Software Engineering Institute

LiFTeR: Changes for yara

September 14, 2022: yara{,-devel,-doc}-4.2.3-1.el8.x86_64.rpm Yara is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic. These packages provide the missing yara-devel.
September 14, 2022: python{2,3}-yara-4.2.3-1.x86_64.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
August 25, 2021: python2-yara-4.1.2-1.{fc32,fc33,fc34,el8}.x86_64.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
May 13, 2021: python2-yara-4.1.0-3.{fc31,fc32,fc33,fc34,el8}.x86_64.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts. This package was rebuilt due to the releases of Yara 4.1.0 for CentOS/RHEL 8.
May 6, 2021: python2-yara-4.1.0-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts. This package was rebuilt due to the releases of Yara 4.1.0 for Fedora 34.
May 2, 2021: python2-yara-4.1.0-1.{fc31,fc32,fc33,el8}.x86_64.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
March 5, 2021: python2-yara-4.0.5-1.{fc31,fc32,fc33,el8}.x86_64.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
January 29, 2021: python2-yara-4.0.4-1.{fc31,fc32,fc33,el8}.x86_64.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
July 3, 2020: python2-yara-4.0.2-1.fc30.{i386,x86_64}.rpm and python2-yara-4.0.2-1.x86_64.{fc31,fc32,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
May 22, 2020: python2-yara-4.0.1-1.fc30.{i386,x86_64}.rpm and python2-yara-4.0.1-1.x86_64.{fc31,fc32,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
May 8, 2020: python2-yara-3.11.0-4.{fc30,el6}.{i386,x86_64}.rpm and python2-yara-3.11.0-4.x86_64.{fc31,fc32,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts. This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32. For all other releases, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality.
November 1, 2019: python{2,3}-yara-3.11.0-1.{i386,x86_64}.fc30.rpm, python2-yara-3.11.0-1.{i386,x86_64}.el6.rpm, and python{2,3}-yara-3.11.0-1.x86_64.el8.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
August 2, 2019: python-yara-3.9.0-2.{i386,x86_64}.el6.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
June 14, 2019: yara{,-devel,-doc}-3.5.0-7.1.el7.x86_64.rpm - Removed: Provided by EPEL.
May 26, 2017: yara{,-doc,-devel}-3.5.0-7.1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Note that the -devel and -doc packages split out the files needed for development and documentation respectively.
September 11, 2016: yara{,-doc,-devel}-3.5.0-5.1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. This release (5.1) was rebuilt to coincide with the version from Fedora (3.5.0-5)but to eliminate some dependency problems on Fedora 23 and 24. Note also that the -devel and -doc packages split out the files needed for development and documentation respectively.
August 22, 2016: yara-3.5.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (3.4.0):
- Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
- Performance improvements
- Less memory consumption while scanning processes
- Exception handling when scanning memory blocks
- Negative integers in meta fields
- Added the --stack-size command-argument
- Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module
- Functions rich_signature.toolid and rich_signature.version added to PE module
- Lots of bug fixes
September 25, 2015: yara-3.4.0-2.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (3.3.0):
- Short-circuit evaluation for conditions
- New yr_rules_save_stream/yr_rules_load_stream APIs.
- load() and save() methods in yara-python accept file-like objects
- Improvements to the PE and ELF modules
- Some performance improvements
- New command-line option --print-module-data
- Multiple bug fixes.
In addition, release 2 was built with openssl-devel
February 27, 2015: yara-3.3.0-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (2.1.0):
- Added support for negative integers and floating point numbers
- Implemented operators , <, =, <= for strings
- Implemented word boundary anchors (\b, \B) in regular expressions
- New features in PE module
- Math module
- New --print-namespace command line argument
- Better error handling in low memory conditions
- BUGFIX: at operator not working with certain strings containing wildcards
- BUGFIX: precedence of bitwise operators was incorrect
- BUGFIX: incorrect imphash result for certain PE files importing functions by ordinal
- BUGFIX: handle and memory leaks
- BUGFIX: multiple segfaults
July 24, 2014: yara-2.1.0-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (1.7.2):
- Improve regexp engine
- Improve multithreading support
- Case-insensitive and single-line matching modes for "matches" operator's regexps
- Added "error_on_warning" argument to "match" in yara-python
- Recognize x64 PE files
- BUGFIX: Mutex handle leak
- BUGFIX: NULL pointer dereferences
- BUGFIX: Buffer overflow
- BUGFIX: Crash while using compiled rules with yara64 in Windows
- BUGFIX: Infinite loop while scanning 64bits process in Windows
- BUGFIX: Side-effect on "externals" argument in yara-python's "match" function
- BUGFIX: "x of them" not working with strings containing unbounded jumps
January 22, 2014: yara-2.0.0-1.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (1.7.2):
- Faster
- Better multi-thread support
- Rules can be saved in binary form
December 13, 2013: yara-1.7.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (1.7):
- BUGFIX: Regular expressions marked as both "wide" and "ascii" were treated as just "wide"
- BUGFIX: Bug in "n of ()" operator
- BUGFIX: Bug in get_process_memory could cause infinite loop
- BUGFIX: Fix SIGABORT in ARM
- BUGFIX: Failing to detect one-byte strings at the end of a file.
- BUGFIX: Strings being incorrectly printed when markes both as wide and ascii
- BUGFIX: Stack overflow while following circular symlinks
- BUGFIX: Expression "/re/ matches var" always matching if "var" was an empty string
- BUGFIX: Strings marked as "fullword" were incorrectly matching in some cases
April 3, 2013: yara-1.7-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version:
- faster compilation
- added suport for modulus (%) and bitwise xor (|) operators
- better hashing of regular expressions
- BUGFIX: yara-python segfault when using dir() on Rules and Match classes
- BUGFIX: Integer overflow causing infinite loop
- BUGFIX: Handling strings containing \x00 characters correctly
- BUGFIX: Regular expressions not matching at the end of the file when compiled with RE2
- BUGFIX: Memory leaks
- BUGFIX: File handle leaks