* Increase the limit for the maximum number of rows in dotnet module (608fb3d).
* Limit resource names to 1000 character at most (3f5b4c7).
* Recover from syntax error at the end of an included file (4fc1ff8).
* BUGFIX: Crash while parsing PE Rich headers with certain files (cbc982d).
* BUGFIX: Segfault with regular expressions that matched the zero-length string (8616165).
* BUGFIX: Mitigate stack overflow when scanning very deep directory trees (2a9f61d).
* BUGFIX: Fix regression introduced in 6209630 (44fd094).
OBS-URL: https://build.opensuse.org/package/show/security:forensics/yara?expand=0&rev=51
- update to 4.5.0:
* Unreferenced strings are allowed if their identifier start with _ (#1941)
* New command-line option --disable-console-logs for disabling the output of the console module (#1915)
* New command-line option --strict-escape that raises warnings on unknown escape sequences (#1880).
* Improve performance by avoiding the execution of rule conditions that can't match (#1927)
* Add callback message CALLBACK_MSG_TOO_SLOW_SCANNING for notifying about slow rules (#1921).
* Expose function RVA in pe.export_details(#1882).
* BUGFIX: Fix issues in the computation of imphash in pe module (#1944). Credits to the NSHC ThreatRecon team!
* BUGFIX: Fix multiple out-of-bound memory reads in dex module (#1949, #1951).
* BUGFIX: Fix memory alignment issues (#1930).
* BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (#1933).
* BUGFIX: Some rules not matching when --fast-scan is used (4de3d57)
* BUGFIX: Properly list memory regions while scanning processes in Mac OS. (#2033)
* BUGFIX: RFC5652 countersignatures are now correctly parsed in pe module (#2034)
* BUGFIX: Fix potential DoS due to crashes in authenticode parser with malformed files (#2034). Credits to Bahaa Naamneh!
* BUGFIX: Fix SIGSEGV in magic module when libmagic returns null pointer (3342aa0)
* BUGFIX: Prevent infinite recursion while following symlinks (923368e)
OBS-URL: https://build.opensuse.org/request/show/1147442
OBS-URL: https://build.opensuse.org/package/show/security:forensics/yara?expand=0&rev=45
- update to 4.4.0:
* New lnk module (#1732).
* Unreferenced strings are allowed if their identifier start
with _ (#1941)
* New command-line option --disable-console-logs for disabling
the output of the console module (#1915)
* New command-line option --strict-escape that raises warnings
on unknown escape sequences (#1880).
* Improve performance by avoiding the execution of rule
conditions that can't match (#1927)
* Add callback message CALLBACK_MSG_TOO_SLOW_SCANNING for
notifying about slow rules (#1921).
* Expose function RVA in pe.export_details(#1882).
* BUGFIX: Fix issues in the computation of imphash in pe module
* BUGFIX: Fix multiple out-of-bound memory reads in dex module
* BUGFIX: Fix memory alignment issues (#1930).
* BUGFIX: Some strings with the wide and ascii modifiers not
matching as they should (#1933).
* BUGFIX: Some rules not matching when --fast-scan is used
- update to 4.2.3:
* BUGFIX: Fix security issue that can lead to arbitrary code execution
<string_set> in (start..end (#1757).
* BUGFIX: Default value for pe.number_of_imported_function not set to 0
* Fix bug in "macho" module introduced in v4.0.4.
CVE-2016-10210, CVE-2016-10211, CVE-2017-5923, CVE-2017-5924,
* incorporate python-yara as a sub-project
OBS-URL: https://build.opensuse.org/request/show/1117787
OBS-URL: https://build.opensuse.org/package/show/security:forensics/yara?expand=0&rev=43
- Build AVX2 enabled hwcaps library for x86_64-v3
- update to 4.3.0:
* Added a not operator for bytes in hex strings. Example: {01 ~02 03} (#1676).
* for statement can iterate over sets of literal strings (e.g. for any s in ("a", "b"): (pe.imphash() == s)) (#1787).
of statement can be used with at (e.g. any of them at 0) (#1790).
* Added the --print-xor-key (-X in short form) command-line option that prints the XOR key for xored strings (#1745).
* Implement the --skip-larger command-line option in Windows (#1678).
* Add parsing of .NET user types from .NET metadata stream in "dotnet" module (#1605).
* Improve certificate parsing and validation in "pe" module (#1623).
* Improve error reporting on certain edge cases (#1709, #1722).
* BUGFIX: Fix multiple memory alignment issues causing crashes in non-x86 platforms (#1724).
* BUGFIX: Fix implementation of math.serial_correlation(#1771).
* BUGFIX: Fix infinite recursion in dotnet module (#1794).
* BUGFIX: Fix SIGFPE when dividing INT64_MIN by -1 (c2557fc).
* BUGFIX: Fix several endianess issues (#1884, #1874, #1855).
- removed fix-test-magic.patch as was merged into upstream
OBS-URL: https://build.opensuse.org/request/show/1075576
OBS-URL: https://build.opensuse.org/package/show/security:forensics/yara?expand=0&rev=37
- update to 4.2.2:
* BUGFIX: Fix buffer overrun en "dex" module
* BUGFIX: Wrong offset used when checking Version string of .net metadata
* BUGFIX: YARA doesn't compile if --with-debug-verbose flag is enabled
* BUGFIX: Null-pointer dereferences while loading corrupted compiled rules
* Implement the --skip-larger command-line option in Windows.
* BUGFIX: Error while scanning process memory in Linux (#1662). Thanks to @hillu.
* BUGFIX: Issue in "magic" module leading to wrong matches
* BUGFIX: Multiple issues triggered in low-memory conditions (#1671, #1673, #1674, #1675). Reported by @1ndahous3.
* BUGFIX: Incorrect parsing of character classes in some regular expressions (#1690). Reported by @Sevaarcen.
* BUGFIX: Heap overflow in ARM. Reported by @briangreenery.
* New syntax for counting string occurrences within a range of offsets. Example: #a in
* New syntax for checking if a set of strings are found within a range of offsets all of them in
* of operator now accepts sets of rules, Examples: 2 of (rule1, rule2, rule3), 2 of (rule*)
* New syntactic sugar allows writing 0 of
* New operator % for string sets. Example: 20% of them
* New operator defined
* New operator iequals
* Added functions abs, count, percentage and mode to math module
* The dotnet module is now built into YARA by default.
* Added the is_dotnet field to dotnet module
* Added new console module
* Added support of delayed imports to pe module
* Reduce memory pressure when scanning process memory in Linux
* Improve performance while matching certain hex strings
* Implement support for unicode file names in Windows
* Add new API functions yr_get_configuration_uintXX and yr_set_configuration_uintXX
* Add --max-process-memory-chunk option for controlling the size of the chunks while scanning a process memory
* Add --skip-larger option for skipping files larger than a certain size while scanning directories.
* Improve scanning performance with better atom extraction
OBS-URL: https://build.opensuse.org/request/show/988489
OBS-URL: https://build.opensuse.org/package/show/security:forensics/yara?expand=0&rev=31
Just attributed the changes to Dirk.
If something is wrong with it, blame ME.
- Update to 4.0.2:
- BUGFIX: Use-after-free bug in PE module (#1287).
- BUGFIX: Incorrect errors in rules when a single rule is badly
formatted (#1294).
- BUGFIX: Assertion failed with rules that have invalid syntax
(#1295).
- BUGFIX: Integer overflow causing missed matches on files larger
than 2GB (#1304).
- BUGFIX: Crashes in Mac OS while scanning binaries with a
signature that can't be verified (#1309).
- Update to 4.0.1:
- Update sandboxed API (#1276)
- BUGFIX: Fix regression in exports parsing in PE module
(2bf67e6)
- BUGFIX: Fix unaligned accesses in ARM (e1654ae)
- Update to 4.0.0:
- New string modifiers base64 and base64wide (#1185).
- New string modifier private (#1096)
- Iterators for dictionaries and arrays (#1141).
- Multiple API changes.
- Memory footprint greatly reduced, specially when compiling
large numbers of rules.
- New commmand-line option --scan-list (#1261).
- Added pdb_path field to "pe" module.
- Added export_details array to "pe" module.
- Added exports_index functions to "pe" module.
- Improvements to "cuckoo" module.
- BUGFIX: PE files with multiple signatures are parsed correctly
(#940).
- BUGFIX: Fix PE rich header parsing (#1164).
OBS-URL: https://build.opensuse.org/request/show/828267
OBS-URL: https://build.opensuse.org/package/show/security:forensics/yara?expand=0&rev=17
- update to 4.0.2:
* BUGFIX: Use-after-free bug in PE module (#1287).
* BUGFIX: Incorrect errors in rules when a single rule is badly formatted (#1294).
* BUGFIX: Assertion failed with rules that have invalid syntax (#1295).
* BUGFIX: Integer overflow causing missed matches on files larger than 2GB (#1304).
* BUGFIX: Crashes in Mac OS while scanning binaries with a signature that can't be verified (#1309).
* BUGFIX: Fix regression in exports parsing in PE module (2bf67e6)
* BUGFIX: Fix unaligned accesses in ARM (e1654ae)
* New string modifiers base64 and base64wide (#1185).
* New string modifier private (#1096)
* Iterators for dictionaries and arrays (#1141).
* Multiple API changes.
* Memory footprint greatly reduced, specially when compiling large numbers of rules.
* New commmand-line option --scan-list (#1261).
* Added pdb_path field to "pe" module.
* Added export_details array to "pe" module.
* Added exports_index functions to "pe" module.
* Improvements to "cuckoo" module.
* BUGFIX: PE files with multiple signatures are parsed correctly (#940).
* BUGFIX: Fix PE rich header parsing (#1164).
* BUGFIX: Buffer overruns in "dotnet" module (#1167, #1173).
* plus many more bugfixes, see https://github.com/VirusTotal/yara/releases for details
OBS-URL: https://build.opensuse.org/request/show/827256
OBS-URL: https://build.opensuse.org/package/show/security:forensics/yara?expand=0&rev=16
- Update to 3.7.1:
* Fix regression in include directive (issue #796)
* Fix bug in PE checksum calculation causing wrong results in some cases.
* time module (Wesley Shields)
* yara command-line tool now accept multiple rule files
* Allow a configurable limit for the number of strings per rule (option --max-strings-per-rule)
* Implement integrity check for compiled rules
* Implement API for customizingimport statement (@edhoedt)
* Scan process memory in FreeBSD and OpenBDS (Hilko Bengen)
* BUGFIX: Negated character classes not working with case-insensitive regexps (#765)
* BUGFIX: Multiple bugs while parsing ELF files (Nate Rosenblum)
* BUGFIX: Out-of-bounds access while parsing PE files.
* BUGFIX: Memory leaks while parsing invalid rules.
* BUGFIX: Heap overflow (4a342f0)
* BUGFIX: Off-by-one NULL write in stack buffer (964d6c0)
* BUGFIX: Multiple issues in "dotnet" module (f40c14c, fc35e5f)
* Increase RE_MAX_AST_LEVELS from 2000 to 6000.
* BUGFIX: Buffer overrun in regexp engine (issue #678)
* BUGFIX: Null pointer dereference in regexp engine (issue #682).
- Run testsuite
OBS-URL: https://build.opensuse.org/request/show/611210
OBS-URL: https://build.opensuse.org/package/show/security:forensics/yara?expand=0&rev=14
