./security/yara, Pattern matching swiss knife for malware researchers

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.7.0, Package name: yara-3.7.0, Maintainer: khorben

YARA is a tool aimed at (but not limited to) helping malware
researchers to identify and classify malware samples. With YARA
you can create descriptions of malware families (or whatever you
want to describe) based on textual or binary patterns.


Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 89fd429bf40db1039c0a3ff7cd94d79ec450c024
RMD160: 069f9815ead81ebf2be3151b14a4fcc3046770d7
Filesize: 544.956 KB

Version history: (Expand)


CVS history: (Expand)


   2017-11-15 19:22:22 by Havard Eidnes | Files touched by this commit (8) | Package updated
Log message:
Update {py-,}yara to version 3.7.0.

Pkgsrc changes:
 * adapt PLIST
 * remove patch which no longer applies
 * apply patches for proper value domain for isxxxx() functions/macros

Upstream changes:
 * time module (Wesley Shields)
 * yara command-line tool now accept multiple rule files
 * Allow a configurable limit for the number of strings per rule
   (option --max-strings-per-rule)
 * Implement integrity check for compiled rules
 * Implement API for customizingimport statement (@edhoedt)
 * Scan process memory in FreeBSD and OpenBDS (Hilko Bengen)
 * BUGFIX: Negated character classes not working with case-insensitive
   regexps (#765)
 * BUGFIX: Multiple bugs while parsing ELF files (Nate Rosenblum)
 * BUGFIX: Out-of-bounds access while parsing PE files.
 * BUGFIX: Memory leaks while parsing invalid rules.
   2017-11-01 20:29:30 by Min Sik Kim | Files touched by this commit (1)
Log message:
security/yara: Needs OpenSSL to build
   2017-07-06 01:55:01 by Pierre Pronchery | Files touched by this commit (4) | Package updated
Log message:
Update yara to version 3.6.3

From the release notes for version 3.6.3:
* BUGFIX: Heap overflow (4a342f0)
* BUGFIX: Off-by-one NULL write in stack buffer (964d6c0)
* BUGFIX: Multiple issues in "dotnet" module (f40c14c, fc35e5f)

From the release notes for version 3.6.2:

* Increase RE_MAX_AST_LEVELS from 2000 to 6000.
* BUGFIX: Buffer overrun in regexp engine (issue #678)
* BUGFIX: Null pointer dereference in regexp engine (issue #682).

XXX pullup (security fixes)
   2017-06-07 22:46:34 by Thomas Klausner | Files touched by this commit (6)
Log message:
Simplify *yara packages.
   2017-06-07 22:27:37 by Pierre Pronchery | Files touched by this commit (3)
Log message:
Package yara 3.6.1

In the release notes:

 * BUGFIX: Stack overflow caused by uncontrolled recursiveness (CVE-2017-9304)
 * BUGFIX: pe.overlay.size was undefined if the PE didn't have an overlay. Now \ 
it's set to 0 in those cases.
 * BUGFIX: Fix initalization issue that could cause a crash if rules compiled \ 
with a 32bit yarac is used with a 64bit yara.
   2017-06-07 22:11:42 by Pierre Pronchery | Files touched by this commit (3)
Log message:
Package yara 3.6.0

In the release notes:
 * .NET module (Wesley Shields)
 * New features for ELF module (Jacob Baines)
 * Fix endianness issues (Hilko Bengen)
 * Function yr_compiler_add_fd added to libyara
 * MAX_THREADS limit can be arbitrarily increased (Emerson R. Wiley)
 * Added --fail-on-warnings command-line option
 * Multiple bug fixes
   2017-05-15 17:34:12 by Pierre Pronchery | Files touched by this commit (1)
Log message:
Set myself as the maintainer
   2017-05-15 17:27:31 by Pierre Pronchery | Files touched by this commit (7) | Package updated
Log message:
Update security/{,py-yara} to version 3.5.0

The release notes mention:

  * Match length operator \ 
(http://yara.readthedocs.io/en/v3.5.0/wr … tch-length)
  * Performance improvements
  * Less memory consumption while scanning processes
  * Exception handling when scanning memory blocks
  * Negative integers in meta fields
  * Added the --stack-size command-argument
  * Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module
  * Functions rich_signature.toolid and rich_signature.version added to PE module
  * Lots of bug fixes

The Python bindings are now released from a different tree, with the same
versioning apparently though.

"welcome to update" pettai@