feature_recorder_set): outdir now an instance variable
* src/feature_recorder.h (class feature_recorder): outdir now an instance variables
* src/feature_recorder.cpp (feature_recorder::feature_recorder): outdir now an instance variable
* src/scan_net.cpp (class packet_carver): outdir now read from feature recorder.
* src/scan_wordlist.cpp (wordlist_split_and_dedup): outdir now read from feature recorder.
* src/MANY - outdir is no longer global.
* src/bulk_extractor.cpp (main): added -G to specify page size
* src/xml.h (class xml): added svn_version to DFXML output.
* src/scan_net.cpp: now carries its own ipv6 implementation.
* configure.ac: advanced version number to 1.2.0RC1 GNUC_HAS_DIAGNOSTIC_PRAGMA now set in configure.ac
* src/bulk_extractor.cpp (main): the -s (context-sensitive stop list) option is removed. The -r (alert list) and -w (stop list) will now take a list of regular expressions, a list of globs or feature files.
* src/feature_recorder.cpp (feature_recorder::make_histogram): removed get_line_offset(); no longer needed
* src/scan_email.flex: eliminated an increment in LexerInput() validate_email now inline. find_domain_in_email now inline. find_domain_in_url now inline
* src/scan_aes.cpp (scan_aes): scan_aes now runs in 15% the time of the original version. It is now, therefore, enabled by default.
* src/feature_recorder_set.cpp (feature_recorder_set::dump_stats): seconds scanners in states changed to scanner_times
* src/bulk_extractor.h: removed gnuexif
* src/bulk_extractor.cpp (scanners_builtin): removed gnuexif info.
* src/scan_gnuexif.cpp: removed file.
* src/xml.cpp (xml::add_DFXML_build_environment): removed gnuexif support.
* configure.ac (HAVE_LIBEWF_H): removed gnuexif support.
* configure.ac: removed check for libpcap because we don\'t actually use it.
* src/scan_net.cpp: removed #include for libpcap because we didn\'t actually use it.
* Makefile.am (EXTRA_DIST): added m4/ax_pthread.m4 to EXTRA_DIST.
* src/scan_exif.cpp (scan_exif): removed md5hex_4k since the code was already in sbuf_t.
* src/sbuf.h (class sbuf_t): whoops. should have been assert(bufsize>=pagesize), not vice-versa (class pos0_t): stoi64() moved to pos0_t.
* src/sbuf.h (class sbuf_t): When we create a new sbuf with the + operator, we need to also add +i to the pos0. (class sbuf_t): + now asserts that bufsize cannot be smaller than pagesize.
* src/scan_exif.cpp (md5hex_4k): Whoops. Should be hashing min of the pagesize and 4096, not max.
* Wed Dec 14 2011 Lawrence Rogers - 1.1.3-1
* Release 1.1.3-1
* src/xml.cpp: now works with older and newer versions of exiv2
* src/histogram.cpp (HistogramMaker::add): looks for \\000 in utf16 strings converted to utf8 and erases them (We were getting them in histograms)
* src/scan_wordlist.cpp (wordlist_split_and_dedup): no longer adds zero-length words to wordlist
* src/feature_recorder.cpp (feature_recorder::make_histogram): histograms no longer banner stamp or version stamp if there is no corresponding feature.
* src/scan_net.cpp (pcap_writepkt): changed file extension from .dmp to .pcap for packets
* src/bulk_extractor.cpp (phase1): added -A offset to add an offset.
* src/bulk_extractor.cpp (phase1): added -Y start-end notation in addition to -Y start notation.
* src/feature_recorder.cpp (feature_recorder::write): added support for opt_offset_add to allow output to be shifted (for parallelizing across multiple systems.)
* src/sbuf.h (class pos0_t): removed snprintf; now uses stringstream. (operator +): changed most functions to take const & rather than a new object.
* src/feature_recorder.cpp (feature_recorder::write): now always writes out the second \\t for the context, even if there is no context.
* configure.ac: added AC_PROG_CC AC_PROG_CXX and AC_PROG_INSTALL
* src/Makefile.am (.flex.o): FlexLexer.h moved to MyFlexLexer.h to support CentOS where an out-of-date flex is installed.
* src/bulk_extractor.cpp (process_path): fixed handling of /h and /r with -p option
* configure.ac: removed pcap.h tests becuase its not needed
* src/scan_email.flex (Host): now only writes domains>0.
* src/scan_zip.cpp (scan_zip): zip components with no name are now given
* src/scan_winprefetch.cpp (scan_winprefetch): modified to only write out prefect files with non-zero exec name
* src/scan_net.cpp (scan_net): significant update --- I don\'t need libpcap to do packet carving!
* src/image_process.cpp (sbuf_alloc): added a new iterator method it->pos0() returns the pos0 of the sbuf to be allocated by it->sbuf_alloc() (sbuf_alloc): changed calloc to malloc for performance (process_aff::sbuf_alloc): now thorws bad_alloc if an exception is encountered (process_ewf::sbuf_alloc): now thorws bad_alloc (process_raw::sbuf_alloc): now thorws bad_alloc
* src/bulk_extractor.cpp: removed scanner_enabled().
* src/Makefile.am (bulk_extractor_SOURCES): removed checkpoint.h
* src/bulk_extractor.cpp (main): checkpoint removed; restarting now done through dfxml file. (phase1): do_phase1 renamed phase1; just_phase1 renamed do_phase1. phase1 and phase2 flags removed. Now automatic. (main): -2 option removed
* src/image_process_fts.cpp (process_dir::process_dir): added E01 detection.
* src/scan_email.flex (Host): fixed crashing bug on context extraction in MAKESTRING6.
* configure.ac: fixed conforming/non-conforming test for strchr
* src/bulk_extractor.cpp: added HTTP_EOL which is \\r\
in Unix and Mac and
* src/histogram.cpp (HistogramMaker::looks_like_utf16): now recognizes both little-endian and big-endian UTF-16 strings and properly converts them.
* regress.py (analyze): now enables all scanners including wordlist
* python/bulk_extractor.py (BulkReport.open): openfile renamed open
* src/bulk_extractor.cpp (process_find_file): now ignores lines that begin with #
* src/scan_winprefetch.cpp (P): changed utf16_string to wstring (which is the standard).
* src/scan_accts.flex: replaced unicode16_to_string with utf16to8
* src/checkpoint.h (load): named and val no longer shadow values
* src/histogram.h (>): big surprise: it turns out that you should not subclass STL containers! Who knew? Well, a lot of people, apparently: http://stackoverflow.com/questions/4353203/thou-shalt-not-inherit-from-stdvector http://stackoverflow.com/questions/245475/how-do-i-create-a-generic-stdvector-destructor http://stackoverflow.com/questions/3601431/base-class-class-stdvector-has-a-non-virtual-destructor http://stackoverflow.com/questions/1647298/why-dont-stl-containers-have-virtual-destructors
* src/threadpool.cpp (threadpool): modified so that master and worker are now references, rather than pointers.
* configure.ac (HAVE_PTHREAD): added warnings for C++
* src/base64_forensic.cpp: cleaned up prototypes.
* src/scan_aes.cpp (valid_aes256_schedule): updated off-by-one problem. (valid_aes192_schedule): updated off-by-one problem. (valid_aes128_schedule): updated off-by-one problem.
* Fri Jul 29 2011 Morgan Weetman - 0.7.24-1- Initial package
 
ICM