baserev update by copy to link target

• Files Changed
• Browse Source

- update to 4.5.0:
  * Unreferenced strings are allowed if their identifier start with _ (#1941)
  * New command-line option --disable-console-logs for disabling the output of the console module (#1915)
  * New command-line option --strict-escape that raises warnings on unknown escape sequences (#1880).
  * Improve performance by avoiding the execution of rule conditions that can't match (#1927)
  * Add callback message CALLBACK_MSG_TOO_SLOW_SCANNING for notifying about slow rules (#1921).
  * Expose function RVA in pe.export_details(#1882).
  * BUGFIX: Fix issues in the computation of imphash in pe module (#1944). Credits to the NSHC ThreatRecon team!
  * BUGFIX: Fix multiple out-of-bound memory reads in dex module (#1949, #1951).
  * BUGFIX: Fix memory alignment issues (#1930).
  * BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (#1933).
  * BUGFIX: Some rules not matching when --fast-scan is used (4de3d57)
  * BUGFIX: Properly list memory regions while scanning processes in Mac OS. (#2033)
  * BUGFIX: RFC5652 countersignatures are now correctly parsed in pe module (#2034)
  * BUGFIX: Fix potential DoS due to crashes in authenticode parser with malformed files (#2034). Credits to Bahaa Naamneh!
  * BUGFIX: Fix SIGSEGV in magic module when libmagic returns null pointer (3342aa0)
  * BUGFIX: Prevent infinite recursion while following symlinks (923368e)

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- update to 4.4.0:
  * New lnk module (#1732).
  * Unreferenced strings are allowed if their identifier start
    with _ (#1941)
  * New command-line option --disable-console-logs for disabling
    the output of the console module (#1915)
  * New command-line option --strict-escape that raises warnings
    on unknown escape sequences (#1880).
  * Improve performance by avoiding the execution of rule
    conditions that can't match (#1927)
  * Add callback message CALLBACK_MSG_TOO_SLOW_SCANNING for
    notifying about slow rules (#1921).
  * Expose function RVA in pe.export_details(#1882).
  * BUGFIX: Fix issues in the computation of imphash in pe module
  * BUGFIX: Fix multiple out-of-bound memory reads in dex module
  * BUGFIX: Fix memory alignment issues (#1930).
  * BUGFIX: Some strings with the wide and ascii modifiers not
    matching as they should (#1933).
  * BUGFIX: Some rules not matching when --fast-scan is used

- update to 4.2.3:
  * BUGFIX: Fix security issue that can lead to arbitrary code execution
    <string_set> in (start..end (#1757).
  * BUGFIX: Default value for pe.number_of_imported_function not set to 0
  * Fix bug in "macho" module introduced in v4.0.4.
	CVE-2016-10210, CVE-2016-10211, CVE-2017-5923, CVE-2017-5924,
  * incorporate python-yara as a sub-project

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- update to 4.3.2:
  * BUGFIX: assertion triggered with certain hex patterns when
    scanning arbitrary files

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- update to 4.3.1:
  * BUGFIX: Functions `import_rva` and `import_delayed_rva` are
    now case-insensitive (#1904)
  * BUGFIX: Fix heap-related issue in `dotnet` module on Windows
    (#1902)
  * BUGFIX: Fix heap corruption with certain rules that have very
    long string sets (67cccf0)

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Build AVX2 enabled hwcaps library for x86_64-v3

- update to 4.3.0:
  * Added a not operator for bytes in hex strings. Example: {01 ~02 03} (#1676).
  * for statement can iterate over sets of literal strings (e.g. for any s in ("a", "b"): (pe.imphash() == s)) (#1787).
    of statement can be used with at (e.g. any of them at 0) (#1790).
  * Added the --print-xor-key (-X in short form) command-line option that prints the XOR key for xored strings (#1745).
  * Implement the --skip-larger command-line option in Windows (#1678).
  * Add parsing of .NET user types from .NET metadata stream in "dotnet" module (#1605).
  * Improve certificate parsing and validation in "pe" module (#1623).
  * Improve error reporting on certain edge cases (#1709, #1722).
  * BUGFIX: Fix multiple memory alignment issues causing crashes in non-x86 platforms (#1724).
  * BUGFIX: Fix implementation of math.serial_correlation(#1771).
  * BUGFIX: Fix infinite recursion in dotnet module (#1794).
  * BUGFIX: Fix SIGFPE when dividing INT64_MIN by -1 (c2557fc).
  * BUGFIX: Fix several endianess issues (#1884, #1874, #1855).
- removed fix-test-magic.patch as was merged into upstream

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- backport upstream fixes for file magic tests: fix-test-magic.patch

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- update to 4.2.3: 
  * BUGFIX: Fix security issue that can lead to arbitrary code execution 
  (b77e4f4, b77e4f4). Thanks to ANSSI - CERT-FR for the report.
  * BUGFIX: Fix incorrect logic in expressions like <quantifier> of
    <string_set> in (start..end (#1757).

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- update to 4.2.2:
  * BUGFIX: Fix buffer overrun en "dex" module
  * BUGFIX: Wrong offset used when checking Version string of .net metadata
  * BUGFIX: YARA doesn't compile if --with-debug-verbose flag is enabled
  * BUGFIX: Null-pointer dereferences while loading corrupted compiled rules
  * Implement the --skip-larger command-line option in Windows.
  * BUGFIX: Error while scanning process memory in Linux (#1662). Thanks to @hillu.
  * BUGFIX: Issue in "magic" module leading to wrong matches
  * BUGFIX: Multiple issues triggered in low-memory conditions (#1671, #1673, #1674, #1675). Reported by @1ndahous3.
  * BUGFIX: Incorrect parsing of character classes in some regular expressions (#1690). Reported by @Sevaarcen.
  * BUGFIX: Heap overflow in ARM. Reported by @briangreenery.
  * New syntax for counting string occurrences within a range of offsets. Example: #a in
  * New syntax for checking if a set of strings are found within a range of offsets all of them in
  * of operator now accepts sets of rules, Examples: 2 of (rule1, rule2, rule3), 2 of (rule*)
  * New syntactic sugar allows writing 0 of
  * New operator % for string sets. Example: 20% of them
  * New operator defined
  * New operator iequals
  * Added functions abs, count, percentage and mode to math module
  * The dotnet module is now built into YARA by default.
  * Added the is_dotnet field to dotnet module
  * Added new console module
  * Added support of delayed imports to pe module
  * Reduce memory pressure when scanning process memory in Linux
  * Improve performance while matching certain hex strings
  * Implement support for unicode file names in Windows
  * Add new API functions yr_get_configuration_uintXX and yr_set_configuration_uintXX
  * Add --max-process-memory-chunk option for controlling the size of the chunks while scanning a process memory
  * Add --skip-larger option for skipping files larger than a certain size while scanning directories.
  * Improve scanning performance with better atom extraction

• Files Changed
• Browse Source

- update to 4.1.3:
  * BUGFIX: Fix issue where ERROR_TOO_MANY_MATCHES was incorrectly returned
  * BUGFIX: Fix potential buffer overrun due to incorrect macro
- Change license to BSD-3-Clause (upstream changed to this license with
  version 3.5.0)

• Files Changed
• Browse Source

- update to 4.1.2:
  * BUGFIX: TOO_MANY_MATCHES warning was causing strings to be globally disabled
  * BUGFIX: fullworld modifier not working as expected in Mac OS due to locale issue
  * BUGFIX: Default value for pe.number_of_imported_function not set to 0

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

Update to version 4.1.1

• Files Changed
• Browse Source