SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for yara-doc-4.5.0-lp155.46.1.noarch.rpm :

* Sun Feb 18 2024 Andrea Manzini - update to 4.5.0:
* Unreferenced strings are allowed if their identifier start with _ (#1941)
* New command-line option --disable-console-logs for disabling the output of the console module (#1915)
* New command-line option --strict-escape that raises warnings on unknown escape sequences (#1880).
* Improve performance by avoiding the execution of rule conditions that can\'t match (#1927)
* Add callback message CALLBACK_MSG_TOO_SLOW_SCANNING for notifying about slow rules (#1921).
* Expose function RVA in pe.export_details(#1882).
* BUGFIX: Fix issues in the computation of imphash in pe module (#1944). Credits to the NSHC ThreatRecon team!
* BUGFIX: Fix multiple out-of-bound memory reads in dex module (#1949, #1951).
* BUGFIX: Fix memory alignment issues (#1930).
* BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (#1933).
* BUGFIX: Some rules not matching when --fast-scan is used (4de3d57)
* BUGFIX: Properly list memory regions while scanning processes in Mac OS. (#2033)
* BUGFIX: RFC5652 countersignatures are now correctly parsed in pe module (#2034)
* BUGFIX: Fix potential DoS due to crashes in authenticode parser with malformed files (#2034). Credits to Bahaa Naamneh!
* BUGFIX: Fix SIGSEGV in magic module when libmagic returns null pointer (3342aa0)
* BUGFIX: Prevent infinite recursion while following symlinks (923368e)
* Sat Oct 14 2023 Dirk Müller - update to 4.4.0:
* New lnk module (#1732).
* Unreferenced strings are allowed if their identifier start with _ (#1941)
* New command-line option --disable-console-logs for disabling the output of the console module (#1915)
* New command-line option --strict-escape that raises warnings on unknown escape sequences (#1880).
* Improve performance by avoiding the execution of rule conditions that can\'t match (#1927)
* Add callback message CALLBACK_MSG_TOO_SLOW_SCANNING for notifying about slow rules (#1921).
* Expose function RVA in pe.export_details(#1882).
* BUGFIX: Fix issues in the computation of imphash in pe module
* BUGFIX: Fix multiple out-of-bound memory reads in dex module
* BUGFIX: Fix memory alignment issues (#1930).
* BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (#1933).
* BUGFIX: Some rules not matching when --fast-scan is used
* Sun Jul 16 2023 Dirk Müller - update to 4.3.2:
* BUGFIX: assertion triggered with certain hex patterns when scanning arbitrary files
* Sun Jun 11 2023 Dirk Müller - update to 4.3.1:
* BUGFIX: Functions `import_rva` and `import_delayed_rva` are now case-insensitive (#1904)
* BUGFIX: Fix heap-related issue in `dotnet` module on Windows (#1902)
* BUGFIX: Fix heap corruption with certain rules that have very long string sets (67cccf0)
* Thu Mar 30 2023 Andrea Manzini - Build AVX2 enabled hwcaps library for x86_64-v3
* Thu Mar 30 2023 Andrea Manzini - update to 4.3.0:
* Added a not operator for bytes in hex strings. Example: {01 ~02 03} (#1676).
* for statement can iterate over sets of literal strings (e.g. for any s in (\"a\", \"b\"): (pe.imphash() == s)) (#1787). of statement can be used with at (e.g. any of them at 0) (#1790).
* Added the --print-xor-key (-X in short form) command-line option that prints the XOR key for xored strings (#1745).
* Implement the --skip-larger command-line option in Windows (#1678).
* Add parsing of .NET user types from .NET metadata stream in \"dotnet\" module (#1605).
* Improve certificate parsing and validation in \"pe\" module (#1623).
* Improve error reporting on certain edge cases (#1709, #1722).
* BUGFIX: Fix multiple memory alignment issues causing crashes in non-x86 platforms (#1724).
* BUGFIX: Fix implementation of math.serial_correlation(#1771).
* BUGFIX: Fix infinite recursion in dotnet module (#1794).
* BUGFIX: Fix SIGFPE when dividing INT64_MIN by -1 (c2557fc).
* BUGFIX: Fix several endianess issues (#1884, #1874, #1855).- removed fix-test-magic.patch as was merged into upstream
* Mon Feb 06 2023 Hans-Peter Jansen - backport upstream fixes for file magic tests: fix-test-magic.patch
* Tue Aug 09 2022 Dirk Müller - update to 4.2.3:
* BUGFIX: Fix security issue that can lead to arbitrary code execution (b77e4f4, b77e4f4). Thanks to ANSSI - CERT-FR for the report.
* BUGFIX: Fix incorrect logic in expressions like of in (start..end (#1757).
* Mon Jul 11 2022 Dirk Müller - update to 4.2.2:
* BUGFIX: Fix buffer overrun en \"dex\" module
* BUGFIX: Wrong offset used when checking Version string of .net metadata
* BUGFIX: YARA doesn\'t compile if --with-debug-verbose flag is enabled
* BUGFIX: Null-pointer dereferences while loading corrupted compiled rules
* Implement the --skip-larger command-line option in Windows.
* BUGFIX: Error while scanning process memory in Linux (#1662). Thanks to AATThillu.
* BUGFIX: Issue in \"magic\" module leading to wrong matches
* BUGFIX: Multiple issues triggered in low-memory conditions (#1671, #1673, #1674, #1675). Reported by AATT1ndahous3.
* BUGFIX: Incorrect parsing of character classes in some regular expressions (#1690). Reported by AATTSevaarcen.
* BUGFIX: Heap overflow in ARM. Reported by AATTbriangreenery.
* New syntax for counting string occurrences within a range of offsets. Example: #a in
* New syntax for checking if a set of strings are found within a range of offsets all of them in
* of operator now accepts sets of rules, Examples: 2 of (rule1, rule2, rule3), 2 of (rule
*)
* New syntactic sugar allows writing 0 of
* New operator % for string sets. Example: 20% of them
* New operator defined
* New operator iequals
* Added functions abs, count, percentage and mode to math module
* The dotnet module is now built into YARA by default.
* Added the is_dotnet field to dotnet module
* Added new console module
* Added support of delayed imports to pe module
* Reduce memory pressure when scanning process memory in Linux
* Improve performance while matching certain hex strings
* Implement support for unicode file names in Windows
* Add new API functions yr_get_configuration_uintXX and yr_set_configuration_uintXX
* Add --max-process-memory-chunk option for controlling the size of the chunks while scanning a process memory
* Add --skip-larger option for skipping files larger than a certain size while scanning directories.
* Improve scanning performance with better atom extraction
* BUGFIX: fullword modifier not working properly under all locales
* BUGFIX: Fix edge case when files have a numeric name that was interpreted as a PID number
* BUGFIX: Fix memory leaks in magic module.
* BUGFIX: Fix integer overflow while scanning files larger than 2GB
* Fri Nov 05 2021 Arjen de Korte - update to 4.1.3:
* BUGFIX: Fix issue where ERROR_TOO_MANY_MATCHES was incorrectly returned
* BUGFIX: Fix potential buffer overrun due to incorrect macro- Change license to BSD-3-Clause (upstream changed to this license with version 3.5.0)
* Sat Oct 16 2021 Dirk Müller - update to 4.1.2:
* BUGFIX: TOO_MANY_MATCHES warning was causing strings to be globally disabled
* BUGFIX: fullworld modifier not working as expected in Mac OS due to locale issue
* BUGFIX: Default value for pe.number_of_imported_function not set to 0
* Sat May 29 2021 Ferdinand Thiessen - Update to version 4.1.1
* BUGFIX: Accept the \"+\" character as valid in DLL names
* BUGFIX: Buffer overrun in \"macho\" module.
* BUGFIX: Crash due to consecutive jumps in hex strings
* Thu May 06 2021 Ferdinand Thiessen - Update to version 4.1.0
* New operators icontains, endswith, iendswith, startswith, istartswith
* Accept \\t escape sequence in text strings.
* Add --no-follow-links command-line option to yara.
* Prevent yara from following links to \".\"
* Implemented non-blocking scanning API
* When a string causes too many matches, YARA raises a warning instead of failing
* BUGFIX: The use of --timeout could hang yara when scanning directories or lists of files
* BUGFIX: Incorrect parsing of PE certificates
* BUGFIX: Short-circuit evaluation not working fine with undefined expressions- Drop yara-fix-arm.patch, upstream merged
* Mon Feb 08 2021 Dirk Müller - update to 4.0.5:
* Fix bug in \"macho\" module introduced in v4.0.4.
* Fri Jan 29 2021 Dirk Müller - update to 4.0.4:
* Multiple out-of-bounds read in \"dotnet\" module.
* Multiple out-of-bounds reads in \"macho\" module.
* Tue Sep 15 2020 Guillaume GARDET - Backport upstream patch to fix a segfault on ARM:
* yara-fix-arm.patch
* Mon Aug 17 2020 Dirk Mueller - Update to 4.0.2: - BUGFIX: Use-after-free bug in PE module (#1287). - BUGFIX: Incorrect errors in rules when a single rule is badly formatted (#1294). - BUGFIX: Assertion failed with rules that have invalid syntax (#1295). - BUGFIX: Integer overflow causing missed matches on files larger than 2GB (#1304). - BUGFIX: Crashes in Mac OS while scanning binaries with a signature that can\'t be verified (#1309).- Update to 4.0.1: - Update sandboxed API (#1276) - BUGFIX: Fix regression in exports parsing in PE module (2bf67e6) - BUGFIX: Fix unaligned accesses in ARM (e1654ae)- Update to 4.0.0: - New string modifiers base64 and base64wide (#1185). - New string modifier private (#1096) - Iterators for dictionaries and arrays (#1141). - Multiple API changes. - Memory footprint greatly reduced, specially when compiling large numbers of rules. - New commmand-line option --scan-list (#1261). - Added pdb_path field to \"pe\" module. - Added export_details array to \"pe\" module. - Added exports_index functions to \"pe\" module. - Improvements to \"cuckoo\" module. - BUGFIX: PE files with multiple signatures are parsed correctly (#940). - BUGFIX: Fix PE rich header parsing (#1164). - BUGFIX: Buffer overruns in \"dotnet\" module (#1167, #1173).- Bump .so version- Update to 3.11.0: - Duplicated string modifiers are now an error. - More flexible “xor” modifier. - Implement “private” strings (#1096) - Add “field_offsets” to “dotnet” module. - Implement “crc32” functions in “hash” module. - Improvements to “rich_signature” functions in “pe” module. - Implement sandboxed API using SAPI - BUGFIX: Some regexp character classes not matching correctly when used with “nocase” modifier (#1117) - BUGFIX: Reduce the number of ERROR_TOO_MANY_RE_FIBERS errors for certain hex pattern containing large jumps (#1107) - BUGFIX: Buffer overrun in “dotnet” module (#1108) - BUGFIX: Segfault in certain Windows versions (#1068) - BUGFIX: Memory leak while attaching to a process fails (#1070)- Update to 3.10.0: - Optimize integer range loops by exiting earlier when possible. - Cache the result of PE module’s imphash function in order to improve performance. - Harden virtual machine against malicious code. - BUGFIX: “xor” modifier not working as expected if not accompanied by “ascii” (#1053). - BUGFIX: \\s and \\S character classes in regular expressions now include vertical tab, new line, carriage return and form feed characters. - BUGFIX: Regression bug in hex strings containing wildcards (#1025). - BUGFIX: Buffer overrun in “elf” module. - BUGFIX: Buffer overrun in “dotnet” module.- Update to 3.9.0: - Improve scan performance for certain strings. - Reduce stack usage. - Prevent inadvertent use of compiled rules by forcing the use of - C when using yara command-line tool. - BUGFIX: Buffer overflow in \"dotnet\" module. - BUGFIX: Internal error when running multiple instances of YARA in Mac OS X. (#945) - BUGFIX: Regexp regression when using nested quantifiers {x,y} for certain values of x and y. (#1018) - BUGFIX: High RAM consumption in \"pe\" module while parsing certain files.(0c8b461) - BUGFIX: Denial of service when using \"dex\" module. Found by the Cisco Talos team. (#1023) - BUGFIX: Issues with comments inside hex strings.- Update to 3.8.1: - BUGFIX: Some combinations of boolean command-line flags were broken in version 3.8.0. - BUGFIX: While reporting errors that occur at the end of the file, the file name appeared as null. - BUGFIX: dex module now works in big-endian architectures. - BUGFIX: Keep ABI compatibility by keeping deprecated functions visible.- Update to 3.8.0: - Scanner API - New “xor” modifier for strings - New fields and functions in PE module. - Add functions “min” and “max” to math module. - Make compiled. - yara and yaracsupport reading rules from stdin by using - as the file name. - Rule compilation is faster. - BUGFIX: Regression in regex engine. /ba{3}b/ was matching “baaaab”. - BUGFIX: Function yr_compiler_add_fd() was reading only the first 1024 bytes of the file. - BUGFIX: Wrong calculation of sha256 hashes in Windows when using native crypto API. - Lots of more bug fixes.
* Tue May 22 2018 tchvatalAATTsuse.com- Update to 3.7.1:
* Fix regression in include directive (issue #796)
* Fix bug in PE checksum calculation causing wrong results in some cases.
* time module (Wesley Shields)
* yara command-line tool now accept multiple rule files
* Allow a configurable limit for the number of strings per rule (option --max-strings-per-rule)
* Implement integrity check for compiled rules
* Implement API for customizingimport statement (AATTedhoedt)
* Scan process memory in FreeBSD and OpenBDS (Hilko Bengen)
* BUGFIX: Negated character classes not working with case-insensitive regexps (#765)
* BUGFIX: Multiple bugs while parsing ELF files (Nate Rosenblum)
* BUGFIX: Out-of-bounds access while parsing PE files.
* BUGFIX: Memory leaks while parsing invalid rules.
* BUGFIX: Heap overflow (4a342f0)
* BUGFIX: Off-by-one NULL write in stack buffer (964d6c0)
* BUGFIX: Multiple issues in \"dotnet\" module (f40c14c, fc35e5f)
* Increase RE_MAX_AST_LEVELS from 2000 to 6000.
* BUGFIX: Buffer overrun in regexp engine (issue #678)
* BUGFIX: Null pointer dereference in regexp engine (issue #682).- Run testsuite
* Tue Jun 06 2017 Greg.FreemyerAATTgmail.com- update to v3.6.1
* BUGFIX: Stack overflow caused by uncontrolled recursiveness (CVE-2017-9304)
* BUGFIX: pe.overlay.size was undefined if the PE didn\'t have an overlay. Now it\'s set to 0 in those cases.
* BUGFIX: Fix initalization issue that could cause a crash if rules compiled with a 32bit yarac is used with a 64bit yara.- update to v3.6.0
* .NET module (Wesley Shields)
* New features for ELF module (Jacob Baines)
* Fix endianness issues (Hilko Bengen)
* Function yr_compiler_add_fd added to libyara
* MAX_THREADS limit can be arbitrarily increased (Emerson R. Wiley)
* Added --fail-on-warnings command-line option
* Multiple bug fixes: CVE-2016-10210, CVE-2016-10211, CVE-2017-5923, CVE-2017-5924, CVE-2017-8294, CVE-2017-8929, CVE-2017-9438
* Sat Nov 12 2016 jengelhAATTinai.de- Add pkg-config to ensure .pc autodetection is always in effect
* Fri Sep 30 2016 Greg.FreemyerAATTgmail.com- update to v3.5.0
* Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
* Performance improvements
* Less memory consumption while scanning processes
* Exception handling when scanning memory blocks
* Negative integers in meta fields
* Added the --stack-size command-argument
* Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module
* Functions rich_signature.toolid and rich_signature.version added to PE module
* Lots of bug fixes- upstream moved python-yara into a separate project. Do the same.- python-plaso now requires python-yana >= v3.5.0- add BuildRequires: pkg-config as documented in the openSUSE packaging guidelines
* Thu Jul 23 2015 Greg.FreemyerAATTgmail.com- add yara.pc to the libyara subpackage- remove sed command previously needed to properly link Yara and libyara. No longer needed with latest upstream source.- update to v3.4.0
* Short-circuit evaluation for conditions
* New yr_rules_save_stream/yr_rules_load_stream APIs.
* load() and save() methods in yara-python accept file-like objects
* Improvements to the PE and ELF modules
* Some performance improvements
* New command-line option --print-module-data
* Multiple bug fixes.- v3.3.0
* Added support for negative integers and floating point numbers
* Implemented operators >,<, >=, <= for strings
* Implemented word boundary anchors (\\b, \\B) in regular expressions
* New features in PE module
* Math module
* New --print-namespace command line argument
* Better error handling in low memory conditions
* BUGFIX: \"at\" operator not working with certain strings containing wildcards
* BUGFIX: precedence of bitwise operators was incorrect
* BUGFIX: incorrect imphash result for certain PE files importing functions by ordinal
* BUGFIX: handle and memory leaks
* BUGFIX: multiple segfaults- v3.2.0
* ELF module
* Hash module
* New features in PE module
* Big-endian version of intXX and uintXX functions
* Modules can declare dictionary objects
* Modules accept overloaded functions
* Performance improvements
* BUGFIX: \"and\" operator not working properly with integer operands
* BUGFIX: False positive with strings declared as \"fullword wide ascii\"
* BUGFIX: False positive with \"wide fullword\" strings shorter than 5 bytes
* BUGFIX: Functions declared in a structure array not working properly
* BUGFIX: \"contains\" operator causing segfault if operand is an undefined string
  
ICM