Mercurial > libpst
annotate ChangeLog @ 41:183ae993b9ad
security fix for potential buffer overrun in lz decompress
author | carl |
---|---|
date | Tue, 02 Oct 2007 15:49:44 -0700 |
parents | be6d5329cc01 |
children | f6db1f060a95 |
rev | line source |
---|---|
41
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
40
diff
changeset
|
1 LibPST 0.5.12 (2007-10-02) |
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
40
diff
changeset
|
2 =============================== |
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
40
diff
changeset
|
3 |
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
40
diff
changeset
|
4 * security fix from Brad Hards <bradh@frogmouth.net> for buffer |
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
40
diff
changeset
|
5 overruns in liv-zemple decoding for corrupted or malicious pst files. |
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
40
diff
changeset
|
6 |
40 | 7 LibPST 0.5.11 (2007-08-24) |
8 =============================== | |
9 | |
10 * fix from Stevens Miller <smiller@novadatalabs.com> | |
11 for unitialized variable. | |
12 | |
39 | 13 LibPST 0.5.10 (2007-08-20) |
14 =============================== | |
15 | |
16 * fix yet more valgrind errors - finally have a clean memory check. | |
17 * restructure readpst.c for proper recursive tree walk. | |
18 * buffer overrun test was backwards, introduced at 0.5.6 | |
19 * fix broken email attachments, introduced at 0.5.6 | |
20 | |
38 | 21 LibPST 0.5.9 (2007-08-12) |
22 =============================== | |
23 | |
24 * fix more valgrind errors. | |
25 | |
37 | 26 LibPST 0.5.8 (2007-08-10) |
27 =============================== | |
28 | |
29 * fix more valgrind errors. lzfu_decompress needs to return the | |
30 actual buffer size, since the lz header overestimates the size. | |
31 This caused base64_encode to encode undefined bytes into the | |
32 email attachment. | |
33 | |
36 | 34 LibPST 0.5.7 (2007-08-09) |
35 =============================== | |
36 | |
37 * fix valgrind errors, using uninitialized data. | |
38 * improve debug logging and readpstlog for indented listings. | |
39 * cleanup documentation. | |
40 | |
35 | 41 LibPST 0.5.6 (2007-07-15) |
42 =============================== | |
43 | |
34
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
44 * Fix to allow very small pst files with only one node in the |
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
45 tree. We were mixing signed/unsigned types in comparisons. |
35 | 46 * More progress decoding the basic structure 7c blocks. Many |
47 four byte values may be ID2 indices with data outside the buffer. | |
48 * Start using doxygen to generate internal documentation. | |
34
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
49 |
31 | 50 LibPST 0.5.5 (2007-07-10) |
51 =============================== | |
52 | |
34
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
53 * merge the following changes from Joe Nahmias version: |
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
54 * Lots of memory fixes. Thanks to Nigel Horne for his assistance |
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
55 tracking these down! |
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
56 * Fixed creation of vCards from contacts, thanks to Nigel Horne for |
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
57 his help with this! |
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
58 * fix for MIME multipart/alternative attachments. |
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
59 * added -c options to readpst manpage. |
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
60 * use 8.3 attachment filename if long filename isn't available. |
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
61 * new -b option to skip rtf-body.rtf attachments. |
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
62 * fix format of From header lines in mbox files. |
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
63 * Add more appointment fields, thanks to Chris Hall for tracking |
07177825c91b
fix signed/unsigned to allow very small pst files with only leaf nodes
carl
parents:
31
diff
changeset
|
64 them down! |
31 | 65 |
66 | |
30 | 67 LibPST 0.5.4 (2006-02-25) |
68 =============================== | |
69 | |
70 * patches from Arne, adding MH mode, remove leading zeros | |
71 from the generated numbered filenames starting with one | |
72 rather than zero. Miscellaneous code cleanup. | |
73 | |
74 * document the "7c" descriptor block format. | |
75 | |
24 | 76 LibPST 0.5.3 (2006-02-20) |
16 | 77 =============================== |
78 | |
24 | 79 * switch to gnu autoconf/automake. This breaks the MS VC++ projects |
80 since the source code is now in the src subdirectory. | |
81 | |
16 | 82 * documentation switched to xml, building man pages and html |
83 from the master xml copy. | |
84 | |
24 | 85 * include rpm .spec file for building src and binary rpms. |
86 | |
16 | 87 |
12
3f627519a92d
properly ignore (second block zero) errors. that will just drop some unknown attachments, but the rest of the data is still found
carl
parents:
11
diff
changeset
|
88 LibPST 0.5.2 (2006-02-18) |
11 | 89 =============================== |
90 | |
91 * Added pst2ldif to convert the contacts to ldif format for import | |
92 into ldap databases. | |
93 | |
94 * Major changes to libpst.c to properly use the node depth values | |
95 from the b-tree nodes. We also use the item count values in the nodes | |
96 rather than trying to guess how many items are active. | |
97 | |
98 * Cleanup whitespace - using tabs for every four columns. | |
99 | |
100 | |
3 | 101 LibPST 0.5.1 (17 November 2004) |
102 =============================== | |
103 | |
104 Well, alot has happened since the last release of libpst. | |
105 | |
106 Release / Management: | |
107 | |
11 | 108 * The project has forked! The new maintainer is Joseph Nahmias. |
109 * We have changed hosting sites, thanks to sourceforge for hosting | |
110 to this point. From this point forward we will be using | |
111 alioth.debian.org. | |
112 * The project is now using SubVersioN for source control. You can | |
113 get the latest code by running: | |
114 svn co svn://svn.debian.org/svn/libpst/trunk . | |
115 * See | |
116 <http://lists.alioth.debian.org/pipermail/libpst-devel/2004-November/000000.html> | |
117 for more information. | |
3 | 118 |
119 Code Changes: | |
120 | |
11 | 121 * Added lspst program to list items in a PST. Still incomplete. |
122 * Added vim folding markers to readpst.c | |
123 * avoid the pseudo-prologue that MS prepends to the email headers | |
124 * fix build on msvc, since it doesn't have sys/param.h | |
125 * Re-vamped Makefile: | |
126 * Only define CFLAGS in Makefileif missing | |
127 * fixed {un,}install targets in Makefile | |
128 * Fixed up build process in Makefile | |
129 * Added mozilla conversion script from David Binard | |
130 * Fixed bogus creation of readpst.log on every invocation | |
131 * escaped dashes and apostrophe in manpages | |
132 * Updated TODO | |
133 * added manpages from debian pkg | |
134 * fix escaped-string length count to consider '\n', | |
135 thanks to Paul Bakker <bakker@fox-it.com>. | |
136 * ensure there's a blank line between header and body | |
137 patch from <johnh@aproposretail.com> (SourceForge #890745). | |
138 * Apply accumulated endian-related patches | |
139 * Removed unused files, upstream's debian/ dir | |
3 | 140 |
141 -- Joe Nahmias <joe@nahmias.net> | |
142 | |
143 LibPST v0.5 | |
144 =========== | |
145 | |
146 It is with GREAT relief that I bring you version 0.5 of the LibPST tools! | |
147 | |
148 Through great difficulties, this tool has survived and expanded to become even | |
149 better. | |
150 | |
151 The changes are as follows: | |
152 * RTF support. We can now decompress RTF bodies in emails, and are saved as attachments | |
153 * Better support in reading the indexes. Fixed many bugs with them | |
154 * Improved reliability. "Now we are getting somewhere!" | |
155 * Improved compiling. Hopefully we won't be hitting too many compile errors now. | |
156 * vCard handling. Contacts are now exported as vCard entries. | |
157 * vEvent handling. Support has begun on exporting Calendar entries as events | |
158 * Support for Journal entries has also begun | |
159 | |
160 If you have any problems with this release, don't hesitate to contact me. | |
161 | |
162 These changes come to you, as always, free under the GPL license!! What a wonderful | |
163 thing it is. It does mean that you can write your own program off of this library | |
164 and distribute it also for free. However, anyone with commercial interests for | |
165 developing applications they will be charging for are encouraged to get in touch | |
166 with me, as I am sure we can come to some arrangement. | |
167 | |
168 Dave Smith | |
169 <dave.s@earthcorp.com> | |
170 | |
171 LibPST v0.4.3 | |
172 ============= | |
173 | |
174 Bug fix release. No extra functionality | |
175 | |
176 Dave Smith | |
177 <dave.s@earthcorp.com> | |
178 | |
179 LibPST v0.4.2 | |
180 ============= | |
181 | |
182 The debug system has had an overhaul. The debug messages are no longer | |
183 printed to the screen when they are enabled. They are dumped to a | |
184 binary file. There is another utility called "readlog" that I have | |
185 written to handle these log files. It should make it easier to | |
186 selectively view bits of a log file. It also shows the position that | |
187 the log message was printed from. | |
188 | |
189 There is a new switch in readpst. It is -d. It enables the user to | |
190 specify the log file which the binary log is written to. If the switch | |
191 isn't used, the default file of "readpst.log" is used. | |
192 | |
193 The code is now Visual C++ compatible. It has compiled on Visual C++ | |
194 .net Standard edition, and produces the readpst.exe file. Use the project | |
195 file included in this distribution. | |
196 | |
197 There have been minor improvements elsewhere too. | |
198 | |
199 | |
200 LibPST v0.4.1 | |
201 ============= | |
202 | |
203 Fixed a couple more bugs. Is it me or do bugs just insert themselves | |
204 in random, hard to find places! | |
205 | |
206 Cured a few problems with regard to emails with multiple embeded | |
207 items. They are not fully re-created using Mime-types, but are | |
208 accessible with the -S switch (which saves everything as seperate | |
209 items) | |
210 | |
211 Fixed a problem reading the first index. Back sliders are now | |
212 detected. (ie when the value following the current one is smaller, not | |
213 bigger!) | |
214 | |
215 Added some error messages when we try and read outside of the PST | |
216 file, this was causing a few problems before, cause the return value | |
217 wasn't always checked, so it was possible to be reading random data, | |
218 and trying to make sense of it! | |
219 | |
220 Anyway, if you find any problems, don't hesitate to mail me | |
221 | |
222 Dave Smith | |
223 <dave.s@earthcorp.com> | |
224 | |
225 LibPST v0.4 | |
226 =========== | |
227 | |
228 Fixed a nasty bug that occasionally corrupted attachments. Another bug | |
229 with regard to reading of indexes (also occasional). | |
230 | |
231 Another output method has been added which is called "Seperate". It is | |
232 activated with the -S switch. It operates in the following manor: | |
233 | |
234 |--Inbox-->000000 | |
11 | 235 | 000001 |
236 | 000002 | |
3 | 237 |--Sentmail-->0000000 |
11 | 238 | 0000001 |
239 | 0000002 | |
3 | 240 |
241 All the emails are stored in seperate files counting from 0 upwards, | |
242 in a folder named as the PST folder. | |
243 | |
244 When an email has an attachment, it is saved as a seperate file. The | |
245 filename for the attachment is made up of 2 parts, the first is the | |
246 email number to which it belongs, the second is its filename. | |
247 | |
248 The should now be runnable on big-endian machines, if the define.h | |
249 file is first modified. The #define LITTLE_ENDIAN must be commented | |
250 out, and the #define BIG_ENDIAN must be uncommented. | |
251 | |
252 More verbose error messages have been added. Apparently people got | |
253 confused when the program stopped for no visible reason. This has now | |
254 been resolved. | |
255 | |
256 Thanks for the continued support of all people involved. | |
257 | |
258 Dave Smith | |
259 <dave.s@earthcorp.com> | |
260 | |
261 Libpst v0.3.4 | |
262 ============= | |
263 | |
264 Several more fixes. An Infinite loop and incorrect interpreting of | |
265 item index attributes. Work has started on making the code executable | |
266 on big endian CPUs. At present it should work with Linux on these | |
267 CPUs, but I would appreciate it if you could provide feedback with | |
268 regard to it's performance. I am also working with some other people | |
269 at make it operate on Solaris. | |
270 | |
271 A whole load more items are now recognized by the Item records. With | |
272 more items in Emails and Folders. I haven't got to the Contacts yet. | |
273 | |
274 Anyway, this is what I would call a minor feature enhancment and | |
275 bugfix release. | |
276 | |
277 Dave Smith | |
278 <dave.s@earthcorp.com> | |
279 | |
280 LibPST v0.3.3 | |
281 ============= | |
282 | |
283 Fixed several items. Mainly memory leaks. Loads of them! oops.. | |
284 | |
285 I have added a new program, mainly of debugging, which when passed | |
11 | 286 an ID value and a pst file, will extract and decrypt that ID from |
3 | 287 the pst file. I don't see it being a huge attraction, or of much use |
288 to most people, but it is another example of writing an application | |
289 to use the libpst interface. | |
290 | |
291 Another fix was in the reading of the item index. This has hopefully | |
292 now been corrected. The result of this bug was that not all the emails | |
293 in a folder were converted. Hopefully you should have more luck now. | |
294 | |
295 Dave Smith | |
296 <dave.s@earthcorp.com> | |
297 | |
298 LibPST v0.3.2 | |
299 ============= | |
300 | |
301 Quick bugfix release. There was a bug in the decryption of the basic | |
302 encryption that outlook uses. One byte, 0x6c, was incorrectly decrypted | |
303 to 0x6c instead of 0xcd. This release fixes this bug. Sorry... | |
304 | |
305 | |
306 LibPST v0.3.1 | |
307 ============= | |
308 | |
309 Minor improvements. Fixed bug when linking multiple blocks together, | |
310 so now the linking blocks are not "encrypted" when trying to read | |
311 them. | |
312 | |
313 | |
314 LibPST v0.3 | |
315 =========== | |
316 | |
317 A lot of bug fixing has been done for this release. Testing has been | |
318 done on the creation of the files by readpst. Better handling of | |
319 large binaries being extracted from the PST file has been implemented. | |
320 | |
321 Quite a few reports have come in about not being able to compile on | |
322 Darwin. This could be down to using macros with variable parameter | |
323 lists. This has now been changed to use C functions with variable | |
324 parameters. I hope this fixes a lot of problems. | |
325 | |
326 Added support for recreating the folder structure into normal | |
327 directories. For Instance: | |
328 | |
329 Personal Folders | |
330 |-Inbox | |
331 | |-Jokes | |
332 | |-Meetings | |
333 |-Send Items | |
334 | |
335 each folder containing an mbox file with the correct emails for that | |
336 folder. | |
337 | |
338 Dave Smith | |
339 <dave.s@earthcorp.com> | |
340 | |
341 | |
342 LibPST v0.3 beta1 | |
343 ================= | |
344 | |
345 Again, a shed load of enhancements. More work has been done on the | |
346 mime creation. A bug has been fixed that was letting part of the | |
11 | 347 attachments that were created disappear. |
3 | 348 |
349 A major enhancement is that "compressible encryption" support has been | |
350 added. This was an incredibly simple method to use. It is basically a | |
351 ceasar cipher. It has been noted by several users already that the PST | |
352 password that Outlook uses, serves *no purpose*. It is not used to | |
353 encrypt the PST, it is mearly stored there. This means that the | |
354 readpst application is able to convert PST files without knowing the | |
355 password. Microsoft have some explaning to do! | |
356 | |
357 Output files are now not overwritten if they already exist. This means | |
358 that if you have two folders in your PST file named "fred", the first | |
359 one encountered will be named "fred" and the second one will be named | |
360 "fred00000001". As you can see, there is enough room there for many | |
361 duplicate names! | |
362 | |
363 Output filenames are now restricted. Any "/" or "\" characters in the | |
364 name are replaced with "_". If you find that there are any other | |
365 characters that need to be changed, could you please make me aware! | |
366 | |
367 Thanks to Berry Wizard for help with supporting the encryption. | |
368 | |
369 Thanks to Auke Kok, Carolus Walraven and Yogesh Kumar Guatam for providing debugging | |
370 information and testing. | |
371 | |
372 Dave Smith | |
373 <dave.s@earthcorp.com> | |
374 | |
375 | |
376 LibPST v0.2 beta1 | |
377 ================= | |
378 | |
379 Hello once more... | |
380 | |
381 Attachments are now re-created in mime format. The method is very | |
382 crude and could be prone to over generalisation. Please test this | |
383 version, and if attachments are not recreated correctly, please send | |
384 me the email (complete message source) of the original and | |
385 converted. Cheers. | |
386 | |
387 I hope this will work for everyone who uses this program, but reality | |
388 can be very different! | |
389 | |
390 Let us see how it goes... | |
391 | |
392 Dave Smith | |
393 <dave.s@earthcorp.com> | |
394 | |
395 LibPST v0.2 alpha1 | |
396 =========== | |
397 | |
398 Hello! | |
399 | |
400 Some improvements. The internal code has been changed so that | |
401 attachments are now processed and loaded into the structures. The | |
402 readpst program is not finished yet. It needs to convert these binary | |
403 structs into mime data. At present it just saves them to the current | |
404 directory, overwriting any previous files with the attachment name. | |
405 | |
11 | 406 Improvements over previous version: |
3 | 407 * KMail output is supported - if the "-k" flag is specified, all the |
408 directory hierarchy is created using the KMail standard | |
409 * Lots of bugs and memory leaks fixed | |
410 | |
411 | |
412 Usage: | |
413 | |
414 ReadPST v0.2alpha1 implementing LibPST v0.2alpha1 | |
415 Usage: ./readpst [OPTIONS] {PST FILENAME} | |
416 OPTIONS: | |
417 -h - Help. This screen | |
418 -k - KMail. Output in kmail format | |
419 -o - Output Dir. Directory to write files to. CWD is changed *after* opening pst file | |
420 -V - Version. Display program version | |
421 | |
422 If you want to view lots of debug output, modify a line in "define.h" | |
423 from "//#define DEBUG_ALL" to "#define DEBUG_ALL". It would then be | |
424 advisable to pipe all output to a log file: | |
425 | |
426 ./readpst -o out pst_file &> logfile | |
427 | |
428 Dave Smith | |
429 | |
430 LibPST v0.1 | |
431 =========== | |
432 | |
433 Hi Folks! | |
434 | |
435 This has been a long, hard slog, but I now feel that I have got | |
436 somewhere useful. The included program "main" is able to read an | |
437 Outlook PST file and dump the emails into mbox files, separating each | |
438 folder into a different mbox file. All the mbox files are stored in | |
439 the current directory and no attempt is yet made to organise these | |
440 files into a directory hierarchy. This would not be too difficult to | |
441 achieve though. | |
442 | |
443 Email attachments are not yet handled, neither are Contacts. | |
444 | |
445 There is no pretty interface yet, but you can convert a PST file in | |
446 the following manner | |
447 | |
448 ./main {path to PST file} | |
449 | |
450 This is very much a work in progress, but I thought I should release | |
451 this code so that people can lose their conception that outlook files | |
452 will never be converted to Linux. | |
453 | |
454 I am intending that the code I am writing will be developed into | |
455 greater applications to provide USEFUL tools for accessing and | |
456 converting PST files into a variety of formats. | |
457 | |
458 One point I feel I should make is that Outlook, by default, creates | |
459 "Compressible Encryption" PST files. I have not, as yet, attempted to | |
460 write any decryption routines, so you will not be able to convert | |
461 these files. However, if you create a new PST file and choose not to | |
462 make an encrypted one, you can copy all your emails into this new one | |
463 and then convert the unencrypted one. | |
464 | |
465 I hope you enjoy, | |
466 | |
467 Dave Smith | |
468 | |
469 : vim: set tw=72 sw=4 ts=4: |