Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package yara for openSUSE:Factory checked in at 2021-11-07 00:20:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yara (Old) and /work/SRC/openSUSE:Factory/.yara.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yara" Sun Nov 7 00:20:14 2021 rev:14 rq:929929 version:4.1.3 Changes: -------- --- /work/SRC/openSUSE:Factory/yara/yara.changes 2021-10-30 23:14:42.339102251 +0200 +++ /work/SRC/openSUSE:Factory/.yara.new.1890/yara.changes 2021-11-07 00:20:15.604557565 +0100 @@ -1,0 +2,9 @@ +Fri Nov 5 17:45:44 UTC 2021 - Arjen de Korte <suse+bu...@de-korte.org> + +- update to 4.1.3: + * BUGFIX: Fix issue where ERROR_TOO_MANY_MATCHES was incorrectly returned + * BUGFIX: Fix potential buffer overrun due to incorrect macro +- Change license to BSD-3-Clause (upstream changed to this license with + version 3.5.0) + +------------------------------------------------------------------- Old: ---- yara-4.1.2.tar.gz New: ---- yara-4.1.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yara.spec ++++++ --- /var/tmp/diff_new_pack.k9BUwK/_old 2021-11-07 00:20:16.056557614 +0100 +++ /var/tmp/diff_new_pack.k9BUwK/_new 2021-11-07 00:20:16.060557614 +0100 @@ -18,10 +18,10 @@ %define soname 8 Name: yara -Version: 4.1.2 +Version: 4.1.3 Release: 0 Summary: A malware identification and classification tool -License: Apache-2.0 +License: BSD-3-Clause Group: System/Filesystems URL: https://virustotal.github.io/yara/ Source: https://github.com/VirusTotal/yara/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz ++++++ yara-4.1.2.tar.gz -> yara-4.1.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.2/.gitignore new/yara-4.1.3/.gitignore --- old/yara-4.1.2/.gitignore 2021-08-23 13:01:39.000000000 +0200 +++ new/yara-4.1.3/.gitignore 2021-10-21 11:31:47.000000000 +0200 @@ -61,26 +61,7 @@ .DS_Store # Files generated by tests -test-alignment -test-api -test-arena -test-arena-stream -test-async -test-atoms -test-bitmask -test-elf -test-exception -test-rules-pass-1 -test-rules-pass-2 -test-rules-pass-3 -test-rules.yarc -test-pb -test-pe -test-re-split -test-stack -test-macho -test-math -test-version +test-* # Bazel bazel-* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.2/configure.ac new/yara-4.1.3/configure.ac --- old/yara-4.1.2/configure.ac 2021-08-23 13:01:39.000000000 +0200 +++ new/yara-4.1.3/configure.ac 2021-10-21 11:31:47.000000000 +0200 @@ -1,4 +1,4 @@ -AC_INIT([yara], [4.1.0], [vmalva...@virustotal.com]) +AC_INIT([yara], [4.1.3], [vmalva...@virustotal.com]) AM_SILENT_RULES([yes]) AC_CONFIG_SRCDIR([cli/yara.c]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.2/libyara/include/yara/libyara.h new/yara-4.1.3/libyara/include/yara/libyara.h --- old/yara-4.1.2/libyara/include/yara/libyara.h 2021-08-23 13:01:39.000000000 +0200 +++ new/yara-4.1.3/libyara/include/yara/libyara.h 2021-10-21 11:31:47.000000000 +0200 @@ -34,7 +34,7 @@ #define YR_MAJOR_VERSION 4 #define YR_MINOR_VERSION 1 -#define YR_MICRO_VERSION 0 +#define YR_MICRO_VERSION 3 #define version_str(s) _version_str(s) #define _version_str(s) #s diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.2/libyara/include/yara/pe_utils.h new/yara-4.1.3/libyara/include/yara/pe_utils.h --- old/yara-4.1.2/libyara/include/yara/pe_utils.h 2021-08-23 13:01:39.000000000 +0200 +++ new/yara-4.1.3/libyara/include/yara/pe_utils.h 2021-10-21 11:31:47.000000000 +0200 @@ -5,17 +5,14 @@ #define MAX_PE_SECTIONS 96 - #define IS_64BITS_PE(pe) \ (yr_le16toh(pe->header64->OptionalHeader.Magic) == \ IMAGE_NT_OPTIONAL_HDR64_MAGIC) - #define OptionalHeader(pe, field) \ (IS_64BITS_PE(pe) ? pe->header64->OptionalHeader.field \ : pe->header->OptionalHeader.field) - // // Imports are stored in a linked list. Each node (IMPORTED_DLL) contains the // name of the DLL and a pointer to another linked list of @@ -32,7 +29,6 @@ } IMPORTED_DLL, *PIMPORTED_DLL; - // // This is used to track imported and exported functions. The "has_ordinal" // field is only used in the case of imports as those are optional. Every export @@ -51,7 +47,6 @@ } IMPORT_FUNCTION, *PIMPORT_FUNCTION; - typedef struct _PE { const uint8_t* data; @@ -71,27 +66,21 @@ } PE; - -#define fits_in_pe(pe, pointer, size) \ - ((size_t) size <= pe->data_size && (uint8_t*) (pointer) >= pe->data && \ - (uint8_t*) (pointer) <= pe->data + pe->data_size - size) +#define fits_in_pe(pe, pointer, size) \ + ((size_t)(size) <= pe->data_size && (uint8_t*) (pointer) >= pe->data && \ + (uint8_t*) (pointer) <= pe->data + pe->data_size - (size)) #define struct_fits_in_pe(pe, pointer, struct_type) \ fits_in_pe(pe, pointer, sizeof(struct_type)) - PIMAGE_NT_HEADERS32 pe_get_header(const uint8_t* data, size_t data_size); - PIMAGE_DATA_DIRECTORY pe_get_directory_entry(PE* pe, int entry); - int64_t pe_rva_to_offset(PE* pe, uint64_t rva); - char* ord_lookup(char* dll, uint16_t ord); - #if HAVE_LIBCRYPTO #include <openssl/asn1.h> time_t ASN1_get_time_t(const ASN1_TIME* time); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.2/libyara/scan.c new/yara-4.1.3/libyara/scan.c --- old/yara-4.1.2/libyara/scan.c 2021-08-23 13:01:39.000000000 +0200 +++ new/yara-4.1.3/libyara/scan.c 2021-10-21 11:31:47.000000000 +0200 @@ -990,25 +990,6 @@ if (yr_bitmask_is_set(context->strings_temp_disabled, string->idx)) return ERROR_SUCCESS; - if (context->matches[string->idx].count == YR_MAX_STRING_MATCHES) - { - result = callback( - context, - CALLBACK_MSG_TOO_MANY_MATCHES, - (void*) string, - context->user_data); - - if (result == CALLBACK_CONTINUE) - { - yr_bitmask_set(context->strings_temp_disabled, string->idx); - return ERROR_SUCCESS; - } - else if (result == CALLBACK_ABORT || result == CALLBACK_ERROR) - return ERROR_TOO_MANY_MATCHES; - else - return ERROR_INTERNAL_FATAL_ERROR; - } - if (context->flags & SCAN_FLAGS_FAST_MODE && STRING_IS_SINGLE_MATCH(string) && context->matches[string->idx].head != NULL) return ERROR_SUCCESS; @@ -1038,6 +1019,31 @@ context, ac_match, data, data_size, data_base, offset); } + // If _yr_scan_verify_literal_match or _yr_scan_verify_re_match return + // ERROR_TOO_MANY_MATCHES call the callback with CALLBACK_MSG_TOO_MANY_MATCHES + // in order to ask what to do. If the callback returns CALLBACK_CONTINUE + // this error is ignored, if not, the error is propagated to the caller. + if (result == ERROR_TOO_MANY_MATCHES) + { + result = callback( + context, + CALLBACK_MSG_TOO_MANY_MATCHES, + (void*) string, + context->user_data); + + switch (result) + { + case CALLBACK_CONTINUE: + yr_bitmask_set(context->strings_temp_disabled, string->idx); + result = ERROR_SUCCESS; + break; + + default: + result = ERROR_TOO_MANY_MATCHES; + break; + } + } + #ifdef YR_PROFILING_ENABLED if (sample) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yara-4.1.2/tests/test-api.c new/yara-4.1.3/tests/test-api.c --- old/yara-4.1.2/tests/test-api.c 2021-08-23 13:01:39.000000000 +0200 +++ new/yara-4.1.3/tests/test-api.c 2021-10-21 11:31:47.000000000 +0200 @@ -57,7 +57,6 @@ yr_finalize(); } - const char* _include_callback( const char* include_name, const char* calling_rule_filename, @@ -70,7 +69,6 @@ return NULL; } - void test_include_callback() { YR_COMPILER* compiler = NULL; @@ -103,7 +101,6 @@ yr_finalize(); } - void test_file_descriptor() { YR_COMPILER* compiler = NULL; @@ -205,7 +202,6 @@ yr_finalize(); } - int test_max_match_data_callback( YR_SCAN_CONTEXT* context, int message, @@ -272,6 +268,93 @@ yr_finalize(); } +int ignore_too_many_matches( + YR_SCAN_CONTEXT* context, + int message, + void* message_data, + void* user_data) +{ + return CALLBACK_CONTINUE; +} + +int propagate_too_many_matches( + YR_SCAN_CONTEXT* context, + int message, + void* message_data, + void* user_data) +{ + if (message == CALLBACK_MSG_TOO_MANY_MATCHES) + return CALLBACK_ERROR; + + return CALLBACK_CONTINUE; +} + +void test_too_many_matches() +{ + YR_RULES* rules; + + char* rules_str = "\ + rule t { \ + strings: \ + $a = \"aa\" \ + $b = { 61 61 [-] 61 61} \ + condition: \ + any of them \ + }"; + + yr_initialize(); + + if (compile_rule(rules_str, &rules) != ERROR_SUCCESS) + { + perror("compile_rule"); + exit(EXIT_FAILURE); + } + + uint8_t* buffer = (uint8_t*) malloc(2 * YR_MAX_STRING_MATCHES); + memset(buffer, 'a', 2 * YR_MAX_STRING_MATCHES); + + int err = yr_rules_scan_mem( + rules, + (const uint8_t*) buffer, + 2 * YR_MAX_STRING_MATCHES, + 0, + propagate_too_many_matches, + NULL, + 0); + + if (err != ERROR_TOO_MANY_MATCHES) + { + fprintf( + stderr, + "test_too_many_matches failed, expecting ERROR_TOO_MANY_MATCHES, got " + "%d\n", + err); + + exit(EXIT_FAILURE); + } + + err = yr_rules_scan_mem( + rules, + (const uint8_t*) buffer, + 2 * YR_MAX_STRING_MATCHES, + 0, + ignore_too_many_matches, + NULL, + 0); + + if (err != ERROR_SUCCESS) + { + fprintf( + stderr, + "test_too_many_matches failed, expecting ERROR_SUCCESS, got %d\n", + err); + + exit(EXIT_FAILURE); + } + + yr_rules_destroy(rules); + yr_finalize(); +} void test_save_load_rules() { @@ -350,7 +433,6 @@ yr_finalize(); } - void test_scanner() { const char* buf = "dummy"; @@ -385,7 +467,6 @@ yr_compiler_define_boolean_variable(compiler, "bool_var", 0); yr_compiler_define_string_variable(compiler, "str_var", ""); - if (yr_compiler_define_string_variable(compiler, "str_var", "") != ERROR_DUPLICATED_EXTERNAL_VARIABLE) { @@ -574,7 +655,6 @@ yr_finalize(); } - void ast_callback( const YR_RULE* rule, const char* string_identifier, @@ -627,7 +707,6 @@ yr_finalize(); } - void stats_for_rules(const char* rules_str, YR_RULES_STATS* stats) { YR_COMPILER* compiler = NULL; @@ -662,7 +741,6 @@ yr_finalize(); } - void test_rules_stats() { YR_RULES_STATS stats; @@ -749,7 +827,6 @@ assert_true_expr(stats.ac_root_match_list_length == 0); } - void test_issue_920() { const char* rules_str = "\ @@ -788,8 +865,8 @@ yr_finalize(); } - -void test_runtime_warnings() { +void test_runtime_warnings() +{ // This rule should never match since it will hit the maximum number of // matches (see YR_MAX_STRING_MATCHES) and a warning will be issued, and any // further matches no longer count. @@ -810,12 +887,14 @@ yr_initialize(); - if (yr_compiler_create(&compiler) != ERROR_SUCCESS) { + if (yr_compiler_create(&compiler) != ERROR_SUCCESS) + { perror("yr_compiler_create"); exit(EXIT_FAILURE); } - if (yr_compiler_add_string(compiler, rules_str, NULL) != ERROR_SUCCESS) { + if (yr_compiler_add_string(compiler, rules_str, NULL) != ERROR_SUCCESS) + { yr_compiler_destroy(compiler); perror("yr_compiler_add_string"); exit(EXIT_FAILURE); @@ -830,7 +909,14 @@ yr_compiler_destroy(compiler); - if (yr_rules_scan_file(rules, prefix_top_srcdir("tests/data/x.txt"), 0, count, &counters, 0) != ERROR_SUCCESS) { + if (yr_rules_scan_file( + rules, + prefix_top_srcdir("tests/data/x.txt"), + 0, + count, + &counters, + 0) != ERROR_SUCCESS) + { yr_rules_destroy(rules); perror("yr_rules_scan_file"); exit(EXIT_FAILURE); @@ -848,7 +934,14 @@ counters.rules_matching = 0; counters.rules_warning = 0; - if (yr_rules_scan_file(rules, prefix_top_srcdir("tests/data/x.txt"), 0, count, &counters, 0) != ERROR_SUCCESS) { + if (yr_rules_scan_file( + rules, + prefix_top_srcdir("tests/data/x.txt"), + 0, + count, + &counters, + 0) != ERROR_SUCCESS) + { yr_rules_destroy(rules); perror("yr_rules_scan_file"); exit(EXIT_FAILURE); @@ -877,6 +970,7 @@ test_file_descriptor(); test_max_string_per_rules(); test_max_match_data(); + test_too_many_matches(); test_include_callback(); test_save_load_rules(); test_scanner(); @@ -886,7 +980,8 @@ test_issue_920(); test_runtime_warnings(); - YR_DEBUG_FPRINTF(1, stderr, "} = %d // %s() in %s\n", result, __FUNCTION__, argv[0]); + YR_DEBUG_FPRINTF( + 1, stderr, "} = %d // %s() in %s\n", result, __FUNCTION__, argv[0]); return result; }