Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: yara | Distribution: SUSE Linux Enterprise 15 SP6 |
Version: 4.3.2 | Vendor: openSUSE |
Release: bp156.1.5 | Build date: Mon May 13 15:41:43 2024 |
Group: System/Filesystems | Build host: obs-power9-06 |
Size: 150208 | Source RPM: yara-4.3.2-bp156.1.5.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://virustotal.github.io/yara/ | |
Summary: A malware identification and classification tool |
YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.
BSD-3-Clause
* Sun Jul 16 2023 Dirk Müller <dmueller@suse.com> - update to 4.3.2: * BUGFIX: assertion triggered with certain hex patterns when scanning arbitrary files * Sun Jun 11 2023 Dirk Müller <dmueller@suse.com> - update to 4.3.1: * BUGFIX: Functions `import_rva` and `import_delayed_rva` are now case-insensitive (#1904) * BUGFIX: Fix heap-related issue in `dotnet` module on Windows (#1902) * BUGFIX: Fix heap corruption with certain rules that have very long string sets (67cccf0) * Thu Mar 30 2023 Andrea Manzini <andrea.manzini@suse.com> - Build AVX2 enabled hwcaps library for x86_64-v3 * Thu Mar 30 2023 Andrea Manzini <andrea.manzini@suse.com> - update to 4.3.0: * Added a not operator for bytes in hex strings. Example: {01 ~02 03} (#1676). * for statement can iterate over sets of literal strings (e.g. for any s in ("a", "b"): (pe.imphash() == s)) (#1787). of statement can be used with at (e.g. any of them at 0) (#1790). * Added the --print-xor-key (-X in short form) command-line option that prints the XOR key for xored strings (#1745). * Implement the --skip-larger command-line option in Windows (#1678). * Add parsing of .NET user types from .NET metadata stream in "dotnet" module (#1605). * Improve certificate parsing and validation in "pe" module (#1623). * Improve error reporting on certain edge cases (#1709, #1722). * BUGFIX: Fix multiple memory alignment issues causing crashes in non-x86 platforms (#1724). * BUGFIX: Fix implementation of math.serial_correlation(#1771). * BUGFIX: Fix infinite recursion in dotnet module (#1794). * BUGFIX: Fix SIGFPE when dividing INT64_MIN by -1 (c2557fc). * BUGFIX: Fix several endianess issues (#1884, #1874, #1855). - removed fix-test-magic.patch as was merged into upstream * Mon Feb 06 2023 Hans-Peter Jansen <hpj@urpla.net> - backport upstream fixes for file magic tests: fix-test-magic.patch * Tue Aug 09 2022 Dirk Müller <dmueller@suse.com> - update to 4.2.3: * BUGFIX: Fix security issue that can lead to arbitrary code execution (b77e4f4, b77e4f4). Thanks to ANSSI - CERT-FR for the report. * BUGFIX: Fix incorrect logic in expressions like <quantifier> of <string_set> in (start..end (#1757). * Mon Jul 11 2022 Dirk Müller <dmueller@suse.com> - update to 4.2.2: * BUGFIX: Fix buffer overrun en "dex" module * BUGFIX: Wrong offset used when checking Version string of .net metadata * BUGFIX: YARA doesn't compile if --with-debug-verbose flag is enabled * BUGFIX: Null-pointer dereferences while loading corrupted compiled rules * Implement the --skip-larger command-line option in Windows. * BUGFIX: Error while scanning process memory in Linux (#1662). Thanks to @hillu. * BUGFIX: Issue in "magic" module leading to wrong matches * BUGFIX: Multiple issues triggered in low-memory conditions (#1671, #1673, #1674, #1675). Reported by @1ndahous3. * BUGFIX: Incorrect parsing of character classes in some regular expressions (#1690). Reported by @Sevaarcen. * BUGFIX: Heap overflow in ARM. Reported by @briangreenery. * New syntax for counting string occurrences within a range of offsets. Example: #a in * New syntax for checking if a set of strings are found within a range of offsets all of them in * of operator now accepts sets of rules, Examples: 2 of (rule1, rule2, rule3), 2 of (rule*) * New syntactic sugar allows writing 0 of * New operator % for string sets. Example: 20% of them * New operator defined * New operator iequals * Added functions abs, count, percentage and mode to math module * The dotnet module is now built into YARA by default. * Added the is_dotnet field to dotnet module * Added new console module * Added support of delayed imports to pe module * Reduce memory pressure when scanning process memory in Linux * Improve performance while matching certain hex strings * Implement support for unicode file names in Windows * Add new API functions yr_get_configuration_uintXX and yr_set_configuration_uintXX * Add --max-process-memory-chunk option for controlling the size of the chunks while scanning a process memory * Add --skip-larger option for skipping files larger than a certain size while scanning directories. * Improve scanning performance with better atom extraction * BUGFIX: fullword modifier not working properly under all locales * BUGFIX: Fix edge case when files have a numeric name that was interpreted as a PID number * BUGFIX: Fix memory leaks in magic module. * BUGFIX: Fix integer overflow while scanning files larger than 2GB * Fri Nov 05 2021 Arjen de Korte <suse+build@de-korte.org> - update to 4.1.3: * BUGFIX: Fix issue where ERROR_TOO_MANY_MATCHES was incorrectly returned * BUGFIX: Fix potential buffer overrun due to incorrect macro - Change license to BSD-3-Clause (upstream changed to this license with version 3.5.0) * Sat Oct 16 2021 Dirk Müller <dmueller@suse.com> - update to 4.1.2: * BUGFIX: TOO_MANY_MATCHES warning was causing strings to be globally disabled * BUGFIX: fullworld modifier not working as expected in Mac OS due to locale issue * BUGFIX: Default value for pe.number_of_imported_function not set to 0 * Sat May 29 2021 Ferdinand Thiessen <rpm@fthiessen.de> - Update to version 4.1.1 * BUGFIX: Accept the "+" character as valid in DLL names * BUGFIX: Buffer overrun in "macho" module. * BUGFIX: Crash due to consecutive jumps in hex strings * Thu May 06 2021 Ferdinand Thiessen <rpm@fthiessen.de> - Update to version 4.1.0 * New operators icontains, endswith, iendswith, startswith, istartswith * Accept \t escape sequence in text strings. * Add --no-follow-links command-line option to yara. * Prevent yara from following links to "." * Implemented non-blocking scanning API * When a string causes too many matches, YARA raises a warning instead of failing * BUGFIX: The use of --timeout could hang yara when scanning directories or lists of files * BUGFIX: Incorrect parsing of PE certificates * BUGFIX: Short-circuit evaluation not working fine with undefined expressions - Drop yara-fix-arm.patch, upstream merged * Mon Feb 08 2021 Dirk Müller <dmueller@suse.com> - update to 4.0.5: * Fix bug in "macho" module introduced in v4.0.4. * Fri Jan 29 2021 Dirk Müller <dmueller@suse.com> - update to 4.0.4: * Multiple out-of-bounds read in "dotnet" module. * Multiple out-of-bounds reads in "macho" module. * Tue Sep 15 2020 Guillaume GARDET <guillaume.gardet@opensuse.org> - Backport upstream patch to fix a segfault on ARM: * yara-fix-arm.patch * Mon Aug 17 2020 Dirk Mueller <dmueller@suse.com> - Update to 4.0.2: - BUGFIX: Use-after-free bug in PE module (#1287). - BUGFIX: Incorrect errors in rules when a single rule is badly formatted (#1294). - BUGFIX: Assertion failed with rules that have invalid syntax (#1295). - BUGFIX: Integer overflow causing missed matches on files larger than 2GB (#1304). - BUGFIX: Crashes in Mac OS while scanning binaries with a signature that can't be verified (#1309). - Update to 4.0.1: - Update sandboxed API (#1276) - BUGFIX: Fix regression in exports parsing in PE module (2bf67e6) - BUGFIX: Fix unaligned accesses in ARM (e1654ae) - Update to 4.0.0: - New string modifiers base64 and base64wide (#1185). - New string modifier private (#1096) - Iterators for dictionaries and arrays (#1141). - Multiple API changes. - Memory footprint greatly reduced, specially when compiling large numbers of rules. - New commmand-line option --scan-list (#1261). - Added pdb_path field to "pe" module. - Added export_details array to "pe" module. - Added exports_index functions to "pe" module. - Improvements to "cuckoo" module. - BUGFIX: PE files with multiple signatures are parsed correctly (#940). - BUGFIX: Fix PE rich header parsing (#1164). - BUGFIX: Buffer overruns in "dotnet" module (#1167, #1173). - Bump .so version - Update to 3.11.0: - Duplicated string modifiers are now an error. - More flexible “xor” modifier. - Implement “private” strings (#1096) - Add “field_offsets” to “dotnet” module. - Implement “crc32” functions in “hash” module. - Improvements to “rich_signature” functions in “pe” module. - Implement sandboxed API using SAPI - BUGFIX: Some regexp character classes not matching correctly when used with “nocase” modifier (#1117) - BUGFIX: Reduce the number of ERROR_TOO_MANY_RE_FIBERS errors for certain hex pattern containing large jumps (#1107) - BUGFIX: Buffer overrun in “dotnet” module (#1108) - BUGFIX: Segfault in certain Windows versions (#1068) - BUGFIX: Memory leak while attaching to a process fails (#1070) - Update to 3.10.0: - Optimize integer range loops by exiting earlier when possible. - Cache the result of PE module’s imphash function in order to improve performance. - Harden virtual machine against malicious code. - BUGFIX: “xor” modifier not working as expected if not accompanied by “ascii” (#1053). - BUGFIX: \s and \S character classes in regular expressions now include vertical tab, new line, carriage return and form feed characters. - BUGFIX: Regression bug in hex strings containing wildcards (#1025). - BUGFIX: Buffer overrun in “elf” module. - BUGFIX: Buffer overrun in “dotnet” module. - Update to 3.9.0: - Improve scan performance for certain strings. - Reduce stack usage. - Prevent inadvertent use of compiled rules by forcing the use of - C when using yara command-line tool. - BUGFIX: Buffer overflow in "dotnet" module. - BUGFIX: Internal error when running multiple instances of YARA in Mac OS X. (#945) - BUGFIX: Regexp regression when using nested quantifiers {x,y} for certain values of x and y. (#1018) - BUGFIX: High RAM consumption in "pe" module while parsing certain files.(0c8b461) - BUGFIX: Denial of service when using "dex" module. Found by the Cisco Talos team. (#1023) - BUGFIX: Issues with comments inside hex strings. - Update to 3.8.1: - BUGFIX: Some combinations of boolean command-line flags were broken in version 3.8.0. - BUGFIX: While reporting errors that occur at the end of the file, the file name appeared as null. - BUGFIX: dex module now works in big-endian architectures. - BUGFIX: Keep ABI compatibility by keeping deprecated functions visible. - Update to 3.8.0: - Scanner API - New “xor” modifier for strings - New fields and functions in PE module. - Add functions “min” and “max” to math module. - Make compiled. - yara and yaracsupport reading rules from stdin by using - as the file name. - Rule compilation is faster. - BUGFIX: Regression in regex engine. /ba{3}b/ was matching “baaaab”. - BUGFIX: Function yr_compiler_add_fd() was reading only the first 1024 bytes of the file. - BUGFIX: Wrong calculation of sha256 hashes in Windows when using native crypto API. - Lots of more bug fixes. * Tue May 22 2018 tchvatal@suse.com - Update to 3.7.1: * Fix regression in include directive (issue #796) * Fix bug in PE checksum calculation causing wrong results in some cases. * time module (Wesley Shields) * yara command-line tool now accept multiple rule files * Allow a configurable limit for the number of strings per rule (option --max-strings-per-rule) * Implement integrity check for compiled rules * Implement API for customizingimport statement (@edhoedt) * Scan process memory in FreeBSD and OpenBDS (Hilko Bengen) * BUGFIX: Negated character classes not working with case-insensitive regexps (#765) * BUGFIX: Multiple bugs while parsing ELF files (Nate Rosenblum) * BUGFIX: Out-of-bounds access while parsing PE files. * BUGFIX: Memory leaks while parsing invalid rules. * BUGFIX: Heap overflow (4a342f0) * BUGFIX: Off-by-one NULL write in stack buffer (964d6c0) * BUGFIX: Multiple issues in "dotnet" module (f40c14c, fc35e5f) * Increase RE_MAX_AST_LEVELS from 2000 to 6000. * BUGFIX: Buffer overrun in regexp engine (issue #678) * BUGFIX: Null pointer dereference in regexp engine (issue #682). - Run testsuite * Tue Jun 06 2017 Greg.Freemyer@gmail.com - update to v3.6.1 * BUGFIX: Stack overflow caused by uncontrolled recursiveness (CVE-2017-9304) * BUGFIX: pe.overlay.size was undefined if the PE didn't have an overlay. Now it's set to 0 in those cases. * BUGFIX: Fix initalization issue that could cause a crash if rules compiled with a 32bit yarac is used with a 64bit yara. - update to v3.6.0 * .NET module (Wesley Shields) * New features for ELF module (Jacob Baines) * Fix endianness issues (Hilko Bengen) * Function yr_compiler_add_fd added to libyara * MAX_THREADS limit can be arbitrarily increased (Emerson R. Wiley) * Added --fail-on-warnings command-line option * Multiple bug fixes: CVE-2016-10210, CVE-2016-10211, CVE-2017-5923, CVE-2017-5924, CVE-2017-8294, CVE-2017-8929, CVE-2017-9438 * Sat Nov 12 2016 jengelh@inai.de - Add pkg-config to ensure .pc autodetection is always in effect * Fri Sep 30 2016 Greg.Freemyer@gmail.com - update to v3.5.0 * Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length) * Performance improvements * Less memory consumption while scanning processes * Exception handling when scanning memory blocks * Negative integers in meta fields * Added the --stack-size command-argument * Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module * Functions rich_signature.toolid and rich_signature.version added to PE module * Lots of bug fixes - upstream moved python-yara into a separate project. Do the same. - python-plaso now requires python-yana >= v3.5.0 - add BuildRequires: pkg-config as documented in the openSUSE packaging guidelines * Thu Jul 23 2015 Greg.Freemyer@gmail.com - add yara.pc to the libyara subpackage - remove sed command previously needed to properly link Yara and libyara. No longer needed with latest upstream source. - update to v3.4.0 * Short-circuit evaluation for conditions * New yr_rules_save_stream/yr_rules_load_stream APIs. * load() and save() methods in yara-python accept file-like objects * Improvements to the PE and ELF modules * Some performance improvements * New command-line option --print-module-data * Multiple bug fixes. - v3.3.0 * Added support for negative integers and floating point numbers * Implemented operators >,<, >=, <= for strings * Implemented word boundary anchors (\b, \B) in regular expressions * New features in PE module * Math module * New --print-namespace command line argument * Better error handling in low memory conditions * BUGFIX: "at" operator not working with certain strings containing wildcards * BUGFIX: precedence of bitwise operators was incorrect * BUGFIX: incorrect imphash result for certain PE files importing functions by ordinal * BUGFIX: handle and memory leaks * BUGFIX: multiple segfaults - v3.2.0 * ELF module * Hash module * New features in PE module * Big-endian version of intXX and uintXX functions * Modules can declare dictionary objects * Modules accept overloaded functions * Performance improvements * BUGFIX: "and" operator not working properly with integer operands * BUGFIX: False positive with strings declared as "fullword wide ascii" * BUGFIX: False positive with "wide fullword" strings shorter than 5 bytes * BUGFIX: Functions declared in a structure array not working properly * BUGFIX: "contains" operator causing segfault if operand is an undefined string
/usr/bin/yara /usr/bin/yarac /usr/share/doc/packages/yara /usr/share/doc/packages/yara/AUTHORS /usr/share/doc/packages/yara/CONTRIBUTORS /usr/share/doc/packages/yara/README.md /usr/share/licenses/yara /usr/share/licenses/yara/COPYING /usr/share/man/man1/yara.1.gz /usr/share/man/man1/yarac.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 19:51:39 2024