Software Engineering Institute

LiFTeR: Changes for yara

August 25, 2021: python2-yara-4.1.2-1.x86_64.{fc32,fc33,fc34,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
May 13, 2021: python2-yara-4.1.0-3.x86_64.{fc31,fc32,fc33,fc34,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts. This package was rebuilt due to the releases of Yara 4.1.0 for CentOS/RHEL 8.
May 6, 2021: python2-yara-4.1.0-2.x86_64.{fc31,fc32,fc33,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts. This package was rebuilt due to the releases of Yara 4.1.0 for Fedora 34.
May 2, 2021: python2-yara-4.1.0-1.x86_64.{fc31,fc32,fc33,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
March 5, 2021: python2-yara-4.0.5-1.x86_64.{fc31,fc32,fc33,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
January 29, 2021: python2-yara-4.0.4-1.x86_64.{fc31,fc32,fc33,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
July 3, 2020: python2-yara-4.0.2-1.fc30.{i386,x86_64}.rpm and python2-yara-4.0.2-1.x86_64.{fc31,fc32,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
May 22, 2020: python2-yara-4.0.1-1.fc30.{i386,x86_64}.rpm and python2-yara-4.0.1-1.x86_64.{fc31,fc32,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
May 8, 2020: python2-yara-3.11.0-4.{fc30,el6}.{i386,x86_64}.rpm and python2-yara-3.11.0-4.x86_64.{fc31,fc32,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts. This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32. For all other releases, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality.
November 1, 2019: python{2,3}-yara-3.11.0-1.{i386,x86_64}.fc30.rpm, python2-yara-3.11.0-1.{i386,x86_64}.el6.rpm, and python{2,3}-yara-3.11.0-1.x86_64.el8.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
August 2, 2019: python-yara-3.9.0-2.{i386,x86_64}.el6.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
June 14, 2019: yara{,-devel,-doc}-3.5.0-7.1.el7.x86_64.rpm - Removed: Provided by EPEL.
May 26, 2017: yara{,-doc,-devel}-3.5.0-7.1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Note that the -devel and -doc packages split out the files needed for development and documentation respectively.
September 11, 2016: yara{,-doc,-devel}-3.5.0-5.1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. This release (5.1) was rebuilt to coincide with the version from Fedora (3.5.0-5)but to eliminate some dependency problems on Fedora 23 and 24. Note also that the -devel and -doc packages split out the files needed for development and documentation respectively.
August 22, 2016: yara-3.5.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (3.4.0):
- Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
- Performance improvements
- Less memory consumption while scanning processes
- Exception handling when scanning memory blocks
- Negative integers in meta fields
- Added the --stack-size command-argument
- Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module
- Functions rich_signature.toolid and rich_signature.version added to PE module
- Lots of bug fixes
September 25, 2015: yara-3.4.0-2.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (3.3.0):
- Short-circuit evaluation for conditions
- New yr_rules_save_stream/yr_rules_load_stream APIs.
- load() and save() methods in yara-python accept file-like objects
- Improvements to the PE and ELF modules
- Some performance improvements
- New command-line option --print-module-data
- Multiple bug fixes.
In addition, release 2 was built with openssl-devel
February 27, 2015: yara-3.3.0-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (2.1.0):
- Added support for negative integers and floating point numbers
- Implemented operators , <, =, <= for strings
- Implemented word boundary anchors (\b, \B) in regular expressions
- New features in PE module
- Math module
- New --print-namespace command line argument
- Better error handling in low memory conditions
- BUGFIX: at operator not working with certain strings containing wildcards
- BUGFIX: precedence of bitwise operators was incorrect
- BUGFIX: incorrect imphash result for certain PE files importing functions by ordinal
- BUGFIX: handle and memory leaks
- BUGFIX: multiple segfaults
July 24, 2014: yara-2.1.0-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (1.7.2):
- Improve regexp engine
- Improve multithreading support
- Case-insensitive and single-line matching modes for "matches" operator's regexps
- Added "error_on_warning" argument to "match" in yara-python
- Recognize x64 PE files
- BUGFIX: Mutex handle leak
- BUGFIX: NULL pointer dereferences
- BUGFIX: Buffer overflow
- BUGFIX: Crash while using compiled rules with yara64 in Windows
- BUGFIX: Infinite loop while scanning 64bits process in Windows
- BUGFIX: Side-effect on "externals" argument in yara-python's "match" function
- BUGFIX: "x of them" not working with strings containing unbounded jumps
January 22, 2014: yara-2.0.0-1.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (1.7.2):
- Faster
- Better multi-thread support
- Rules can be saved in binary form
December 13, 2013: yara-1.7.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (1.7):
- BUGFIX: Regular expressions marked as both "wide" and "ascii" were treated as just "wide"
- BUGFIX: Bug in "n of ()" operator
- BUGFIX: Bug in get_process_memory could cause infinite loop
- BUGFIX: Fix SIGABORT in ARM
- BUGFIX: Failing to detect one-byte strings at the end of a file.
- BUGFIX: Strings being incorrectly printed when markes both as wide and ascii
- BUGFIX: Stack overflow while following circular symlinks
- BUGFIX: Expression "/re/ matches var" always matching if "var" was an empty string
- BUGFIX: Strings marked as "fullword" were incorrectly matching in some cases
April 3, 2013: yara-1.7-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version:
- faster compilation
- added suport for modulus (%) and bitwise xor (|) operators
- better hashing of regular expressions
- BUGFIX: yara-python segfault when using dir() on Rules and Match classes
- BUGFIX: Integer overflow causing infinite loop
- BUGFIX: Handling strings containing \x00 characters correctly
- BUGFIX: Regular expressions not matching at the end of the file when compiled with RE2
- BUGFIX: Memory leaks
- BUGFIX: File handle leaks