[Forensics-changes] [yara] 01/01: debian directory - first commit.
Eriberto Mota
eriberto-guest at moszumanska.debian.org
Fri Feb 7 09:41:49 UTC 2014
This is an automated email from the git hooks/post-receive script.
eriberto-guest pushed a commit to branch debian
in repository yara.
commit 4dda045e1ff9abf3c1b98fe39b1ad2f5c46ca614
Author: Joao Eriberto Mota Filho <eriberto at eriberto.pro.br>
Date: Fri Feb 7 07:41:02 2014 -0200
debian directory - first commit.
---
debian/README.Debian | 8 ++
debian/changelog | 77 +++++++++++++++++
debian/changelog.upstream | 103 ++++++++++++++++++++++
debian/clean | 1 +
debian/compat | 1 +
debian/control | 156 ++++++++++++++++++++++++++++++++++
debian/copyright | 64 ++++++++++++++
debian/exlib | 5 ++
debian/libyara-dev.install | 3 +
debian/libyara-dev.lintian-overrides | 2 +
debian/libyara2.install | 1 +
debian/libyara2.lintian-overrides | 2 +
debian/libyara2.symbols | 27 ++++++
debian/man/header.txt | 1 +
debian/man/yarac.1 | 51 +++++++++++
debian/man/yarac.txt | 35 ++++++++
debian/patches/build-fixes | 78 +++++++++++++++++
debian/patches/fix-python-build | 13 +++
debian/patches/manpage | 32 +++++++
debian/patches/series | 3 +
debian/python-yara.docs | 1 +
debian/python-yara.install | 1 +
debian/python-yara.lintian-overrides | 2 +
debian/python3-yara.docs | 1 +
debian/python3-yara.install | 1 +
debian/python3-yara.lintian-overrides | 2 +
debian/rules | 31 +++++++
debian/source/format | 1 +
debian/source/options | 2 +
debian/watch | 3 +
debian/yara.docs | 1 +
debian/yara.install | 2 +
debian/yara.lintian-overrides | 2 +
debian/yara.manpages | 1 +
34 files changed, 714 insertions(+)
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 0000000..310a522
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,8 @@
+yara for Debian
+---------------
+
+You can get a detailed manual (PDF) about YARA at
+http://plusvic.github.io/yara/.
+
+ -- Joao Eriberto Mota Filho <eriberto at eriberto.pro.br> Sun, 03 Nov 2013 22:51:33 -0200,
+ updated at Tue, 07 Jan 2014 00:07:00 -0200.
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..84c27dd
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,77 @@
+yara (2.0.0-2) unstable; urgency=medium
+
+ * Removed PCRE build-dependency as Yara now uses its own RE engine
+ * Added our fixes to build scripts that were accepted upstream (Closes:
+ #734777)
+ * Fixed symbols file, corrected SONAME and name of library package
+
+ -- Hilko Bengen <bengen at debian.org> Sun, 12 Jan 2014 23:37:07 +0100
+
+yara (2.0.0-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/changelog.upstream: added to provide a upstream changelog to
+ libyara-dev, libyara0, python-yara, python3-yara and yara.
+ * debian/control:
+ - Added the X-Python-Version and X-Python3-Version fields.
+ - Changed from "Python" to "Python 3" in short description of the
+ python3-yara binary to avoid a lintian "duplicate-short-description"
+ message.
+ - Enabled the VCS fields.
+ * debian/copyright:
+ - Added Hilko Bengen as package maintainer.
+ - Added references to windows/include/{pcre,pcreposix}.h and
+ windows/yarac/getopt.c, all using BSD-3-Clause license.
+ - Removed references to:
+ - libyara/grammar.y and libyara/elf.h that were rewritten and
+ relicensed as Apache-2.0.
+ - libyara/lex.l that was removed from source code.
+ - Updated the upstream e-mail address.
+ - Updated the packaging years.
+ * debian/libyara0.symbols: updated.
+ * debian/man/: created to provide absent manpages. Currently, yarac.1.
+ * debian/patches/:
+ - Added a header to fix-python-build.
+ - Updated the fix-python-build and manpage patches.
+ * debian/{python,python3}-yara.lintian-overrides: added to explain a
+ specific situation to lintian.
+ * debian/README.Debian: updated.
+ * debian/rules:
+ - Added the override_dh_installchangelogs to install the
+ changelog.upstream file.
+ - Added a command to override_dh_auto_clean target to remove
+ yara-python/build directory.
+ * debian/watch: little adjustment.
+ * debian/yara.manpages: created to install the yarac manpage.
+
+ -- Joao Eriberto Mota Filho <eriberto at eriberto.pro.br> Sun, 05 Jan 2014 15:47:56 +0000
+
+yara (1.7.2-3) unstable; urgency=low
+
+ * Added files that are only used in Windows builds to debian/copyright
+ (Closes: #733522)
+
+ -- Hilko Bengen <bengen at debian.org> Sun, 29 Dec 2013 20:58:10 +0100
+
+yara (1.7.2-2) unstable; urgency=low
+
+ * Added Python3 bindings package
+ * Corrected license for libyara/grammar.y, libyara/lex.l
+
+ -- Hilko Bengen <bengen at debian.org> Sun, 29 Dec 2013 14:48:00 +0100
+
+yara (1.7.2-1) unstable; urgency=low
+
+ [ Joao Eriberto Mota Filho ]
+ * Initial release (Closes: #728934)
+
+ [ Hilko Bengen ]
+ * Added myself to uploaders, with permission from Joao Eriberto Mota
+ Filho who did the initial work on the package.
+ * Updated package from 1.7 to 1.7.2
+ * Bumped Standards-Version, no changes
+ * Fixed copyright, watch file
+ * Fixed Homepage field
+ * Added python-yara package
+
+ -- Hilko Bengen <bengen at debian.org> Sat, 21 Dec 2013 14:28:56 +0100
diff --git a/debian/changelog.upstream b/debian/changelog.upstream
new file mode 100644
index 0000000..f5de472
--- /dev/null
+++ b/debian/changelog.upstream
@@ -0,0 +1,103 @@
+2.0.0 (26/12/2013)
+* Faster matching algorithm
+* Command-line scanner is now multi-threaded
+* Compiled rules can be saved to and loaded from a file
+* Added support for unbounded jumps
+* New libyara API
+
+1.7.2 (02/12/2013)
+* BUGFIX: Regular expressions marked as both "wide" and "ascii" were treated as
+ just "wide"
+* BUGFIX: Bug in "n of (<string_set>)" operator
+* BUGFIX: Bug in get_process_memory could cause infinite loop
+
+1.7.1 (25/11/2013)
+* BUGFIX: Fix SIGABORT in ARM
+* BUGFIX: Failing to detect one-byte strings at the end of a file.
+* BUGFIX: Strings being incorrectly printed when marked both as wide and ascii
+* BUGFIX: Stack overflow while following circular symlinks
+* BUGFIX: Expression "/re/ matches var" always matching if "var" was an empty
+ string
+* BUGFIX: Strings marked as "fullword" were incorrectly matching in some cases.
+
+1.7 (29/03/2013)
+* Faster compilation
+* Added suport for modulus (%) and bitwise xor (|) operators
+* Better hashing of regular expressions
+* BUGFIX: yara-python segfault when using dir() on Rules and Match classes
+* BUGFIX: Integer overflow causing infinite loop
+* BUGFIX: Handling strings containing \x00 characters correctly
+* BUGFIX: Regular expressions not matching at the end of the file when compiled
+ with RE2
+* BUGFIX: Memory leaks
+* BUGFIX: File handle leaks
+
+1.6 (04/08/2011)
+* Added support for bitwise operators
+* Added support for multi-line hex strings
+* Scan speed improvement for regular expressions (with PCRE)
+* yara-python ported to Python 3.x
+* yara-python support for 64-bits Python under Windows
+* BUGFIX: Buffer overflow in error printing
+
+1.5 (22/03/2011)
+* Added -l parameter to abort scanning after a number of matches
+* Added support for scanning processes memory
+* Entrypoint now works with ELF as well as PE files
+* Added support for linking with the faster RE2 library
+ (http://code.google.com/p/re2/) instead of PCRE
+* Implemented index operator to access offsets where string was found
+* Implemented new operator
+ "for < quantifier > < variable > in < set or range > : (< expression >) "
+* BUGFIX: Memory leaks in yara-python
+* BUGFIX: yara.compile namespaces not working with filesources
+
+1.4 (13/05/2010)
+* Added external variables
+* Scan speed improvements
+* Added fast scan mode
+* BUGFIX: crash in 64-bits Windows
+
+1.3 (26/10/2009)
+* Added a C-like "include" directive
+* Added support for multi-sources compilation in yara-python
+* Added support for metadata declaration in rules
+* BUGFIX: Incorrect handling of single-line comments at the end of the file
+* BUGFIX: Integer underflow when scanning files of size <= 2 bytes
+
+1.2.1 (14/04/2009)
+* libyara: added support for compiling rules directly from memory
+* libyara: interface refactored
+* libyara: is thread-safe now
+* BUGFIX: Invoking pcre_compile with non-terminated string
+* BUGFIX: Underscore not recognized in string identifiers
+* BUGFIX: Memory leak
+* BUGFIX: Access violation on xxcompare functions
+
+1.2 (13/01/2009)
+* Added support for global rules
+* Added support for declaring alternative sub-strings in hex strings
+* Added support for anonymous strings
+* Added support for intXX and uintXX functions
+* Operator "of" was enhanced
+* Implemented new operator "for..of"
+* "widechar" is now "wide" and can be used in conjuntion with "ascii"
+* Improved syntax error reporting in yara-python
+* "compile" method in yara-python was enhanced
+* "matchfile" method in yara-python was substituted by "match"
+* Some performance improvements
+* BUGFIX: Wrong behavior of escaped characters in regular expressions
+* BUGFIX: Fatal error in yara-python when invoking matchfile with invalid path
+ twice
+* BUGFIX: Wrong precedence of OR and AND operators
+* BUGFIX: Access violation when scanning MZ files with e_lfanew == -1
+* BUGFIX: Incorrect handling of hex strings in lexer
+
+1.1 (05/01/2009)
+* Added support for strings containing null (\x00) chars
+* Added syntactic construct "x of them"
+* Regular expressions syntax changed
+* Now regular expressions can begin with any character
+
+1.0 (24/09/2008)
+* First release
diff --git a/debian/clean b/debian/clean
new file mode 100644
index 0000000..5da17f8
--- /dev/null
+++ b/debian/clean
@@ -0,0 +1 @@
+config.log
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..67d9f7b
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,156 @@
+Source: yara
+Section: utils
+Priority: optional
+Maintainer: Debian Forensics <forensics-devel at lists.alioth.debian.org>
+Uploaders: Joao Eriberto Mota Filho <eriberto at eriberto.pro.br>,
+ Hilko Bengen <bengen at debian.org>
+Build-Depends: debhelper (>= 9), dh-autoreconf,
+ python-all-dev, python3-all-dev
+Standards-Version: 3.9.5
+X-Python-Version: >= 2.6
+X-Python3-Version: => 3.3
+Homepage: http://plusvic.github.io/yara/
+Vcs-Git: git://anonscm.debian.org/forensics/yara.git
+Vcs-Browser: http://anonscm.debian.org/gitweb/?p=forensics/yara.git;a=summary
+
+Package: yara
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends},
+Description: help to identify and classify malwares
+ YARA is a tool aimed at helping malware researchers to identify
+ and classify malware samples. With YARA you can create descriptions
+ of malware families based on textual or binary patterns contained
+ on samples of those families. Each description consists of a set of
+ strings and a Boolean expression which determines its logic. This is
+ useful in forensics analysis.
+ .
+ Complex and powerful rules can be created by using binary strings with
+ wild-cards, case-insensitive text strings, special operators, regular
+ expressions and many other features.
+ .
+ Are examples of the organizations and services using YARA:
+ .
+ - VirusTotal Intelligence (https://www.virustotal.com/intelligence/)
+ - jsunpack-n (http://jsunpack.jeek.org/)
+ - We Watch Your Website (http://www.wewatchyourwebsite.com/)
+ - FireEye, Inc. (http://www.fireeye.com)
+ - Fidelis XPS (http://www.fidelissecurity.com/network-security-appliance/ \
+ Fidelis-XPS)
+ .
+ The Volatility Framework is an example of the software that uses YARA.
+
+Package: libyara2
+Architecture: any
+Section: libs
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: help to identify and classify malwares (shared library)
+ YARA is a tool aimed at helping malware researchers to identify
+ and classify malware samples. With YARA you can create descriptions
+ of malware families based on textual or binary patterns contained
+ on samples of those families. Each description consists of a set of
+ strings and a Boolean expression which determines its logic. This is
+ useful in forensics analysis.
+ .
+ Complex and powerful rules can be created by using binary strings with
+ wild-cards, case-insensitive text strings, special operators, regular
+ expressions and many other features.
+ .
+ Are examples of the organizations and services using YARA:
+ .
+ - VirusTotal Intelligence (https://www.virustotal.com/intelligence/)
+ - jsunpack-n (http://jsunpack.jeek.org/)
+ - We Watch Your Website (http://www.wewatchyourwebsite.com/)
+ - FireEye, Inc. (http://www.fireeye.com)
+ - Fidelis XPS (http://www.fidelissecurity.com/network-security-appliance/ \
+ Fidelis-XPS)
+ .
+ The Volatility Framework is an example of the software that uses YARA.
+ .
+ This package provides a shared library.
+
+Package: libyara-dev
+Section: libdevel
+Architecture: any
+Depends: ${misc:Depends}, libyara2 (= ${binary:Version})
+Description: help to identify and classify malwares (development files)
+ YARA is a tool aimed at helping malware researchers to identify
+ and classify malware samples. With YARA you can create descriptions
+ of malware families based on textual or binary patterns contained
+ on samples of those families. Each description consists of a set of
+ strings and a Boolean expression which determines its logic. This is
+ useful in forensics analysis.
+ .
+ Complex and powerful rules can be created by using binary strings with
+ wild-cards, case-insensitive text strings, special operators, regular
+ expressions and many other features.
+ .
+ Are examples of the organizations and services using YARA:
+ .
+ - VirusTotal Intelligence (https://www.virustotal.com/intelligence/)
+ - jsunpack-n (http://jsunpack.jeek.org/)
+ - We Watch Your Website (http://www.wewatchyourwebsite.com/)
+ - FireEye, Inc. (http://www.fireeye.com)
+ - Fidelis XPS (http://www.fidelissecurity.com/network-security-appliance/ \
+ Fidelis-XPS)
+ .
+ The Volatility Framework is an example of the software that uses YARA.
+ .
+ This package provides development libraries and headers.
+
+Package: python-yara
+Section: python
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: help to identify and classify malwares (Python bindings)
+ YARA is a tool aimed at helping malware researchers to identify
+ and classify malware samples. With YARA you can create descriptions
+ of malware families based on textual or binary patterns contained
+ on samples of those families. Each description consists of a set of
+ strings and a Boolean expression which determines its logic. This is
+ useful in forensics analysis.
+ .
+ Complex and powerful rules can be created by using binary strings with
+ wild-cards, case-insensitive text strings, special operators, regular
+ expressions and many other features.
+ .
+ Are examples of the organizations and services using YARA:
+ .
+ - VirusTotal Intelligence (https://www.virustotal.com/intelligence/)
+ - jsunpack-n (http://jsunpack.jeek.org/)
+ - We Watch Your Website (http://www.wewatchyourwebsite.com/)
+ - FireEye, Inc. (http://www.fireeye.com)
+ - Fidelis XPS (http://www.fidelissecurity.com/network-security-appliance/ \
+ Fidelis-XPS)
+ .
+ The Volatility Framework is an example of the software that uses YARA.
+ .
+ This package provides Python 2 bindings.
+
+Package: python3-yara
+Section: python
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: help to identify and classify malwares (Python 3 bindings)
+ YARA is a tool aimed at helping malware researchers to identify
+ and classify malware samples. With YARA you can create descriptions
+ of malware families based on textual or binary patterns contained
+ on samples of those families. Each description consists of a set of
+ strings and a Boolean expression which determines its logic. This is
+ useful in forensics analysis.
+ .
+ Complex and powerful rules can be created by using binary strings with
+ wild-cards, case-insensitive text strings, special operators, regular
+ expressions and many other features.
+ .
+ Are examples of the organizations and services using YARA:
+ .
+ - VirusTotal Intelligence (https://www.virustotal.com/intelligence/)
+ - jsunpack-n (http://jsunpack.jeek.org/)
+ - We Watch Your Website (http://www.wewatchyourwebsite.com/)
+ - FireEye, Inc. (http://www.fireeye.com)
+ - Fidelis XPS (http://www.fidelissecurity.com/network-security-appliance/ \
+ Fidelis-XPS)
+ .
+ The Volatility Framework is an example of the software that uses YARA.
+ .
+ This package provides Python 3 bindings.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..989918f
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,64 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: yara
+Source: http://code.google.com/p/yara-project
+
+Files: *
+Copyright: 2007, 2011-2013 Victor M. Alvarez <vmalvarez at virustotal.com>
+ 2011 Google, Inc., by Mike Wiacek <mjwiacek at google.com>
+License: Apache-2.0
+
+Files: windows/include/pcre.h windows/include/pcreposix.h
+Comment: Only used in Windows build
+Copyright: 1997-2006 University of Cambridge
+License: BSD-3-Clause
+
+Files: windows/yara/getopt.c windows/yarac/getopt.c
+Comment: Only used in Windows build
+Copyright: 1987-2002 The Regents of the University of California
+License: BSD-3-Clause
+
+Files: debian/*
+Copyright: 2013-2014 Joao Eriberto Mota Filho <eriberto at eriberto.pro.br>,
+ Hilko Bengen <bengen at debian.org>
+License: Apache-2.0
+
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache version 2.0 license
+ can be found in "/usr/share/common-licenses/Apache-2.0".
+
+License: BSD-3-Clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE HOLDERS OR
+ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/debian/exlib b/debian/exlib
new file mode 100644
index 0000000..9ba3b49
--- /dev/null
+++ b/debian/exlib
@@ -0,0 +1,5 @@
+boolstuff
+chef
+iptables
+slapd
+sordi
diff --git a/debian/libyara-dev.install b/debian/libyara-dev.install
new file mode 100644
index 0000000..5e4fc11
--- /dev/null
+++ b/debian/libyara-dev.install
@@ -0,0 +1,3 @@
+usr/include
+usr/lib/*/libyara.a
+usr/lib/*/libyara.so
diff --git a/debian/libyara-dev.lintian-overrides b/debian/libyara-dev.lintian-overrides
new file mode 100644
index 0000000..b664bda
--- /dev/null
+++ b/debian/libyara-dev.lintian-overrides
@@ -0,0 +1,2 @@
+# Not an error, but a site name (We Watch Your Website).
+libyara-dev: using-first-person-in-description line 13: We
diff --git a/debian/libyara2.install b/debian/libyara2.install
new file mode 100644
index 0000000..915ec08
--- /dev/null
+++ b/debian/libyara2.install
@@ -0,0 +1 @@
+usr/lib/*/libyara.so.*
diff --git a/debian/libyara2.lintian-overrides b/debian/libyara2.lintian-overrides
new file mode 100644
index 0000000..a6cf1e6
--- /dev/null
+++ b/debian/libyara2.lintian-overrides
@@ -0,0 +1,2 @@
+# Not an error, but a site name (We Watch Your Website).
+libyara2: using-first-person-in-description line 13: We
diff --git a/debian/libyara2.symbols b/debian/libyara2.symbols
new file mode 100644
index 0000000..bbc3cc3
--- /dev/null
+++ b/debian/libyara2.symbols
@@ -0,0 +1,27 @@
+libyara.so.2 libyara2 #MINVER#
+ yr_compiler_add_file at Base 2.0.0
+ yr_compiler_add_string at Base 2.0.0
+ yr_compiler_create at Base 2.0.0
+ yr_compiler_define_boolean_variable at Base 2.0.0
+ yr_compiler_define_integer_variable at Base 2.0.0
+ yr_compiler_define_string_variable at Base 2.0.0
+ yr_compiler_destroy at Base 2.0.0
+ yr_compiler_get_current_file_name at Base 2.0.0
+ yr_compiler_get_error_message at Base 2.0.0
+ yr_compiler_get_rules at Base 2.0.0
+ yr_compiler_pop_file_name at Base 2.0.0
+ yr_compiler_push_file_name at Base 2.0.0
+ yr_finalize at Base 2.0.0
+ yr_finalize_thread at Base 2.0.0
+ yr_get_tidx at Base 2.0.0
+ yr_initialize at Base 2.0.0
+ yr_rules_define_boolean_variable at Base 2.0.0
+ yr_rules_define_integer_variable at Base 2.0.0
+ yr_rules_define_string_variable at Base 2.0.0
+ yr_rules_destroy at Base 2.0.0
+ yr_rules_load at Base 2.0.0
+ yr_rules_save at Base 2.0.0
+ yr_rules_scan_file at Base 2.0.0
+ yr_rules_scan_mem at Base 2.0.0
+ yr_rules_scan_proc at Base 2.0.0
+ yr_set_tidx at Base 2.0.0
diff --git a/debian/man/header.txt b/debian/man/header.txt
new file mode 100644
index 0000000..ea7e106
--- /dev/null
+++ b/debian/man/header.txt
@@ -0,0 +1 @@
+.TH YARAC "1" "Jan 2014" "YARAC 2.0" "compile rules to yara"
diff --git a/debian/man/yarac.1 b/debian/man/yarac.1
new file mode 100644
index 0000000..099daa0
--- /dev/null
+++ b/debian/man/yarac.1
@@ -0,0 +1,51 @@
+.\"Text automatically generated by txt2man
+.TH YARAC "1" "Jan 2014" "YARAC 2.0" "compile rules to yara"
+.SH NAME
+\fByarac \fP- compile rules to yara
+.SH SYNOPSIS
+.nf
+.fam C
+\fByarac\fP [OPTION]\.\.\. [RULE_FILE]\.\.\. \fIOUTPUT_FILE\fP
+.fam T
+.fi
+.fam T
+.fi
+.SH DESCRIPTION
+To invoke YARA you will need two things: a file with the rules you want to
+use (either in source code or compiled form) and the target to be scanned.
+The target can be a file, a folder, or a process.
+.PP
+Rule files can be passed directly in source code form, or can be previously
+compiled with the \fByarac\fP tool. You may prefer to use your rules in compiled
+form if you are going to invoke YARA multiple times with the same rules.
+This way you’ll save time, because for YARA is faster to load compiled rules
+than compiling the same rules over and over again.
+.PP
+The rules will be applied to the target specified as the last argument to YARA,
+if it’s a path to a directory all the files contained in it will be scanned.
+.SH OPTIONS
+.TP
+.B
+\fB-d\fP <identifier>=<value>
+define external variable.
+.TP
+.B
+\fB-w\fP
+disable warnings.
+.TP
+.B
+\fB-v\fP
+show version information.
+.SH EXAMPLE
+The \fB-d\fP is used to define external variables. For example:
+.PP
+\fB-d\fP flag=true
+.PP
+\fB-d\fP beast=666
+.PP
+\fB-d\fP name="James Bond"
+.SH SE ALSO
+\fByara\fP(1)
+.SH AUTHOR
+\fByarac\fP was written by Victor M. Alvarez <vmalvarez at virustotal.com>.
+This manual page was written by Joao Eriberto Mota Filho <eriberto at eriberto.pro.br> for the Debian project (but may be used by others).
diff --git a/debian/man/yarac.txt b/debian/man/yarac.txt
new file mode 100644
index 0000000..dc7944d
--- /dev/null
+++ b/debian/man/yarac.txt
@@ -0,0 +1,35 @@
+NAME
+ yarac - compile rules to yara
+SYNOPSIS
+ yarac [OPTION]... [RULE_FILE]... OUTPUT_FILE
+DESCRIPTION
+ To invoke YARA you will need two things: a file with the rules you want to
+ use (either in source code or compiled form) and the target to be scanned.
+ The target can be a file, a folder, or a process.
+
+ Rule files can be passed directly in source code form, or can be previously
+ compiled with the yarac tool. You may prefer to use your rules in compiled
+ form if you are going to invoke YARA multiple times with the same rules.
+ This way you’ll save time, because for YARA is faster to load compiled rules
+ than compiling the same rules over and over again.
+
+ The rules will be applied to the target specified as the last argument to YARA,
+ if it’s a path to a directory all the files contained in it will be scanned.
+OPTIONS
+ -d <identifier>=<value> define external variable.
+ -w disable warnings.
+ -v show version information.
+EXAMPLE
+ The -d is used to define external variables. For example:
+
+ -d flag=true
+
+ -d beast=666
+
+ -d name="James Bond"
+SE ALSO
+ yara(1)
+AUTHOR
+ yarac was written by Victor M. Alvarez <vmalvarez at virustotal.com>.
+ This manual page was written by Joao Eriberto Mota Filho <eriberto at eriberto.pro.br> for the Debian project (but may be used by others).
+
diff --git a/debian/patches/build-fixes b/debian/patches/build-fixes
new file mode 100644
index 0000000..df96554
--- /dev/null
+++ b/debian/patches/build-fixes
@@ -0,0 +1,78 @@
+From b6050968f2219affa6e2c81dfb2987dcc470c407 Mon Sep 17 00:00:00 2001
+From: "Victor M. Alvarez" <plusvic at gmail.com>
+Date: Fri, 10 Jan 2014 13:17:01 +0100
+Subject: [PATCH] Apply patches proposed by Hilko Bengen from Debian
+
+---
+ Makefile.am | 4 ++--
+ libyara/Makefile.am | 2 ++
+ libyara/libyara.sym | 26 ++++++++++++++++++++++++++
+ 3 files changed, 30 insertions(+), 2 deletions(-)
+ create mode 100644 libyara/libyara.sym
+
+diff --git a/Makefile.am b/Makefile.am
+index 988b829..d588707 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -9,10 +9,10 @@ ACLOCAL_AMFLAGS=-I m4
+ bin_PROGRAMS = yara yarac
+
+ yara_SOURCES = threading.c yara.c
+-yara_LDADD = libyara/.libs/libyara.a
++yara_LDADD = libyara/.libs/libyara.la
+
+ yarac_SOURCES = yarac.c
+-yarac_LDADD = libyara/.libs/libyara.a
++yarac_LDADD = libyara/.libs/libyara.la
+
+ # man page
+ man1_MANS = yara.man
+diff --git a/libyara/Makefile.am b/libyara/Makefile.am
+index e25f7a4..a2901b9 100644
+--- a/libyara/Makefile.am
++++ b/libyara/Makefile.am
+@@ -8,6 +8,8 @@ include_HEADERS = yara.h
+
+ lib_LTLIBRARIES = libyara.la
+
++libyara_la_LDFLAGS = -export-symbols libyara.sym -version-number 2:0
++
+ libyara_la_SOURCES = \
+ ahocorasick.c \
+ ahocorasick.h \
+diff --git a/libyara/libyara.sym b/libyara/libyara.sym
+new file mode 100644
+index 0000000..f377341
+--- /dev/null
++++ b/libyara/libyara.sym
+@@ -0,0 +1,26 @@
++yr_initialize
++yr_finalize
++yr_finalize_thread
++yr_get_tidx
++yr_set_tidx
++yr_compiler_create
++yr_compiler_destroy
++yr_compiler_add_file
++yr_compiler_add_string
++yr_compiler_push_file_name
++yr_compiler_pop_file_name
++yr_compiler_get_error_message
++yr_compiler_get_current_file_name
++yr_compiler_define_integer_variable
++yr_compiler_define_boolean_variable
++yr_compiler_define_string_variable
++yr_compiler_get_rules
++yr_rules_scan_mem
++yr_rules_scan_file
++yr_rules_scan_proc
++yr_rules_save
++yr_rules_load
++yr_rules_destroy
++yr_rules_define_integer_variable
++yr_rules_define_boolean_variable
++yr_rules_define_string_variable
+\ No newline at end of file
+--
+1.8.5.2
+
diff --git a/debian/patches/fix-python-build b/debian/patches/fix-python-build
new file mode 100644
index 0000000..b5ed9bf
--- /dev/null
+++ b/debian/patches/fix-python-build
@@ -0,0 +1,13 @@
+Description: fix python build.
+Author: Hilko Bengen <bengen at debian.org>
+Last-Update: 2014-01-05
+--- a/yara-python/setup.py
++++ b/yara-python/setup.py
+@@ -8,5 +8,6 @@
+ name='yara',
+ sources=['yara-python.c'],
+ libraries=['yara'],
+- include_dirs=['../windows/include', '../libyara'],
++ include_dirs=['../libyara'],
++ library_dirs=['../libyara/.libs']
+ )])
diff --git a/debian/patches/manpage b/debian/patches/manpage
new file mode 100644
index 0000000..06b47cb
--- /dev/null
+++ b/debian/patches/manpage
@@ -0,0 +1,32 @@
+Description: fix some hyphens in manpage.
+Author: Joao Eriberto Mota Filho <eriberto at eriberto.pro.br>
+Last-Update: 2014-01-05
+--- a/yara.man
++++ b/yara.man
+@@ -80,7 +80,7 @@
+ to all files on current directory. Subdirectories are not scanned.
+ .RE
+ .PP
+-$ yara -t Packer -t Compiler /foo/bar/rules bazfile
++$ yara \-t Packer \-t Compiler /foo/bar/rules bazfile
+ .RS
+ .PP
+ Apply rules on
+@@ -93,7 +93,7 @@
+ .I Compiler.
+ .RE
+ .PP
+-$ cat /foo/bar/rules1 | yara -r /foo
++$ cat /foo/bar/rules1 | yara \-r /foo
+ .RS
+ .PP
+ Scan all files in the
+@@ -101,7 +101,7 @@
+ directory and its subdirectories. Rules are read from standard input.
+ .RE
+ .PP
+-$ yara -d mybool=true -d myint=5 -d mystring="my string" /foo/bar/rules bazfile
++$ yara \-d mybool=true \-d myint=5 \-d mystring="my string" /foo/bar/rules bazfile
+ .RS
+ .PP
+ Defines three external variables
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..e832c40
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,3 @@
+fix-python-build
+manpage
+build-fixes
\ No newline at end of file
diff --git a/debian/python-yara.docs b/debian/python-yara.docs
new file mode 100644
index 0000000..885ac68
--- /dev/null
+++ b/debian/python-yara.docs
@@ -0,0 +1 @@
+yara-python/README
diff --git a/debian/python-yara.install b/debian/python-yara.install
new file mode 100644
index 0000000..fe633eb
--- /dev/null
+++ b/debian/python-yara.install
@@ -0,0 +1 @@
+/usr/lib/python2*
\ No newline at end of file
diff --git a/debian/python-yara.lintian-overrides b/debian/python-yara.lintian-overrides
new file mode 100644
index 0000000..184c2e0
--- /dev/null
+++ b/debian/python-yara.lintian-overrides
@@ -0,0 +1,2 @@
+# Not an error, but a site name (We Watch Your Website).
+python-yara: using-first-person-in-description line 13: We
diff --git a/debian/python3-yara.docs b/debian/python3-yara.docs
new file mode 100644
index 0000000..885ac68
--- /dev/null
+++ b/debian/python3-yara.docs
@@ -0,0 +1 @@
+yara-python/README
diff --git a/debian/python3-yara.install b/debian/python3-yara.install
new file mode 100644
index 0000000..028be4f
--- /dev/null
+++ b/debian/python3-yara.install
@@ -0,0 +1 @@
+/usr/lib/python3*
\ No newline at end of file
diff --git a/debian/python3-yara.lintian-overrides b/debian/python3-yara.lintian-overrides
new file mode 100644
index 0000000..1fcc24c
--- /dev/null
+++ b/debian/python3-yara.lintian-overrides
@@ -0,0 +1,2 @@
+# Not an error, but a site name (We Watch Your Website).
+python3-yara: using-first-person-in-description line 13: We
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..224b670
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,31 @@
+#!/usr/bin/make -f
+#export DH_VERBOSE=1
+
+PYTHONS:=$(shell pyversions --installed; py3versions --installed)
+
+%:
+ dh $@ --with autoreconf,python2,python3
+
+override_dh_auto_build:
+ dh_auto_build
+ set -e; for python in $(PYTHONS); do \
+ ( cd yara-python && $$python setup.py build ); \
+ done
+
+override_dh_auto_install:
+ dh_auto_install
+ set -e; for python in $(PYTHONS); do \
+ ( cd yara-python && $$python setup.py install --skip-build --root ../debian/tmp --install-layout=deb ); \
+ done
+
+override_dh_auto_clean:
+ rm -rf yara-python/build
+ dh_auto_clean
+ dh_auto_clean --sourcedirectory=yara-python
+
+override_dh_install:
+ dh_install --fail-missing -X.la
+
+override_dh_installchangelogs:
+ dh_installchangelogs
+ dh_installchangelogs -p libyara-dev -p libyara0 -p python-yara -p python3-yara -p yara debian/changelog.upstream
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/options b/debian/source/options
new file mode 100644
index 0000000..2661ea6
--- /dev/null
+++ b/debian/source/options
@@ -0,0 +1,2 @@
+# Don't store changes on file
+extend-diff-ignore = "^REVISION$"
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..9cbea7d
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,3 @@
+version=3
+https://github.com/plusvic/yara/releases .*v(\d\S*)\.tar\.gz
+
diff --git a/debian/yara.docs b/debian/yara.docs
new file mode 100644
index 0000000..b43bf86
--- /dev/null
+++ b/debian/yara.docs
@@ -0,0 +1 @@
+README.md
diff --git a/debian/yara.install b/debian/yara.install
new file mode 100644
index 0000000..a65408f
--- /dev/null
+++ b/debian/yara.install
@@ -0,0 +1,2 @@
+usr/bin
+usr/share/man
diff --git a/debian/yara.lintian-overrides b/debian/yara.lintian-overrides
new file mode 100644
index 0000000..f30faad
--- /dev/null
+++ b/debian/yara.lintian-overrides
@@ -0,0 +1,2 @@
+# Not an error, but a site name (We Watch Your Website).
+yara: using-first-person-in-description line 13: We
diff --git a/debian/yara.manpages b/debian/yara.manpages
new file mode 100644
index 0000000..16a7f29
--- /dev/null
+++ b/debian/yara.manpages
@@ -0,0 +1 @@
+debian/man/yarac.1
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list