forked from jessek/hashdeep
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
1459 lines (798 loc) · 46.8 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2014-01-29 Jesse Kornblum <[email protected]>:
* Updated date for version 4.4 release.
2013-12-04 Jesse Kornblum <[email protected]>:
* src/dig.cpp: Support deduplication reparse points, issue 307.
2013-10-11 Basic <[email protected]>
* src/multihash.cpp (hash_context_obj::multihash_finalize): removed old code that was commented out.
2013-09-21 Jesse Kornblum <[email protected]>:
* src/dig.cpp: Fixed issue 301 re: removing double dots from path
* Makefile.am: Removed sha3deep target
2013-07-09 Jesse Kornblum <[email protected]>:
* hashlist.cpp: Fixes problem with known files with commas in filename.
2013-05-07 Jesse Kornblum <[email protected]>:
* configure.ac: Added patch from dago to check for MAP_FILE
2012-11-29 Jesse Kornblum <[email protected]>:
* src/dig.cpp: Experimental change to parse single instance storage (SIS) junction points.
2012-11-12 Jesse Kornblum <[email protected]>:
* src/hashlist.cpp: Added experimental mode for case insensitive matching. Also changes in main.cpp, main.h, and display.cpp
2012-11-10 Jesse Kornblum <[email protected]>:
* src/Makefile.am: Added sha3deep
* src/main.h: Added SHA3 defines
* src/main.cpp: Added SHA3 code
* src/common.h: Increased max size of context structure for SHA-3
2012-11-09 Jesse Kornblum <[email protected]>:
* man/hashdeep.1: Clarified Unicode statements
2012-10-30 Jesse Kornblum <[email protected]>:
* main.cpp: Converting break statements which fall through to consistent style.
* main.cpp: Added checks in hashdeep against user errors on command line
* dig.cpp: Adding specific message regarding SIS reparse points.
* blake: Removed code which won't be used
2012-10-22 Jesse Kornblum <[email protected]>:
* configure.ac: Uncommented check for big endian systems.
2012-10-12 Jesse Kornblum <[email protected]>:
* src/threadpool.cpp: Renamed ERR function to avoid conflicts on SunOS and derivates.
2012-09-12 Jesse Kornblum <[email protected]>:
* man/md5deep.1, hashdeep.1: Typos
2012-07-05 Jesse Kornblum <[email protected]>:
* man/md5deep.1: Clarified quiet mode, -q.
* configure.ac: Version bump to 4.3
2012-06-29 Simson Garfinkel <[email protected]>
* src/md5.c (MD5Final): updated md5.c code to remove compiler warning dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]"
2012-06-09 Jesse Kornblum <[email protected]>:
* src/tiger.h tiger.c: Replaced with newer code from libgcrypt.
* configure.ac: Version bump to 4.2
2012-06-05 Jesse Kornblum <[email protected]>:
* src/dig.cpp: Cosmetic formatting. Fixed Win32 stat function.
* src/display.cpp: Commented out vasprintf, which is now present on mingw
* src/hashlist.cpp: Formatting. Revised to handle case where filename is a hash.
* src/sha1_version.c: Removed vestigial code
2012-06-04 Jesse Kornblum <[email protected]>:
* src/hashlist.cpp: Formatting. Addressed bug with filenames with commas in them.
2012-05-20 Jesse Kornblum <[email protected]>:
* man/md5deep1,hashdeep.1: Fixed typo in -j mode
2012-02-27 Simson Garfinkel <[email protected]>
* src/dig.cpp (state::decode_file_type): removed from state, since it didn't use any of the instance variables.
2012-02-27 Jesse Kornblum <[email protected]>:
* main.cpp: Removed -B command line flag from all programs
2012-02-27 Jesse Kornblum <[email protected]>:
* man/md5deep.1: Added Simson to the AUTHORS section
* src/main.cpp: Formatted usage messages
* configure.ac: Version bump to 4.1.1
* Makefile.am: Added doc to directories cleaned with make nice
2012-02-26 Simson Garfinkel <simsong@FC15>
* src/main.h (d): fixed THREAD typo.
* src/display.cpp: changed #if so that it checks for MINGW and not __MINGW_H
* configure.ac (MINGW): now explicitly sets MINGW if we are compiling under mingw.
2012-02-10 Jesse Kornblum <[email protected]>:
* doc/start-hashdeep.html: Clarified how to run the programs.
2012-02-10 Jesse Kornblum <[email protected]>:
* sample-hashes/sample.{c,jpg}: Added Windows executable with non-executable extension
* src/winpe.cpp, main.cpp, dig.cpp: Added comments
* configure.ac: Version bump to 4.1
* src/*.cpp: Added $Id$ tags
2012-02-08 Jesse Kornblum <[email protected]>:
* src/dig.cpp, winpe.h, winpe.cpp, main.cpp: Added check for Windows PE files to expert mode.
2012-01-30 Jesse Kornblum <[email protected]>:
* src/display.cpp: Reverted previous change, but updated test for presence of vasprintf.
2012-01-29 Jesse Kornblum <[email protected]>:
* src/dig.cpp: Check for junction points before adding files to queue
* src/display.cpp: Removed redefinition of vasprintf. It is apparently now part of the compiler's stdio.h
2012-01-28 Jesse Kornblum <[email protected]>:
* configure.ac: Version bump to 4.0.2-001
2012-01-28 Simson Garfinkel <simsong@mucha>
* src/display.cpp (display::dfxml_write): strange; sstream should have been stringstream. Well, it's fixed now.
2012-01-23 Simson Garfinkel <[email protected]>
* src/helpers.cpp: successfully removed itos().
2012-01-22 Jesse Kornblum <[email protected]>:
* src/threadpool.h: Removed debugging fprintf
* configure.ac: Version bump to 4.0.1
* NEWS: Updated for version 4.0.1
2012-01-21 Simson Garfinkel <[email protected]>
* src/hash.cpp (display::hash_stdin): added setmode stdin to binary on windows
2012-01-18 Jesse Kornblum <[email protected]>
* CONFIGURE_FC.sh: Removed FC16 checks. It doesn't work.
2012-01-16 Jesse Kornblum <[email protected]>
* CONFIGURE_FC.sh: Updated for Fedora Core 16. Improved error messages.
2012-01-09 Jesse Kornblum <[email protected]>
* Makefile.am: The doc files for Win32 were backward. Addresses bug 3471505.
2012-01-06 Jesse Kornblum <[email protected]>
* Makefile.am: Changed rule for converting man pages to Windows text files
2012-01-06 Jesse Kornblum <[email protected]>
* configure.ac: Version bump to 4.0.0
* src/hashlist.cpp: Legibility changes only.
* doc/Makefile: Updating man page locations
* src/common.h: Added NEWLINE definition for Win32
2012-01-05 Jesse Kornblum <[email protected]>
* doc: Sync'ed files from trunk
2011-12-27 Jesse Kornblum <[email protected]>
* src/files.cpp: Added spaces to isxdigit macro for OS X compilation.
2011-12-27 Simson Garfinkel <[email protected]>
* src/hashlist.cpp (hashmap::add_file): now makes a copy of the hex hash and assures that it is lower case.
2011-12-26 Simson Garfinkel <[email protected]>
* src/main.h (class state): removed h_nsrl15 variable. Now it always looks for nsrl15 files when trying to decode a hash file.
2011-12-20 Simson Garfinkel <[email protected]>
* tests/testfiles/Makefile.am (testfiles.zip): removed $FILES from release; now testfiles.zip is built as part of the release, and the FILES are in it.
2011-12-17 Simson Garfinkel <[email protected]>
* src/files.cpp (state::find_hash_in_line): removed ILOOK3 intentional fall through. Now we explicitly do it.
* src/display.cpp (display::portable_gmtime): We needed a gmtime()
in multiple locaitons that was portable and threadsafe, so we
created this from the code that was previously in
md5deep_display_hash.
(file_data_hasher_t::compute_dfxml): hashdigest indent set to 0 from 2 if piecewise_size is 0
(display::dfxml_write): ctime, mtime, and atime now put in DFXML output.
* src/dig.cpp (state::file_type): added support for mtime and atime.
* src/main.h: changed fdht->timestamp to fdht->ctime.
2011-12-17 Simson Garfinkel <[email protected]>
* src/files.cpp (state::md5deep_load_match_file): replaced fprintf(stderr) with a cerr output.
* src/hash.cpp (file_data_hasher_t::hash): removed assert(0) for invalid setting of iomode; now displays what the invalid setting is.
2011-12-16 Jesse Kornblum <[email protected]>
* tests/tests.sh: added test for BSD style hashes, iLook hashes
2011-12-04 Simson Garfinkel <[email protected]>
* src/display.cpp (dfxml_write): added filesize to DFXML output
2011-11-29 Simson Garfinkel <[email protected]>
* src/main.h (d): default I/O mode changed from memory-mapped to buffered (the same as the 3.x release.) Memory-mapped should be faster, but for some reason it isn't. Also it makes the memory usage appear quite large (it isn't, but the top and ps commands report mapped memory.)
2011-11-27 Jesse Kornblum <[email protected]>:
* src/main.cpp (hashdeep_process_command_line): Fixed getopt command so that -c mode takes an argument, but -C does not. The former caused a crash.
* src/xml.h: Removed spurrious 'const'
2011-11-17 Simson Garfinkel <[email protected]>
* src/main.cpp (state::main): -j default was being set after option processing. Moved to before. -j0 now disables threading, -j1 is just one thread.
2011-11-07 Jesse Kornblum <[email protected]>
* tests/Makefile.am: Corrected test filenames to make dist
2011-11-01 Jesse Kornblum <[email protected]>
* configure.ac: Version bump to 4.0 beta1
2011-10-28 Simson Garfinkel <[email protected]>
* configure.ac (HAVE_PTHREAD): fixed for multithreading error on macos and linux (it wasn't turning on)
2011-10-26 Simson Garfinkel <[email protected]>
* configure.ac: beta counter incremented to beta2
* tests/tests.sh: added code for test 47 to cover new audit mode generating more output.
* src/display.cpp (display::audit_update): audit output was going to cerr; should go to cout.
* src/threadpool.cpp (ERR): changed from fprintf to cerr; added __noreturn__ attribute.
* src/files.cpp (state::md5deep_load_match_file): file_type no longer shadows member of this.
* src/xml.cpp (XML::comment): comment no longer shadows local member
* src/dig.cpp (print_last_error): now uses cerr instead of fprintf; turns pszMessage into UTF8
* src/main.h (class display): added __attribute__ ((__noreturn__)) to internal_error().
* src/common.h (tstring): somehow we got a ; before the wstring. Removed it.
2011-10-25 Simson Garfinkel <[email protected]>
* src/dig.cpp (state::dig_self_test): added explicit cast to ft to avoid compiler warning.
* src/main.h (class global): renamed class main to class global so that main() doesn't shadow main::main() (which doesn't exist)
* src/main.cpp (state::hashdeep_process_command_line): renamed argc and argv to argc_ and argv_ so as not to shadow instance variables.
* src/display.cpp (display::finalize_matching): removed known_size() as a local, since we have a function that does it.
(display::compute_unused): renamed parameter from display to show_display to avoid compiler warning.
* src/main.h (class display): renamed out to out_ so as not to shadow parameter.
(std::vector): removed num_columns, as it wasn't being used outside the local function.
2011-10-17 Simson Garfinkel <[email protected]>
* src/xml.cpp (pop): added flush to out to make it easier for people to undestand status.
2011-10-15 Simson Garfinkel <[email protected]>
* src/display.cpp: removed #include <sstream>
* src/main.cpp: removed #include <sstream>
2011-10-09 Simson Garfinkel <[email protected]>
* tests/tests.sh (TMP): renamed TEST_DIR to TEST_BIN and GOOD_DIR to GOOD_BIN
2011-10-09 Simson Garfinkel <[email protected]>
* configure.ac (HAVE_PTHREAD): quoted AX_PTHREAD in the configure script
2011-10-09 Simson Garfinkel <[email protected]>
* configure.ac: version number increased to 4.0.0_beta_001
* src/main.cpp (md5deep_usage):
All programs now have a -C option that enables Common Crypto on
Mac. It is disabled by default. You can use it if you want.
Windows - All tests now pass, with the exception that the windows
files now have proper UTF-8 in them rather than the question-mark
escaping. You can escape the UTF-8 by providing the flags. You can
run the tests.sh script with "--nounicode" to remove the filenames
with unicode in them. Tests must be run within cygwin to get the
bash script to work, but the md5deep/hashdeep executables
themselves do not require cygwin and, in fact, ignore the DLL.
Threading now works on windows again. I think that I finally got the configure script right.
I have tested the CONFIGURE_FC.sh with a virgin FC15 ISO. You boot
the ISO in VMWare and it creates a user called 'user'. You have
to create a user that has root access. Once you do this and become
root, run CONFIGURE_FC.sh. It will update the yum repository,
download the mingw32 and mingw64 compilers, download and build
pthreads, and then, just for kicks, it download the SVN repository
and build the 32-bit and 64-bit executables.
You can now run the executables with the '-hhh' option to print
information about the build configuration and environment as well.
I've added -B as a verbose flag for both md5deep and hashdeep. (-v
is verbose in hashdeep but prints the version number in md5deep)
Now, if you are in verbose mode, the DFXML will include the
workerid= of the thread that created the results. This is useful
for debugging to verify that each thread is actually hashing.
2011-09-27 Simson Garfinkel <simsong@FC15>
* src/display.cpp (dfxml_write): now writes workerid as an attribute in the fileobject output.
* src/main.h (file_data_t): added worker_id to fdht
* src/sha1.c (sha1_finish): added const to avoid casting warnings.
2011-09-25 Simson Garfinkel <[email protected]>
* src/tiger.c (hash_init_tiger): changed all functions to return void rather than int.
* src/md5.c (hash_init_md5): all functions now return void rather than int.
* src/whirlpool.c (hash_init_whirlpool): all functions now return void rather than int.
* src/sha256.c (hash_final_sha256): all functions now return void rather than int
* src/main.h (class algorithm_t): hashing functions modified to return void rather than int
2011-09-16 Simson Garfinkel <[email protected]>
* src/sha256.c (hash_init_sha256): added casts
* configure.ac: added -fast and a ton of more warnings
* configure.ac: now removes -fast flag if not optimizing
* src/sha256.c (hash_update_sha256): added casts to avoid void *.
* src/md5.c (hash_final_md5): added casts to avoid void *.
* src/sha1.h: noted that SHA1Transform now takes a const buffer.
* src/sha1.c (SHA1Final): added #define SHA1HANDSOFF so that it won't modify the buffer passed in.
(hash_final_sha1): added casts to avoid void *.
2011-09-12 Jesse Kornblum
* tests/tests.sh: Fixed typo
2011-09-11 Simson Garfinkel <simsong@FC15>
* configure.ac (INCLUDE_NP): added define for INCLUDE_NP
* src/display.cpp (display_realtime_stats): removed setting shorten variable, since now we simply shorten where it is needed, rather than setting a variable and checking it elsewhere.
* src/xml.cpp: moved defines of O_BINARY, et all, out of #ifdef
* src/files.cpp (md5deep_load_match_file): removed setting status, because return code is now ignored. (errors in parse_encase_file are no longer reported)
2011-08-24 User <user@ubuntu>
* configure.ac: AM_CONFIG_HEADER changes to AC_CONFIG_HEADERS
2011-08-22 Jesse Kornblum
* bootstrap-mingw.sh: Added support for mingw on Ubuntu
2011-08-22 Simson Garfinkel <[email protected]>
* src/display.cpp (display::error_filename): moved lock to around dfxml
2011-08-17 Simson Garfinkel <[email protected]>
* src/display.cpp (display::error_filename): error_filename now properly prints to DFXML
2011-08-14 Simson Garfinkel <[email protected]>
* src/main.h (d): added __attribute__ ((format(printf))) to all printf-like functions
* src/display.cpp (error): removed print_error(), since it did the same thing that error() did.
* src/main.h (d): added __attribute__ ((__noreturn__)) to fatal_error
2011-08-12 Simson Garfinkel <[email protected]>
* src/display.cpp (error): always puts progname on error now. removed explicit "%s: " and progname from practially every place error was called.
2011-08-09 Simson Garfinkel <[email protected]>
* src/main.h (std::vector): changed hashmap from a map to a multimap
2011-08-07 Jesse Kornblum
* man/md5deep.1: Updated version number
* man/hashdeep.1: Restored to earlier version
* man/Makefile.am: Corrected clobbering of hashdeep man page
* src/Makefile.am: Corrected typo in the symbolic linking
* src/ui.cpp: Vestigial file removed
2011-08-01 Simson Garfinkel <[email protected]>
* src/main.h (class file_data_hasher_t): moved read_offset and read_len from file_data_t to file_data_hasher_t
(class file_data_hasher_t): moved timestamp from file_data_t to file_data_hasher_t
* src/display.cpp (file_data_hasher_t::compute_dfxml): fdht->dfxml_hash is now a string stream
* src/hash.cpp (file_data_hasher_t::hash): whoops; dfxml had old bytes=; replaced with len=;
2011-07-31 Simson Garfinkel <[email protected]>
* src/hash.cpp (display::hash_stdin): sets stat_bytes to SIZE_T_MAX when hashing stdin.
2011-07-27 Simson Garfinkel <[email protected]>
* src/main.h (class display): added conditional defines so that wstring stuff isn't compiled on mac
2011-07-27 Simson Garfinkel <[email protected]>
* configure.ac: now compiles with and without PTHREAD, and on win32 and win64
updated version to 4.0.0_alpha_001
* src/hash.cpp (hash): triage mode no longer works on stdin
2011-07-26 Simson Garfinkel <[email protected]>
* src/main.cpp (main): main is now a method of state.
2011-07-22 Simson Garfinkel <[email protected]>
* src/hash.cpp (display::hash_stdin): removed is_stdin because we can just compare handle to stdin.
* src/dig.cpp (have_processed_dir): cycle system no longer public; now it's static. (should there be a dig class?)
2011-07-21 Simson Garfinkel <[email protected]>
* src/files.cpp (shift_string): moved to files.cpp, the only place where it is used.
* src/main.cpp (check_wow64): moved to main.cpp
* src/files.cpp (find_comma_separated_string): moved from helpers.cpp to files.cpp and made static.
* src/main.cpp (state::md5deep_process_command_line): -f option removed sincei t was not properly implemented and doesnt appear to have been used.
2011-07-21 Simson Garfinkel <[email protected]>
* src/Makefile.am: removed md5deep.h and md5deep_match.h
2011-07-20 Simson Garfinkel <[email protected]>
* src/main.cpp (state::md5deep_process_command_line): removed mode_piecewise, since it can be determined from picewise_size>0.
* src/main.h (class state): moved primary_function into display
2011-07-19 Simson Garfinkel <[email protected]>
* src/main.h (enum): added status_EXIT_FAILURE to status_t as status_t is now returned.
2011-07-19 Simson Garfinkel <[email protected]>
* src/display.cpp: the only place that filename shortening was done was in display_realtime_stats, so all of the filename shortening logic was moved there and it was moved out of display_filename everywhere else. The passage of the FILE * to display to was put back in, becuase display_filename was also being used to display error messages.
2011-07-18 Simson Garfinkel <[email protected]>
* src/main.h (mode_which): changed mode_which to opt_show_matched (which is the default)
2011-07-18 Simson Garfinkel <[email protected]>
* src/display.cpp (display_size): changed mode_csv to opt_csv
2011-07-14 Simson Garfinkel <[email protected]>
* src/common.h: removed STRINGS_CASE_EQUAL.
2011-07-13 Simson Garfinkel <[email protected]>
* src/hash.cpp (hash): successfully removed the state variable from compute_hash.
* src/display.cpp (display_realtime_stats): moved output of realtime_stats from file_name_annotation to a seperate output, so that display_realtime_stats can now take a const file_data_hasher.
* src/hash.cpp: changed update_display to display_realtime_stats() and moved to display.cpp
2011-07-10 Simson Garfinkel <[email protected]>
* src/sha1.c: removed copy on all algorithms except sha1; that copy is now done within the sha1 update function, where it should be.
* src/md5.h: all update functions modified to take size_t as the length, becuase you can't pass a size larger than size_t.
2011-07-07 Simson Garfinkel <[email protected]>
* src/dig.cpp (process_dir): modified conditional compilation for WIN32
2011-07-05 Simson Garfinkel <[email protected]>
* src/helpers.cpp: moved setup_expert_mode to main.cpp, because it's actually helping to parse the command line.
removed my_basename, since it is now done on strings in dig.cpp
2011-07-05 Simson Garfinkel <[email protected]>
* Makefile.am (SUBDIRS): hashdeep subdir renamed to be src, since it is now src for everybody.
2011-07-04 Simson Garfinkel <[email protected]>
* hashdeep/main.cpp: added conditional to use built-in __progname if compiling under WIN32
* hashdeep/Makefile.am (hashdeep_SOURCES): removed tchar-local.h and added wstring.h
* hashdeep/dig.cpp (clean_name): changed mode_relative to opt_relative
2011-07-03 Simson Garfinkel <[email protected]>
* hashdeep/dig.cpp (should_hash_symlink): changed stat structure from _tstat_t to _tstati64
* configure.ac: added -DWINVER=0x0500 to get Windows UTF-8 conversion. mingw targets for 0x0400 (
* hashdeep/main.h (std::vector): file_type_t changed to hashfile_format, since that describes what it actually is.
* hashdeep/Makefile.am (hashdeep_SOURCES): removed cycles.cpp.
* hashdeep/dig.cpp (have_processed_dir): moved cycles.cpp into dig.cpp (because it's so much smaller now).
2011-07-01 Simson Garfinkel <[email protected]>
* hashdeep/display.cpp (state::md5deep_display_hash): now uses gmtime_r for threadsafety
* hashdeep/hash.cpp (hash::hash_stdin): hash_file() and hash_stdin() are now methods.
2011-06-29 Simson Garfinkel <[email protected]>
* hashdeep/common.h: moved sys/cdefs.h from tchar-local.h to common.h; added #ifdef
2011-06-24 Simson Garfinkel <[email protected]>
* hashdeep/main.h: make_newline changed to print_newline(). No longer takes state. mode_zero changed to opt_zero.
2011-06-24 Simson Garfinkel <[email protected]>
* tests/tests.sh: now passes all tests
* hashdeep/display.cpp (display_match_result): fixed so that it works now.
* hashdeep/hashlist.cpp (hashlist::search): fixed search function so that it returns status_no_match when there is no match.
2011-06-22 Simson Garfinkel <[email protected]>
* hashdeep/main.cpp: removed strsep
2011-06-21 Simson Garfinkel <[email protected]>
* hashdeep/files.cpp (state::find_plain_hash): although this function takes the approach of hacking C strings with an axe, it seems to work.
* hashdeep/main.cpp (algorithm_t::valid_hash): fixed function.
2011-06-20 Simson Garfinkel <[email protected]>
* hashdeep/hash.cpp (hash_file): eliminated by_basename, instead we now use rfind on the string.
2011-06-19 Simson Garfinkel <[email protected]>
* hashdeep/Makefile.am (hashdeep_SOURCES): removed md5deep_hashtable.cpp and md5deep_hashtable.h
(hashdeep_SOURCES): removed md5deep_match.cpp
* hashdeep/md5deep_match.cpp (md5deep_load_match_file): expected_hashes, used in parsing EnCase hash files, is now segregated to the EnCase file parsing routines and no longer in the state variable.
2011-06-18 Simson Garfinkel <[email protected]>
* hashdeep/Makefile.am (hashdeep_SOURCES): removed strsep; no longer needed.
* hashdeep/main.cpp (process_command_line): mode_verbose, mode_more_verbose and mode_insanely_verbose now replaced with a global variable opt_verbose which has value of 0, 1, 2 or 3.
* hashdeep/main.h: print_error no longer takes state.
* hashdeep/ui.cpp (fatal_error): fatal_error no longer takes
state; mode_silent is now a global variable. Otherwise, EVERYTHING
that can generate a printout needs to pass a pointer to state,
which defeats the purpose of encapsulation. (If we ever want to
have two different state instances in memory at the same time, is
it likely that they will have different modes? I think not.)
(print_error_unicode): no longer takes (state *s)
* hashdeep/common.h (filetype_t): moved to hashlist class.
* hashdeep/main.h (hashlist): status_t broken up to hashlist::loadstatus_t and hashlist::search_status_t.
* hashdeep/main.cpp (process_command_line): load_match_file() call changed to known->load_hash_file() since the database of known hashes is now kept in a hashlist.
2011-06-17 Simson Garfinkel <[email protected]>
* hashdeep/hash.cpp (hash_file): largely removed s->current_file; it is now a file_data_hasher_t pointer.
2011-06-16 Simson Garfinkel <[email protected]>
* hashdeep/main.cpp: removed initialize_state(state *s); now it's in the state constructor.
(state::load_hashing_algorithms): this is now a method
* hashdeep/Makefile.am (hashdeep_SOURCES): removed hashtable.cpp
* hashdeep/main.h (class file_data_t): created file_data_hasher_t to hold the actual variables needed to perform the hashing; only file_data_t is stored in the hashmap_t.
2011-06-15 Simson Garfinkel <[email protected]>
* hashdeep/main.h (class file_data_t): removed full_name, as it is redundent with file_name
* hashdeep/multihash.cpp (multihash_update): moved hash_sum and hash_context from algorithm_t structure to file_info_t structure.
* hashdeep/main.h: removed state *s backpointer.
ALGORITHM_NAME_LENGTH changed to MAX_ALGORITHM_NAME_LENGTH and
ALGORITHM_CONTEXT_SIZE changed to MAX_ALGORITHM_CONTEXT_SIZE.
2011-06-14 Simson Garfinkel <[email protected]>
* hashdeep/main.h: changed hashname_t to hashid_t becuase it is an id number, not a name.
2011-06-14 Simson Garfinkel <[email protected]>
* hashdeep/main.h: removed __BEGIN_DECLS and __END_DECLS; we are now a C++ program!
* hashdeep/hash.cpp: moved shorten_filename to display.cpp becuase the shortened filenames are just used in a particular case. we can set a flag to print them and generate them on the fly.
2011-06-12 Simson Garfinkel <[email protected]>
* hashdeep/main.cpp (main): s->cwd is now pre-allocated
* hashdeep/main.h (class file_data_t): timestamp moved to current_file
* hashdeep/multihash.cpp (multihash_update): moved *buffer from dynamic allocation to allocated withn the current_file.
* hashdeep/hash.cpp (hash_stdin): moved full_name,short_name and msg into current_file
* hashdeep/md5deep_match.cpp (parse_encase_file): increased buffer[] from 19 bytes to 64; why be stingy? It's no longer dynamically allocated.
(parse_encase_file): increased result from dynamically allocated at s->hash_length*2 to 1024.
2011-06-11 Jesse Kornblum
* display.cpp (display_size) Removed ten character limit on
displayed sizes. We now display the full size regardless
of mode.
2011-06-07 Simson Garfinkel <[email protected]>
* hashdeep/files.cpp (hash_file_type): known_fn changed from char * to char[PATH_MAX+1]
* hashdeep/main.h (class state): time_str is now a local variable, not in state.
* hashdeep/main.cpp (main): state and the other structures defined in main.h are now classes.
2011-06-04 Simson Garfinkel <[email protected]>
* hashdeep/hash.c (hash): s->full_name and tmp_name are now statically allocated arrays, rather than dynamcially allocated.
2011-06-02 Simson Garfinkel <simsong@alphonse-mucha>
* md5deep/Makefile.am (INCLUDES): removed references to -lm as we no longer use floor.
* hashdeep/hashdeep.cpp (main): renamed to main.cpp
2011-06-01 Simson Garfinkel <simsong@alphonse-mucha>
* md5deep/hashTable.c: renamed to hashdeeb/md5deep_hashtable.c
* man/Makefile.am: moved all man pages into the man directory.
2011-06-01 Simson Garfinkel <[email protected]>
* hashdeep/sha1.c: made sha1.c include sha1.h but not main.h
2011-05-31 Simson Garfinkel <[email protected]>
* configure.ac: changed version number to 4.0.0_alpha_000
* hashdeep/Makefile.am (hashdeep_SOURCES): simplified list of files
* hashdeep/common.h: __progname is now always extern; on systems that are not GLIBC we include progname.c
* configure.ac: moved all includes from include/* to hashdeep; there is no reason to have an include/ directory since we are not building a library.
* configure.ac: added AC_PROG_CXX
* hashdeep/Makefile.am (hashdeep_SOURCES): renamed main.c to hashdeep.cpp. Yes, we are now a C++ program!
2011-05-31 Simson Garfinkel <[email protected]>
* md5deep/display.c: changed #include "main.h" to #include "md5deep.h"
* hashdeep/main.c: now includes md5deep.h if compiled for MD5DEEP, and main.h if compiled for hashdeep
* md5deep/md5deep.h: to avoid the name conflict, md5deep/main.h was renamed md5deep/md5deep.h
* hashdeep/hash.c: changed to use #ifdef MD5DEEP, which is now -D defined by md5deep/Makefile.am
* hashdeep/Makefile.am (COMMON_SRC): updated to indicate that hash.c, dig.c, cycles.c, ui.c, helpers.c, md5.c, sha1.c, sha256.c, tiger.c, whirlpool.c now reside in this directory
* md5deep/Makefile.am (whirlpooldeep_SOURCES): moved hash.c, dig.c, cycles.c, ui.c, helpers.c, md5.c, sha1.c, sha256.c, tiger.c, whirlpool.c from common/ to hashdeep/. Updated Makefile.am
* configure.ac: added initial comments as part of makefile
changing. The idea is to move C programs from common/ to hashdeep/
in preparation for removing 'common' and 'md5deep' entirely and
folding all of the functionality into the hashdeep program.
2011-05-23 Jesse Kornblum
* Resolved bug 3307444 regarding the prefix type for multipliers.
We're using IEC multipliers. Also, spelled multipliers
correctly.
* Fixed a bug in find_bsd_hash, bug 3309339, to address when
a file of known hashes has a set of parenthesis. The
find_bsd_hash function was munging the line.
2011-04-23 Jesse Kornblum
* More cosmetic changes, this time to print correct offsets
for a zero-byte file being processed from stdin in piecewise
mode.
2011-04-22 Jesse Kornblum
* Cosmetic bug fix in hash.c to avoid calling ftell
when processing standard input.
2011-04-21 Jesse Kornblum
* Released version 3.9 with critical bug fix, 3290190.
* Added hashdeep64.exe to the CLEANFILES
2011-04-20 Jesse Kornblum
* Version bump to 3.9-001
* Added int _CRT_fmode = _O_BINARY; to hashdeep/main.c
to address bug 3290190, regarding processing stdin
in hashdeep.
2011-04-01 Jesse Kornblum
* Version bump to 3.8-002
* Experimenting with x64 compilation. Changed _tprintf calls
in md5deep/display.c to regular printf to fix problem with
missing displayed data.
* Commented out definition of _WIN32_WINNT in tchar-local.h.
The x64 compiler seems to have this already for us.
* Attempting to compile with x84_64-w64-mingw32 compiler.
2011-03-22 Jesse Kornblum
* Version bump to 3.8-001
* Fixed cosmetic bug for -p mode, SF bug 3234714.
2010-12-15 Jesse Kornblum
* Re-engineered how file sizes and reads are computed.
The inital guess of a file's size, via stat(2), is
now stat_bytes (and stat_megs). For each call of hash(),
we record the offset where we started, read_start, and
the offset where we ended, read_end. These mostly are for
piecewise mode. We also record actual_bytes, the total
number of bytes we read and hashes from the disk from the
whole file.
* Added some error checking to realpath() calls in
common/{cycles,helpers}.c
2010-11-29 Jesse Kornblum
* Fixed typo in hashdeep audit message
2010-11-23 Jesse Kornblum
* Renamed triage mode to more generic version
* Modified triage mode to use ASCII, not Unicode tabs
* Changed 'make world' directive to be based on Linux
Mingw32 compiler, i586-mingw32msvc
* Added conditional Unicode defines to tchar-local.h
2010-11-22 Jesse Kornblum
* Added Input/Output error to list of fatal errors when
reading files.
2010-11-19 Jesse Kornblum
* Added -Z flag for Triage mode
* Added some more error checking in md5deep/main.c functions
* Version bump to 3.7-002
2010-06-24 Jesse Kornblum
* Fixed return value in my_basename to reflect no error when
the input does not need any modifications. Addresses bug 3014396.
* Version bump to 3.7-001
2010-03-23 Jesse Kornblum
* Version bump to 3.6 and release
* Documented expert mode in hashdeep man page, getting started
guide. Also made a few tweaks to the md5deep documentation.
* Added some error checking routines to helpers
2010-03-06 Jesse Kornblum
* Cleaned up md5deep/main.h comment styles. Also added a field
to the state variable to keep track of the file's type. This
is was handy for...
* Updating file size computation to use results of stat
operation normally done anyway during dig phase.
2010-02-26 Jesse Kornblum
* Adding 'expert' mode from md5deep to hashdeep.
2010-02-25 Jesse Kornblum
* Changed all contact email addresses to research account at
jessekornblum.com. The 'md5deep' account will be deprecated.
2010-01-09 Jesse Kornblum
* Finished updating download links. Updated and published
Hashdeep quick start guide
2009-12-30 Jesse Kornblum
* Converting documentation update to use rsync+ssh to upload content
2009-12-29 Jesse Kornblum
* Version bump to 3.5.1
* Attempting to fix bug 2922415 involving zero byte files
* Added a few items to the TODO list
* Started web page cleanup
2009-12-21 Jesse Kornblum
* Attempting to fix bug 2919014 regarding hashdeep and its
failure to detect when files go missing during an audit
if there is another, identical file in a different location
* Cleanup on md5deep code for -f mode
* Revised list of new features for release 3.5
2009-09-24 Jesse Kornblum
* Again revised patch 2855502 to handle the last read of
files/stdin when no data is read. This happens when the
file size is an exact multiple of the piecewise size.
2009-09-16 Jesse Kornblum
* Updated broken link on web page for Whirlpool.
2009-09-09 Jesse Kornblum
* Applied a modified version of patch 2855502 to fix file size
computation for piecewise hashing of stdin.
2009-07-11 Jesse Kornblum
* Added draft of Hashdeep Getting Started guide
2009-07-10 Jesse Kornblum
* Fixed method to read list of files to hash from a file.
2009-06-14 Jesse Kornblum
* Experimenting with reading list of files to hash from another
file in md5deep.
2009-05-22 Jesse Kornblum
* Closed search handle in is_junction_point in response
to bug 2795587.
* Attempting to fix -n mode by removing check in is_known_hash
for NULL parameters.
2009-04-10 Jesse Kornblum
* Experimenting with stopping file read on "Invalid argument" errors
to avoid crashes on Win32.
2009-04-04 Jesse Kornblum
* Version bump to 3.3 and released.
2009-03-26 Jesse Kornblum
* Updated timestamp code to support 64-bit functions on Windows.
2009-03-01 Jesse Kornblum
* Experimenting by skipping *all* junction points on
Windows. We'll display a message with 'unknown' status
values.
* Version bump to 3.3-002.
2009-02-08 Jesse Kornblum
* Removed email address from all files. Too many spammers, sorry.
2009-01-26 Jesse Kornblum
* Cleaned up code for version 3.2 release. Commented out NTFS
junction point detection for now.
* Applied patch 2535551 to Makefile.am to use LDADD variable
instead of AM_LDFLAGS.