v2.1.2

What's Changed

• Increase filename limit to 260 bytes by @mgiacomoli in #106

New Contributors

• @mgiacomoli made their first contribution in #106

Full Changelog: v2.1.1...v2.1.2

v2.1.1

What's Changed

• Version number increment - 2.1.1 by @Yeraze in #105

Full Changelog: v2.1...v2.1.1

v2.1

What's Changed

• Fix a memory leak in DecompressRTF when encountering uncompressed RTF by @Teemperor in #100
• Support shared DLL for MinGW/MSYS2 by @asctime in #101
• Merge leecher patch by @Yeraze in #104

New Contributors

• @Teemperor made their first contribution in #100
• @asctime made their first contribution in #101

Full Changelog: v2.0...v2.1

v2.0

Resolves CVE-2021-3403 and CVE-2021-3404

Special thanks to @ohwgiles , @philrandom , and @amit777 for submitting PR's to resolve these and a few other minor issues.

Bugfix release

v1.9.3 - July 20, 2018
Special thanks to @evintila, @bestshow, @bingosxs, and @asarubbo for
submitting high quality bug reports via valgrind, afl, and other tools. And
a special thanks to @ohwgiles for submitting a bunch of patches to fix them!

This version resolves the following CVEs:

• CVE-2017-9470
• CVE-2017-9471
• CVE-2017-9474
• CVE-2017-9058
• CVE-2017-12142
• CVE-2017-12141
• CVE-2017-12144

v1.9.2 - More security fixes

New Features in this release:

• Thanks to @iwkse for contributing a pkgconfig file
• Some minor tool renames (ytnefprocess.pl is now just ytnefprocess)

Thanks to @hannob for finding some Out-of-bound exceptions in memory handling.

• [SECURITY] An invalid memory access (heap overrun) in handling LONG datatypes
• [SECURITY] Missing a check for fields of size 0
• [SECURITY] Potential buffer overrun on incoming Compressed RTF Streams

This version & the previous 1.9.1 resolves the following CVEs:

• CVE-2017-6306
• CVE-2017-6305
• CVE-2017-6304
• CVE-2017-6303
• CVE-2017-6302
• CVE-2017-6301
• CVE-2017-6300
• CVE-2017-6299
• CVE-2017-6298

v1.9.1 - Security Fixes

This version is thanks to @EricSesterhennX41 , who pointed out some potential vulnerabilities in ytnef related to how we handled potentially corrupted files. While there's no exploits of this in the wild ( no my knowledge ), they still need to be fixed.

I also took the opportunity to fix an issue with path handling (now removing / and \ from attachment paths), and remove some of the exit(-1)'s from the code. Hopefully this makes ytnef a bit more friendly to consuming applications.

(v1.9.1 - I forgot to actually rev up the version number in the configure.ac script, that's fixed in this release, hence the -2 suffix)

v1.9 - Unified Build

• Unify libytnef and ytnef tools into a single build & package (Thanks @jmallach)
• Fix applied for CVE-2010-5109
• Various fixes for errors found via Static Analysis (cppcheck)
• Various memory leaks plugged (Thanks @slonik-v-domene)
• Bugfix for a broken "uniqueness" checker
• Lots of formatting & documentation cleanups

Now that the two packages are unified into a single install & build, I've had
to choose a unifier of Version Numbers. I chose 1.9 .

v1.8 - Unicode, Better Filenames, and No Warnings!

Thanks to @Buzhanin for contributing #15 which added in some nice new features and bugfixes to ytnef. Namely:

• Unicode Support
• Improved filenames in attachments (now supporting parens and dashes)
• Support for some newer MAPI types used by newer versions of Outlook
• and some general all-around improvements.

I took his PR and rolled it into #16 where I fixed all of the existing compiler warnings, and fixed the travis integration to match his filename changes.. And Viola!

V1.7 - Now on GitHub

This is the first release since transitioning to GitHub. Notable in this release:

• Fixes for a few publicly disclosed vulnerabilities in libytnef
• Improvements to ytnefprocess.pl from @bcornec
• A few bugfixes for some datatypes
• Integration with Travis for CI, and hosting on GitHub.