CVS commit: pkgsrc/security/yara

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/yara
From: "Pierre Pronchery" <khorben%netbsd.org@localhost>
Date: Sat, 14 Dec 2019 10:46:09 +0000

Module Name:    pkgsrc
Committed By:   khorben
Date:           Sat Dec 14 10:46:09 UTC 2019

Modified Files:
        pkgsrc/security/yara: Makefile.common PLIST distinfo
Added Files:
        pkgsrc/security/yara/patches: patch-libyara_libyara.c
            patch-libyara_re.c
Removed Files:
        pkgsrc/security/yara/patches: patch-common.h patch-libyara_modules_pe.c

Log Message:
security/yara: Update to 3.11.0

Coordinated with leot@ and he@ while investigating CVE-2019-19648.

The changes listed for this version include:

 * Duplicated string modifiers are now an error.
 * More flexible xor modifier.
 * Implement private strings (#1096)
 * Add field_offsets to dotnet module.
 * Implement crc32 functions in hash module.
 * Improvements to rich_signature functions in pe module.
 * Implement sandboxed API using SAPI
 * BUGFIX: Some regexp character classes not matching correctly when used with nocase modifier (#1117)
 * BUGFIX: Reduce the number of ERROR_TOO_MANY_RE_FIBERS errors for certain hex pattern containing large jumps (#1107)
 * BUGFIX: Buffer overrun in dotnet module (#1108)
 * BUGFIX: Segfault in certain Windows versions (#1068)
 * BUGFIX: Memory leak while attaching to a process fails (#1070)

Changes for version 3.10.0:

 * Optimize integer range loops by exiting earlier when possible.
 * Cache the result of PE module's imphash function in order to improve performance.
 * Harden virtual machine against malicious code.
 * BUGFIX: xor modifier not working as expected if not accompanied by ascii (#1053).
 * BUGFIX: \s and \S character classes in regular expressions now include vertical tab, new line, carriage return and form feed characters.
 * BUGFIX: Regression bug in hex strings containing wildcards (#1025).
 * BUGFIX: Buffer overrun in elf module.
 * BUGFIX: Buffer overrun in dotnet module

Changes for version 3.9.0:

 * Improve scan performance for certain strings.
 * Reduce stack usage.
 * Prevent inadvertent use of compiled rules by forcing the use of -C when using yara command-line tool.
 * BUGFIX: Buffer overflow in "dotnet" module.
 * BUGFIX: Internal error when running multiple instances of YARA in Mac OS X. (#945)
 * BUGFIX: Regexp regression when using nested quantifiers {x,y} for certain values of x and y. (#1018)
 * BUGFIX: High RAM consumption in "pe" module while parsing certain files.(0c8b461)
 * BUGFIX: Denial of service when using "dex" module. Found by the Cisco Talos team. (#1023)
 * BUGFIX: Issues with comments inside hex strings.

Changes for version 3.8.1:

 * BUGFIX: Some combinations of boolean command-line flags were broken in version 3.8.0.
 * BUGFIX: While reporting errors that occur at the end of the file, the file name appeared as null.
 * BUGFIX: dex module now works in big-endian architectures.
 * BUGFIX: Keep ABI compatibility by keeping deprecated functions visible.

Changes for version 3.8.0:

 * Scanner API
 * New xor modifier for strings
 * New fields and functions in PE module.
 * Add functions min and max to math module.
 * Make compiled.
 * yara and yaracsupport reading rules from stdin by using - as the file name.
 * Rule compilation is faster.
 * BUGFIX: Regression in regex engine. /ba{3}b/ was matching baaaab.
 * BUGFIX: Function yr_compiler_add_fd() was reading only the first 1024 bytes of the file.
 * BUGFIX: Wrong calculation of sha256 hashes in Windows when using native crypto API.
 * Lots of more bug fixes.

Changes for version 3.7.1:

 * Fix regression in include directive (issue #796)
 * Fix bug in PE checksum calculation causing wrong results in some cases.


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/yara/Makefile.common \
    pkgsrc/security/yara/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/yara/PLIST
cvs rdiff -u -r1.1 -r0 pkgsrc/security/yara/patches/patch-common.h \
    pkgsrc/security/yara/patches/patch-libyara_modules_pe.c
cvs rdiff -u -r0 -r1.1 pkgsrc/security/yara/patches/patch-libyara_libyara.c \
    pkgsrc/security/yara/patches/patch-libyara_re.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/yara/Makefile.common
diff -u pkgsrc/security/yara/Makefile.common:1.11 pkgsrc/security/yara/Makefile.common:1.12
--- pkgsrc/security/yara/Makefile.common:1.11   Wed Nov 15 18:22:22 2017
+++ pkgsrc/security/yara/Makefile.common        Sat Dec 14 10:46:08 2019
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.11 2017/11/15 18:22:22 he Exp $
+# $NetBSD: Makefile.common,v 1.12 2019/12/14 10:46:08 khorben Exp $
 #
 # used by security/yara/Makefile
 # used by security/py-yara/Makefile
 
-VERSION=       3.7.0
+VERSION=       3.11.0
 GITHUB_TAG=    v${VERSION}
 
 MAINTAINER=    khorben%defora.org@localhost
Index: pkgsrc/security/yara/distinfo
diff -u pkgsrc/security/yara/distinfo:1.11 pkgsrc/security/yara/distinfo:1.12
--- pkgsrc/security/yara/distinfo:1.11  Wed Nov 15 18:22:22 2017
+++ pkgsrc/security/yara/distinfo       Sat Dec 14 10:46:08 2019
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.11 2017/11/15 18:22:22 he Exp $
+$NetBSD: distinfo,v 1.12 2019/12/14 10:46:08 khorben Exp $
 
-SHA1 (yara-3.7.0.tar.gz) = 89fd429bf40db1039c0a3ff7cd94d79ec450c024
-RMD160 (yara-3.7.0.tar.gz) = 069f9815ead81ebf2be3151b14a4fcc3046770d7
-SHA512 (yara-3.7.0.tar.gz) = cd0214d39c6d1c5bc8410a1ec67e42ec8a672be382fb11e0a0f98cb03af1ef5db92e74216a9b98a6bdedf9721d4470639e340edbd39ca0184233652839742a33
-Size (yara-3.7.0.tar.gz) = 558035 bytes
-SHA1 (patch-common.h) = 199ab70fb828124e07ae51a467ed50ad95f2b616
-SHA1 (patch-libyara_modules_pe.c) = db69a250dabc9a074cd17c795e7b0d117b2585bf
+SHA1 (yara-3.11.0.tar.gz) = 81a243423352d66f5ec0cb657098c27f035cd164
+RMD160 (yara-3.11.0.tar.gz) = 18f28d9c6cface071f2526ca7d7c64a0b3a848f9
+SHA512 (yara-3.11.0.tar.gz) = 26d800284a2de07195e4a480eb7125b1f5ad0265b284bfbeee10dbab162ea0f419c9e2ea5c4ed5fa25a46a2c9e3c6b077dfe1cafece79251e20d5d70f91b80a8
+Size (yara-3.11.0.tar.gz) = 772122 bytes
+SHA1 (patch-common.h) = d85b8be6ee384630f8e1b7ffc3c126f25d13e956
+SHA1 (patch-libyara_libyara.c) = 3be4325f344676cc490ff262483b76fab4b080fa
+SHA1 (patch-libyara_re.c) = 4376d943b32fc0e13cb2b4ced99467da1f263da0
 SHA1 (patch-libyara_re__lexer.l) = 169802090dd922f06d8c32a0d1ea5409cf660f61

Index: pkgsrc/security/yara/PLIST
diff -u pkgsrc/security/yara/PLIST:1.5 pkgsrc/security/yara/PLIST:1.6
--- pkgsrc/security/yara/PLIST:1.5      Wed Nov 15 18:22:22 2017
+++ pkgsrc/security/yara/PLIST  Sat Dec 14 10:46:08 2019
@@ -1,10 +1,11 @@
-@comment $NetBSD: PLIST,v 1.5 2017/11/15 18:22:22 he Exp $
+@comment $NetBSD: PLIST,v 1.6 2019/12/14 10:46:08 khorben Exp $
 bin/yara
 bin/yarac
 include/yara.h
 include/yara/ahocorasick.h
 include/yara/arena.h
 include/yara/atoms.h
+include/yara/bitmask.h
 include/yara/compiler.h
 include/yara/error.h
 include/yara/exec.h
@@ -22,7 +23,10 @@ include/yara/proc.h
 include/yara/re.h
 include/yara/rules.h
 include/yara/scan.h
+include/yara/scanner.h
 include/yara/sizedstr.h
+include/yara/stack.h
+include/yara/stopwatch.h
 include/yara/stream.h
 include/yara/strutils.h
 include/yara/threading.h

Added files:

Index: pkgsrc/security/yara/patches/patch-libyara_libyara.c
diff -u /dev/null pkgsrc/security/yara/patches/patch-libyara_libyara.c:1.1
--- /dev/null   Sat Dec 14 10:46:09 2019
+++ pkgsrc/security/yara/patches/patch-libyara_libyara.c        Sat Dec 14 10:46:08 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-libyara_libyara.c,v 1.1 2019/12/14 10:46:08 khorben Exp $
+
+Ensure we adhere to valid value domain for isxxxx() function/macro.
+
+--- libyara/libyara.c.orig     2019-10-10 11:10:50.000000000 +0000
++++ libyara/libyara.c
+@@ -138,7 +138,7 @@ YR_API int yr_initialize(void)
+     else
+       yr_altercase[i] = i;
+ 
+-    yr_lowercase[i] = tolower(i);
++    yr_lowercase[i] = tolower((unsigned char)i);
+   }
+ 
+   FAIL_ON_ERROR(yr_heap_alloc());
Index: pkgsrc/security/yara/patches/patch-libyara_re.c
diff -u /dev/null pkgsrc/security/yara/patches/patch-libyara_re.c:1.1
--- /dev/null   Sat Dec 14 10:46:09 2019
+++ pkgsrc/security/yara/patches/patch-libyara_re.c     Sat Dec 14 10:46:08 2019
@@ -0,0 +1,23 @@
+$NetBSD: patch-libyara_re.c,v 1.1 2019/12/14 10:46:08 khorben Exp $
+
+Ensure we adhere to valid value domain for isxxxx() function/macro.
+
+--- libyara/re.c.orig  2019-10-10 11:10:50.000000000 +0000
++++ libyara/re.c
+@@ -2063,14 +2063,14 @@ int yr_re_exec(
+ 
+         case RE_OPCODE_DIGIT:
+           prolog;
+-          match = isdigit(*input);
++          match = isdigit((unsigned char)*input);
+           action = match ? ACTION_NONE : ACTION_KILL;
+           fiber->ip += 1;
+           break;
+ 
+         case RE_OPCODE_NON_DIGIT:
+           prolog;
+-          match = !isdigit(*input);
++          match = !isdigit((unsigned char)*input);
+           action = match ? ACTION_NONE : ACTION_KILL;
+           fiber->ip += 1;
+           break;

Prev by Date: CVS commit: pkgsrc/fonts
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/fonts
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index