Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package yara for openSUSE:Factory checked in at 2021-10-30 23:13:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yara (Old) and /work/SRC/openSUSE:Factory/.yara.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yara" Sat Oct 30 23:13:55 2021 rev:13 rq:928229 version:4.1.2 Changes: -------- --- /work/SRC/openSUSE:Factory/yara/yara.changes 2021-06-06 22:40:52.903422181 +0200 +++ /work/SRC/openSUSE:Factory/.yara.new.1890/yara.changes 2021-10-30 23:14:42.339102251 +0200 @@ -1,0 +2,8 @@ +Sat Oct 16 12:18:49 UTC 2021 - Dirk M??ller <[email protected]> + +- update to 4.1.2: + * BUGFIX: TOO_MANY_MATCHES warning was causing strings to be globally disabled + * BUGFIX: fullworld modifier not working as expected in Mac OS due to locale issue + * BUGFIX: Default value for pe.number_of_imported_function not set to 0 + +------------------------------------------------------------------- Old: ---- yara-4.1.1.tar.gz New: ---- yara-4.1.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yara.spec ++++++ --- /var/tmp/diff_new_pack.GMZpmm/_old 2021-10-30 23:14:42.727102564 +0200 +++ /var/tmp/diff_new_pack.GMZpmm/_new 2021-10-30 23:14:42.731102567 +0200 @@ -18,12 +18,12 @@ %define soname 8 Name: yara -Version: 4.1.1 +Version: 4.1.2 Release: 0 Summary: A malware identification and classification tool License: Apache-2.0 Group: System/Filesystems -URL: https://plusvic.github.io/yara/ +URL: https://virustotal.github.io/yara/ Source: https://github.com/VirusTotal/yara/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildRequires: file-devel BuildRequires: flex ++++++ yara-4.1.1.tar.gz -> yara-4.1.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.1/docs/modules/elf.rst new/yara-4.1.2/docs/modules/elf.rst --- old/yara-4.1.1/docs/modules/elf.rst 2021-05-24 11:20:19.000000000 +0200 +++ new/yara-4.1.2/docs/modules/elf.rst 2021-08-23 13:01:39.000000000 +0200 @@ -60,6 +60,7 @@ Integer with one of the following values: + .. c:type:: EM_NONE .. c:type:: EM_M32 .. c:type:: EM_SPARC .. c:type:: EM_386 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.1/libyara/arena.c new/yara-4.1.2/libyara/arena.c --- old/yara-4.1.1/libyara/arena.c 2021-05-24 11:20:19.000000000 +0200 +++ new/yara-4.1.2/libyara/arena.c 2021-08-23 13:01:39.000000000 +0200 @@ -77,11 +77,13 @@ yr_arena_off_t base_offset, va_list offsets) { - yr_arena_off_t offset; + size_t offset; int result = ERROR_SUCCESS; - offset = (yr_arena_off_t) va_arg(offsets, yr_arena_off_t); + // The argument to va_arg is size_t because the offsets passed to this + // function are obtained with offsetof(). + offset = va_arg(offsets, size_t); while (offset != EOL) { @@ -91,7 +93,7 @@ return ERROR_INSUFFICIENT_MEMORY; reloc->buffer_id = buffer_id; - reloc->offset = base_offset + offset; + reloc->offset = base_offset + (yr_arena_off_t) offset; reloc->next = NULL; if (arena->reloc_list_head == NULL) @@ -101,7 +103,7 @@ arena->reloc_list_tail->next = reloc; arena->reloc_list_tail = reloc; - offset = (yr_arena_off_t) va_arg(offsets, size_t); + offset = va_arg(offsets, size_t); } return result; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.1/libyara/include/yara/arena.h new/yara-4.1.2/libyara/include/yara/arena.h --- old/yara-4.1.1/libyara/include/yara/arena.h 2021-05-24 11:20:19.000000000 +0200 +++ new/yara-4.1.2/libyara/include/yara/arena.h 2021-08-23 13:01:39.000000000 +0200 @@ -35,7 +35,7 @@ #include <yara/limits.h> #include <yara/stream.h> -#define EOL ((uint32_t) -1) +#define EOL ((size_t) -1) #define YR_ARENA_FILE_VERSION 18 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.1/libyara/include/yara/strutils.h new/yara-4.1.2/libyara/include/yara/strutils.h --- old/yara-4.1.1/libyara/include/yara/strutils.h 2021-05-24 11:20:19.000000000 +0200 +++ new/yara-4.1.2/libyara/include/yara/strutils.h 2021-08-23 13:01:39.000000000 +0200 @@ -99,3 +99,5 @@ size_t strlcpy_w(char* dst, const char* w_src, size_t n); #endif + +int yr_isalnum(const uint8_t* s); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.1/libyara/include/yara/types.h new/yara-4.1.2/libyara/include/yara/types.h --- old/yara-4.1.1/libyara/include/yara/types.h 2021-05-24 11:20:19.000000000 +0200 +++ new/yara-4.1.2/libyara/include/yara/types.h 2021-08-23 13:01:39.000000000 +0200 @@ -768,6 +768,10 @@ // index N has some global rule that is not satisfied. YR_BITMASK* ns_unsatisfied_flags; + // A bitmap with one bit per string, bit N is set if the string with index + // N has too many matches. + YR_BITMASK* strings_temp_disabled; + // Array with pointers to lists of matches. Item N in the array has the // list of matches for string with index N. YR_MATCHES* matches; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.1/libyara/modules/pe/pe.c new/yara-4.1.2/libyara/modules/pe/pe.c --- old/yara-4.1.1/libyara/modules/pe/pe.c 2021-05-24 11:20:19.000000000 +0200 +++ new/yara-4.1.2/libyara/modules/pe/pe.c 2021-08-23 13:01:39.000000000 +0200 @@ -962,6 +962,7 @@ // Default to 0 imports until we know there are any set_integer(0, pe->object, "number_of_imports"); + set_integer(0, pe->object, "number_of_imported_functions"); directory = pe_get_directory_entry(pe, IMAGE_DIRECTORY_ENTRY_IMPORT); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.1/libyara/re.c new/yara-4.1.2/libyara/re.c --- old/yara-4.1.1/libyara/re.c 2021-05-24 11:20:19.000000000 +0200 +++ new/yara-4.1.2/libyara/re.c 2021-08-23 13:01:39.000000000 +0200 @@ -102,7 +102,7 @@ static bool _yr_re_is_word_char(const uint8_t* input, uint8_t character_size) { - int result = ((isalnum(*input) || (*input) == '_')); + int result = ((yr_isalnum(input) || (*input) == '_')); if (character_size == 2) result = result && (*(input + 1) == 0); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.1/libyara/scan.c new/yara-4.1.2/libyara/scan.c --- old/yara-4.1.1/libyara/scan.c 2021-05-24 11:20:19.000000000 +0200 +++ new/yara-4.1.2/libyara/scan.c 2021-08-23 13:01:39.000000000 +0200 @@ -31,6 +31,7 @@ #include <ctype.h> #include <stdio.h> #include <stdlib.h> +#include <yara/bitmask.h> #include <yara/error.h> #include <yara/globals.h> #include <yara/libyara.h> @@ -39,6 +40,7 @@ #include <yara/rules.h> #include <yara/scan.h> #include <yara/stopwatch.h> +#include <yara/strutils.h> #include <yara/types.h> #include <yara/utils.h> @@ -658,21 +660,21 @@ if (flags & RE_FLAGS_WIDE) { if (match_offset >= 2 && *(match_data - 1) == 0 && - isalnum(*(match_data - 2))) + yr_isalnum(match_data - 2)) goto _exit; // return ERROR_SUCCESS; if (match_offset + match_length + 1 < callback_args->data_size && *(match_data + match_length + 1) == 0 && - isalnum(*(match_data + match_length))) + yr_isalnum(match_data + match_length)) goto _exit; // return ERROR_SUCCESS; } else { - if (match_offset >= 1 && isalnum(*(match_data - 1))) + if (match_offset >= 1 && yr_isalnum(match_data - 1)) goto _exit; // return ERROR_SUCCESS; if (match_offset + match_length < callback_args->data_size && - isalnum(*(match_data + match_length))) + yr_isalnum(match_data + match_length)) goto _exit; // return ERROR_SUCCESS; } } @@ -985,7 +987,7 @@ if (data_size - offset <= 0) return ERROR_SUCCESS; - if (STRING_IS_DISABLED(string)) + if (yr_bitmask_is_set(context->strings_temp_disabled, string->idx)) return ERROR_SUCCESS; if (context->matches[string->idx].count == YR_MAX_STRING_MATCHES) @@ -998,7 +1000,7 @@ if (result == CALLBACK_CONTINUE) { - string->flags |= STRING_FLAGS_DISABLED; + yr_bitmask_set(context->strings_temp_disabled, string->idx); return ERROR_SUCCESS; } else if (result == CALLBACK_ABORT || result == CALLBACK_ERROR) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.1/libyara/scanner.c new/yara-4.1.2/libyara/scanner.c --- old/yara-4.1.1/libyara/scanner.c 2021-05-24 11:20:19.000000000 +0200 +++ new/yara-4.1.2/libyara/scanner.c 2021-08-23 13:01:39.000000000 +0200 @@ -188,6 +188,11 @@ 0, sizeof(YR_BITMASK) * YR_BITMASK_SIZE(scanner->rules->num_namespaces)); + memset( + scanner->strings_temp_disabled, + 0, + sizeof(YR_BITMASK) * YR_BITMASK_SIZE(scanner->rules->num_strings)); + memset(scanner->matches, 0, sizeof(YR_MATCHES) * scanner->rules->num_strings); memset( @@ -227,6 +232,9 @@ new_scanner->ns_unsatisfied_flags = (YR_BITMASK*) yr_calloc( sizeof(YR_BITMASK), YR_BITMASK_SIZE(rules->num_namespaces)); + new_scanner->strings_temp_disabled = (YR_BITMASK*) yr_calloc( + sizeof(YR_BITMASK), YR_BITMASK_SIZE(rules->num_strings)); + new_scanner->matches = (YR_MATCHES*) yr_calloc( rules->num_strings, sizeof(YR_MATCHES)); @@ -304,6 +312,7 @@ yr_free(scanner->rule_matches_flags); yr_free(scanner->ns_unsatisfied_flags); + yr_free(scanner->strings_temp_disabled); yr_free(scanner->matches); yr_free(scanner->unconfirmed_matches); yr_free(scanner); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.1/libyara/strutils.c new/yara-4.1.2/libyara/strutils.c --- old/yara-4.1.1/libyara/strutils.c 2021-05-24 11:20:19.000000000 +0200 +++ new/yara-4.1.2/libyara/strutils.c 2021-08-23 13:01:39.000000000 +0200 @@ -239,3 +239,11 @@ return NULL; } #endif + + +int yr_isalnum(const uint8_t* s) +{ + return (*s >= 0x30 && *s <= 0x39) || + (*s >= 0x41 && *s <= 0x5a) || + (*s >= 0x61 && *s <= 0x7a); +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.1/tests/test-api.c new/yara-4.1.2/tests/test-api.c --- old/yara-4.1.1/tests/test-api.c 2021-05-24 11:20:19.000000000 +0200 +++ new/yara-4.1.2/tests/test-api.c 2021-08-23 13:01:39.000000000 +0200 @@ -842,6 +842,24 @@ assert_true_expr(counters.rules_matching == 0); assert_true_expr(counters.rules_not_matching == 1); + // Repeat the same scan to ensure that the string that had a warning is + // enabled after the first scan. But first we must reset the counters. + counters.rules_not_matching = 0; + counters.rules_matching = 0; + counters.rules_warning = 0; + + if (yr_rules_scan_file(rules, prefix_top_srcdir("tests/data/x.txt"), 0, count, &counters, 0) != ERROR_SUCCESS) { + yr_rules_destroy(rules); + perror("yr_rules_scan_file"); + exit(EXIT_FAILURE); + } + + // The assertions here should be EXACTLY the same as the assertions above. We + // are making sure the string is disabled only for a single scan. + assert_true_expr(counters.rules_warning == 1); + assert_true_expr(counters.rules_matching == 0); + assert_true_expr(counters.rules_not_matching == 1); + yr_rules_destroy(rules); yr_finalize(); }
