Changelog for
yara-doc-4.5.0-1.1.noarch.rpm :
* Sun Feb 18 2024 Andrea Manzini
- update to 4.5.0:
* Unreferenced strings are allowed if their identifier start with _ (#1941)
* New command-line option --disable-console-logs for disabling the output of the console module (#1915)
* New command-line option --strict-escape that raises warnings on unknown escape sequences (#1880).
* Improve performance by avoiding the execution of rule conditions that can\'t match (#1927)
* Add callback message CALLBACK_MSG_TOO_SLOW_SCANNING for notifying about slow rules (#1921).
* Expose function RVA in pe.export_details(#1882).
* BUGFIX: Fix issues in the computation of imphash in pe module (#1944). Credits to the NSHC ThreatRecon team!
* BUGFIX: Fix multiple out-of-bound memory reads in dex module (#1949, #1951).
* BUGFIX: Fix memory alignment issues (#1930).
* BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (#1933).
* BUGFIX: Some rules not matching when --fast-scan is used (4de3d57)
* BUGFIX: Properly list memory regions while scanning processes in Mac OS. (#2033)
* BUGFIX: RFC5652 countersignatures are now correctly parsed in pe module (#2034)
* BUGFIX: Fix potential DoS due to crashes in authenticode parser with malformed files (#2034). Credits to Bahaa Naamneh!
* BUGFIX: Fix SIGSEGV in magic module when libmagic returns null pointer (3342aa0)
* BUGFIX: Prevent infinite recursion while following symlinks (923368e)
* Sat Oct 14 2023 Dirk Müller - update to 4.4.0:
* New lnk module (#1732).
* Unreferenced strings are allowed if their identifier start with _ (#1941)
* New command-line option --disable-console-logs for disabling the output of the console module (#1915)
* New command-line option --strict-escape that raises warnings on unknown escape sequences (#1880).
* Improve performance by avoiding the execution of rule conditions that can\'t match (#1927)
* Add callback message CALLBACK_MSG_TOO_SLOW_SCANNING for notifying about slow rules (#1921).
* Expose function RVA in pe.export_details(#1882).
* BUGFIX: Fix issues in the computation of imphash in pe module
* BUGFIX: Fix multiple out-of-bound memory reads in dex module
* BUGFIX: Fix memory alignment issues (#1930).
* BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (#1933).
* BUGFIX: Some rules not matching when --fast-scan is used
* Sun Jul 16 2023 Dirk Müller - update to 4.3.2:
* BUGFIX: assertion triggered with certain hex patterns when scanning arbitrary files
* Sun Jun 11 2023 Dirk Müller - update to 4.3.1:
* BUGFIX: Functions `import_rva` and `import_delayed_rva` are now case-insensitive (#1904)
* BUGFIX: Fix heap-related issue in `dotnet` module on Windows (#1902)
* BUGFIX: Fix heap corruption with certain rules that have very long string sets (67cccf0)
* Thu Mar 30 2023 Andrea Manzini - Build AVX2 enabled hwcaps library for x86_64-v3
* Thu Mar 30 2023 Andrea Manzini - update to 4.3.0:
* Added a not operator for bytes in hex strings. Example: {01 ~02 03} (#1676).
* for statement can iterate over sets of literal strings (e.g. for any s in (\"a\", \"b\"): (pe.imphash() == s)) (#1787). of statement can be used with at (e.g. any of them at 0) (#1790).
* Added the --print-xor-key (-X in short form) command-line option that prints the XOR key for xored strings (#1745).
* Implement the --skip-larger command-line option in Windows (#1678).
* Add parsing of .NET user types from .NET metadata stream in \"dotnet\" module (#1605).
* Improve certificate parsing and validation in \"pe\" module (#1623).
* Improve error reporting on certain edge cases (#1709, #1722).
* BUGFIX: Fix multiple memory alignment issues causing crashes in non-x86 platforms (#1724).
* BUGFIX: Fix implementation of math.serial_correlation(#1771).
* BUGFIX: Fix infinite recursion in dotnet module (#1794).
* BUGFIX: Fix SIGFPE when dividing INT64_MIN by -1 (c2557fc).
* BUGFIX: Fix several endianess issues (#1884, #1874, #1855).- removed fix-test-magic.patch as was merged into upstream
* Mon Feb 06 2023 Hans-Peter Jansen - backport upstream fixes for file magic tests: fix-test-magic.patch
* Tue Aug 09 2022 Dirk Müller - update to 4.2.3:
* BUGFIX: Fix security issue that can lead to arbitrary code execution (b77e4f4, b77e4f4). Thanks to ANSSI - CERT-FR for the report.
* BUGFIX: Fix incorrect logic in expressions like of in (start..end (#1757).
* Mon Jul 11 2022 Dirk Müller - update to 4.2.2:
* BUGFIX: Fix buffer overrun en \"dex\" module
* BUGFIX: Wrong offset used when checking Version string of .net metadata
* BUGFIX: YARA doesn\'t compile if --with-debug-verbose flag is enabled
* BUGFIX: Null-pointer dereferences while loading corrupted compiled rules
* Implement the --skip-larger command-line option in Windows.
* BUGFIX: Error while scanning process memory in Linux (#1662). Thanks to AATThillu.
* BUGFIX: Issue in \"magic\" module leading to wrong matches
* BUGFIX: Multiple issues triggered in low-memory conditions (#1671, #1673, #1674, #1675). Reported by AATT1ndahous3.
* BUGFIX: Incorrect parsing of character classes in some regular expressions (#1690). Reported by AATTSevaarcen.
* BUGFIX: Heap overflow in ARM. Reported by AATTbriangreenery.
* New syntax for counting string occurrences within a range of offsets. Example: #a in
* New syntax for checking if a set of strings are found within a range of offsets all of them in
* of operator now accepts sets of rules, Examples: 2 of (rule1, rule2, rule3), 2 of (rule
*)
* New syntactic sugar allows writing 0 of
* New operator % for string sets. Example: 20% of them
* New operator defined
* New operator iequals
* Added functions abs, count, percentage and mode to math module
* The dotnet module is now built into YARA by default.
* Added the is_dotnet field to dotnet module
* Added new console module
* Added support of delayed imports to pe module
* Reduce memory pressure when scanning process memory in Linux
* Improve performance while matching certain hex strings
* Implement support for unicode file names in Windows
* Add new API functions yr_get_configuration_uintXX and yr_set_configuration_uintXX
* Add --max-process-memory-chunk option for controlling the size of the chunks while scanning a process memory
* Add --skip-larger option for skipping files larger than a certain size while scanning directories.
* Improve scanning performance with better atom extraction
* BUGFIX: fullword modifier not working properly under all locales
* BUGFIX: Fix edge case when files have a numeric name that was interpreted as a PID number
* BUGFIX: Fix memory leaks in magic module.
* BUGFIX: Fix integer overflow while scanning files larger than 2GB
* Fri Nov 05 2021 Arjen de Korte - update to 4.1.3:
* BUGFIX: Fix issue where ERROR_TOO_MANY_MATCHES was incorrectly returned
* BUGFIX: Fix potential buffer overrun due to incorrect macro- Change license to BSD-3-Clause (upstream changed to this license with version 3.5.0)
* Sat Oct 16 2021 Dirk Müller - update to 4.1.2:
* BUGFIX: TOO_MANY_MATCHES warning was causing strings to be globally disabled
* BUGFIX: fullworld modifier not working as expected in Mac OS due to locale issue
* BUGFIX: Default value for pe.number_of_imported_function not set to 0
* Sat May 29 2021 Ferdinand Thiessen - Update to version 4.1.1
* BUGFIX: Accept the \"+\" character as valid in DLL names
* BUGFIX: Buffer overrun in \"macho\" module.
* BUGFIX: Crash due to consecutive jumps in hex strings
* Thu May 06 2021 Ferdinand Thiessen - Update to version 4.1.0
* New operators icontains, endswith, iendswith, startswith, istartswith
* Accept \\t escape sequence in text strings.
* Add --no-follow-links command-line option to yara.
* Prevent yara from following links to \".\"
* Implemented non-blocking scanning API
* When a string causes too many matches, YARA raises a warning instead of failing
* BUGFIX: The use of --timeout could hang yara when scanning directories or lists of files
* BUGFIX: Incorrect parsing of PE certificates
* BUGFIX: Short-circuit evaluation not working fine with undefined expressions- Drop yara-fix-arm.patch, upstream merged
* Mon Feb 08 2021 Dirk Müller - update to 4.0.5:
* Fix bug in \"macho\" module introduced in v4.0.4.
* Fri Jan 29 2021 Dirk Müller - update to 4.0.4:
* Multiple out-of-bounds read in \"dotnet\" module.
* Multiple out-of-bounds reads in \"macho\" module.