changelog

2021-01
  unhide-linux-procfs.c
  - Suppress -Wformat-overflow warning by GCC >= 8.0 in function checkreaddir().
  
  unhide-posix.c
  - Correct warning about strcpy and strcat in main().
  
  unhide_rb.c
  - Add missing braces in get_suspicious_pids()
  - Correct warning about strcpy and strcat in main().
  - increase size of scratch string to avoid warning.

  unhide-linux.c, unhide-linux.h
  - Add option to get a slightly human friendlier output.
  - Use it !
  
  unhide-linux-compound.c, unhide-linux-output.c, unhide-tcp.c
  - Use option for human friendlier output.

  unhide-tcp.h
  - Add definition of boolean values.
  
  manpages
  - Add new options -u and -H
  
  All files
  - Update GPL notive as per the recommendations of the FSF
  - Update versions and copyright dates 

2020-01
  unhide-output.c
  - Protect msgln() from buffer overflow.

  unhide-tcp.c
  - adapt checkoneport() to broken text output of "recent" version of ss tool (modified end of line).


2019-11
  UnhideGui.py:
  - Add a simple, quick and dirty python/Tkinter tools to generate and run unhide-linux and unhide-tcp command.

  unhide-linux.c
  - Correct a fd leak in get_max_pid() [SF ticket #7].
  - flush stdout after usage message, in order to not block pipe if stdout is redirected.
  - flush stdout after header display, for the same reason.
  - add option to disable buffering of stdout for subprocesses pipe-opened by unhide.
  
  unhide-linux.h
  - add option and macro to disable buffering of stdout for subprocesses pipe-opened by unhide.
  - Translate (historical) spanish function names in english.

  unhide-output.c
  - Flush stdout after display of string, in order to not block pipe if stdout is redirected.
  - Add time to log name (as RKHunter run each test separately and overwrite previous log file).
  - Print start and end times to stdout if log is enabled

  unhide-posix.c
  - Test the return values of the two fopen() and correct a fd leak in checkps()
  
  unhide-linux-compound.c
  - Add "Not found" message in case no hiden process is found in checkallquick() and checkallreverse().
  - Add a missing line feed in the first message of checkallquick().
  - Add a missing line feed in the first message of checkallreverse().

  unhide-linux-syscall.c
  - Manage unbuffering stdout option in checksysinfoX() routines.
  - Translate (historical) spanish variable names in english.
  
  unhide-linux-bruteforce.c
  - Translate (historical) spanish function names in english.
  
  unhide-tcp.c
  - flush stdout after usage message, in order to not block pipe if stdout is redirected.
  - flush stdout after header display, for the same reason.
  - Correct message for used options for netstat option

  unhide-rb.c
  - flush stdout after fprintf() and fputs().
  - don't call fclose() if fopen() failed in  get_suspicious_pids().
  
  tar_list.txt
  - remove unhide-tcp-simple-check.c which was include by mistake.

  unhide-linux-compound.c, unhide-linux-procfs.c, unhide-linux-syscall.c, unhide-linux.c
  - Correct ccpcheck warning
  
2013-05-26
  unhide-posix.c
  - Transform 'ret' in global variable to avoid warnings
    (note: ret variable was added to avoid warnings with some over pedantic 
     version of glibc and is otherwise useless).

2013-05-24
  unhide-tcp.8 (spanish version), LEEME.txt
  - update according to english version.

2013-03-03
  unhide-posix.c
  - Bugfix : Correct app name in banner of unhide-posix.
  
  unhide-tcp.c
  - Continue to simplify packager job: 
      * on FreeBSD use sockstat instead of fuser, which doesn't show info on internet socket
        on this system.

  README.txt, LISEZ-MOI.txt
  - Add list of build-requires and use-requires
  
  unhide-tcp.8 (french and english version)
  - Add notes upon FreeBSD.
  
2013-02-03
  unhide-output.h
  - Bugfix : include <stdarg.h>, some old glibc need it
  
  unhide-posix.c, unhide-output.c, unhide-tcp.c
  - Simplify packager job: 
      * put OS specific command between #ifdef (they were previously commented), 
      * don't use ss by default in unhide-tcp if OS is not linux,
      * on FreeBSD use sockstat instead of fuser, which doesn't show info on internet socket
        on this system.
  
  make_tarball.sh
  - Change '_' to '-' in the name of the tarball
  - Make sure that unhide files are in a unhide-YYYYMMDD directory.

2012-12-29
  Promote unhide-tcp-double_check.c as official version of unhide-tcp. Old version 
  is still available as unhide-tcp-simple-check.c
  
  unhide-linux, unhide-posix, unhide-tcp, unhide-tcp-simple-check, unhide_rb :
  - update date of the version for official release.
  

2012-12-18
  unhide-linux, unhide-posix, unhide-tcp, unhide_rb :
  - update date of the version
  unhide-tcp :
  - Suppress 1 warning with some over pedantic version of glibc. 

2012-12-12
  unhide-linux :
  - In unhide-linux-syscall, transform ret in global variable to avoid warning
    (note ret variable was added to avoid warning with some over pedantic version of glibc
     ans is otherwise useless).
     Correct sched_getaffinity test in checkallnoprocps (it tested ret instead of errno).
  unhide-tcp :
  - Avoid to display the banner twice. 
  unhide_rb :
  - Suppress warning. 

2012-12-07
  unhide-linux :
  - Remove sysinfo from quick and sys test as it may give false positive.

  unhide-tcp :
  - Nice ourself to -20 to limit race condition while probing ports. 

2012-10-07
  unhide-linux :
  - Go back to multi-lines output in printbadpid in order to display more known
    information about the process.

2012-10-03
  unhide-linux :
  - Fix the name displayed for kernel thread (we used /proc/PID/wchan instead of
    /proc/PID/comm).

2012-09-05
  unhide-linux, unhide-tcp :
  - Add test to verify we're run by root.

2012-09-02
  unhide-linux :
  - Remove useless calls to feof().
  - Split unhide-linux.c in 5 files :
    * unhide-linux-bruteforce.c
    * unhide-linux.c
    * unhide-linux-compound.c
    * unhide-linux-procfs.c
    * unhide-linux-syscall.c
  - Add option '-o' as synonym for '-f'
  - Add a parse_arg() function which use getopt_long().
  - For found hidden processes, display the user and the working directory
    as extracted from the process environment.

2012-08-31
  unhide-linux :
  - Use unhide-output routines for display and log.
  - Change logfile filename to 'unhide-linux_AAAA-MM-DD.log'
  - Add header file for unhide-linux

2012-08-22
  unhide-tcp :
  - Change the default tools to be ss instead of netstat.
  - Replace option '-s' (use ss) by option '-n' (use netstat).
  - Change option '-q' in '-s' with the same effect   
  
2012-06-03
  unhide-tcp :
  - Thanks to a patch of Leandro Lucarella and additional work from 
    the unhide team, a major rewriting was done :
    * Factorization & clean-up of the code
    * Split the code in 4 files : unhide-tcp.c, unhide-fast.c, unhide-output.c
      & unhide.h
    * Add a new method for scanning ports via option '-q'
  - Add a option '-s' to use ss command instead of nestat.
  - Use getopt_long() to parse options and then add long option strings.
  - Change logfile filename to 'unhide-tcp_AAAA-MM-DD.log'
  - Many minor bug fixes (mainly display ones)
  
2012-03-18
  unhide-linux26.c, unhide-posix.c, unhide-tcp.c :
  - Change copyright attribution.

  unhide_rb.c :
  - Add banner display at start.

  unhide-linux26.c :
  - Change reserved process reserved for kernel from 299 to 300 for brute test.
  - Add "-d" option for doing a double check in brute test, this reduce false positive number.
    Thanks to François Boisson for the idea.
  - Change log file name to unhide-linux.log

  Documentation changes :
  - Add example section in manpages.
  - Indicate in bug section of manpages, the potential problem with sysinfo test.

2012-03-17
  Important changes :
  - Rename unhide-linux26.c to unhide-linux.c and unhide.c to unhide-posix.c.
  - Update readme files and manpages to reflect the renaming
  - Add unhide_rb description to readme files.

2012-03-11
  unhide-linux26.c :
  - Correct the number of processes displayed for /proc counting in sysinfo test.

  unhide.c :
  - Correct banner (POSIX -> UNIX).

  Documentation changes :
  - Update README.txt, LISEZ-MOI.txt and LEEME.txt to clarify difference between
    unhide and unhide-linux26.

2012-03-10
  unhide-linux26.c :
  - Fix pedantic compilation warnings reported when using recent version of glibc.
  - Change report messages of checksysinfoX tests to make them clearer.
  - Update banner to indicate this version is for system using Linux >= 2.6

  unhide.c :
  - Update banner to indicate this is legacy version of unhide for system using
    Linux < 2.6 or other UNIX system.
  - Fix compilation warnings

2011-10-31
  unhide-linux26.c :
  - Add copyright and license output.

  unhide-tcp.c :
  - Add copyright and license output.
  - Add -v, -V, -h, -l, -f, -o command line options.
  - Add the capability to output fuser (-f) and/or lsof (-l) output for hidden port.
  - Add the capability to create a log file (-o). File name is unhide-tcp.log

  Documentation changes :
  - Add a french manpage for unhide-tcp.
  - Complete english manpage of unhide-tcp to reflect changes.
  - Minor corrections in french manpage of unhide.
  - Change compile command of unhide-tcp in README.txt, LISEZ-MOI.txt and LEEME.txt.
  - Add info on unhide_rb in README.txt, LISEZ-MOI.txt and LEEME.txt.
  - Update NEWS file.

2011-02-08
  Documentation changes :
  - Add a NEWS file

2011-01-13
  All files :
  - Replace reference to SourceForge with reference to new unhide web site in version string

  man pages :
  - Add spanish man pages

2010-11-21
  unhide-linux26.c :
  Development changes :
  - Minor readability when generating program info for display

2010-11-21
  unhide-linux26.c :
  User visible changes :
  - Add additional check to checkopendir when -m is specified.
  - Correct warning message in additional check of checkchdir.
  - Add sourceForge project URL in header

  unhide.c :
  - Add GPL disclaimer.

  unhide-tcp.c :
  - Add GPL disclaimer.

  Documentation changes :
  changelog :
  - Fix an omission in 2010-11-14 Internal changes

  man pages :  Development changes :

  - update french and english man pages wrt '-m' option and checkopendir

  Development changes :
  - Correct message of test#1 of sanity.sh
  - Use procall in test#2 of sanity.sh instead of proc

2010-11-14
  unhide-linux26.c :
  User visible changes :
  - Add ending time to log file.
  - Add execution header to log file.
  - Change date format to ISO 8601 one's in log file.
  - Add warning, when selected, to log file.
  - Update english and french man page to reflect the add of '-f' option.

  Internal changes
  - Close log file only if it is open.
  - Factorize (f)printf to stdout & log.

  Documentation changes :
  README.txt & LISEZ-MOI.TXT
  - Minor clarifications.
  - Add description of all the files included in unhide

  Development changes :
  - Add a preliminary testsuite for unhide (sanity.sh)

2010-11-09
  unhide-linux26.c :
  User visible changes :
  - Add a option (-f) to create a log file.

2010-10-16
  Documentation changes :
  LEEME.txt :
  Correct compilation instruction.
  Add reference to sourceforge site.

  README.txt
  Add reference to sourceforge site.
  Correct typo.

  LISEZ-MOI.TXT
  Ajout du fichier

2010-09-23
  unhide-linux26.c :
  User visible changes :
  - Add reference to sourceforge path to version string

  Documentation changes :
  - Update man page to reflect all the change made so far.

2010-09-23
  unhide-linux26.c :
  User visible changes :
  - Add checkopendir test (also called by procfs and procall compound test)
  - Also do opendir() test in reverse and quick tests.
  - Add alternate sysinfo test (via -r option or checksysinfo2 test name)
    It's a reorganised checksysinfo() to put uncritical instructions out of the critical part
    It might (or not) work better on kernel patched for RT, preemption or latency.
  - Make the output of hidden process on one line to facilitate parsing
  - Display wchan if there is no cmdline and no exe link (sleeping kernel threads)
  - Add -V version to show version and exit.
  - The -v option can now be given more than once on command line.
  - Correct the value returned by unhide
  - Add the misssing new lines in most of the warnings (thanks to gordy for the report).
  - Completely redo args parsing : now several tests can be simultaneously
    entered on the command line.
  - Add all elementary tests to the command line test list
  - Add procall compound test command line args.

  Internal changes
  - Use printbadpid() in checkallnoprocps() as in other tests.
  - Check the return of fgets in checkallreverse(), check of feof seems not to be
     very reliable for a pipe, we sometime got the last line 2 times (thanks to gordy for the report).
  - Also check it in checksysinfo & checksysinfo2
  - Simplify and clarify test checksysinfo()
  - Check for our own spawn ps process in reverse test to avoid false positive.
  - Enhanced fake process detection in reverse test.
  - Add a tests table to allow new command line parsing.
  - Add management of several verbosity level.
  - Correct a copy/past "typo", in checkps
  - Correct an initialized fd use, that gcc don't report when -O2 isn't given on command line
  - Minor optimizations of printf & sprintf calls.

  Documentation changes :
  - Add a warning about the generic version of unhide in README.txt (thanks to gordy for the report)
  - Modify man page to add the -V option, correct typos and clarify quick test.
  - Add -O2 option to compiling command line in README.txt
  - Add a TODO file

2010-08-19
  unhide-linux26.c :
  - Add GPL v3 Disclaimer
  - Add new test 'procfs' (via readdir & chdir)
  - Add new test 'reverse'
  - Add new test 'quick'
  - Add option verbose (-v) to allow warning display
  - Add option morecheck (-m), only affect procfs test for now
  - Add option help (-h)
  - Displace usage in usage() function
  - Add Changelog file (this file)
  - Rewamp command line parsing in main()
  - Change checkps() parameter to allow more scalability
  - Minor optimization in brute(), we tried to create 300 more processes than available.
  - Minor optimization : avoid to test our own PID
  - Update the man page and README.txt to reflect changes.

2010-02-01
  unhide-linux26.c :
  - Threads Brute Force added
  - Add needed stuff (includes, defines, ...) to eliminate compilation warning.  (Thanks to J. Walles)
  - Correct a typo in checkps() where fich_tmp is used in place of fich_pgid (Thanks to  P. Gouin)
  - Corrected several FD leaks where files or pipes are read and closed even if they have failed to open. (Thanks to W. Doekes  & P. Gouin)
  - Add warning messages if file or pipe fails to open (compatible with rkhunter use of unhide) (Thanks to W. Doekes & P. Gouin)
  - Add warning messages if a test is skipped (compatible with rkhunter use of unhide). (Thanks to P. Gouin)
  - Correct removing of leading spaces which tests one char too far for end of string in checkps(). (Thanks to P. Gouin)
  - Close fd in get_max_pid().   (Thanks to P. Gouin)
  - Close cmd_file in printbadpid().  (Thanks to P. Gouin)
  - Add display of test name in checkallnoprocps().  (Thanks to P. Gouin)
  - Close fich_processo in checksysinfo() (Thanks to W. Doekes)
  - Avoid potential buffer overflow in checksysinfo()  (Thanks to W. Doekes)
  - Correct allpids[] initialization in brute()  (Thanks to W. Doekes)
  - Modify brute as modifying allpid from within the forked process may have undefined results (Linux vfork() man page) (Thanks to P. Gouin)
  - Add return to main()  (Thanks to W. Doekes)
  - Optimizations (Thanks to P. Gouin)

2009-08-10 (BETA)
-Improved maxpid routine (Thanks to Jan Iven)
-Improved false positives detection (Thanks to Jan Iven)
-Kill() syscall added (Thanks to Jan Iven)
-Fixed sched_getaffinity() bug (Thanks to Jan Iven)
-Some minor bug fixes

2008-05-19
-Fixed a race condition bug that showed false positives (Thanks to Johan Walles)
-Added manpages (Thanks to Francois Marier)

02-11-2007
-Minor bugfixes
-License added
-sysinfo() syscall added

28-12-2005
-Initial Release