Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: yara | Distribution: openSUSE Tumbleweed |
Version: 4.5.1 | Vendor: openSUSE |
Release: 1.3 | Build date: Tue Aug 27 09:47:31 2024 |
Group: System/Filesystems | Build host: reproducible |
Size: 62148 | Source RPM: yara-4.5.1-1.3.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://virustotal.github.io/yara/ | |
Summary: A malware identification and classification tool |
YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.
BSD-3-Clause
* Tue Aug 27 2024 ming li <mli@suse.com> - update to 4.5.1: * Allow spaces in regexp repetition operators (e.g: {n, m}). * BUGFIX: matches operator was not matching empty strings. * BUGFIX: Several bugs in array type handling in dotnet module. * BUGFIX: Fix issue while parsing .NET files. * BUGFIX: Fix issues while parsing PE resources. * BUGFIX: Infinite loop while parsing corrupt PE files. * BUGFIX: OOM errors while parsing corrupt PE files. * BUGFIX: Build issue in Alpine Linux due to pread64 not found. * BUGFIX: Issue while parsing rich header in some PE files. * Sun Feb 18 2024 Andrea Manzini <andrea.manzini@suse.com> - update to 4.5.0: * Unreferenced strings are allowed if their identifier start with _ (#1941) * New command-line option --disable-console-logs for disabling the output of the console module (#1915) * New command-line option --strict-escape that raises warnings on unknown escape sequences (#1880). * Improve performance by avoiding the execution of rule conditions that can't match (#1927) * Add callback message CALLBACK_MSG_TOO_SLOW_SCANNING for notifying about slow rules (#1921). * Expose function RVA in pe.export_details(#1882). * BUGFIX: Fix issues in the computation of imphash in pe module (#1944). Credits to the NSHC ThreatRecon team! * BUGFIX: Fix multiple out-of-bound memory reads in dex module (#1949, #1951). * BUGFIX: Fix memory alignment issues (#1930). * BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (#1933). * BUGFIX: Some rules not matching when --fast-scan is used (4de3d57) * BUGFIX: Properly list memory regions while scanning processes in Mac OS. (#2033) * BUGFIX: RFC5652 countersignatures are now correctly parsed in pe module (#2034) * BUGFIX: Fix potential DoS due to crashes in authenticode parser with malformed files (#2034). Credits to Bahaa Naamneh! * BUGFIX: Fix SIGSEGV in magic module when libmagic returns null pointer (3342aa0) * BUGFIX: Prevent infinite recursion while following symlinks (923368e) * Sat Oct 14 2023 Dirk Müller <dmueller@suse.com> - update to 4.4.0: * New lnk module (#1732). * Unreferenced strings are allowed if their identifier start with _ (#1941) * New command-line option --disable-console-logs for disabling the output of the console module (#1915) * New command-line option --strict-escape that raises warnings on unknown escape sequences (#1880). * Improve performance by avoiding the execution of rule conditions that can't match (#1927) * Add callback message CALLBACK_MSG_TOO_SLOW_SCANNING for notifying about slow rules (#1921). * Expose function RVA in pe.export_details(#1882). * BUGFIX: Fix issues in the computation of imphash in pe module * BUGFIX: Fix multiple out-of-bound memory reads in dex module * BUGFIX: Fix memory alignment issues (#1930). * BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (#1933). * BUGFIX: Some rules not matching when --fast-scan is used * Sun Jul 16 2023 Dirk Müller <dmueller@suse.com> - update to 4.3.2: * BUGFIX: assertion triggered with certain hex patterns when scanning arbitrary files * Sun Jun 11 2023 Dirk Müller <dmueller@suse.com> - update to 4.3.1: * BUGFIX: Functions `import_rva` and `import_delayed_rva` are now case-insensitive (#1904) * BUGFIX: Fix heap-related issue in `dotnet` module on Windows (#1902) * BUGFIX: Fix heap corruption with certain rules that have very long string sets (67cccf0) * Thu Mar 30 2023 Andrea Manzini <andrea.manzini@suse.com> - Build AVX2 enabled hwcaps library for x86_64-v3 * Thu Mar 30 2023 Andrea Manzini <andrea.manzini@suse.com> - update to 4.3.0: * Added a not operator for bytes in hex strings. Example: {01 ~02 03} (#1676). * for statement can iterate over sets of literal strings (e.g. for any s in ("a", "b"): (pe.imphash() == s)) (#1787). of statement can be used with at (e.g. any of them at 0) (#1790). * Added the --print-xor-key (-X in short form) command-line option that prints the XOR key for xored strings (#1745). * Implement the --skip-larger command-line option in Windows (#1678). * Add parsing of .NET user types from .NET metadata stream in "dotnet" module (#1605). * Improve certificate parsing and validation in "pe" module (#1623). * Improve error reporting on certain edge cases (#1709, #1722). * BUGFIX: Fix multiple memory alignment issues causing crashes in non-x86 platforms (#1724). * BUGFIX: Fix implementation of math.serial_correlation(#1771). * BUGFIX: Fix infinite recursion in dotnet module (#1794). * BUGFIX: Fix SIGFPE when dividing INT64_MIN by -1 (c2557fc). * BUGFIX: Fix several endianess issues (#1884, #1874, #1855). - removed fix-test-magic.patch as was merged into upstream * Mon Feb 06 2023 Hans-Peter Jansen <hpj@urpla.net> - backport upstream fixes for file magic tests: fix-test-magic.patch * Tue Aug 09 2022 Dirk Müller <dmueller@suse.com> - update to 4.2.3: * BUGFIX: Fix security issue that can lead to arbitrary code execution (b77e4f4, b77e4f4). Thanks to ANSSI - CERT-FR for the report. * BUGFIX: Fix incorrect logic in expressions like <quantifier> of <string_set> in (start..end (#1757). * Mon Jul 11 2022 Dirk Müller <dmueller@suse.com> - update to 4.2.2: * BUGFIX: Fix buffer overrun en "dex" module * BUGFIX: Wrong offset used when checking Version string of .net metadata * BUGFIX: YARA doesn't compile if --with-debug-verbose flag is enabled * BUGFIX: Null-pointer dereferences while loading corrupted compiled rules * Implement the --skip-larger command-line option in Windows. * BUGFIX: Error while scanning process memory in Linux (#1662). Thanks to @hillu. * BUGFIX: Issue in "magic" module leading to wrong matches * BUGFIX: Multiple issues triggered in low-memory conditions (#1671, #1673, #1674, #1675). Reported by @1ndahous3. * BUGFIX: Incorrect parsing of character classes in some regular expressions (#1690). Reported by @Sevaarcen. * BUGFIX: Heap overflow in ARM. Reported by @briangreenery. * New syntax for counting string occurrences within a range of offsets. Example: #a in * New syntax for checking if a set of strings are found within a range of offsets all of them in * of operator now accepts sets of rules, Examples: 2 of (rule1, rule2, rule3), 2 of (rule*) * New syntactic sugar allows writing 0 of * New operator % for string sets. Example: 20% of them * New operator defined * New operator iequals * Added functions abs, count, percentage and mode to math module * The dotnet module is now built into YARA by default. * Added the is_dotnet field to dotnet module * Added new console module * Added support of delayed imports to pe module * Reduce memory pressure when scanning process memory in Linux * Improve performance while matching certain hex strings * Implement support for unicode file names in Windows * Add new API functions yr_get_configuration_uintXX and yr_set_configuration_uintXX * Add --max-process-memory-chunk option for controlling the size of the chunks while scanning a process memory * Add --skip-larger option for skipping files larger than a certain size while scanning directories. * Improve scanning performance with better atom extraction * BUGFIX: fullword modifier not working properly under all locales * BUGFIX: Fix edge case when files have a numeric name that was interpreted as a PID number * BUGFIX: Fix memory leaks in magic module. * BUGFIX: Fix integer overflow while scanning files larger than 2GB
/usr/bin/yara /usr/bin/yarac /usr/share/doc/packages/yara /usr/share/doc/packages/yara/AUTHORS /usr/share/doc/packages/yara/CONTRIBUTORS /usr/share/doc/packages/yara/README.md /usr/share/licenses/yara /usr/share/licenses/yara/COPYING /usr/share/man/man1/yara.1.gz /usr/share/man/man1/yarac.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Jan 12 02:11:34 2025