90d1d13438
Coordinated with leot@ and he@ while investigating CVE-2019-19648. The changes listed for this version include: * Duplicated string modifiers are now an error. * More flexible xor modifier. * Implement private strings (#1096) * Add field_offsets to dotnet module. * Implement crc32 functions in hash module. * Improvements to rich_signature functions in pe module. * Implement sandboxed API using SAPI * BUGFIX: Some regexp character classes not matching correctly when used with nocase modifier (#1117) * BUGFIX: Reduce the number of ERROR_TOO_MANY_RE_FIBERS errors for certain hex pattern containing large jumps (#1107) * BUGFIX: Buffer overrun in dotnet module (#1108) * BUGFIX: Segfault in certain Windows versions (#1068) * BUGFIX: Memory leak while attaching to a process fails (#1070) Changes for version 3.10.0: * Optimize integer range loops by exiting earlier when possible. * Cache the result of PE module's imphash function in order to improve performance. * Harden virtual machine against malicious code. * BUGFIX: xor modifier not working as expected if not accompanied by ascii (#1053). * BUGFIX: \s and \S character classes in regular expressions now include vertical tab, new line, carriage return and form feed characters. * BUGFIX: Regression bug in hex strings containing wildcards (#1025). * BUGFIX: Buffer overrun in elf module. * BUGFIX: Buffer overrun in dotnet module Changes for version 3.9.0: * Improve scan performance for certain strings. * Reduce stack usage. * Prevent inadvertent use of compiled rules by forcing the use of -C when using yara command-line tool. * BUGFIX: Buffer overflow in "dotnet" module. * BUGFIX: Internal error when running multiple instances of YARA in Mac OS X. (#945) * BUGFIX: Regexp regression when using nested quantifiers {x,y} for certain values of x and y. (#1018) * BUGFIX: High RAM consumption in "pe" module while parsing certain files.(0c8b461) * BUGFIX: Denial of service when using "dex" module. Found by the Cisco Talos team. (#1023) * BUGFIX: Issues with comments inside hex strings. Changes for version 3.8.1: * BUGFIX: Some combinations of boolean command-line flags were broken in version 3.8.0. * BUGFIX: While reporting errors that occur at the end of the file, the file name appeared as null. * BUGFIX: dex module now works in big-endian architectures. * BUGFIX: Keep ABI compatibility by keeping deprecated functions visible. Changes for version 3.8.0: * Scanner API * New xor modifier for strings * New fields and functions in PE module. * Add functions min and max to math module. * Make compiled. * yara and yaracsupport reading rules from stdin by using - as the file name. * Rule compilation is faster. * BUGFIX: Regression in regex engine. /ba{3}b/ was matching baaaab. * BUGFIX: Function yr_compiler_add_fd() was reading only the first 1024 bytes of the file. * BUGFIX: Wrong calculation of sha256 hashes in Windows when using native crypto API. * Lots of more bug fixes. Changes for version 3.7.1: * Fix regression in include directive (issue #796) * Fix bug in PE checksum calculation causing wrong results in some cases. |
||
|---|---|---|
| .. | ||
| patches | ||
| buildlink3.mk | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| Makefile.common | ||
| PLIST | ||