forked from jessek/hashdeep
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
620 lines (366 loc) · 17 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
** Changes in version 4.4 (29 Jan 2014)
* New Features
Added case insensitive auditing with -E mode
* Bug Fixes
Added checks against user errors on Hashdeep command line
Fixed bug for known filenames with the directory in the filename
Fixed bug for double dots in the filename
** Changes in version 4.3 (24 Oct 2012)
* Bug Fixes
Fixed check for endian-ness, affecting hash generation on
big-endian platforms.
Fixed minor bugs related to OpenSolaris.
** Changes in version 4.2 (11 Jun 2012)
* Bug Fixes
Fixed padding in Tiger hashes for large files
** Changes in version 4.1.1 (5 Jun 2012)
* Bug Fixes
Fixed hashdeep bug for known files with commas in their names.
Cleaned up usage message
** Changes in version 4.1.0 (14 Feb 2012)
* New Features
Added expert mode option to parse Windows PE files
* Bug Fixes
Fixed junction point handling on Win32
** Changes in version 4.0.1 (22 Jan 2012)
* Bug Fixes
Fixed hang on DFXML generation on Win32
Fixed incorrect hashes via stdin on Win32
Fixed "Too many open files" error on OS X
Doc files in Win32 have been corrected.
** Changes in version 4.0 (6 Jan 2012)
* New Features
Rewrote most of the program in C++.
Enabled multiprocessor support on all platforms.
Removed ten character limit on file size mode
* Bug Fixes
Too numerous to count!
** Changes in version 3.9.1 (31 May 2011)
* Bug Fixes
Fixed a cosmetic bugs regarding processing standard input
in piecewise mode.
Fixed a bug regarding processing known hash files which have
parenthesis in the filename.
Clarified documentation regarding multipliers in piecewise
mode. They are IEC multipliers, or blocks of 1,024. Side note:
also spelled 'multipliers' correctly.
** Changes in version 3.9 (21 Apr 2011)
* Bug Fixes
Fixed a critical bug in hashdeep regarding processing
standard input
** Changes in version 3.8 (15 Apr 2011)
* New Features
Added -f mode to get the list of input files from
a file on the disk.
Added 64-bit executables for Windows.
* Bug Fixes
Fixed a cosmetic bug regarding the error messages for
piecewise mode.
** Changes in version 3.7 (18 Dec 2010)
* New Features
Added triage mode, -Z flag, to compute file size and partial
hashes in addition to full file hash.
Updated Windows cross-compiler to MinGW-4.2.1
* Bug Fixes
Fixed hashdeep piecewise mode to include the correct size
of each piece being hashed. This enables audit mode to
work correctly.
Addressed display problem for time estimates of files with
long filenames in the current directory.
Added "Input/Output error" to the list of fatal errors when
processing files
** Changes in version 3.6 (23 Mar 2010)
* New Features
Added expert mode found in md5deep to hashdeep.
* Bug Fixes
Fixed error checking in helper routines.
** Changes in version 3.5.1 (30 Dec 2009)
* Bug Fixes
Fixed processing of zero byte files.
** Changes in version 3.5 (22 Dec 2009)
* New Features
Added mode to load list of files to process from a file (-f mode)
* Bug Fixes
Fixed file size computation for piecewise hashing of standard input.
Fixed error when auditing a directory to check for identical copies
of a file if one copy is removed.
** Changes in version 3.4 (11 Jun 2009)
* Bug Fixes
Fixed directory handle leak during recursive parsing on Windows
Fixed -n mode (display unused hashes)
** Changes in version 3.3 (4 Apr 2009)
* New Features
* Bug Fixes
Skip all reparse points (symbolic links and junction points)
on Windows. Required for sane parsing of Windows Vista or 7 systems.
Fixed handling of 64-bit timestamps on Windows.
** Changes in version 3.2 (25 Jan 2009)
* New Features
Added Comma Separated Value (CSV) mode.
* Bug Fixes
Fixed support for 64-bit files on Windows
Fixed hashdeep input file parsing to allow filenames with
commas and properly handle other kinds of errors. Also
modified the invocation listing in output files such that
even long lines can be successfully parsed.
** Changes in version 3.1 (23 Jul 2008)
* New Features
Added size threshold modes to only process files smaller
than a given size.
Added a timestamp mode that records the creation time time
for each file on Win32, the change time on all other operating
systems.
Streamlined file size computation process, which makes
the programs about 15% faster.
* Bug Fixes
Corrected time estimates for large files (e.g. files which
require more than one day).
** Changes in version 3.0 (10 May 2008)
* New Features
Added hashdeep program to support multihashing and
hash file auditing
Added support for new iLook style hashes
* Bug Fixes
Fixed obscure bug that caused a crash (double free) when
attempting to check a very small file for EnCase hashes
** Changes in version 2.0.1 (31 Oct 2007)
* Bug Fixes
Added support for older Linux systems that don't have the
latest and greatest ioctl functions.
** Changes in version 2.0 (15 Oct 2007)
* New Features
Using GNU Autotools for configuration and compilation. This
should help avoid platform specific issues such as SHA-1
problems previously found on 64-bit versions of AIX.
Added support for files with Unicode characters in their
filenames on Microsoft Windows.
Added support for EnCase hash sets (.hash files).
Updated web site and quick start guide
Slightly reduced the size of all of the executables by removing
duplicated code.
* Bug Fixes
Fixed time estimation mode for block devices on OS X and Linux
Fixed cosmetic error where estimated time remaining mode is
being used in conjunction with piecewise hashing. Time estimates
are now based on the whole file, not just each piece.
Clarified licensing issues in COPYING for tiger.c
Changed some data types in hashing functions to C99 standard.
Whirlpool seems to be working well enough without changes.
Wrapped all of the global variables into the state structure
** Changes in version 1.13 (6 Aug 2007)
* New Features
Added HP/UX as a support platform
Added -S mode to only display warnings for improperly
formatted hashes.
Created an internal state variable to central program structure.
This will help to simplify future development. Also moved
md5deep.h to main.h.
Moved print functions to ui.c for easier abstraction
* Bug Fixes
Changed piecewise hashing block size to a 64-bit value.
Fixed a cosmetic error regarding newlines in -n mode.
Fixed error on Win32 in file estimate mode. Although it appeared
to be solely cosmetic, the functions to produce the status message
could potentially overwrite other memory and create inconsistencies
Removed make macg5 option as it didn't work with new
versions of gcc.
Updated the maximum line length to 2048 bytes. This should
avoid errors reading in files with very long lines.
** Changes in version 1.12 (3 Apr 2006)
* New Features
Added multipliers for piecewise hashing mode.
* Bug Fixes
Fixed Gentoo compilation and the use of BLOCK_SIZE in hash.c.
Fixed piecewise hashing bugs: filename display, correct offset
when block size is larger than file, and ability to handle
large block sizes.
Version 1.11 - 31 Mar 2006
- Added piecewise mode -p
- Added support for using md5deep output while file sizes (-z mode) in
matching mode.
- Added flush to output after newline generation in helpers.c
- Fixed SHA-1 to work on 64-bit platforms (changed unsigned long to uin32_t)
- For good measure, eliminated a few other unsigned long references
throughout the source code
- Added -W to the compiler flags to catch lots of other little bugs,
many little fixes. Mostly eliminating comparisons between signed and
unsigned. Some warnings, especially "unused paramter" are ok.
Version 1.10 - 2 Feb 2006
- Fixed Tiger hashes being displayed in big endian instead of little endian
Thanks to Peter Chuenkov (aka ODB) for finding this bug
- Fixed cosmetic bug in usage message
Version 1.9.3 - 5 Jan 2006
- Added Cygwin as a supported platform
- Fixed expert mode to remove a number of logical errors
that prevented the program from correctly identifying which
files should be hashed. Symbolic links, in particular, were not
being chosen or excluded correctly.
- Added quiet mode, -q, filename is omitted from the output.
- Added Makefile directive macg5 to compile OS X G5 specific code
- Fixed comparisons between signed and unsigned variables in helpers.c
and dig.c
Version 1.9.2 - 14 Nov 2005
- Fixed Makefile to include compiler optimizations for hashing algorithms
Version 1.9.1 - 8 Nov 2005
- Fixed bug when processing symlinks to directories introduced in
version 1.9 by accidently removing known good code. Oops.
Version 1.9 - 7 Nov 2005
- Changed the existing return values and added ones for the matching modes
to indicate if any of the input files did not match a known hash and
if any hashes were unused. See "RETURN VALUES" section of the manpage.
- Added -n mode to display which files from the list of known hashes did
not match any of the input files.
- Fixed dig.c code to correctly handle links to Solaris doors.
- Fixed cosmetic bug that caused the leading slash to be omitted from the
output under 'which matching file', or -w mode.
- Changed text displayed in matching modes for standard input. Now displays
just "stdin" in matching mode
- Fixed bug in files.c:valid_hash that caused crash by casting
character value into a signed integer.
- Fixed bug in BSD hash file importing that caused crash when processing a
line with two parenthesis but was shorter than a valid hash.
- Fixed cosmetic bug in hash.c:update_display to prevent the first time
estimate to be wildly off if it takes more than one second to read
the first megabyte of each input file.
- Simplified hash.c by removing match_name from hash_info structure
- Minor changes to Makefile defines
Version 1.8 - 8 Aug 2005
- Added Tiger algorithm to make tigerdeep.
- Added -k mode to insert asterisks before filename, like md5sum -b
- Fixed a bug that prevented the first BSD style hash from being
loaded during any of the matching modes.
- Continued to simplify the Makefile. To wit:
- Changed checks for __WIN32 to _WIN32, which is defined by the compiler.
Removed -D__WIN32 from the Makefile.
- Greatly reduced the number of instructions for cross compiling
- Simplified rules for building all applications
Version 1.7 - 23 May 2005
- Added support to use BSD style hashes in matching modes
- Fixed support for Hashkeeper files that have directory information.
Matt Kucenski helped to track this down.
- While fixing Hashkeeper support, improved support for other hash
file formats and generalized the code in files.c
- Fixed a bug for displaying the correct matching filename in -w mode
(ensured that extra characters are erased)
- Fixed cosmetic bug to avoid extra characters on time estimation mode
- Removed 32-bit number limitation from Win32 code, which allows
the display of file sizes larger than 4GB. (Note that time estimates
for files larger than 4GB is still not available on Windows.)
- Switched printing of large numbers to C99 style (e.g. PRIu64 et al)
- Simplified the operating systems defines in the Makefile. To wit:
- Removed -D__MACOSX for Mac. Instead check for __APPLE__, which
the compiler defines by default for us.
- Removed the -D__UNIX directive. Instead just check the __WIN32
is *not* defined whenever we put in *nix code.
Version 1.6 - 4 May 2005
- Added Whirlpool algorithm to make whirlpooldeep.
- Fixed bug to prevent trying to access 'busy' files. This happens when
trying to access system files on Win32 that are mounted via Samba.
Jeff Bryner helped to track this one down
- Added -w flag to display, in matching mode, which known hash matched
the input file
- Added -b flag to remove leading directory information from filenames
- Added -a and -A flags to add a single hash to
positive and negative matching, respectively
- Removed -t as a valid flag, breaking compatibility with md5sum
- Enabled control of FIFO pages via expert mode on Windows
- Combined all manpages into single md5deep man page
- Added error checking to hash table functions
- Removed algorithm specific code from hash table code
- Fixed __USE_BSD define in md5deep.h to avoid compiler warnings
- Fixed minor bug to clean up Windows version of man page
- Updated install process to use $(PREFIX) for installed location
- Removed macinstall option
Version 1.5 - 31 Aug 2004
- Added SHA-256 algorithm to make sha256deep. Special thanks to
Christophe Devine his SHA-256 implementation.
- Fixed typo in files.c for unsupport file type processing
- Fixed typo in sha1deep man page. (Had wrong reference in description.)
- Man pages are now installed mode 444 instead of 755. (i.e. non-executable)
- Cleaned up Makefile. Yes, again.
Version 1.4 - 16 Aug 2004
- Added relative paths mode
- Fixed printing of file sizes larger than 9GB for Mac, *BSD.
- Changed return values so that always returns 0 on success
positive integer on failure (1 = user error, 2 = internal error)
- Fixed memory leak on directory open failures in dig.c
- Fixed memory leak in directory release code in cycles.c
- Fixed potential information leak in md5.c (thanks to Derek Jones)
- Removed possible supression of critical error messages in cycles.c
- Fixed size computation for standard input
- Added support for Win32 logical drives (e.g. \\.\C:)
- Changed data structures in hash.c for ease of reading
- Added overflow counter for Win32 for files larger than 4GB
- Put Windows style newlines in copyright message
Version 1.3 - 24 Jun 2004
- Fixed Windows version to handle physical devices and UNC paths
(e.g. \\.\PhysicalDrive0 \\.\tape0 \\server\share\file etc)
- Removed halting on fatal errors except "Permission Denied"
- Added error checking for cycles created by symbolic links
- Added -z flag to print file sizes
- Added -0 flag to end lines with /0 instead of newlines
- Updated documentation regarding Cygwin and Win32 compilation
- Cleaned up Makefile, fixed "make windows"
Version 1.2 - 16 Apr 2004
- Added sha1deep to compute SHA-1 hashes
- Abstracted hash functions to allow other algorithms to be inserted
- Windows version now generates output with line feeds AND carriage returns
- Fixed printing of error messages for positive and negative matching together
- Cleaned up display for matching of standard input
Version 1.1 - 25 Mar 2004
- Fixed processing of standard input on Windows
- Fixed cosmetic errors with time estimation to now produce a fixed length
output and avoid spanning multiple lines
Version 1.0 - 15 Mar 2004
(better late than never!)
- Moved hierarchy traversal code into separate file, dig.c
- Now able to handle symbolic links properly
- If no input files are given, uses standard input
- Added file read error handling (display an error message, pad missing data
with zeros and continue execution).
- Added expert mode; allows user to choose which and only which types of
files are processed
- Added -X and -M to print hashes as well as matches
- Errors in files of known hashes are now treated an non-fatal
- When estimating completion time, print the filename being processed
- Corrected NSRL import code
- Cleaned up time estimation calculation
- Fixed block device time estimation for *BSD
- Switched from unsigned long long to off_t type
- Fixed duplicate slashes in filenames from root directory (e.g. //usr/src)
- Fixed install process. Generally this meant removing flags from
the install command.
- Added *BSD-specific includes
- Fixed minor data type issue for Gentoo linux
- Fixed typos in copyright and error messages
Version 0.16 - 7 Mar 2003
Added -x flag for negative matching
Made the Makefile nicer
Added code for compatibility with FreeBSD, Solaris, and OS X.
Added support for symbolic links to files
Changed the rules for a valid plain hash such that it only needs to
be followed by one space instead of two
Version 0.15 - 5 Jan 2003
Added -m flag for matching support
Made the help message more helpful
** Changes in version 0.14 (2 Dec 2002)
* New Features
Added better checks for avoiding symbolic links on *nix
Added -V flag for copyright information
* Buf Fixes
Fixed time estimation for block devices on Linux
Program now identifies itself correctly in Windows error messages.
** Changes in version 0.13 (7 Nov 2002)
* New Features
Added -r and -e flags for recursion and time
estimation, respectively.
* Bug Fixes
Fixed Windows version to generate correct MD5 values.
(u_int_32 should have been unsigned long instead of long. Oops.)
** Changes in version 0.12 (1 Nov 2002)
* New Features
First (internally) published version
Added -b and -t switches for compability with md5sum
Cleaned up README and man page
* Bug Fixes
Removed Linux specific code