Revisions of yara
buildservice-autocommit
accepted
request 1149674
from
Greg Freemyer (gregfreemyer)
(revision 46)
baserev update by copy to link target
Greg Freemyer (gregfreemyer)
accepted
request 1147442
from
Andrea Manzini (amanzini)
(revision 45)
- update to 4.5.0: * Unreferenced strings are allowed if their identifier start with _ (#1941) * New command-line option --disable-console-logs for disabling the output of the console module (#1915) * New command-line option --strict-escape that raises warnings on unknown escape sequences (#1880). * Improve performance by avoiding the execution of rule conditions that can't match (#1927) * Add callback message CALLBACK_MSG_TOO_SLOW_SCANNING for notifying about slow rules (#1921). * Expose function RVA in pe.export_details(#1882). * BUGFIX: Fix issues in the computation of imphash in pe module (#1944). Credits to the NSHC ThreatRecon team! * BUGFIX: Fix multiple out-of-bound memory reads in dex module (#1949, #1951). * BUGFIX: Fix memory alignment issues (#1930). * BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (#1933). * BUGFIX: Some rules not matching when --fast-scan is used (4de3d57) * BUGFIX: Properly list memory regions while scanning processes in Mac OS. (#2033) * BUGFIX: RFC5652 countersignatures are now correctly parsed in pe module (#2034) * BUGFIX: Fix potential DoS due to crashes in authenticode parser with malformed files (#2034). Credits to Bahaa Naamneh! * BUGFIX: Fix SIGSEGV in magic module when libmagic returns null pointer (3342aa0) * BUGFIX: Prevent infinite recursion while following symlinks (923368e)
buildservice-autocommit
accepted
request 1118378
from
Greg Freemyer (gregfreemyer)
(revision 44)
baserev update by copy to link target
Greg Freemyer (gregfreemyer)
accepted
request 1117787
from
Dirk Mueller (dirkmueller)
(revision 43)
- update to 4.4.0: * New lnk module (#1732). * Unreferenced strings are allowed if their identifier start with _ (#1941) * New command-line option --disable-console-logs for disabling the output of the console module (#1915) * New command-line option --strict-escape that raises warnings on unknown escape sequences (#1880). * Improve performance by avoiding the execution of rule conditions that can't match (#1927) * Add callback message CALLBACK_MSG_TOO_SLOW_SCANNING for notifying about slow rules (#1921). * Expose function RVA in pe.export_details(#1882). * BUGFIX: Fix issues in the computation of imphash in pe module * BUGFIX: Fix multiple out-of-bound memory reads in dex module * BUGFIX: Fix memory alignment issues (#1930). * BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (#1933). * BUGFIX: Some rules not matching when --fast-scan is used - update to 4.2.3: * BUGFIX: Fix security issue that can lead to arbitrary code execution <string_set> in (start..end (#1757). * BUGFIX: Default value for pe.number_of_imported_function not set to 0 * Fix bug in "macho" module introduced in v4.0.4. CVE-2016-10210, CVE-2016-10211, CVE-2017-5923, CVE-2017-5924, * incorporate python-yara as a sub-project
buildservice-autocommit
accepted
request 1099319
from
Greg Freemyer (gregfreemyer)
(revision 42)
baserev update by copy to link target
Greg Freemyer (gregfreemyer)
accepted
request 1098958
from
Dirk Mueller (dirkmueller)
(revision 41)
- update to 4.3.2: * BUGFIX: assertion triggered with certain hex patterns when scanning arbitrary files
buildservice-autocommit
accepted
request 1093605
from
Greg Freemyer (gregfreemyer)
(revision 40)
baserev update by copy to link target
Greg Freemyer (gregfreemyer)
accepted
request 1092297
from
Dirk Mueller (dirkmueller)
(revision 39)
- update to 4.3.1: * BUGFIX: Functions `import_rva` and `import_delayed_rva` are now case-insensitive (#1904) * BUGFIX: Fix heap-related issue in `dotnet` module on Windows (#1902) * BUGFIX: Fix heap corruption with certain rules that have very long string sets (67cccf0)
buildservice-autocommit
accepted
request 1077591
from
Greg Freemyer (gregfreemyer)
(revision 38)
baserev update by copy to link target
Greg Freemyer (gregfreemyer)
accepted
request 1075576
from
Andrea Manzini (amanzini)
(revision 37)
- Build AVX2 enabled hwcaps library for x86_64-v3 - update to 4.3.0: * Added a not operator for bytes in hex strings. Example: {01 ~02 03} (#1676). * for statement can iterate over sets of literal strings (e.g. for any s in ("a", "b"): (pe.imphash() == s)) (#1787). of statement can be used with at (e.g. any of them at 0) (#1790). * Added the --print-xor-key (-X in short form) command-line option that prints the XOR key for xored strings (#1745). * Implement the --skip-larger command-line option in Windows (#1678). * Add parsing of .NET user types from .NET metadata stream in "dotnet" module (#1605). * Improve certificate parsing and validation in "pe" module (#1623). * Improve error reporting on certain edge cases (#1709, #1722). * BUGFIX: Fix multiple memory alignment issues causing crashes in non-x86 platforms (#1724). * BUGFIX: Fix implementation of math.serial_correlation(#1771). * BUGFIX: Fix infinite recursion in dotnet module (#1794). * BUGFIX: Fix SIGFPE when dividing INT64_MIN by -1 (c2557fc). * BUGFIX: Fix several endianess issues (#1884, #1874, #1855). - removed fix-test-magic.patch as was merged into upstream
buildservice-autocommit
accepted
request 1066288
from
Greg Freemyer (gregfreemyer)
(revision 36)
baserev update by copy to link target
Greg Freemyer (gregfreemyer)
accepted
request 1063504
from
Hans-Peter Jansen (frispete)
(revision 35)
- backport upstream fixes for file magic tests: fix-test-magic.patch
buildservice-autocommit
accepted
request 998699
from
Greg Freemyer (gregfreemyer)
(revision 34)
baserev update by copy to link target
Greg Freemyer (gregfreemyer)
accepted
request 994193
from
Dirk Mueller (dirkmueller)
(revision 33)
- update to 4.2.3: * BUGFIX: Fix security issue that can lead to arbitrary code execution (b77e4f4, b77e4f4). Thanks to ANSSI - CERT-FR for the report. * BUGFIX: Fix incorrect logic in expressions like <quantifier> of <string_set> in (start..end (#1757).
buildservice-autocommit
accepted
request 990049
from
Greg Freemyer (gregfreemyer)
(revision 32)
baserev update by copy to link target
Greg Freemyer (gregfreemyer)
accepted
request 988489
from
Dirk Mueller (dirkmueller)
(revision 31)
- update to 4.2.2: * BUGFIX: Fix buffer overrun en "dex" module * BUGFIX: Wrong offset used when checking Version string of .net metadata * BUGFIX: YARA doesn't compile if --with-debug-verbose flag is enabled * BUGFIX: Null-pointer dereferences while loading corrupted compiled rules * Implement the --skip-larger command-line option in Windows. * BUGFIX: Error while scanning process memory in Linux (#1662). Thanks to @hillu. * BUGFIX: Issue in "magic" module leading to wrong matches * BUGFIX: Multiple issues triggered in low-memory conditions (#1671, #1673, #1674, #1675). Reported by @1ndahous3. * BUGFIX: Incorrect parsing of character classes in some regular expressions (#1690). Reported by @Sevaarcen. * BUGFIX: Heap overflow in ARM. Reported by @briangreenery. * New syntax for counting string occurrences within a range of offsets. Example: #a in * New syntax for checking if a set of strings are found within a range of offsets all of them in * of operator now accepts sets of rules, Examples: 2 of (rule1, rule2, rule3), 2 of (rule*) * New syntactic sugar allows writing 0 of * New operator % for string sets. Example: 20% of them * New operator defined * New operator iequals * Added functions abs, count, percentage and mode to math module * The dotnet module is now built into YARA by default. * Added the is_dotnet field to dotnet module * Added new console module * Added support of delayed imports to pe module * Reduce memory pressure when scanning process memory in Linux * Improve performance while matching certain hex strings * Implement support for unicode file names in Windows * Add new API functions yr_get_configuration_uintXX and yr_set_configuration_uintXX * Add --max-process-memory-chunk option for controlling the size of the chunks while scanning a process memory * Add --skip-larger option for skipping files larger than a certain size while scanning directories. * Improve scanning performance with better atom extraction
Greg Freemyer (gregfreemyer)
accepted
request 929732
from
Arjen de Korte (adkorte)
(revision 30)
- update to 4.1.3: * BUGFIX: Fix issue where ERROR_TOO_MANY_MATCHES was incorrectly returned * BUGFIX: Fix potential buffer overrun due to incorrect macro - Change license to BSD-3-Clause (upstream changed to this license with version 3.5.0)
Greg Freemyer (gregfreemyer)
accepted
request 925682
from
Dirk Mueller (dirkmueller)
(revision 29)
- update to 4.1.2: * BUGFIX: TOO_MANY_MATCHES warning was causing strings to be globally disabled * BUGFIX: fullworld modifier not working as expected in Mac OS due to locale issue * BUGFIX: Default value for pe.number_of_imported_function not set to 0
buildservice-autocommit
accepted
request 897776
from
Greg Freemyer (gregfreemyer)
(revision 28)
baserev update by copy to link target
Greg Freemyer (gregfreemyer)
accepted
request 896088
from
Ferdinand Thiessen (susnux)
(revision 27)
Update to version 4.1.1
Displaying revisions 1 - 20 of 46