./security/yara, Pattern matching swiss knife for malware researchers

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.11.0nb1, Package name: yara-3.11.0nb1, Maintainer: khorben

YARA is a tool aimed at (but not limited to) helping malware
researchers to identify and classify malware samples. With YARA
you can create descriptions of malware families (or whatever you
want to describe) based on textual or binary patterns.

Required to run:

Required to build:

Master sites:

SHA1: 81a243423352d66f5ec0cb657098c27f035cd164
RMD160: 18f28d9c6cface071f2526ca7d7c64a0b3a848f9
Filesize: 754.025 KB

Version history: (Expand)

CVS history: (Expand)

   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-12-14 11:46:09 by Pierre Pronchery | Files touched by this commit (7) | Package updated
Log message:
security/yara: Update to 3.11.0

Coordinated with leot@ and he@ while investigating CVE-2019-19648.

The changes listed for this version include:

 * Duplicated string modifiers are now an error.
 * More flexible xor modifier.
 * Implement private strings (#1096)
 * Add field_offsets to dotnet module.
 * Implement crc32 functions in hash module.
 * Improvements to rich_signature functions in pe module.
 * Implement sandboxed API using SAPI
 * BUGFIX: Some regexp character classes not matching correctly when used with \ 
nocase modifier (#1117)
 * BUGFIX: Reduce the number of ERROR_TOO_MANY_RE_FIBERS errors for certain hex \ 
pattern containing large jumps (#1107)
 * BUGFIX: Buffer overrun in dotnet module (#1108)
 * BUGFIX: Segfault in certain Windows versions (#1068)
 * BUGFIX: Memory leak while attaching to a process fails (#1070)

Changes for version 3.10.0:

 * Optimize integer range loops by exiting earlier when possible.
 * Cache the result of PE module's imphash function in order to improve performance.
 * Harden virtual machine against malicious code.
 * BUGFIX: xor modifier not working as expected if not accompanied by ascii (#1053).
 * BUGFIX: \s and \S character classes in regular expressions now include \ 
vertical tab, new line, carriage return and form feed characters.
 * BUGFIX: Regression bug in hex strings containing wildcards (#1025).
 * BUGFIX: Buffer overrun in elf module.
 * BUGFIX: Buffer overrun in dotnet module

Changes for version 3.9.0:

 * Improve scan performance for certain strings.
 * Reduce stack usage.
 * Prevent inadvertent use of compiled rules by forcing the use of -C when using \ 
yara command-line tool.
 * BUGFIX: Buffer overflow in "dotnet" module.
 * BUGFIX: Internal error when running multiple instances of YARA in Mac OS X. (#945)
 * BUGFIX: Regexp regression when using nested quantifiers {x,y} for certain \ 
values of x and y. (#1018)
 * BUGFIX: High RAM consumption in "pe" module while parsing certain \ 
 * BUGFIX: Denial of service when using "dex" module. Found by the \ 
Cisco Talos team. (#1023)
 * BUGFIX: Issues with comments inside hex strings.

Changes for version 3.8.1:

 * BUGFIX: Some combinations of boolean command-line flags were broken in \ 
version 3.8.0.
 * BUGFIX: While reporting errors that occur at the end of the file, the file \ 
name appeared as null.
 * BUGFIX: dex module now works in big-endian architectures.
 * BUGFIX: Keep ABI compatibility by keeping deprecated functions visible.

Changes for version 3.8.0:

 * Scanner API
 * New xor modifier for strings
 * New fields and functions in PE module.
 * Add functions min and max to math module.
 * Make compiled.
 * yara and yaracsupport reading rules from stdin by using - as the file name.
 * Rule compilation is faster.
 * BUGFIX: Regression in regex engine. /ba{3}b/ was matching baaaab.
 * BUGFIX: Function yr_compiler_add_fd() was reading only the first 1024 bytes \ 
of the file.
 * BUGFIX: Wrong calculation of sha256 hashes in Windows when using native \ 
crypto API.
 * Lots of more bug fixes.

Changes for version 3.7.1:

 * Fix regression in include directive (issue #796)
 * Fix bug in PE checksum calculation causing wrong results in some cases.
   2019-11-04 22:13:04 by Roland Illig | Files touched by this commit (118)
Log message:
security: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
   2019-07-11 13:20:06 by Sevan Janiyan | Files touched by this commit (4)
Log message:
More strnlen(3) users - from Joyent
   2019-07-11 13:17:24 by Sevan Janiyan | Files touched by this commit (1)
Log message:
use a tab
   2017-11-15 19:22:22 by Havard Eidnes | Files touched by this commit (8) | Package updated
Log message:
Update {py-,}yara to version 3.7.0.

Pkgsrc changes:
 * adapt PLIST
 * remove patch which no longer applies
 * apply patches for proper value domain for isxxxx() functions/macros

Upstream changes:
 * time module (Wesley Shields)
 * yara command-line tool now accept multiple rule files
 * Allow a configurable limit for the number of strings per rule
   (option --max-strings-per-rule)
 * Implement integrity check for compiled rules
 * Implement API for customizingimport statement (@edhoedt)
 * Scan process memory in FreeBSD and OpenBDS (Hilko Bengen)
 * BUGFIX: Negated character classes not working with case-insensitive
   regexps (#765)
 * BUGFIX: Multiple bugs while parsing ELF files (Nate Rosenblum)
 * BUGFIX: Out-of-bounds access while parsing PE files.
 * BUGFIX: Memory leaks while parsing invalid rules.
   2017-11-01 20:29:30 by Min Sik Kim | Files touched by this commit (1)
Log message:
security/yara: Needs OpenSSL to build
   2017-07-06 01:55:01 by Pierre Pronchery | Files touched by this commit (4) | Package updated
Log message:
Update yara to version 3.6.3

From the release notes for version 3.6.3:
* BUGFIX: Heap overflow (4a342f0)
* BUGFIX: Off-by-one NULL write in stack buffer (964d6c0)
* BUGFIX: Multiple issues in "dotnet" module (f40c14c, fc35e5f)

From the release notes for version 3.6.2:

* Increase RE_MAX_AST_LEVELS from 2000 to 6000.
* BUGFIX: Buffer overrun in regexp engine (issue #678)
* BUGFIX: Null pointer dereference in regexp engine (issue #682).

XXX pullup (security fixes)