Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package yara for openSUSE:Factory checked in
at 2023-06-20 16:47:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yara (Old)
and /work/SRC/openSUSE:Factory/.yara.new.15902 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yara"
Tue Jun 20 16:47:28 2023 rev:19 rq:1093605 version:4.3.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/yara/yara.changes 2023-04-14
13:12:42.839438912 +0200
+++ /work/SRC/openSUSE:Factory/.yara.new.15902/yara.changes 2023-06-20
16:47:32.531067123 +0200
@@ -1,0 +2,11 @@
+Sun Jun 11 13:22:37 UTC 2023 - Dirk Müller <dmuel...@suse.com>
+
+- update to 4.3.1:
+ * BUGFIX: Functions `import_rva` and `import_delayed_rva` are
+ now case-insensitive (#1904)
+ * BUGFIX: Fix heap-related issue in `dotnet` module on Windows
+ (#1902)
+ * BUGFIX: Fix heap corruption with certain rules that have very
+ long string sets (67cccf0)
+
+-------------------------------------------------------------------
Old:
----
yara-4.3.0.tar.gz
New:
----
yara-4.3.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yara.spec ++++++
--- /var/tmp/diff_new_pack.mhwi9T/_old 2023-06-20 16:47:34.387078277 +0200
+++ /var/tmp/diff_new_pack.mhwi9T/_new 2023-06-20 16:47:34.391078301 +0200
@@ -18,7 +18,7 @@
%global soname 10
Name: yara
-Version: 4.3.0
+Version: 4.3.1
Release: 0
Summary: A malware identification and classification tool
License: BSD-3-Clause
++++++ yara-4.3.0.tar.gz -> yara-4.3.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yara-4.3.0/configure.ac new/yara-4.3.1/configure.ac
--- old/yara-4.3.0/configure.ac 2023-03-22 09:51:54.000000000 +0100
+++ new/yara-4.3.1/configure.ac 2023-04-20 20:13:34.000000000 +0200
@@ -1,4 +1,4 @@
-AC_INIT([yara], [4.3.0], [vmalva...@virustotal.com])
+AC_INIT([yara], [4.3.1], [vmalva...@virustotal.com])
AM_SILENT_RULES([yes])
AC_CONFIG_SRCDIR([cli/yara.c])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yara-4.3.0/docs/conf.py new/yara-4.3.1/docs/conf.py
--- old/yara-4.3.0/docs/conf.py 2023-03-22 09:51:54.000000000 +0100
+++ new/yara-4.3.1/docs/conf.py 2023-04-20 20:13:34.000000000 +0200
@@ -53,7 +53,7 @@
# The short X.Y version.
version = '4.3'
# The full version, including alpha/beta/rc tags.
-release = '4.3.0'
+release = '4.3.1'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yara-4.3.0/docs/yarapython.rst
new/yara-4.3.1/docs/yarapython.rst
--- old/yara-4.3.0/docs/yarapython.rst 2023-03-22 09:51:54.000000000 +0100
+++ new/yara-4.3.1/docs/yarapython.rst 2023-04-20 20:13:34.000000000 +0200
@@ -239,13 +239,11 @@
'namespace': 'default',
'rule': 'my_rule',
'meta': {},
- 'strings': [(81L, '$a', 'abc'), (141L, '$b', 'def')]
+ 'strings': [StringMatch, StringMatch]
}
The *matches* field indicates if the rule matches the data or not. The
-*strings* fields is a list of matching strings, with vectors of the form::
-
- (<offset>, <string identifier>, <string data>)
+*strings* field is a list of :py:class:`yara.StringMatch` objects.
The ``match`` method returns a list of instances of the class
:py:class:`yara.Match`.
Instances of this class have the same attributes as the dictionary passed to
the
@@ -453,7 +451,7 @@
.. py:method:: save(...)
- .. versionchanged:: 3.4.0
+ .. versionchanged:: 3.4.0
Save compiled rules to a file. Either *filepath* or *file* must be
provided.
@@ -463,6 +461,8 @@
.. py:class:: Match
+ .. versionadded:: 4.3.0
+
Objects returned by :py:meth:`yara.Rules.match`, representing a match.
.. py:attribute:: rule
@@ -487,6 +487,8 @@
.. py:class:: StringMatch
+ .. versionadded:: 3.4.0
+
Objects which represent string matches.
.. py:attribute:: identifier
@@ -503,6 +505,8 @@
.. py:class:: StringMatchInstance
+ .. versionadded:: 4.3.0
+
Objects which represent instances of matched strings.
.. py:attribute:: matched_data
@@ -525,4 +529,3 @@
Returns the plaintext version of the string after xor key is applied. If
the string is not an xor string then no modification is done.
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yara-4.3.0/libyara/include/yara/libyara.h
new/yara-4.3.1/libyara/include/yara/libyara.h
--- old/yara-4.3.0/libyara/include/yara/libyara.h 2023-03-22
09:51:54.000000000 +0100
+++ new/yara-4.3.1/libyara/include/yara/libyara.h 2023-04-20
20:13:34.000000000 +0200
@@ -34,7 +34,7 @@
#define YR_MAJOR_VERSION 4
#define YR_MINOR_VERSION 3
-#define YR_MICRO_VERSION 0
+#define YR_MICRO_VERSION 1
#define version_str(s) _version_str(s)
#define _version_str(s) #s
@@ -78,10 +78,10 @@
} YR_CONFIG_NAME;
-#define DEFAULT_STACK_SIZE 16384
-#define DEFAULT_MAX_STRINGS_PER_RULE 10000
-#define DEFAULT_MAX_MATCH_DATA 512
-#define DEFAULT_MAX_PROCESS_MEMORY_CHUNK 1073741824
+#define DEFAULT_STACK_SIZE 16384
+#define DEFAULT_MAX_STRINGS_PER_RULE 10000
+#define DEFAULT_MAX_MATCH_DATA 512
+#define DEFAULT_MAX_PROCESS_MEMORY_CHUNK 1073741824
YR_API int yr_initialize(void);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yara-4.3.0/libyara/modules/dotnet/dotnet.c
new/yara-4.3.1/libyara/modules/dotnet/dotnet.c
--- old/yara-4.3.0/libyara/modules/dotnet/dotnet.c 2023-03-22
09:51:54.000000000 +0100
+++ new/yara-4.3.1/libyara/modules/dotnet/dotnet.c 2023-04-20
20:13:34.000000000 +0200
@@ -274,7 +274,7 @@
static char* create_full_name(const char* name, const char* namespace)
{
if (!name || !strlen(name))
- return namespace ? strdup(namespace) : NULL;
+ return namespace ? yr_strdup(namespace) : NULL;
// No namespace -> return name only
if (!namespace || !strlen(namespace))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yara-4.3.0/libyara/modules/pe/pe.c
new/yara-4.3.1/libyara/modules/pe/pe.c
--- old/yara-4.3.0/libyara/modules/pe/pe.c 2023-03-22 09:51:54.000000000
+0100
+++ new/yara-4.3.1/libyara/modules/pe/pe.c 2023-04-20 20:13:34.000000000
+0200
@@ -3019,7 +3019,7 @@
{
dll_name = yr_get_string(module, "import_details[%i].library_name", i);
if (dll_name == NULL || IS_UNDEFINED(dll_name) ||
- ss_compare(in_dll_name, dll_name) != 0)
+ ss_icompare(in_dll_name, dll_name) != 0)
continue;
int64_t num_functions = yr_get_integer(
@@ -3034,7 +3034,7 @@
if (function_name == NULL || IS_UNDEFINED(function_name))
continue;
- if (ss_compare(in_function_name, function_name) == 0)
+ if (ss_icompare(in_function_name, function_name) == 0)
return_integer(yr_get_integer(
module, "import_details[%i].functions[%i].rva", i, j));
}
@@ -3064,7 +3064,7 @@
{
dll_name = yr_get_string(module, "import_details[%i].library_name", i);
if (dll_name == NULL || IS_UNDEFINED(dll_name) ||
- ss_compare(in_dll_name, dll_name) != 0)
+ ss_icompare(in_dll_name, dll_name) != 0)
continue;
int64_t num_functions = yr_get_integer(
@@ -3112,7 +3112,7 @@
module, "delayed_import_details[%i].library_name", i);
if (dll_name == NULL || IS_UNDEFINED(dll_name) ||
- ss_compare(in_dll_name, dll_name) != 0)
+ ss_icompare(in_dll_name, dll_name) != 0)
continue;
int64_t num_functions = yr_get_integer(
@@ -3129,7 +3129,7 @@
if (function_name == NULL || IS_UNDEFINED(function_name))
continue;
- if (ss_compare(in_function_name, function_name) == 0)
+ if (ss_icompare(in_function_name, function_name) == 0)
return_integer(yr_get_integer(
module, "delayed_import_details[%i].functions[%i].rva", i, j));
}
@@ -3161,7 +3161,7 @@
module, "delayed_import_details[%i].library_name", i);
if (dll_name == NULL || IS_UNDEFINED(dll_name) ||
- ss_compare(in_dll_name, dll_name) != 0)
+ ss_icompare(in_dll_name, dll_name) != 0)
continue;
int64_t num_functions = yr_get_integer(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yara-4.3.0/libyara/notebook.c
new/yara-4.3.1/libyara/notebook.c
--- old/yara-4.3.0/libyara/notebook.c 2023-03-22 09:51:54.000000000 +0100
+++ new/yara-4.3.1/libyara/notebook.c 2023-04-20 20:13:34.000000000 +0200
@@ -48,8 +48,8 @@
// all the buffers allocated via yr_notebook_alloc().
struct YR_NOTEBOOK
{
- // Size of each page in the notebook.
- size_t page_size;
+ // The mininum size of each page in the notebook.
+ size_t min_page_size;
// Pointer to the first page in the book, this is also the most recently
// created page, the one that is being filled.
YR_NOTEBOOK_PAGE* page_list_head;
@@ -57,6 +57,8 @@
struct YR_NOTEBOOK_PAGE
{
+ // Size of this page.
+ size_t size;
// Amount of bytes in the page that are actually used.
size_t used;
// Pointer to next page.
@@ -77,7 +79,7 @@
// ERROR_SUCCESS
// ERROR_INSUFFICIENT_MEMORY
//
-int yr_notebook_create(size_t page_size, YR_NOTEBOOK** notebook)
+int yr_notebook_create(size_t min_page_size, YR_NOTEBOOK** notebook)
{
YR_NOTEBOOK* new_notebook = yr_malloc(sizeof(YR_NOTEBOOK));
@@ -85,7 +87,7 @@
return ERROR_INSUFFICIENT_MEMORY;
new_notebook->page_list_head = yr_malloc(
- sizeof(YR_NOTEBOOK_PAGE) + page_size);
+ sizeof(YR_NOTEBOOK_PAGE) + min_page_size);
if (new_notebook->page_list_head == NULL)
{
@@ -93,7 +95,8 @@
return ERROR_INSUFFICIENT_MEMORY;
}
- new_notebook->page_size = page_size;
+ new_notebook->min_page_size = min_page_size;
+ new_notebook->page_list_head->size = min_page_size;
new_notebook->page_list_head->used = 0;
new_notebook->page_list_head->next = NULL;
@@ -147,19 +150,26 @@
// deferrencing pointers to types larger than a byte.
size = (size + 7) & ~0x7;
- // The requested memory size can't be larger than a notebook's page.
- assert(size <= notebook->page_size);
+ YR_NOTEBOOK_PAGE* current_page = notebook->page_list_head;
// If the requested size doesn't fit in current page's free space, allocate
// a new page.
- if (notebook->page_size - notebook->page_list_head->used < size)
+ if (current_page->size - current_page->used < size)
{
+ size_t min_size = notebook->min_page_size;
+
+ // The new page must be able to fit the requested buffer, so find the
+ // multiple of notebook->min_page_size that is larger or equal than than
+ // size.
+ size_t page_size = (size / min_size) * min_size + min_size;
+
YR_NOTEBOOK_PAGE* new_page = yr_malloc(
- sizeof(YR_NOTEBOOK_PAGE) + notebook->page_size);
+ sizeof(YR_NOTEBOOK_PAGE) + page_size);
if (new_page == NULL)
return NULL;
+ new_page->size = page_size;
new_page->used = 0;
new_page->next = notebook->page_list_head;
notebook->page_list_head = new_page;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yara-4.3.0/tests/test-pe.c
new/yara-4.3.1/tests/test-pe.c
--- old/yara-4.3.0/tests/test-pe.c 2023-03-22 09:51:54.000000000 +0100
+++ new/yara-4.3.1/tests/test-pe.c 2023-04-20 20:13:34.000000000 +0200
@@ -882,22 +882,26 @@
}",
"tests/data/pe_mingw");
+ // These are intentionally using DLL and function names with incorrect case
+ // to be sure the string compare is case insensitive.
assert_true_rule_file(
"import \"pe\" \
rule test { \
condition: \
- pe.import_rva(\"PtImageRW.dll\", \"ord4\") == 254924 and \
- pe.import_rva(\"PtPDF417Decode.dll\", 4) == 254948 \
+ pe.import_rva(\"ptimagerw.dll\", \"ORD4\") == 254924 and \
+ pe.import_rva(\"ptPDF417decode.dll\", 4) == 254948 \
}",
"tests/data/"
"ca21e1c32065352d352be6cde97f89c141d7737ea92434831f998080783d5386");
+ // These are intentionally using DLL and function names with incorrect case
+ // to be sure the string compare is case insensitive.
assert_true_rule_file(
"import \"pe\" \
rule test { \
condition: \
- pe.delayed_import_rva(\"QDB.dll\", \"ord116\") == \
- pe.delayed_import_rva(\"QDB.dll\", 116) \
+ pe.delayed_import_rva(\"qdb.dll\", \"ORD116\") == \
+ pe.delayed_import_rva(\"qdb.dll\", 116) \
}",
"tests/data/"
"079a472d22290a94ebb212aa8015cdc8dd28a968c6b4d3b88acdd58ce2d3b885");
