./security/yara, Pattern matching swiss knife for malware researchers

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.5.1, Package name: yara-4.5.1, Maintainer: khorben

YARA is a tool aimed at (but not limited to) helping malware
researchers to identify and classify malware samples. With YARA
you can create descriptions of malware families (or whatever you
want to describe) based on textual or binary patterns.


Required to run:
[security/openssl]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 2155.813 KB

Version history: (Expand)


CVS history: (Expand)


   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)
Log message:
*: bump for openssl 3
   2022-11-29 09:35:01 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
yara: fix build on NetBSD (no proc interface)
   2022-11-28 19:57:19 by Adam Ciarcinski | Files touched by this commit (6) | Package updated
Log message:
yara py-yara: updated to 4.2.3

YARA v4.2.3
BUGFIX: Fix security issue that can lead to arbitrary code execution.
BUGFIX: Fix incorrect logic in expressions like <quantifier> of \ 
<string_set> in (start..end
   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2021-06-05 04:58:18 by Makoto Fujiwara | Files touched by this commit (2)
Log message:
(security/yara) build fix: ERROR: [check-portability.awk]
   2021-05-30 03:22:05 by Pierre Pronchery | Files touched by this commit (2) | Package updated
Log message:
yara: update to version 4.1.1

YARA v4.1.1

 * BUGFIX: Accept the "+" character as valid in DLL names (#1501).
 * BUGFIX: Buffer overrun in "macho" module.
 * BUGFIX: Undefined behavior in Windows implementation of yr_filemap_xxx \ 
functions (#1302).
 * BUGFIX: Crash due to consecutive jumps in hex strings (#1492).

The yara-python repository does not offer a corresponding release.
   2021-05-30 03:16:28 by Pierre Pronchery | Files touched by this commit (9) | Package updated
Log message:
{,py-}yara: update to version 4.1.0

Since version 3.11.0:

YARA v4.1.0

 * New operators icontains, endswith, iendswith, startswith, istartswith.
 * Accept \t escape sequence in text strings.
 * Add --no-follow-links command-line option to yara.
 * Prevent yara from following links to "." (@1D2D).
 * Implemented non-blocking scanning API (@simonhf).
 * When a string causes too many matches, YARA raises a warning instead of \ 
failing (@wxsBSD).
 * BUGFIX: The use of --timeout could hang yara when scanning directories or \ 
lists of files (#1481).
 * BUGFIX: Incorrect parsing of PE certificates (#1443).
 * BUGFIX: Short-circuit evaluation not working fine with undefined expressions.

YARA v4.1.0-rc2

 * Don't raise warnings for non-ASCII strings.

YARA v4.1.0-rc1

 * New operators icontains, endswith, iendswith, startswith, istartswith.
 * Raise warnings for non-ascii strings.
 * Accept \t escape sequence in text strings.
 * Add --no-follow-links command-line option to yara.
 * Prevent yara from following links to "." (@1D2D).
 * Implemented non-blocking scanning API (@simonhf).
 * When a string causes too many matches, YARA raises a warning instead of failing.

YARA v4.0.5

 * BUGFIX: Fix bug in "macho" module introduced in v4.0.4.

YARA v4.0.4

 * BUGFIX: Multiple out-of-bounds reads in "macho" module.

Credits to Luis Merino from X41 D-SEC GmbH for reporting these issues.

YARA v4.0.3

 * BUGFIX: Multiple out-of-bounds read in "dotnet" module.

YARA v4.0.2

 * BUGFIX: Use-after-free bug in PE module (#1287).
 * BUGFIX: Incorrect errors in rules when a single rule is badly formatted (#1294).
 * BUGFIX: Assertion failed with rules that have invalid syntax (#1295).
 * BUGFIX: Integer overflow causing missed matches on files larger than 2GB (#1304).
 * BUGFIX: Crashes in Mac OS while scanning binaries with a signature that can't \ 
be verified (#1309).

YARA v4.0.1

 * Update sandboxed API (#1276).
 * BUGFIX: Fix regression in exports parsing in PE module (2bf67e6).
 * BUGFIX: Fix unaligned accesses in ARM (e1654ae).

YARA v4.0.0

 * New string modifiers base64 and base64wide (#1185).
 * New string modifier private (#1096).
 * Iterators for dictionaries and arrays (#1141).
 * Multiple API changes.
 * Memory footprint greatly reduced, specially when compiling large numbers of rules.
 * New commmand-line option --scan-list (#1261).
 * Added pdb_path field to "pe" module.
 * Added export_details array to "pe" module.
 * Added exports_index functions to "pe" module.
 * Improvements to "cuckoo" module.
 * BUGFIX: PE files with multiple signatures are parsed correctly (#940).
 * BUGFIX: Fix PE rich header parsing (#1164).
 * BUGFIX: Buffer overruns in "dotnet" module (#1167, #1173).