[Forensics-changes] [yara] tag v3.2.0 created (now 344d27a)
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:33:35 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a change to tag v3.2.0
in repository yara.
at 344d27a (commit)
This tag includes the following new commits:
new 4dc0442 Fix issue with ^ anchor in regular expressions used with "matches" operator. Make yr_re_exec easier to read.
new 345bf84 Fix bug in yr_re_exec logic
new 372ce64 Fix warning about uninitialized variable
new 24d001d Fix buffer overflow
new c9d6d93 Fix bug causing segmentation fault when using nested loops
new 9cae43b Add test case for nested loops
new f22999b Enable optimization settings
new e87621b Fix typo
new a5736f9 Add Bayshore Networks to "Who's using YARA"
new 74ca113 Fix issue #127
new bfe9980 Fix segmentation fault caused by invalid characters in regular expressions.
new 08c8456 Fix bug in regular expression engine causing false negative matches
new f1999cb Fix bug while handling nested includes
new 01bb023 Add ThreatStream to "who's using YARA"
new 74a7e4e Fix issue #131
new 67eb56c Fix bug introduced in commit 08c8456a0728522b347e936f66b98676a890cd09
new efd5b45 Remove unused prototype.
new 79304f3 Fix issue caused by regexp code spanning over non-contiguous arena pages
new 0ce0d33 Adjust value for RE_MAX_CODE_SIZE
new cb4d544 Fix minor issues in arena.c
new 3216460 Minor style fixes
new 89cde68 Implement profiling support
new f0e80c7 Fix wrong #ifdef
new 035b2a2 Avoid segfault while scanning some processes in Windows
new ee6289b Increment initial arena sizes to reduce the number of memory allocations
new e13a5bc Merge pull request #134 from wxsBSD/master
new af78ed3 Add Fox-IT to "who's using YARA"
new f884da4 Update README.md
new f6d91d7 Fix issue with files larger than 4GB
new 13096f3 Merge pull request #137 from kcreyts/patch-2
new f40567a Add Blue Coat to "Who's using YARA"
new a890012 Implement modules support
new bd40304 Add subdir-objects to automate options
new 1d65669 Fix bug caused by missing flags initialisation while splitting a regular expression
new 51aeb0e Fix issue with undefined strings
new f81eeaf Fix bug in yara-python
new fcc71e0 Remove unnecessary code
new 3344ada Fix issues with includes
new 3773bb1 Fix bug in yara-python causing segmentation faults
new 7690f84 Rename YR_EVALUATION_CONTEXT to YR_SCAN_CONTEXT and some other minor changes
new d907fdd Rename YR_EVALUATION_CONTEXT to YR_SCAN_CONTEXT and some other minor changes
new 26c456d Add more test cases
new 65170ff Remove unnecessary file
new f5c045a Calculate pe.entry_point value differently for file and process memory scans
new 82b2c61 Rename token SIZE to FILESIZE to avoid conflicts with windef.h in Windows
new 7857a47 Put leading and trailing underscores to tokens, to avoid conflicts with other types and macros
new 609ee5a Add missing includes in Windows
new 6a11508 Fix compilation in Windows
new b41d264 Add missing Jansson files
new a9dd9e4 Fix bug in PE module caused by misplaced break
new b056a7d Fix bug in Window's version of is_directory function
new f609e10 Set multi-byte character set for Windows projects
new b0b3c7f Fix problem with string matches offsets not being treated as virtual addresses while scanning a process
new c864034 Setup new documentation
new 86b09b4 Rename modules/list to modules/module_list
new 7fdcb84 First draft of documentation
new a9fd7f2 Replace uint8_t* type with RE_CODE for regular expression code
new 044be47 Add demo module
new c285e54 Add string_array macro to modules.h
new 4ff1b48 Add more tests and remove unnecessary #undef directives
new 0780c6e Fix issue with documentation config in readthedocs.org
new 3c577a7 Update documentation and remove old one
new 912bb62 Add first_memory_block macro
new a8ddf6f Update documentation
new 2f16c3a Make scan context accesible to module functions
new 9575382 Update documentation
new b86ef21 Implement exports() function in PE module and add support for 64-bit PEs
new c4ae098 Implement imports() function and other small changes in PE module
new 0c1a27a Rename self() to parent() and add module() to module's API
new f3e8b0f Update documentation
new 8552b47 Add test case for functions in modules
new 077fba2 Add Blueliv and Adlice to "Who's using YARA"
new 1387428 Remove dmalloc from config.h
new e33266d Fix issues with parent() in Cuckoo module
new f8fd52d Enable optimisations by default
new 285d538 Fix warning about uninitialised variable and add assert
new ec5eb9f Bug fix: Start of string anchor (^) not working properly with wide strings
new 7958ed4 Add extern "C" directive to yara.h
new 6751779 Raise warning when the deprecated "entrypoint" keyword is used
new 70852a8 Add declare_ prefix declaration macros to avoid collision with type "string" in C++
new 425dade Implement yr_compiler_set_callback
new 92e1c36 Rename YR_COMPILER_CALLBACK to YR_COMPILER_CALLBACK_FUNC
new d06a778 Remove yr_compiler_push_file_name from the public API
new ba112e0 Update documentation
new 57ef744 Fix issue #147
new 33bd8fd Fix issue #148 by asserting that yr_compiler_get_rules was not called before yr_compiler_add_file/yr_compiler_add_string
new d75fc00 Change some "char*" to "const char*"
new d972eed Update exported symbols
new 6d1a26b Implement iteration macros
new 8e869c6 Replace fast_scan_mode boolean argument with flags for greater flexibility in the future
new 91f4e74 Update documentation
new c195f6f Update documentation
new 37bdd55 Fix typo
new 542c955 Document the command-line -x option in the man page and add example to documentation
new 35d9ce6 Release version 3.0.0
new 8cc6a99 Add missing patch version
new 8e85126 Fix some issues while compiling in Windows
new dcf80f7 Update version number in documentation
new 36dadb0 Update writingmodules.rst
new 48c43c5 Merge pull request #151 from corumir/patch-1
new a9db0ea Update documentation
new 2eaafa8 Fix buffer overrun in PE module
new 2dd8274 Improve buffer bounds checking in PE module
new e6db404 Fix non-escaped characters in documentation
new 3b5ddd0 Replace WIN32 with _WIN32. The latest is defined by the compiler and doesn't need to be defined externally.
new 797c485 Show appropriate error message when importing an unknown module
new 68d8a49 Fix issue #157
new 5274d45 Added Homebrew installation instructions.
new 500e588 Merge pull request #158 from sroberts/patch-1
new 7b3f904 Remove reference to yara-python installation with PIP
new d5ed62e Implement module_initialize and module_finalize
new f56608c Improve error handling
new 1c5ac31 Fix issues introduced in yara-python
new 75139e2 Handle zero-length files as normal files and remove zero-length errors.
new 5e3282b Fix some warnings
new 2d04878 Improve error reporting when a function is called with wrong number of arguments
new a22f289 Accept functions without arguments
new ac87a92 Fix double invocation side-effect when passing a function to return_string() macro, like in return_string(f(...))
new 61f517d Implement "magic" module based on Armin Buescher's original idea.
new f329724 make 'dns_lookup' usable
new 0de8878 Merge pull request #161 from billmarczak/master
new bc3bc53 Fix issues with Bison 3.0
new a7c1dc2 Fix issues with Bison 3.0
new 174cda2 Homogenize newlines at the end of files
new 829348a Add missing newlines at the end of files
new b274520 added new libyara headers to yarainclude_HEADERS
new 689c41d Merge pull request #163 from swdunlop/master
new a85a72f Use strlcat, strlcpy, and snprintf instead of strcat, strcpy and sprint to avoid warning in OpenBSD
new 8df08b8 Use strlcat, strlcpy, and snprintf instead of strcat, strcpy and sprint to avoid warning in OpenBSD
new d196b97 Provide an implementation for strlcat and strlcpy and use them where appropriate
new 87df834 Fix bug introduced in previous commit
new 3daf2bd Update the documentation
new ffc0a33 Replace WIN32 with _WIN32
new 03b015e Don't generate debug information for release version
new 3462b7f Release version 3.1.0
new 9c71ec1 Update README file
new 356e013 Remove unnecessary files
new a6ad94b Add config.h for Windows
new 41493c9 Fix #164
new 80b340b Fix issue #165 by reorganizing header files
new 1ed3d39 Fix wrong file name in Makefile.am
new 6d2dee1 Fix wrong file name in hex_lexer.h
new 8b51e22 Fix wrong includes
new 3f97c63 Fix wrong includes
new 0cbd3d2 Add missing include
new d6b4afe Add missing include
new c9622ab Implement ELF module
new ab30621 Document ELF module
new 1bbc215 Return error when declaring duplicated structure members
new cbd096f Fix typo. "Duplicated" instead of "duplicate".
new 367b0ea Implement resources parser and language identification in PE module
new a5a8b51 Improve scanning speed by matching certain strings only at fixed offsets
new 4a0e558 Fix bugs in previous commit
new 76dee58 Fix issue #169
new b0b592d Fix issue #171
new 0bff066 Implement dictionaries
new b746e50 Implement .version_info dictionary in PE module
new b82ad28 Add Tanium to the "who's using YARA" list
new cd54bea Fix "duplicate structure member" error in elf.
new 39fcd4a Merge pull request #174 from wxsBSD/elf_fix
new 4a73f8b Start to implement rich_signature.
new 4c08d65 Implement rule iterators.
new 430b941 Implement "matches" for strings.
new 2446f23 Merge pull request #175 from wxsBSD/rule_iter
new 903ba46 Remove dead code.
new 72f0cc5 Implement overloaded functions
new f002d92 Implement "locale" function in PE module and improve buffer bounds checking
new 80eeb8e Implement module data printing
new 81ff989 Fix issues in PE module
new b85adb0 Add 'begin_struct_dictionary' and 'end_struct_dictionary'
new 97ea49c Update documentation
new a8eccdd Fix typos
new 7a83bd9 Fix uninitialized variable warning
new 86ec8c7 Fix uninitialized variable warning
new 77082a6 Merge branch 'master' into richpe
new 55c6c83 Use IMAGE_FILE_MACHINE_AMD64 appropriately.
new f4b2c31 Use IMAGE_FILE_MACHINE_AMD64 appropriately.
new 6a1c56a Merge pull request #178 from wxsBSD/IMAGE_FILE_MACHINE_AMD64
new 55ee00d Implement yr_rules_foreach and use it where appropriate
new 5ae1a05 Update documentation
new 1b48ae8 Merge branch 'master' into richpe
new 2a61599 Revert string_argument being SIZED_STRING.
new a25f996 Chase string_argument revert.
new 9dea8c6 Use ACX_PTHREAD macro for configuring PTHREADS
new d15585f Fix issue #180
new c8d9821 Fix warning due to uninitialized variable
new 5ade2bf Fix warning due to a wrong format specifier for printf
new 1c8b82e Use calloc() instead of malloc().
new 6df98c0 Implement import hashing.
new 3c95eca Merge branch 'master' into richpe
new c31b756 Fix missing IMAGE_FILE_MACHINE_AMD64.
new 8f3866f Use -lcrypto.
new 9c00c3d Remove comment that is OBE.
new fd30212 Remove comment that is OBE.
new bf6ce6a Pass length of string properly.
new a19faec Fix comment.
new 4db20e7 Improve ACX_PTHREAD usage
new 0763b7a Fix issue #181
new 9f7a178 Fix segfault in yara-python
new c20bac2 Rename cur_rule to iter_current_rule
new 5ed3203 Improve detection of strings slowing down the scanning
new c80a56b Improve atom quality calculation
new 7e99c64 Fix bugs while parsing PE version information
new 362c667 Switch from using OpenSSL to stand-alone MD5.
new cde939e Merge branch 'master' into richpe
new 719995c Fix early returns.
new 21cc617 Add some sanity checks to resources iteration routine in PE module
new f37e97e Improve atom quality calculation
new e5369ca Avoid stack overflow
new ff6646c Implement sha256 of rich signature.
new 4a65288 Merge branch 'master' into richpe
new 55c0280 Remove unnecessary assignment.
new f3722ba Fix one-byte overflow.
new ae6f8a4 Declare lexers as never-interactive
new ce43573 hash module
new 09b306f Fix multiple warnings when compiling as C++
new c2a36b6 Fix multiple warnings when compiling as C++
new 4f3c9a0 Fix pe.h
new 88a25d2 Function 'input' is called 'yyinput' in C++
new ce8f8c4 Remove DirectoryEntries from IMAGE_RESOURCE_DIRECTORY
new 925da0d Add YR_API macro for declaring functions as extern "C" in C++
new f698147 Fix minor issues while compiling in Windows
new d4e5eb8 Fix warnings in while compiling in C++
new 5af437a Update Visual Studio projects to use C++ instead of C compiler
new c82cc9e Merge pull request #183 from karlhiramoto/hash
new b34c0db Fix minor style issues in modules/hash.c
new c9fd5ab Fix copy/paste mistake.
new a9d7b78 Merge branch 'master' into richpe
new c0c1761 Add Wesley Shields to AUTHORS and CONTRIBUTORS
new 7afe1c3 Merge branch 'master' into richpe
new bf5a1e4 Implement yr_calloc() and switch yr_malloc() back.
new 8b56f40 Address concerns around set_string().
new 0820967 Merge pull request #184 from wxsBSD/richpe
new 3a8bd42 Fix issues with pull request #184
new 326c09f Comply with YARA's style
new 2338e6c Use OpenSSL to calculate hashes and change prototypes for "richhash" and "imphash"
new 95c8160 Refactor parse_imports to to reduce complexity and indentation levels
new 2fe67ce Homogenize comments
new 6e1b851 Fix build on OS X.
new ea89d01 Merge pull request #185 from wxsBSD/pe_parse_imports_fix
new 77ad1e7 Fix a copy/paste mistake in richhash.
new 10d1c97 Merge pull request #186 from wxsBSD/length_fix
new 561f61e Replace htonl with bigendian macro
new fda7ef9 Remove unused variable
new 3ea3db2 Fix misplaced constants
new 50f598d Start to implement certificate parsing.
new a1fe3e1 Cleanup comments, fix leaks, etc.
new fbafd23 Remove old comment.
new f9fbd86 Issue warning on regular expressions containing .*
new c815301 Minor improvements in PE module
new d3f2707 Add missing include
new 2b73387 Merge branch 'master' into authenticode
new 96e6d9e Implement yr_strndup
new df87f7e Fix possible buffer overrun
new a7ce07e Remove references to "aprintf" and fix a memory leak
new cdadb9e Fix warning
new 1c0968d Fix wrong boundaries check causing segfault
new 7e3156f Fix serial handling.
new a89b293 Merge branch 'master' into authenticode
new 3797107 Fix a NULL ptr deref.
new d8b14f6 Merge branch 'null_ptr_fix' into authenticode
new a679710 imphash returns a string.
new 97faa69 Merge branch 'null_ptr_fix' into authenticode
new a2eef63 Properly calculate the next certificate entry.
new bd6dac6 Merge pull request #188 from wxsBSD/null_ptr_fix
new 195a022 Merge branch 'master' into authenticode
new 7c2d090 Fix some bugs.
new b2e9cd0 Fix length check. The docs are confusing.
new 5c32607 Add extra comment explaining why this check most likely fails.
new 88624bc Make length check bounded to directory.
new d8a2bc2 Cleanup bounds checks and comments.
new 0f26410 IMAGE_SECURITY_DESCRIPTOR -> WIN_CERTIFICATE
new a6f3e43 Fix comparisons.
new e9ba9c2 Remove unnecessary code.
new 438430a Add Trend Micro to "who's using YARA" list
new 3939b90 Merge branch 'master' into authenticode
new 4be9088 Implement signature as an array.
new fe83cf1 Fix bug where array length was off by one.
new 1e04878 Conditionalize the counter decrementing.
new 86db33c Pluralize "signature" and use "number_of_signatures"
new 6fc5eed Use not_before and not_after.
new b89c211 Track ASN1_TIME structures in a list.
new 5aa4262 Free stack of certs.
new aaee659 Detect presence of OpenSSL library and build accordingly
new a2d920a Merge branch 'master' into authenticode
new 62d8318 Fix some warnings and errors while compiling on Windows
new d2b98fe Implement "memmem" function and fix minor style issues
new deff68d Add missing semicolon
new c8b74ed Fix warning
new 5ba87be Add OpenSSL to Windows project
new 0d4d719 Fix bug in overloaded functions
new a039141 Replace tabs with spaces
new 3c4b246 Fix issue with functions declared in a structure contained in an array
new 083ec11 Merge branch 'master' into authenticode
new 9057a81 Adhere to upstream style.
new 3e260f3 Fix issue #195
new f901baa Fix warning caused by comparison between integer and pointer
new ccd52bc Fix string_argument macro to correctly handle SIZED_STRINGs
new 557aa9a Add test case for functions receiving strings
new 592d2ff Merge branch 'master' into authenticode
new 9214193 Implement overloaded not_before() and not_after().
new b5a4229 Fix problem from cherry-picked commit.
new b86a6f6 Return error if hex strings are too long
new 7f31078 Merge branch 'master' into authenticode
new 8c1ce59 Use HAVE_LIBCRYPTO.
new 10d6554 Make not_before and not_after be integers.
new c8f03ac Implement valid_before() and valid_after().
new 9a70c64 Implement valid_on().
new eafd5b5 Merge pull request #191 from wxsBSD/authenticode
new dda6c74 Move utility functions out of pe.c and other minor changes
new 5f39dcc Use statically allocated buffer with X509_NAME_online.
new bcabb68 Simplify the serial number length computation
new 3455dc7 Fix wrong identifier
new 0e67efe Remove unnecessary counter decrement
new 59b643b Remove unnecessary call to BIO_set_close, BIO_CLOSE flag is set by default
new 42236e6 Fix some possible memory leaks
new 4344883 Add Metaflows to "who's using YARA"
new 65403b5 Change some char* to const char*
new 88088c0 Check for memmem function during configuration
new 93cce90 Add missing define
new 7bf0c83 Fix bug in "imports" function of PE module
new 46fee1a Improve sanity checks in pe_parse_certificates
new f678d4b Fix bug introduced in previous commit
new 987b81d Address an import parsing problem.
new 2dc3473 Merge pull request #197 from wxsBSD/import_fix
new 395daec Fix false positive in "fullword" matches when string is declared both "ascii" and "wide"
new 11c7825 Implement timegm for platforms not including it
new 1ab5a43 Make WIN_CERTIFICATE declaration available in Windows
new 2f31e89 Simplify "valid_on" function and remove "valid_before" and "valid_after"
new 400a62c Merge branch 'master' of https://github.com/plusvic/yara
new f006dc8 Fix incorrect handling of undefined boolean expressions in a for loop
new 0cd95ae Implement functions sha1 and sha256 in "hash" module
new 6832b36 Improve sanitation in PE module to avoid segfaults
new dd2afc6 Sanitise DLL names in import table and fix memory leak
new 5efae9c Improve DLL name validation by rejecting empty names
new ab2d2df Add big-endian versions for intXX and uintXX functions
new ac33844 Include "offset" and "length" in pe.rich_signature and remove "start"
new accf5e1 Add missing type check
new d79d7b6 Add missing type check
new 2d93221 Implement hash functions receiving string arguments
new 86c4afb Remove "hash" function from "rich_signature"
new d293513 Check for undefined arguments in hash functions
new 72136d8 Update documentation
new 72af49a Improve legibility of hash module
new 76bfdec Implement "checksum" function
new 3b2b9fd Update documentation
new f3edcf2 Improve syntax error recovery
new ba58fe2 Bump to version 3.2.0
new 5480ab8 Add missing library to setupwinXX.py
new 344d27a Increment ARENA_FILE_VERSION
The 350 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list