[Forensics-changes] [yara] annotated tag v3.3.0 created (now 85e913e)
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:27:55 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a change to annotated tag v3.3.0
in repository yara.
at 85e913e (tag)
tagging 83d531cb13cf5fd7f1658994dcee3abb1be0aec2 (commit)
replaces v3.1.0
tagged by Victor M. Alvarez
on Tue Feb 10 13:45:17 2015 +0100
- Log -----------------------------------------------------------------
Hilko Bengen (6):
python: Add explicit library path
Fix build on kFreeBSD
python: Fix crash when Python 3 cannot decode strings from tags or meta as UTF-8
Fix crash on warnings when no compiler callback has been set.
pe_utils.c: Add missing include for defining struct tm
yara-python/tests.py: Add missing f.close() to avoid warning
Jeffrey Crowell (1):
add radare2 to list of people using yara
Karl Hiramoto (1):
hash module
R.H. (1):
Update yarapython.rst
Victor M. Alvarez (194):
Update README file
Add Tanium to the "who's using YARA" list
Merge pull request #174 from wxsBSD/elf_fix
Merge pull request #175 from wxsBSD/rule_iter
Implement overloaded functions
Implement "locale" function in PE module and improve buffer bounds checking
Merge pull request #178 from wxsBSD/IMAGE_FILE_MACHINE_AMD64
Fix issue #181
Declare lexers as never-interactive
Fix multiple warnings when compiling as C++
Fix multiple warnings when compiling as C++
Fix pe.h
Function 'input' is called 'yyinput' in C++
Remove DirectoryEntries from IMAGE_RESOURCE_DIRECTORY
Add YR_API macro for declaring functions as extern "C" in C++
Fix minor issues while compiling in Windows
Fix warnings in while compiling in C++
Update Visual Studio projects to use C++ instead of C compiler
Merge pull request #183 from karlhiramoto/hash
Fix minor style issues in modules/hash.c
Merge pull request #184 from wxsBSD/richpe
Fix issues with pull request #184
Comply with YARA's style
Use OpenSSL to calculate hashes and change prototypes for "richhash" and "imphash"
Refactor parse_imports to to reduce complexity and indentation levels
Homogenize comments
Merge pull request #185 from wxsBSD/pe_parse_imports_fix
Merge pull request #186 from wxsBSD/length_fix
Replace htonl with bigendian macro
Remove unused variable
Fix misplaced constants
Issue warning on regular expressions containing .*
Minor improvements in PE module
Add missing include
Implement yr_strndup
Fix possible buffer overrun
Remove references to "aprintf" and fix a memory leak
Fix warning
Fix wrong boundaries check causing segfault
Merge pull request #188 from wxsBSD/null_ptr_fix
Detect presence of OpenSSL library and build accordingly
Fix some warnings and errors while compiling on Windows
Implement "memmem" function and fix minor style issues
Add missing semicolon
Fix warning
Add OpenSSL to Windows project
Fix bug in overloaded functions
Replace tabs with spaces
Fix issue with functions declared in a structure contained in an array
Fix issue #195
Fix warning caused by comparison between integer and pointer
Fix string_argument macro to correctly handle SIZED_STRINGs
Add test case for functions receiving strings
Return error if hex strings are too long
Merge pull request #191 from wxsBSD/authenticode
Move utility functions out of pe.c and other minor changes
Use statically allocated buffer with X509_NAME_online.
Simplify the serial number length computation
Fix wrong identifier
Remove unnecessary counter decrement
Remove unnecessary call to BIO_set_close, BIO_CLOSE flag is set by default
Fix some possible memory leaks
Add Metaflows to "who's using YARA"
Change some char* to const char*
Check for memmem function during configuration
Add missing define
Fix bug in "imports" function of PE module
Improve sanity checks in pe_parse_certificates
Fix bug introduced in previous commit
Merge pull request #197 from wxsBSD/import_fix
Fix false positive in "fullword" matches when string is declared both "ascii" and "wide"
Implement timegm for platforms not including it
Make WIN_CERTIFICATE declaration available in Windows
Simplify "valid_on" function and remove "valid_before" and "valid_after"
Merge branch 'master' of https://github.com/plusvic/yara
Fix incorrect handling of undefined boolean expressions in a for loop
Implement functions sha1 and sha256 in "hash" module
Improve sanitation in PE module to avoid segfaults
Sanitise DLL names in import table and fix memory leak
Improve DLL name validation by rejecting empty names
Add big-endian versions for intXX and uintXX functions
Include "offset" and "length" in pe.rich_signature and remove "start"
Add missing type check
Add missing type check
Implement hash functions receiving string arguments
Remove "hash" function from "rich_signature"
Check for undefined arguments in hash functions
Update documentation
Bump to version 3.2.0
Add missing library to setupwinXX.py
Increment ARENA_FILE_VERSION
Merge pull request #199 from wxsBSD/ord_lookup_fix
Fix issues when using dmalloc
Fix memory and handle leaks
Avoid segfault when yr_re_finalize is called before yr_re_initialize
Use argparse library to parse command line arguments and some other improvements
Fix incorrect initialization of thread_storage_key in Windows
Fix warnings
Use integer arithmetic instead of floating point operations and fix problems in C++
Update Visual Studio project
Implement --pring-namespace commad-line argument
Fix --timeout argument to work with directories
Initialize timeout with a large number
Avoid hitting a bug in lldb-320.4.152
Merge pull request #203 from pozdnychev/master
Fix incorrect line number for syntax errors after a regexp declarations
Merge pull request #207 from pozdnychev/master
Minor style changes
Merge pull request #209 from pozdnychev/master
Minor style changes
Update Windows project
Fix some issues while compiling in Windows
Fix compile error due to undefined identifier
Fix issue #213
Merge pull request #214 from ortizmj12/patch-1
Fix segmentation fault in ELF module
Fix bug in PE module
Fix issue #218
Error message instead of triggering assertion on certain syntax errors
Fix segfaults in PE module
Merge pull request #215 from wxsBSD/resource_name_and_entropy
Merge pull request #224 from wxsBSD/entropy2
Simplify grammar.y by introducing yr_parser_reduce_operation function
Small improvements in exec.c
Implement operators >=, >, <, <= for strings
Add test cases for string comparison operators and floating point arithmetic operations
Fix bug in multiplication
Remove dead code (issue #225)
Implement a cleaner solution to push_dbl and pop_dbl and avoid warnings.
Check for math library in configure.ac
Fix issue with undefined floating points values
Rename break_if_undefined to ensure_defined
Check function arguments for undefined values before calling the function.
Implement a function to check for undefined values. Minor improvements in PE module.
Re-implement valid_on using new is_undefined function
Stop using UINT_TO_PTR macro
Fix warning due to declaration inside switch statement
Merge pull request #227 from wxsBSD/entropy_rename
Remove unused variable
Minor style changes
Simplify serial correlation functions.
Add support for negative numbers
Handle negative array indexes correctly
Fix warning due to uninitialised variable with certain compilers
Fix warning due to uninitialised variable with certain compilers
Fix bug while handling negative integers
Fix bug while handling dictionary objects
Fix previous commit, the operation should be decrement instead of increment
Add support for pkg-config
Rename double to float
Fix issues with previous commit
Remove extra semicolon
Merge pull request #244 from wxsBSD/issue_243
Merge pull request #236 from SleuthKid/patch-1
Merge pull request #234 from wxsBSD/docs
Merge pull request #232 from wxsBSD/issue_231
Merge pull request #241 from hillu/master
Merge pull request #245 from crowell/patch-1
Fix an off-by-one memory access
Implement \b and \B anchors in regexps
Abbreviate code in re.c
Merge pull request #247 from wxsBSD/doc_fix
Fix issue #249
Declare loop variables in the "for" statement
Remove unused functions
Fix issue with strtoll when compiling in Windows
Add some definitions missing in older versions of WinNT.h
Don't use stdbool.h as it doesn't exists in VC++
Implement log2 function for VC++
Avoid warning due to ambiguous call to overloaded log()
Implement yr_filemap_map_ex
Fix some issues with latest changes in filemap functions in Windows
Add missing definitions in Windows
Update Windows project
Merge pull request #235 from pozdnychev/check-allocation
Improve error handling in atoms.c
Improve error handling in low memory conditions
Fix a segfault under low memory conditions
Merge pull request #251 from hillu/python3-test-fix
Merge pull request #250 from hillu/mingw-cross-fix
Merge pull request #233 from wxsBSD/section_characteristics
Don't show bug report message when printing version information
Set version number to 3.3.0
Update documentation
Merge pull request #228 with some improvements
Define section characteristics constants as they appear in winnt.h
Fix issue #237
Fix buffer overrun
Disable warnings due to deprecated functions
Include version numbers in header files (issue #221)
Replace CreateFile with CreateFileA (issue #205)
Fix an issue with test cases in Python 3.x
Update Windows project
Merge branch 'master' of https://github.com/plusvic/yara
Victor Manuel Alvarez (74):
Remove unnecessary files
Add config.h for Windows
Fix #164
Fix issue #165 by reorganizing header files
Fix wrong file name in Makefile.am
Fix wrong file name in hex_lexer.h
Fix wrong includes
Fix wrong includes
Add missing include
Add missing include
Implement ELF module
Document ELF module
Return error when declaring duplicated structure members
Fix typo. "Duplicated" instead of "duplicate".
Implement resources parser and language identification in PE module
Improve scanning speed by matching certain strings only at fixed offsets
Fix bugs in previous commit
Fix issue #169
Fix issue #171
Implement dictionaries
Implement .version_info dictionary in PE module
Implement module data printing
Fix issues in PE module
Add 'begin_struct_dictionary' and 'end_struct_dictionary'
Update documentation
Fix typos
Fix uninitialized variable warning
Fix uninitialized variable warning
Implement yr_rules_foreach and use it where appropriate
Update documentation
Use ACX_PTHREAD macro for configuring PTHREADS
Fix issue #180
Fix warning due to uninitialized variable
Fix warning due to a wrong format specifier for printf
Improve ACX_PTHREAD usage
Fix segfault in yara-python
Rename cur_rule to iter_current_rule
Improve detection of strings slowing down the scanning
Improve atom quality calculation
Fix bugs while parsing PE version information
Add some sanity checks to resources iteration routine in PE module
Improve atom quality calculation
Avoid stack overflow
Add Wesley Shields to AUTHORS and CONTRIBUTORS
Add Trend Micro to "who's using YARA" list
Improve legibility of hash module
Implement "checksum" function
Update documentation
Improve syntax error recovery
Fix segfault with some syntax errors and improve error reporting
Replace argparse with my own argument parsing code
Fix segfault in PE module
Accept None for argument "externals"
Fix issues while building in some systems
Fix warnings
Fix warnings
Fix issue in Python 2.4
More coherent instruction names
Rename CLEANUP macro to a more meaningful name
Fix minor style issues
Fix regression issue
Penalize spaces and newlines in strings
Include terminating NULL character in strings written to sz_arena
Comment previous change
Comply with the 80 character per line style rule
Add missing underscore in function name
Revert wrong attempt to fix issue #240
Allow to pass custom pointer to compiler callback as suggested in #220
Fix incorrect version number in the documentation
versionadded: and versionchanged: directives must contain version numbers only
Implement unary minus operator
Fix bug in bitwise not (~) operator
Make operator precedence compatible with the C language.
Implement float external variables
Wesley Shields (123):
Fix "duplicate structure member" error in elf.
Start to implement rich_signature.
Implement rule iterators.
Implement "matches" for strings.
Remove dead code.
Merge branch 'master' into richpe
Use IMAGE_FILE_MACHINE_AMD64 appropriately.
Use IMAGE_FILE_MACHINE_AMD64 appropriately.
Merge branch 'master' into richpe
Revert string_argument being SIZED_STRING.
Chase string_argument revert.
Use calloc() instead of malloc().
Implement import hashing.
Merge branch 'master' into richpe
Fix missing IMAGE_FILE_MACHINE_AMD64.
Use -lcrypto.
Remove comment that is OBE.
Remove comment that is OBE.
Pass length of string properly.
Fix comment.
Switch from using OpenSSL to stand-alone MD5.
Merge branch 'master' into richpe
Fix early returns.
Implement sha256 of rich signature.
Merge branch 'master' into richpe
Remove unnecessary assignment.
Fix one-byte overflow.
Fix copy/paste mistake.
Merge branch 'master' into richpe
Merge branch 'master' into richpe
Implement yr_calloc() and switch yr_malloc() back.
Address concerns around set_string().
Fix build on OS X.
Fix a copy/paste mistake in richhash.
Start to implement certificate parsing.
Cleanup comments, fix leaks, etc.
Remove old comment.
Merge branch 'master' into authenticode
Fix serial handling.
Merge branch 'master' into authenticode
Fix a NULL ptr deref.
Merge branch 'null_ptr_fix' into authenticode
imphash returns a string.
Merge branch 'null_ptr_fix' into authenticode
Properly calculate the next certificate entry.
Merge branch 'master' into authenticode
Fix some bugs.
Fix length check. The docs are confusing.
Add extra comment explaining why this check most likely fails.
Make length check bounded to directory.
Cleanup bounds checks and comments.
IMAGE_SECURITY_DESCRIPTOR -> WIN_CERTIFICATE
Fix comparisons.
Remove unnecessary code.
Merge branch 'master' into authenticode
Implement signature as an array.
Fix bug where array length was off by one.
Conditionalize the counter decrementing.
Pluralize "signature" and use "number_of_signatures"
Use not_before and not_after.
Track ASN1_TIME structures in a list.
Free stack of certs.
Merge branch 'master' into authenticode
Merge branch 'master' into authenticode
Adhere to upstream style.
Merge branch 'master' into authenticode
Implement overloaded not_before() and not_after().
Fix problem from cherry-picked commit.
Merge branch 'master' into authenticode
Use HAVE_LIBCRYPTO.
Make not_before and not_after be integers.
Implement valid_before() and valid_after().
Implement valid_on().
Address an import parsing problem.
Fix a problem with ord_lookup.
Improve resource handling and add entropy.
Merge branch 'master' into resource_name_and_entropy
Start to implement double support.
Merge branch 'master' into resource_name_and_entropy
Fix incorrect cast.
Remove debugging statement.
Add new instructions for working with doubles.
Merge branch 'master' into resource_name_and_entropy
Remove unused macros.
Add a DO_CASTS macro.
Forgot to commit this in previous one.
Implement get_double().
Add offset to resources and switch to length.
Remove "data" from resources.
Start to rename entropy to math.
Rename module.
Add arithmetic mean and abs/fabs.
Merge branch 'master' of https://github.com/plusvic/yara into entropy_rename
Implement serial correlation.
Implement Monte Carlo from Pi test.
Remove fabs() and abs().
Change to "mean_err" and make it take an expected value.
Implement mean_deviation.
Implement declare_double() and set_double().
Define MEAN_BYTES as 127.5.
Move from mean_err() to just mean().
Rename to just deviation().
Implement in_range(), which is inclusive.
Merge branch 'master' into entropy_rename
Remove IS_UNDEFINED checks after e275dcb6.
Add all known Machine types.
Use the OptionalHeader.Magic value.
Merge branch 'master' into issue_231
Merge branch 'master' into issue_231
Merge branch 'master' into issue_231
Add section characteristics.
Implement section_index_addr().
Remove old line I was using for debugging.
No need to add image_base.
Use virtual_address and virtual_size when scanning memory.
Expose new constants in PE module.
Remove unused integers.
Add docs for new stuff.
Remove "often", it's ambigious.
Fix 32BIT_MACHINE issue.
Rename to MACHINE_32BIT.
Update docs to reflect 32BIT_MACHINE change.
Fix copy/paste mistake in docs.
ortizmj12 (1):
Fixed command to install yara-python extension
plusvic (1):
Update man pages
pozdnychev (5):
fix: compilation error because of multiple function declarations
fix issue #206
internals: use ERROR_SUCCESS and ERROR_INSUFICIENT_MEMORY instead of 0/-1
fix: data leak in case of error in yr_process_get_memory
fix: check return values of memory allocation functions
-----------------------------------------------------------------------
This annotated tag includes the following new commits:
new 4dc0442 Fix issue with ^ anchor in regular expressions used with "matches" operator. Make yr_re_exec easier to read.
new 345bf84 Fix bug in yr_re_exec logic
new 372ce64 Fix warning about uninitialized variable
new 24d001d Fix buffer overflow
new c9d6d93 Fix bug causing segmentation fault when using nested loops
new 9cae43b Add test case for nested loops
new f22999b Enable optimization settings
new e87621b Fix typo
new a5736f9 Add Bayshore Networks to "Who's using YARA"
new 74ca113 Fix issue #127
new bfe9980 Fix segmentation fault caused by invalid characters in regular expressions.
new 08c8456 Fix bug in regular expression engine causing false negative matches
new f1999cb Fix bug while handling nested includes
new 01bb023 Add ThreatStream to "who's using YARA"
new 74a7e4e Fix issue #131
new 67eb56c Fix bug introduced in commit 08c8456a0728522b347e936f66b98676a890cd09
new efd5b45 Remove unused prototype.
new 79304f3 Fix issue caused by regexp code spanning over non-contiguous arena pages
new 0ce0d33 Adjust value for RE_MAX_CODE_SIZE
new cb4d544 Fix minor issues in arena.c
new 3216460 Minor style fixes
new 89cde68 Implement profiling support
new f0e80c7 Fix wrong #ifdef
new 035b2a2 Avoid segfault while scanning some processes in Windows
new ee6289b Increment initial arena sizes to reduce the number of memory allocations
new e13a5bc Merge pull request #134 from wxsBSD/master
new af78ed3 Add Fox-IT to "who's using YARA"
new f884da4 Update README.md
new f6d91d7 Fix issue with files larger than 4GB
new 13096f3 Merge pull request #137 from kcreyts/patch-2
new f40567a Add Blue Coat to "Who's using YARA"
new a890012 Implement modules support
new bd40304 Add subdir-objects to automate options
new 1d65669 Fix bug caused by missing flags initialisation while splitting a regular expression
new 51aeb0e Fix issue with undefined strings
new f81eeaf Fix bug in yara-python
new fcc71e0 Remove unnecessary code
new 3344ada Fix issues with includes
new 3773bb1 Fix bug in yara-python causing segmentation faults
new 7690f84 Rename YR_EVALUATION_CONTEXT to YR_SCAN_CONTEXT and some other minor changes
new d907fdd Rename YR_EVALUATION_CONTEXT to YR_SCAN_CONTEXT and some other minor changes
new 26c456d Add more test cases
new 65170ff Remove unnecessary file
new f5c045a Calculate pe.entry_point value differently for file and process memory scans
new 82b2c61 Rename token SIZE to FILESIZE to avoid conflicts with windef.h in Windows
new 7857a47 Put leading and trailing underscores to tokens, to avoid conflicts with other types and macros
new 609ee5a Add missing includes in Windows
new 6a11508 Fix compilation in Windows
new b41d264 Add missing Jansson files
new a9dd9e4 Fix bug in PE module caused by misplaced break
new b056a7d Fix bug in Window's version of is_directory function
new f609e10 Set multi-byte character set for Windows projects
new b0b3c7f Fix problem with string matches offsets not being treated as virtual addresses while scanning a process
new c864034 Setup new documentation
new 86b09b4 Rename modules/list to modules/module_list
new 7fdcb84 First draft of documentation
new a9fd7f2 Replace uint8_t* type with RE_CODE for regular expression code
new 044be47 Add demo module
new c285e54 Add string_array macro to modules.h
new 4ff1b48 Add more tests and remove unnecessary #undef directives
new 0780c6e Fix issue with documentation config in readthedocs.org
new 3c577a7 Update documentation and remove old one
new 912bb62 Add first_memory_block macro
new a8ddf6f Update documentation
new 2f16c3a Make scan context accesible to module functions
new 9575382 Update documentation
new b86ef21 Implement exports() function in PE module and add support for 64-bit PEs
new c4ae098 Implement imports() function and other small changes in PE module
new 0c1a27a Rename self() to parent() and add module() to module's API
new f3e8b0f Update documentation
new 8552b47 Add test case for functions in modules
new 077fba2 Add Blueliv and Adlice to "Who's using YARA"
new 1387428 Remove dmalloc from config.h
new e33266d Fix issues with parent() in Cuckoo module
new f8fd52d Enable optimisations by default
new 285d538 Fix warning about uninitialised variable and add assert
new ec5eb9f Bug fix: Start of string anchor (^) not working properly with wide strings
new 7958ed4 Add extern "C" directive to yara.h
new 6751779 Raise warning when the deprecated "entrypoint" keyword is used
new 70852a8 Add declare_ prefix declaration macros to avoid collision with type "string" in C++
new 425dade Implement yr_compiler_set_callback
new 92e1c36 Rename YR_COMPILER_CALLBACK to YR_COMPILER_CALLBACK_FUNC
new d06a778 Remove yr_compiler_push_file_name from the public API
new ba112e0 Update documentation
new 57ef744 Fix issue #147
new 33bd8fd Fix issue #148 by asserting that yr_compiler_get_rules was not called before yr_compiler_add_file/yr_compiler_add_string
new d75fc00 Change some "char*" to "const char*"
new d972eed Update exported symbols
new 6d1a26b Implement iteration macros
new 8e869c6 Replace fast_scan_mode boolean argument with flags for greater flexibility in the future
new 91f4e74 Update documentation
new c195f6f Update documentation
new 37bdd55 Fix typo
new 542c955 Document the command-line -x option in the man page and add example to documentation
new 35d9ce6 Release version 3.0.0
new 8cc6a99 Add missing patch version
new 8e85126 Fix some issues while compiling in Windows
new dcf80f7 Update version number in documentation
new 36dadb0 Update writingmodules.rst
new 48c43c5 Merge pull request #151 from corumir/patch-1
new a9db0ea Update documentation
new 2eaafa8 Fix buffer overrun in PE module
new 2dd8274 Improve buffer bounds checking in PE module
new e6db404 Fix non-escaped characters in documentation
new 3b5ddd0 Replace WIN32 with _WIN32. The latest is defined by the compiler and doesn't need to be defined externally.
new 797c485 Show appropriate error message when importing an unknown module
new 68d8a49 Fix issue #157
new 5274d45 Added Homebrew installation instructions.
new 500e588 Merge pull request #158 from sroberts/patch-1
new 7b3f904 Remove reference to yara-python installation with PIP
new d5ed62e Implement module_initialize and module_finalize
new f56608c Improve error handling
new 1c5ac31 Fix issues introduced in yara-python
new 75139e2 Handle zero-length files as normal files and remove zero-length errors.
new 5e3282b Fix some warnings
new 2d04878 Improve error reporting when a function is called with wrong number of arguments
new a22f289 Accept functions without arguments
new ac87a92 Fix double invocation side-effect when passing a function to return_string() macro, like in return_string(f(...))
new 61f517d Implement "magic" module based on Armin Buescher's original idea.
new f329724 make 'dns_lookup' usable
new 0de8878 Merge pull request #161 from billmarczak/master
new bc3bc53 Fix issues with Bison 3.0
new a7c1dc2 Fix issues with Bison 3.0
new 174cda2 Homogenize newlines at the end of files
new 829348a Add missing newlines at the end of files
new b274520 added new libyara headers to yarainclude_HEADERS
new 689c41d Merge pull request #163 from swdunlop/master
new a85a72f Use strlcat, strlcpy, and snprintf instead of strcat, strcpy and sprint to avoid warning in OpenBSD
new 8df08b8 Use strlcat, strlcpy, and snprintf instead of strcat, strcpy and sprint to avoid warning in OpenBSD
new d196b97 Provide an implementation for strlcat and strlcpy and use them where appropriate
new 87df834 Fix bug introduced in previous commit
new 3daf2bd Update the documentation
new ffc0a33 Replace WIN32 with _WIN32
new 03b015e Don't generate debug information for release version
new 3462b7f Release version 3.1.0
new 9c71ec1 Update README file
new 356e013 Remove unnecessary files
new a6ad94b Add config.h for Windows
new 41493c9 Fix #164
new 80b340b Fix issue #165 by reorganizing header files
new 1ed3d39 Fix wrong file name in Makefile.am
new 6d2dee1 Fix wrong file name in hex_lexer.h
new 8b51e22 Fix wrong includes
new 3f97c63 Fix wrong includes
new 0cbd3d2 Add missing include
new d6b4afe Add missing include
new c9622ab Implement ELF module
new ab30621 Document ELF module
new 1bbc215 Return error when declaring duplicated structure members
new cbd096f Fix typo. "Duplicated" instead of "duplicate".
new 367b0ea Implement resources parser and language identification in PE module
new a5a8b51 Improve scanning speed by matching certain strings only at fixed offsets
new 4a0e558 Fix bugs in previous commit
new 76dee58 Fix issue #169
new b0b592d Fix issue #171
new 0bff066 Implement dictionaries
new b746e50 Implement .version_info dictionary in PE module
new b82ad28 Add Tanium to the "who's using YARA" list
new cd54bea Fix "duplicate structure member" error in elf.
new 39fcd4a Merge pull request #174 from wxsBSD/elf_fix
new 4a73f8b Start to implement rich_signature.
new 4c08d65 Implement rule iterators.
new 430b941 Implement "matches" for strings.
new 2446f23 Merge pull request #175 from wxsBSD/rule_iter
new 903ba46 Remove dead code.
new 72f0cc5 Implement overloaded functions
new f002d92 Implement "locale" function in PE module and improve buffer bounds checking
new 80eeb8e Implement module data printing
new 81ff989 Fix issues in PE module
new b85adb0 Add 'begin_struct_dictionary' and 'end_struct_dictionary'
new 97ea49c Update documentation
new a8eccdd Fix typos
new 7a83bd9 Fix uninitialized variable warning
new 86ec8c7 Fix uninitialized variable warning
new 77082a6 Merge branch 'master' into richpe
new 55c6c83 Use IMAGE_FILE_MACHINE_AMD64 appropriately.
new f4b2c31 Use IMAGE_FILE_MACHINE_AMD64 appropriately.
new 6a1c56a Merge pull request #178 from wxsBSD/IMAGE_FILE_MACHINE_AMD64
new 55ee00d Implement yr_rules_foreach and use it where appropriate
new 5ae1a05 Update documentation
new 1b48ae8 Merge branch 'master' into richpe
new 2a61599 Revert string_argument being SIZED_STRING.
new a25f996 Chase string_argument revert.
new 9dea8c6 Use ACX_PTHREAD macro for configuring PTHREADS
new d15585f Fix issue #180
new c8d9821 Fix warning due to uninitialized variable
new 5ade2bf Fix warning due to a wrong format specifier for printf
new 1c8b82e Use calloc() instead of malloc().
new 6df98c0 Implement import hashing.
new 3c95eca Merge branch 'master' into richpe
new c31b756 Fix missing IMAGE_FILE_MACHINE_AMD64.
new 8f3866f Use -lcrypto.
new 9c00c3d Remove comment that is OBE.
new fd30212 Remove comment that is OBE.
new bf6ce6a Pass length of string properly.
new a19faec Fix comment.
new 4db20e7 Improve ACX_PTHREAD usage
new 0763b7a Fix issue #181
new 9f7a178 Fix segfault in yara-python
new c20bac2 Rename cur_rule to iter_current_rule
new 5ed3203 Improve detection of strings slowing down the scanning
new c80a56b Improve atom quality calculation
new 7e99c64 Fix bugs while parsing PE version information
new 362c667 Switch from using OpenSSL to stand-alone MD5.
new cde939e Merge branch 'master' into richpe
new 719995c Fix early returns.
new 21cc617 Add some sanity checks to resources iteration routine in PE module
new f37e97e Improve atom quality calculation
new e5369ca Avoid stack overflow
new ff6646c Implement sha256 of rich signature.
new 4a65288 Merge branch 'master' into richpe
new 55c0280 Remove unnecessary assignment.
new f3722ba Fix one-byte overflow.
new ae6f8a4 Declare lexers as never-interactive
new ce43573 hash module
new 09b306f Fix multiple warnings when compiling as C++
new c2a36b6 Fix multiple warnings when compiling as C++
new 4f3c9a0 Fix pe.h
new 88a25d2 Function 'input' is called 'yyinput' in C++
new ce8f8c4 Remove DirectoryEntries from IMAGE_RESOURCE_DIRECTORY
new 925da0d Add YR_API macro for declaring functions as extern "C" in C++
new f698147 Fix minor issues while compiling in Windows
new d4e5eb8 Fix warnings in while compiling in C++
new 5af437a Update Visual Studio projects to use C++ instead of C compiler
new c82cc9e Merge pull request #183 from karlhiramoto/hash
new b34c0db Fix minor style issues in modules/hash.c
new c9fd5ab Fix copy/paste mistake.
new a9d7b78 Merge branch 'master' into richpe
new c0c1761 Add Wesley Shields to AUTHORS and CONTRIBUTORS
new 7afe1c3 Merge branch 'master' into richpe
new bf5a1e4 Implement yr_calloc() and switch yr_malloc() back.
new 8b56f40 Address concerns around set_string().
new 0820967 Merge pull request #184 from wxsBSD/richpe
new 3a8bd42 Fix issues with pull request #184
new 326c09f Comply with YARA's style
new 2338e6c Use OpenSSL to calculate hashes and change prototypes for "richhash" and "imphash"
new 95c8160 Refactor parse_imports to to reduce complexity and indentation levels
new 2fe67ce Homogenize comments
new 6e1b851 Fix build on OS X.
new ea89d01 Merge pull request #185 from wxsBSD/pe_parse_imports_fix
new 77ad1e7 Fix a copy/paste mistake in richhash.
new 10d1c97 Merge pull request #186 from wxsBSD/length_fix
new 561f61e Replace htonl with bigendian macro
new fda7ef9 Remove unused variable
new 3ea3db2 Fix misplaced constants
new 50f598d Start to implement certificate parsing.
new a1fe3e1 Cleanup comments, fix leaks, etc.
new fbafd23 Remove old comment.
new f9fbd86 Issue warning on regular expressions containing .*
new c815301 Minor improvements in PE module
new d3f2707 Add missing include
new 2b73387 Merge branch 'master' into authenticode
new 96e6d9e Implement yr_strndup
new df87f7e Fix possible buffer overrun
new a7ce07e Remove references to "aprintf" and fix a memory leak
new cdadb9e Fix warning
new 1c0968d Fix wrong boundaries check causing segfault
new 7e3156f Fix serial handling.
new a89b293 Merge branch 'master' into authenticode
new 3797107 Fix a NULL ptr deref.
new d8b14f6 Merge branch 'null_ptr_fix' into authenticode
new a679710 imphash returns a string.
new 97faa69 Merge branch 'null_ptr_fix' into authenticode
new a2eef63 Properly calculate the next certificate entry.
new bd6dac6 Merge pull request #188 from wxsBSD/null_ptr_fix
new 195a022 Merge branch 'master' into authenticode
new 7c2d090 Fix some bugs.
new b2e9cd0 Fix length check. The docs are confusing.
new 5c32607 Add extra comment explaining why this check most likely fails.
new 88624bc Make length check bounded to directory.
new d8a2bc2 Cleanup bounds checks and comments.
new 0f26410 IMAGE_SECURITY_DESCRIPTOR -> WIN_CERTIFICATE
new a6f3e43 Fix comparisons.
new e9ba9c2 Remove unnecessary code.
new 438430a Add Trend Micro to "who's using YARA" list
new 3939b90 Merge branch 'master' into authenticode
new 4be9088 Implement signature as an array.
new fe83cf1 Fix bug where array length was off by one.
new 1e04878 Conditionalize the counter decrementing.
new 86db33c Pluralize "signature" and use "number_of_signatures"
new 6fc5eed Use not_before and not_after.
new b89c211 Track ASN1_TIME structures in a list.
new 5aa4262 Free stack of certs.
new aaee659 Detect presence of OpenSSL library and build accordingly
new a2d920a Merge branch 'master' into authenticode
new 62d8318 Fix some warnings and errors while compiling on Windows
new d2b98fe Implement "memmem" function and fix minor style issues
new deff68d Add missing semicolon
new c8b74ed Fix warning
new 5ba87be Add OpenSSL to Windows project
new 0d4d719 Fix bug in overloaded functions
new a039141 Replace tabs with spaces
new 3c4b246 Fix issue with functions declared in a structure contained in an array
new 083ec11 Merge branch 'master' into authenticode
new 9057a81 Adhere to upstream style.
new 3e260f3 Fix issue #195
new f901baa Fix warning caused by comparison between integer and pointer
new ccd52bc Fix string_argument macro to correctly handle SIZED_STRINGs
new 557aa9a Add test case for functions receiving strings
new 592d2ff Merge branch 'master' into authenticode
new 9214193 Implement overloaded not_before() and not_after().
new b5a4229 Fix problem from cherry-picked commit.
new b86a6f6 Return error if hex strings are too long
new 7f31078 Merge branch 'master' into authenticode
new 8c1ce59 Use HAVE_LIBCRYPTO.
new 10d6554 Make not_before and not_after be integers.
new c8f03ac Implement valid_before() and valid_after().
new 9a70c64 Implement valid_on().
new eafd5b5 Merge pull request #191 from wxsBSD/authenticode
new dda6c74 Move utility functions out of pe.c and other minor changes
new 5f39dcc Use statically allocated buffer with X509_NAME_online.
new bcabb68 Simplify the serial number length computation
new 3455dc7 Fix wrong identifier
new 0e67efe Remove unnecessary counter decrement
new 59b643b Remove unnecessary call to BIO_set_close, BIO_CLOSE flag is set by default
new 42236e6 Fix some possible memory leaks
new 4344883 Add Metaflows to "who's using YARA"
new 65403b5 Change some char* to const char*
new 88088c0 Check for memmem function during configuration
new 93cce90 Add missing define
new 7bf0c83 Fix bug in "imports" function of PE module
new 46fee1a Improve sanity checks in pe_parse_certificates
new f678d4b Fix bug introduced in previous commit
new 987b81d Address an import parsing problem.
new 2dc3473 Merge pull request #197 from wxsBSD/import_fix
new 395daec Fix false positive in "fullword" matches when string is declared both "ascii" and "wide"
new 11c7825 Implement timegm for platforms not including it
new 1ab5a43 Make WIN_CERTIFICATE declaration available in Windows
new 2f31e89 Simplify "valid_on" function and remove "valid_before" and "valid_after"
new 400a62c Merge branch 'master' of https://github.com/plusvic/yara
new f006dc8 Fix incorrect handling of undefined boolean expressions in a for loop
new 0cd95ae Implement functions sha1 and sha256 in "hash" module
new 6832b36 Improve sanitation in PE module to avoid segfaults
new dd2afc6 Sanitise DLL names in import table and fix memory leak
new 5efae9c Improve DLL name validation by rejecting empty names
new ab2d2df Add big-endian versions for intXX and uintXX functions
new ac33844 Include "offset" and "length" in pe.rich_signature and remove "start"
new accf5e1 Add missing type check
new d79d7b6 Add missing type check
new 2d93221 Implement hash functions receiving string arguments
new 86c4afb Remove "hash" function from "rich_signature"
new d293513 Check for undefined arguments in hash functions
new 72136d8 Update documentation
new 72af49a Improve legibility of hash module
new 76bfdec Implement "checksum" function
new 3b2b9fd Update documentation
new f3edcf2 Improve syntax error recovery
new ba58fe2 Bump to version 3.2.0
new 5480ab8 Add missing library to setupwinXX.py
new 344d27a Increment ARENA_FILE_VERSION
new 81f4349 Fix segfault with some syntax errors and improve error reporting
new 5cb324a Fix a problem with ord_lookup.
new 01dfe38 Merge pull request #199 from wxsBSD/ord_lookup_fix
new aff604d Fix issues when using dmalloc
new 8e55590 Fix memory and handle leaks
new 2aeb167 Avoid segfault when yr_re_finalize is called before yr_re_initialize
new f51c608 Use argparse library to parse command line arguments and some other improvements
new 141db64 Fix incorrect initialization of thread_storage_key in Windows
new e6db3bf Fix warnings
new dc71f72 Use integer arithmetic instead of floating point operations and fix problems in C++
new c637143 Update Visual Studio project
new 3234c4b Implement --pring-namespace commad-line argument
new 116b5e1 Replace argparse with my own argument parsing code
new 08f9871 Fix segfault in PE module
new c0628c8 Fix --timeout argument to work with directories
new cce7c5d Initialize timeout with a large number
new 7cc63b1 Avoid hitting a bug in lldb-320.4.152
new eb3e20a fix: compilation error because of multiple function declarations
new 089eb65 Merge pull request #203 from pozdnychev/master
new a292777 Accept None for argument "externals"
new a9bbb79 Fix issues while building in some systems
new d23f884 Fix warnings
new f6c24df Fix warnings
new d3a1fff Fix issue in Python 2.4
new 2773c9b fix issue #206
new 47ff529 internals: use ERROR_SUCCESS and ERROR_INSUFICIENT_MEMORY instead of 0/-1
new 7297977 Fix incorrect line number for syntax errors after a regexp declarations
new fbeada1 Merge pull request #207 from pozdnychev/master
new 279ae0b Minor style changes
new 2524d0c fix: data leak in case of error in yr_process_get_memory
new 9ae81c0 Merge pull request #209 from pozdnychev/master
new 0bb3273 Minor style changes
new a3af96a Update Windows project
new a430718 Fix some issues while compiling in Windows
new 0434bb9 Fix compile error due to undefined identifier
new 56566c5 Fixed command to install yara-python extension
new 963f1ba Fix issue #213
new c8c0925 Improve resource handling and add entropy.
new a64c155 Merge branch 'master' into resource_name_and_entropy
new f0ea82a Merge pull request #214 from ortizmj12/patch-1
new 6280cd4 Fix segmentation fault in ELF module
new a7b6dfe Fix bug in PE module
new dd4f0cc Start to implement double support.
new a51eaf2 Merge branch 'master' into resource_name_and_entropy
new 181f206 Fix incorrect cast.
new 161e324 Fix issue #218
new 3bc5efd Error message instead of triggering assertion on certain syntax errors
new 6869686 Remove debugging statement.
new 82a4212 Fix segfaults in PE module
new 86d991e Add new instructions for working with doubles.
new bbc0ae6 Merge branch 'master' into resource_name_and_entropy
new a5e0f8f Remove unused macros.
new 963b1a5 Add a DO_CASTS macro.
new efa92a6 Forgot to commit this in previous one.
new 6e6b906 Implement get_double().
new f3b9bd3 Merge pull request #215 from wxsBSD/resource_name_and_entropy
new 4a354cf More coherent instruction names
new 682d4d4 Rename CLEANUP macro to a more meaningful name
new 133df5c Fix minor style issues
new 6bb131d Fix regression issue
new 4e4b784 Add offset to resources and switch to length.
new d5b071c Remove "data" from resources.
new d84e0f9 Merge pull request #224 from wxsBSD/entropy2
new 1e28720 Start to rename entropy to math.
new 37ab9a3 Rename module.
new 912bf6c Simplify grammar.y by introducing yr_parser_reduce_operation function
new fd20014 Small improvements in exec.c
new 3149381 Implement operators >=, >, <, <= for strings
new 9784167 Add test cases for string comparison operators and floating point arithmetic operations
new d9f7e2c Fix bug in multiplication
new 45352ea Remove dead code (issue #225)
new 2fcfa86 Implement a cleaner solution to push_dbl and pop_dbl and avoid warnings.
new 65437b5 Check for math library in configure.ac
new befaa7c Add arithmetic mean and abs/fabs.
new e880c59 Merge branch 'master' of https://github.com/plusvic/yara into entropy_rename
new a761daf Implement serial correlation.
new df8d49d Implement Monte Carlo from Pi test.
new e98e08d Remove fabs() and abs().
new bb6bb84 Fix issue with undefined floating points values
new c2a4d45 Rename break_if_undefined to ensure_defined
new e275dcb Check function arguments for undefined values before calling the function.
new d2044aa Implement a function to check for undefined values. Minor improvements in PE module.
new f2f206c Re-implement valid_on using new is_undefined function
new ea84299 Change to "mean_err" and make it take an expected value.
new e8047b1 Implement mean_deviation.
new 4f8a039 Implement declare_double() and set_double().
new 35fa585 Define MEAN_BYTES as 127.5.
new 6e1f6ca Move from mean_err() to just mean().
new 65cff67 Rename to just deviation().
new a563875 Implement in_range(), which is inclusive.
new e6ff7e5 Merge branch 'master' into entropy_rename
new 4062f05 Remove IS_UNDEFINED checks after e275dcb6.
new 2e24d70 Add all known Machine types.
new a8d6eea Use the OptionalHeader.Magic value.
new 134fceb Stop using UINT_TO_PTR macro
new 9890eb4 Fix warning due to declaration inside switch statement
new 0e652fb Merge pull request #227 from wxsBSD/entropy_rename
new 03b7055 Remove unused variable
new 4f5c657 Minor style changes
new a208f42 Simplify serial correlation functions.
new 5b117b6 Add support for negative numbers
new af80d46 Handle negative array indexes correctly
new ba91e84 Fix warning due to uninitialised variable with certain compilers
new 962d5df Fix warning due to uninitialised variable with certain compilers
new 9d1c14a Fix bug while handling negative integers
new 100405e Merge branch 'master' into issue_231
new da309b7 Penalize spaces and newlines in strings
new 2705515 Include terminating NULL character in strings written to sz_arena
new 6b6b771 Comment previous change
new b019227 Fix bug while handling dictionary objects
new e378aa1 Fix previous commit, the operation should be decrement instead of increment
new 35f0961 Merge branch 'master' into issue_231
new 334bd1a Add support for pkg-config
new 111133d Rename double to float
new f1fe727 Fix issues with previous commit
new c1cf3df Merge branch 'master' into issue_231
new 0bd0fa9 Add section characteristics.
new e82821d Remove extra semicolon
new 3b87282 Implement section_index_addr().
new cfbe125 Remove old line I was using for debugging.
new f4b4ad1 No need to add image_base.
new b3d1df4 Use virtual_address and virtual_size when scanning memory.
new 7f7487d Expose new constants in PE module.
new 9a282e6 Remove unused integers.
new b8cfec8 Add docs for new stuff.
new 81f3ae4 Remove "often", it's ambigious.
new 6daa528 fix: check return values of memory allocation functions
new 032c394 Update yarapython.rst
new 922ecec Fix 32BIT_MACHINE issue.
new fe0c3b9 Rename to MACHINE_32BIT.
new f382799 Update docs to reflect 32BIT_MACHINE change.
new 60e7e28 Merge pull request #244 from wxsBSD/issue_243
new a86dad9 Merge pull request #236 from SleuthKid/patch-1
new 6ac4fa5 Merge pull request #234 from wxsBSD/docs
new eccb434 Merge pull request #232 from wxsBSD/issue_231
new 73ebddb python: Add explicit library path
new d7ed1c0 Fix build on kFreeBSD
new aaefdb2 python: Fix crash when Python 3 cannot decode strings from tags or meta as UTF-8
new 81ec39e Fix crash on warnings when no compiler callback has been set.
new d502157 Merge pull request #241 from hillu/master
new 1a5c369 Comply with the 80 character per line style rule
new 7072092 Add missing underscore in function name
new 61be5ca Revert wrong attempt to fix issue #240
new b90e8b5 Allow to pass custom pointer to compiler callback as suggested in #220
new 25eab58 add radare2 to list of people using yara
new 1344b55 Merge pull request #245 from crowell/patch-1
new 9990a87 Fix incorrect version number in the documentation
new c0f94f6 versionadded: and versionchanged: directives must contain version numbers only
new 83f39b4 Fix copy/paste mistake in docs.
new 6cd9fad Implement unary minus operator
new 8ebfeee Fix bug in bitwise not (~) operator
new 925cc8b Make operator precedence compatible with the C language.
new 88f2ed7 Fix an off-by-one memory access
new 9198ce6 Implement \b and \B anchors in regexps
new 76fa8a2 Abbreviate code in re.c
new 63659a6 Merge pull request #247 from wxsBSD/doc_fix
new b6bccf3 Fix issue #249
new 5c8007c Declare loop variables in the "for" statement
new d16e628 Remove unused functions
new 4d00494 Fix issue with strtoll when compiling in Windows
new d6c4f83 Add some definitions missing in older versions of WinNT.h
new 5d9a69d Don't use stdbool.h as it doesn't exists in VC++
new d0a9aef Implement log2 function for VC++
new 964a797 Avoid warning due to ambiguous call to overloaded log()
new fbb48a4 Implement yr_filemap_map_ex
new a546391 Fix some issues with latest changes in filemap functions in Windows
new 88a0417 Add missing definitions in Windows
new 8986478 Update Windows project
new 137981f Merge pull request #235 from pozdnychev/check-allocation
new a5d77f3 Improve error handling in atoms.c
new 2c1c67c Improve error handling in low memory conditions
new febeaa2 Fix a segfault under low memory conditions
new ff789c0 pe_utils.c: Add missing include for defining struct tm
new 3474bd7 yara-python/tests.py: Add missing f.close() to avoid warning
new afa5344 Merge pull request #251 from hillu/python3-test-fix
new 73f1447 Merge pull request #250 from hillu/mingw-cross-fix
new d0cabe7 Merge pull request #233 from wxsBSD/section_characteristics
new 2540594 Don't show bug report message when printing version information
new 59974ef Set version number to 3.3.0
new 1a0a898 Update documentation
new b0d0494 Merge pull request #228 with some improvements
new a78f4c9 Define section characteristics constants as they appear in winnt.h
new 7af1706 Fix issue #237
new d1fa24b Fix buffer overrun
new e55f989 Implement float external variables
new 93f9ff9 Disable warnings due to deprecated functions
new 4c0cdf9 Include version numbers in header files (issue #221)
new 0173d3a Replace CreateFile with CreateFileA (issue #205)
new 6468404 Fix an issue with test cases in Python 3.x
new 7fa2c1f Update Windows project
new ec05041 Merge branch 'master' of https://github.com/plusvic/yara
new 83d531c Update man pages
The 542 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list