[Forensics-changes] [yara] 255/415: Bump to version 1.7.1

Hilko Bengen bengen at moszumanska.debian.org
Thu Apr 3 05:43:12 UTC 2014


This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch debian
in repository yara.

commit c6d6b2a76835a739da51b172ebe9f5b933352bf8
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Mon Nov 25 18:46:15 2013 +0100

    Bump to version 1.7.1
---
 README                    | 150 ++++++++++++++++++++++++++++++++++++++++++++--
 configure.ac              |   2 +-
 libyara/configure.ac      |   2 +-
 yara-python/README        |  27 +++++----
 yara-python/setup.py      |  14 ++---
 yara-python/setupwin32.py |  12 ++--
 yara-python/setupwin64.py |  12 ++--
 7 files changed, 179 insertions(+), 40 deletions(-)

diff --git a/README b/README
index 0cb22f6..ef27617 100644
--- a/README
+++ b/README
@@ -1,13 +1,151 @@
+## YARA in a nutshell
 
+YARA is a tool aimed at helping malware researchers to identify and classify
+malware samples. With YARA you can create descriptions of malware families based
+on textual or binary patterns contained on samples of those families. Each
+description consists of a set of strings and a boolean expression which
+determines its logic. Let's see an example:
 
-DEPENDENCIES
+```
+rule silent_banker : banker
+{
+    meta:
+        description = "This is just an example"
+        thread_level = 3
+        in_the_wild = true
 
-YARA depends on the PCRE library for regular expressions support, you will need
-this library installed on your system in order to build YARA succesfully. The PCRE
-library is present on many Linux distributions, in systems using APT for package
-management it can be installed with:
+    strings:
+        $a = {6A 40 68 00 30 00 00 6A 14 8D 91}
+        $b = {8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9}
+        $c = "UVODFRYSIHLNWPEJXQZAKCBGMT"
+
+    condition:
+        $a or $b or $c
+}
+```
+
+The rule above is telling YARA that any file containing one of the three strings
+must be reported as *silent_banker*. This is just a simple example, more complex
+and powerful rules can be created by using wild-cards, case-insensitive strings,
+regular expressions, special operators and many other features that you'll find
+explained in [YARA's documentation](http://yara-project.googlecode.com/files/YARA%20User%27s%20Manual%201.6.pdf).
+
+YARA is multi-platform, running on Windows, Linux and Mac OS X, and can be used
+through its command-line interface or from your own Python scripts with the
+yara-python extension.
+
+Python users can also use [yara-ctyles](https://github.com/mjdorma/yara-ctypes)
+by Michael Dorman. He has also written a multi-threaded command-line YARA
+scanner based on yara-ctypes that can exploit the benefits of current multi-core
+CPUs when scanning big file collections.
+
+If you are a Ruby user you can use [yara-ruby](https://github.com/SpiderLabs/yara-ruby),
+written by Eric Monti.
+
+
+## Who's using YARA
+
+* [VirusTotal Intelligence](https://www.virustotal.com/intelligence/)
+* [jsunpack-n](http://jsunpack.jeek.org/)
+* [We Watch Your Website](http://www.wewatchyourwebsite.com/)
+* [FireEye, Inc.](http://www.fireeye.com)
+* [Fidelis XPS](http://www.fidelissecurity.com/network-security-appliance/Fidelis-XPS)
+* [RSA ECAT](http://www.emc.com/security/rsa-ecat.htm)
+
+## Releases
+
+### 1.7.1 (25/11/2013)
+
+* BUGFIX: Fix SIGABORT in ARM
+* BUGFIX: Failing to detect one-byte strings at the end of a file.
+* BUGFIX: Strings being incorrectly printed when markes both as wide and ascii
+* BUGFIX: Stack overflow while following circular symlinks
+* BUGFIX: Expression "/re/ matches var" always matching if "var" was an empty
+string
+* BUGFIX: Strings marked as "fullword" were incorrectly matching in some cases.
+
+### 1.7 (29/03/2013)
+* faster compilation
+* added suport for modulus (%) and bitwise xor (|) operators
+* better hashing of regular expressions
+* BUGFIX: yara-python segfault when using dir() on Rules and Match classes
+* BUGFIX: Integer overflow causing infinite loop
+* BUGFIX: Handling strings containing \x00 characters correctly
+* BUGFIX: Regular expressions not matching at the end of the file when compiled
+with RE2
+* BUGFIX: Memory leaks
+* BUGFIX: File handle leaks
+
+### 1.6 (04/08/2011)
+* added support for bitwise operators
+* added support for multi-line hex strings
+* scan speed improvement for regular expressions (with PCRE)
+* yara-python ported to Python 3.x
+* yara-python support for 64-bits Python under Windows
+* BUGFIX: Buffer overflow in error printing
+
+### 1.5 (22/03/2011)
+* added -l parameter to abort scanning after a number of matches
+* added support for scanning processes memory
+* entrypoint now works with ELF as well as PE files
+* added support for linking with the faster RE2 library
+(http://code.google.com/p/re2/) instead of PCRE
+* implemented index operator to access offsets where string was found
+* implemented new operator
+"for < quantifier > < variable > in < set or range > : (< expression >) "
+* BUGFIX: Memory leaks in yara-python
+* BUGFIX: yara.compile namespaces not working with filesources
+
+### 1.4 (13/05/2010)
+* added external variables
+* scan speed improvements
+* added fast scan mode
+* BUGFIX: crash in 64-bits Windows
+
+### 1.3 (26/10/2009)
+* added a C-like "include" directive
+* added support for multi-sources compilation in yara-python
+* added support for metadata declaration in rules
+* BUGFIX: Incorrect handling of single-line comments at the end of the file
+* BUGFIX: Integer underflow when scanning files of size <= 2 bytes
+
+### 1.2.1 (14/04/2009)
+* libyara: added support for compiling rules directly from memory
+* libyara: interface refactored
+* libyara: is thread-safe now
+* BUGFIX: Invoking pcre_compile with non-terminated string
+* BUGFIX: Underscore not recognized in string identifiers
+* BUGFIX: Memory leak
+* BUGFIX: Access violation on xxcompare functions
+
+### 1.1 (05/01/2009)
+* added support for strings containing null (\x00) chars
+* added syntactic construct "x of them"
+* regular expressions syntax changed
+* now regular expressions can begin with any character
+
+### 1.2 (13/01/2009)
+* added support for global rules
+* added support for declaring alternative sub-strings in hex strings
+* added support for anonymous strings
+* added support for intXX and uintXX functions
+* operator "of" was enhanced
+* implemented new operator "for..of"
+* "widechar" is now "wide" and can be used in conjuntion with "ascii"
+* improved syntax error reporting in yara-python
+* "compile" method in yara-python was enhanced
+* "matchfile" method in yara-python was substituted by "match"
+* some performance improvements
+* BUGFIX: Wrong behavior of escaped characters in regular expressions
+* BUGFIX: Fatal error in yara-python when invoking matchfile with invalid path
+twice
+* BUGFIX: Wrong precedence of OR and AND operators
+* BUGFIX: Access violation when scanning MZ files with e_lfanew == -1
+* BUGFIX: Incorrect handling of hex strings in lexer
+
+### 1.0 (24/09/2008)
+* first release
 
-$ apt-get install pcre
 
 
 
diff --git a/configure.ac b/configure.ac
index ea05d54..95e39ac 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([yara], [1.7], [vmalvarez at virustotal.com])
+AC_INIT([yara], [1.7.1], [vmalvarez at virustotal.com])
 LT_INIT
 AM_INIT_AUTOMAKE([-Wall -Werror])
 AC_PROG_CC
diff --git a/libyara/configure.ac b/libyara/configure.ac
index a19d984..18ec6d4 100644
--- a/libyara/configure.ac
+++ b/libyara/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([libyara], [1.7], [vmalvarez at virustotal.com])
+AC_INIT([libyara], [1.7.1], [vmalvarez at virustotal.com])
 LT_INIT
 AM_INIT_AUTOMAKE([-Wall -Werror foreign])
 AC_PROG_CC
diff --git a/yara-python/README b/yara-python/README
index ac84643..21b8833 100644
--- a/yara-python/README
+++ b/yara-python/README
@@ -2,8 +2,8 @@
 YARA for Python
 ===============
 
-This is a Python extension that gives you access to YARA's powerful features from 
-your own Python scripts. 
+This is a Python extension that gives you access to YARA's powerful features from
+your own Python scripts.
 
 
 HOW TO BUILD
@@ -14,20 +14,21 @@ yara-python depends on libyara, a library that implements YARA's core functions.
 must build and install YARA in your system before building yara-python. The latest
 YARA version can be downloaded from:
 
-http://yara.googlecode.com/files/yara-1.6.tar.gz
+
+https://github.com/plusvic/yara/archive/yara-1.7.1.tar.gz
 
 
 After installing YARA you can build yara-python this way:
 
-$ tar xzvf yara-python-1.6.tar.gz
-$ cd yara-python-1.6
+$ tar xzvf yara-python-1.7.1.tar.gz
+$ cd yara-python-1.7.1
 $ python setup.py build
 $ sudo python setup.py install
 
 You can test your installation by invoking Python and importing the YARA module:
 
 $ python
-Python 2.7.1 (r271:86832, Jun 16 2011, 16:59:05) 
+Python 2.7.1 (r271:86832, Jun 16 2011, 16:59:05)
 [GCC 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2335.15.00)] on darwin
 Type "help", "copyright", "credits" or "license" for more information.
 >>> import yara
@@ -104,7 +105,7 @@ If you are using external variables in your rules you must define those external
 compiling the rules, or while applying the rules to some file. To define your variables at the moment of
 compilation you should pass the 'externals' parameter to the compile method. For example:
 
-rules = yara.compile( '/foo/rules', 
+rules = yara.compile( '/foo/rules',
 				   externals= {
 						'var1': 'some string',
 						'var2': 4,
@@ -127,7 +128,7 @@ matches = rules.match(data=f.read())
 As in the case of compile, the 'match' method can receive definitions for externals variables in the externals
 parameter.
 
-matches = rules.match( '/foo/bar/myfile', 
+matches = rules.match( '/foo/bar/myfile',
 				   externals= {
 						'var1': 'some other string',
 						'var4': 100,
@@ -156,11 +157,11 @@ matches = rules.match('/foo/bar/myfile', callback=mycallback)
 The passed dictionary will be something like this:
 
 {
-	'tags': ['foo', 'bar'], 
-	'matches': True, 
-	'namespace': 'default', 
-	'rule': 'my_rule', 
-	'meta': {}, 
+	'tags': ['foo', 'bar'],
+	'matches': True,
+	'namespace': 'default',
+	'rule': 'my_rule',
+	'meta': {},
 	'strings': [(81, '$a', 'abc'), (141, '$b', 'def')]
 }
 
diff --git a/yara-python/setup.py b/yara-python/setup.py
index 1c7c3fd..79842c9 100644
--- a/yara-python/setup.py
+++ b/yara-python/setup.py
@@ -1,17 +1,17 @@
 from distutils.core import setup, Extension
-                           
+
 setup(  name = "yara-python",
-        version = "1.7",
+        version = "1.7.1",
         author = "Victor M. Alvarez",
         author_email = "vmalvarez at virustotal.com",
-        url = 'http://yara-project.googlecode.com',
+        url = 'http://plusvic.github.io/yara/',
         platforms = ['any'],
         ext_modules = [ Extension(
-                                    name='yara', 
+                                    name='yara',
                                     sources=['yara-python.c'],
                                     libraries=['yara','pcre'],
                                     include_dirs=['/usr/local/include']
                                     )])
-     
- 
-                                  
+
+
+
diff --git a/yara-python/setupwin32.py b/yara-python/setupwin32.py
index 37287c2..b4de385 100644
--- a/yara-python/setupwin32.py
+++ b/yara-python/setupwin32.py
@@ -1,15 +1,15 @@
 from distutils.core import setup, Extension
-                   
+
 setup(  name = "yara-python",
-        version = "1.7",
+        version = "1.7.1",
         author = "Victor M. Alvarez",
         author_email = "vmalvarez at virustotal.com",
         ext_modules = [ Extension(
-                                    name='yara', 
+                                    name='yara',
                                     sources=['yara-python.c'],
                                     include_dirs=['../windows/include', '../libyara'],
                                     extra_objects=['../windows/yara/Release/libyara32.lib','../windows/lib/pcre32.lib']
                                     )])
-     
- 
-                                  
+
+
+
diff --git a/yara-python/setupwin64.py b/yara-python/setupwin64.py
index f1a0b71..070d1f6 100644
--- a/yara-python/setupwin64.py
+++ b/yara-python/setupwin64.py
@@ -1,15 +1,15 @@
 from distutils.core import setup, Extension
-             
+
 setup(  name = "yara-python",
-        version = "1.7",
+        version = "1.7.1",
         author = "Victor M. Alvarez",
         author_email = "vmalvarez at virustotal.com",
         ext_modules = [ Extension(
-                                    name='yara', 
+                                    name='yara',
                                     sources=['yara-python.c'],
                                     include_dirs=['../windows/include', '../libyara'],
                                     extra_objects=['../windows/yara/x64/Release/libyara64.lib','../windows/lib/pcre64.lib']
                                     )])
-     
- 
-                                  
+
+
+

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git



More information about the forensics-changes mailing list