security/yara: Update to 3.11.0

Coordinated with leot@ and he@ while investigating CVE-2019-19648.

The changes listed for this version include:

 * Duplicated string modifiers are now an error.
 * More flexible xor modifier.
 * Implement private strings (#1096)
 * Add field_offsets to dotnet module.
 * Implement crc32 functions in hash module.
 * Improvements to rich_signature functions in pe module.
 * Implement sandboxed API using SAPI
 * BUGFIX: Some regexp character classes not matching correctly when used with nocase modifier (#1117)
 * BUGFIX: Reduce the number of ERROR_TOO_MANY_RE_FIBERS errors for certain hex pattern containing large jumps (#1107)
 * BUGFIX: Buffer overrun in dotnet module (#1108)
 * BUGFIX: Segfault in certain Windows versions (#1068)
 * BUGFIX: Memory leak while attaching to a process fails (#1070)

Changes for version 3.10.0:

 * Optimize integer range loops by exiting earlier when possible.
 * Cache the result of PE module's imphash function in order to improve performance.
 * Harden virtual machine against malicious code.
 * BUGFIX: xor modifier not working as expected if not accompanied by ascii (#1053).
 * BUGFIX: \s and \S character classes in regular expressions now include vertical tab, new line, carriage return and form feed characters.
 * BUGFIX: Regression bug in hex strings containing wildcards (#1025).
 * BUGFIX: Buffer overrun in elf module.
 * BUGFIX: Buffer overrun in dotnet module

Changes for version 3.9.0:

 * Improve scan performance for certain strings.
 * Reduce stack usage.
 * Prevent inadvertent use of compiled rules by forcing the use of -C when using yara command-line tool.
 * BUGFIX: Buffer overflow in "dotnet" module.
 * BUGFIX: Internal error when running multiple instances of YARA in Mac OS X. (#945)
 * BUGFIX: Regexp regression when using nested quantifiers {x,y} for certain values of x and y. (#1018)
 * BUGFIX: High RAM consumption in "pe" module while parsing certain files.(0c8b461)
 * BUGFIX: Denial of service when using "dex" module. Found by the Cisco Talos team. (#1023)
 * BUGFIX: Issues with comments inside hex strings.

Changes for version 3.8.1:

 * BUGFIX: Some combinations of boolean command-line flags were broken in version 3.8.0.
 * BUGFIX: While reporting errors that occur at the end of the file, the file name appeared as null.
 * BUGFIX: dex module now works in big-endian architectures.
 * BUGFIX: Keep ABI compatibility by keeping deprecated functions visible.

Changes for version 3.8.0:

 * Scanner API
 * New xor modifier for strings
 * New fields and functions in PE module.
 * Add functions min and max to math module.
 * Make compiled.
 * yara and yaracsupport reading rules from stdin by using - as the file name.
 * Rule compilation is faster.
 * BUGFIX: Regression in regex engine. /ba{3}b/ was matching baaaab.
 * BUGFIX: Function yr_compiler_add_fd() was reading only the first 1024 bytes of the file.
 * BUGFIX: Wrong calculation of sha256 hashes in Windows when using native crypto API.
 * Lots of more bug fixes.

Changes for version 3.7.1:

 * Fix regression in include directive (issue #796)
 * Fix bug in PE checksum calculation causing wrong results in some cases.

security/yara/Makefile.common

@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.11 2017/11/15 18:22:22 he Exp $
+# $NetBSD: Makefile.common,v 1.12 2019/12/14 10:46:08 khorben Exp $
 #
 # used by security/yara/Makefile
 # used by security/py-yara/Makefile
 
-VERSION=	3.7.0
+VERSION=	3.11.0
 GITHUB_TAG=	v${VERSION}
 
 MAINTAINER=	khorben@defora.org

security/yara/PLIST

@@ -1,10 +1,11 @@
-@comment $NetBSD: PLIST,v 1.5 2017/11/15 18:22:22 he Exp $
+@comment $NetBSD: PLIST,v 1.6 2019/12/14 10:46:08 khorben Exp $
 bin/yara
 bin/yarac
 include/yara.h
 include/yara/ahocorasick.h
 include/yara/arena.h
 include/yara/atoms.h
+include/yara/bitmask.h
 include/yara/compiler.h
 include/yara/error.h
 include/yara/exec.h
@@ -22,7 +23,10 @@ include/yara/proc.h
 include/yara/re.h
 include/yara/rules.h
 include/yara/scan.h
+include/yara/scanner.h
 include/yara/sizedstr.h
+include/yara/stack.h
+include/yara/stopwatch.h
 include/yara/stream.h
 include/yara/strutils.h
 include/yara/threading.h

security/yara/distinfo

@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.11 2017/11/15 18:22:22 he Exp $
+$NetBSD: distinfo,v 1.12 2019/12/14 10:46:08 khorben Exp $
 
-SHA1 (yara-3.7.0.tar.gz) = 89fd429bf40db1039c0a3ff7cd94d79ec450c024
-RMD160 (yara-3.7.0.tar.gz) = 069f9815ead81ebf2be3151b14a4fcc3046770d7
-SHA512 (yara-3.7.0.tar.gz) = cd0214d39c6d1c5bc8410a1ec67e42ec8a672be382fb11e0a0f98cb03af1ef5db92e74216a9b98a6bdedf9721d4470639e340edbd39ca0184233652839742a33
-Size (yara-3.7.0.tar.gz) = 558035 bytes
-SHA1 (patch-common.h) = 199ab70fb828124e07ae51a467ed50ad95f2b616
-SHA1 (patch-libyara_modules_pe.c) = db69a250dabc9a074cd17c795e7b0d117b2585bf
+SHA1 (yara-3.11.0.tar.gz) = 81a243423352d66f5ec0cb657098c27f035cd164
+RMD160 (yara-3.11.0.tar.gz) = 18f28d9c6cface071f2526ca7d7c64a0b3a848f9
+SHA512 (yara-3.11.0.tar.gz) = 26d800284a2de07195e4a480eb7125b1f5ad0265b284bfbeee10dbab162ea0f419c9e2ea5c4ed5fa25a46a2c9e3c6b077dfe1cafece79251e20d5d70f91b80a8
+Size (yara-3.11.0.tar.gz) = 772122 bytes
+SHA1 (patch-common.h) = d85b8be6ee384630f8e1b7ffc3c126f25d13e956
+SHA1 (patch-libyara_libyara.c) = 3be4325f344676cc490ff262483b76fab4b080fa
+SHA1 (patch-libyara_re.c) = 4376d943b32fc0e13cb2b4ced99467da1f263da0
 SHA1 (patch-libyara_re__lexer.l) = 169802090dd922f06d8c32a0d1ea5409cf660f61

security/yara/patches/patch-common.h

@@ -1,31 +0,0 @@
-$NetBSD: patch-common.h,v 1.1 2017/11/15 18:22:22 he Exp $
-
-Ensure we adhere to valid value domain for isxxxx() function/macro.
-
---- common.h.orig	2017-11-10 11:21:21.000000000 +0000
-+++ common.h
-@@ -86,7 +86,7 @@ int is_integer(const char *str)
- 
-   while(*str)
-   {
--    if (!isdigit(*str))
-+    if (!isdigit((unsigned char)*str))
-       return FALSE;
-     str++;
-   }
-@@ -114,7 +114,7 @@ int is_float(const char *str)
- 
-       has_dot = TRUE;
-     }
--    else if (!isdigit(*str))
-+    else if (!isdigit((unsigned char)*str))
-     {
-       return FALSE;
-     }
-@@ -125,4 +125,4 @@ int is_float(const char *str)
-   return has_dot; // to be float must contain a dot
- }
- 
--#endif
-\ No newline at end of file
-+#endif

security/yara/patches/patch-libyara_libyara.c

@@ -0,0 +1,15 @@
+$NetBSD: patch-libyara_libyara.c,v 1.1 2019/12/14 10:46:08 khorben Exp $
+
+Ensure we adhere to valid value domain for isxxxx() function/macro.
+
+--- libyara/libyara.c.orig	2019-10-10 11:10:50.000000000 +0000
++++ libyara/libyara.c
+@@ -138,7 +138,7 @@ YR_API int yr_initialize(void)
+     else
+       yr_altercase[i] = i;
+ 
+-    yr_lowercase[i] = tolower(i);
++    yr_lowercase[i] = tolower((unsigned char)i);
+   }
+ 
+   FAIL_ON_ERROR(yr_heap_alloc());

security/yara/patches/patch-libyara_modules_pe.c

@@ -1,15 +0,0 @@
-$NetBSD: patch-libyara_modules_pe.c,v 1.1 2017/11/15 18:22:22 he Exp $
-
-Ensure we adhere to valid value domain for isxxxx() function/macro.
-
---- libyara/modules/pe.c.orig	2017-11-10 11:21:21.000000000 +0000
-+++ libyara/modules/pe.c
-@@ -1673,7 +1673,7 @@ define_function(imphash)
-       // Lowercase the whole thing.
- 
-       for (i = 0; i < final_name_len; i++)
--        final_name[i] = tolower(final_name[i]);
-+        final_name[i] = tolower((unsigned char)final_name[i]);
- 
-       yr_md5_update(&ctx, final_name, final_name_len);
- 

security/yara/patches/patch-libyara_re.c

@@ -0,0 +1,23 @@
+$NetBSD: patch-libyara_re.c,v 1.1 2019/12/14 10:46:08 khorben Exp $
+
+Ensure we adhere to valid value domain for isxxxx() function/macro.
+
+--- libyara/re.c.orig	2019-10-10 11:10:50.000000000 +0000
++++ libyara/re.c
+@@ -2063,14 +2063,14 @@ int yr_re_exec(
+ 
+         case RE_OPCODE_DIGIT:
+           prolog;
+-          match = isdigit(*input);
++          match = isdigit((unsigned char)*input);
+           action = match ? ACTION_NONE : ACTION_KILL;
+           fiber->ip += 1;
+           break;
+ 
+         case RE_OPCODE_NON_DIGIT:
+           prolog;
+-          match = !isdigit(*input);
++          match = !isdigit((unsigned char)*input);
+           action = match ? ACTION_NONE : ACTION_KILL;
+           fiber->ip += 1;
+           break;