debian/0000755000000000000000000000000012264616212007170 5ustar debian/watch0000644000000000000000000000011012264614623010215 0ustar version=3 https://github.com/plusvic/yara/releases .*v(\d\S*)\.tar\.gz debian/compat0000644000000000000000000000000212264614623010372 0ustar 9 debian/changelog0000644000000000000000000000565612264616107011061 0ustar yara (2.0.0-2) unstable; urgency=medium * Removed PCRE build-dependency as Yara now uses its own RE engine * Added our fixes to build scripts that were accepted upstream (Closes: #734777) * Fixed symbols file, corrected SONAME and name of library package -- Hilko Bengen Sun, 12 Jan 2014 23:37:07 +0100 yara (2.0.0-1) unstable; urgency=medium * New upstream release. * debian/changelog.upstream: added to provide a upstream changelog to libyara-dev, libyara0, python-yara, python3-yara and yara. * debian/control: - Added the X-Python-Version and X-Python3-Version fields. - Changed from "Python" to "Python 3" in short description of the python3-yara binary to avoid a lintian "duplicate-short-description" message. - Enabled the VCS fields. * debian/copyright: - Added Hilko Bengen as package maintainer. - Added references to windows/include/{pcre,pcreposix}.h and windows/yarac/getopt.c, all using BSD-3-Clause license. - Removed references to: - libyara/grammar.y and libyara/elf.h that were rewritten and relicensed as Apache-2.0. - libyara/lex.l that was removed from source code. - Updated the upstream e-mail address. - Updated the packaging years. * debian/libyara0.symbols: updated. * debian/man/: created to provide absent manpages. Currently, yarac.1. * debian/patches/: - Added a header to fix-python-build. - Updated the fix-python-build and manpage patches. * debian/{python,python3}-yara.lintian-overrides: added to explain a specific situation to lintian. * debian/README.Debian: updated. * debian/rules: - Added the override_dh_installchangelogs to install the changelog.upstream file. - Added a command to override_dh_auto_clean target to remove yara-python/build directory. * debian/watch: little adjustment. * debian/yara.manpages: created to install the yarac manpage. -- Joao Eriberto Mota Filho Sun, 05 Jan 2014 15:47:56 +0000 yara (1.7.2-3) unstable; urgency=low * Added files that are only used in Windows builds to debian/copyright (Closes: #733522) -- Hilko Bengen Sun, 29 Dec 2013 20:58:10 +0100 yara (1.7.2-2) unstable; urgency=low * Added Python3 bindings package * Corrected license for libyara/grammar.y, libyara/lex.l -- Hilko Bengen Sun, 29 Dec 2013 14:48:00 +0100 yara (1.7.2-1) unstable; urgency=low [ Joao Eriberto Mota Filho ] * Initial release (Closes: #728934) [ Hilko Bengen ] * Added myself to uploaders, with permission from Joao Eriberto Mota Filho who did the initial work on the package. * Updated package from 1.7 to 1.7.2 * Bumped Standards-Version, no changes * Fixed copyright, watch file * Fixed Homepage field * Added python-yara package -- Hilko Bengen Sat, 21 Dec 2013 14:28:56 +0100 debian/source/0000755000000000000000000000000012264614623010474 5ustar debian/source/format0000644000000000000000000000001412264614623011702 0ustar 3.0 (quilt) debian/source/options0000644000000000000000000000010012264614623012101 0ustar # Don't store changes on file extend-diff-ignore = "^REVISION$" debian/libyara2.install0000644000000000000000000000002712264616065012272 0ustar usr/lib/*/libyara.so.* debian/copyright0000644000000000000000000000565212264614623011137 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: yara Source: http://code.google.com/p/yara-project Files: * Copyright: 2007, 2011-2013 Victor M. Alvarez 2011 Google, Inc., by Mike Wiacek License: Apache-2.0 Files: windows/include/pcre.h windows/include/pcreposix.h Comment: Only used in Windows build Copyright: 1997-2006 University of Cambridge License: BSD-3-Clause Files: windows/yara/getopt.c windows/yarac/getopt.c Comment: Only used in Windows build Copyright: 1987-2002 The Regents of the University of California License: BSD-3-Clause Files: debian/* Copyright: 2013-2014 Joao Eriberto Mota Filho , Hilko Bengen License: Apache-2.0 License: Apache-2.0 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. . On Debian systems, the complete text of the Apache version 2.0 license can be found in "/usr/share/common-licenses/Apache-2.0". License: BSD-3-Clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/rules0000755000000000000000000000146612264614623010263 0ustar #!/usr/bin/make -f #export DH_VERBOSE=1 PYTHONS:=$(shell pyversions --installed; py3versions --installed) %: dh $@ --with autoreconf,python2,python3 override_dh_auto_build: dh_auto_build set -e; for python in $(PYTHONS); do \ ( cd yara-python && $$python setup.py build ); \ done override_dh_auto_install: dh_auto_install set -e; for python in $(PYTHONS); do \ ( cd yara-python && $$python setup.py install --skip-build --root ../debian/tmp --install-layout=deb ); \ done override_dh_auto_clean: rm -rf yara-python/build dh_auto_clean dh_auto_clean --sourcedirectory=yara-python override_dh_install: dh_install --fail-missing -X.la override_dh_installchangelogs: dh_installchangelogs dh_installchangelogs -p libyara-dev -p libyara0 -p python-yara -p python3-yara -p yara debian/changelog.upstream debian/yara.manpages0000644000000000000000000000002312264614623011640 0ustar debian/man/yarac.1 debian/README.Debian0000644000000000000000000000037612264614623011243 0ustar yara for Debian --------------- You can get a detailed manual (PDF) about YARA at http://plusvic.github.io/yara/. -- Joao Eriberto Mota Filho Sun, 03 Nov 2013 22:51:33 -0200, updated at Tue, 07 Jan 2014 00:07:00 -0200. debian/clean0000644000000000000000000000001312264614623010173 0ustar config.log debian/libyara2.symbols0000644000000000000000000000165412264616104012315 0ustar libyara.so.2 libyara2 #MINVER# yr_compiler_add_file@Base 2.0.0 yr_compiler_add_string@Base 2.0.0 yr_compiler_create@Base 2.0.0 yr_compiler_define_boolean_variable@Base 2.0.0 yr_compiler_define_integer_variable@Base 2.0.0 yr_compiler_define_string_variable@Base 2.0.0 yr_compiler_destroy@Base 2.0.0 yr_compiler_get_current_file_name@Base 2.0.0 yr_compiler_get_error_message@Base 2.0.0 yr_compiler_get_rules@Base 2.0.0 yr_compiler_pop_file_name@Base 2.0.0 yr_compiler_push_file_name@Base 2.0.0 yr_finalize@Base 2.0.0 yr_finalize_thread@Base 2.0.0 yr_get_tidx@Base 2.0.0 yr_initialize@Base 2.0.0 yr_rules_define_boolean_variable@Base 2.0.0 yr_rules_define_integer_variable@Base 2.0.0 yr_rules_define_string_variable@Base 2.0.0 yr_rules_destroy@Base 2.0.0 yr_rules_load@Base 2.0.0 yr_rules_save@Base 2.0.0 yr_rules_scan_file@Base 2.0.0 yr_rules_scan_mem@Base 2.0.0 yr_rules_scan_proc@Base 2.0.0 yr_set_tidx@Base 2.0.0 debian/libyara-dev.lintian-overrides0000644000000000000000000000016412264614623014754 0ustar # Not an error, but a site name (We Watch Your Website). libyara-dev: using-first-person-in-description line 13: We debian/yara.install0000644000000000000000000000002612264614623011516 0ustar usr/bin usr/share/man debian/control0000644000000000000000000001476712264616065010620 0ustar Source: yara Section: utils Priority: optional Maintainer: Debian Forensics Uploaders: Joao Eriberto Mota Filho , Hilko Bengen Build-Depends: debhelper (>= 9), dh-autoreconf, python-all-dev, python3-all-dev Standards-Version: 3.9.5 X-Python-Version: >= 2.6 X-Python3-Version: => 3.3 Homepage: http://plusvic.github.io/yara/ Vcs-Git: git://anonscm.debian.org/forensics/yara.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=forensics/yara.git;a=summary Package: yara Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, Description: help to identify and classify malwares YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. This is useful in forensics analysis. . Complex and powerful rules can be created by using binary strings with wild-cards, case-insensitive text strings, special operators, regular expressions and many other features. . Are examples of the organizations and services using YARA: . - VirusTotal Intelligence (https://www.virustotal.com/intelligence/) - jsunpack-n (http://jsunpack.jeek.org/) - We Watch Your Website (http://www.wewatchyourwebsite.com/) - FireEye, Inc. (http://www.fireeye.com) - Fidelis XPS (http://www.fidelissecurity.com/network-security-appliance/ \ Fidelis-XPS) . The Volatility Framework is an example of the software that uses YARA. Package: libyara2 Architecture: any Section: libs Depends: ${shlibs:Depends}, ${misc:Depends} Description: help to identify and classify malwares (shared library) YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. This is useful in forensics analysis. . Complex and powerful rules can be created by using binary strings with wild-cards, case-insensitive text strings, special operators, regular expressions and many other features. . Are examples of the organizations and services using YARA: . - VirusTotal Intelligence (https://www.virustotal.com/intelligence/) - jsunpack-n (http://jsunpack.jeek.org/) - We Watch Your Website (http://www.wewatchyourwebsite.com/) - FireEye, Inc. (http://www.fireeye.com) - Fidelis XPS (http://www.fidelissecurity.com/network-security-appliance/ \ Fidelis-XPS) . The Volatility Framework is an example of the software that uses YARA. . This package provides a shared library. Package: libyara-dev Section: libdevel Architecture: any Depends: ${misc:Depends}, libyara2 (= ${binary:Version}) Description: help to identify and classify malwares (development files) YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. This is useful in forensics analysis. . Complex and powerful rules can be created by using binary strings with wild-cards, case-insensitive text strings, special operators, regular expressions and many other features. . Are examples of the organizations and services using YARA: . - VirusTotal Intelligence (https://www.virustotal.com/intelligence/) - jsunpack-n (http://jsunpack.jeek.org/) - We Watch Your Website (http://www.wewatchyourwebsite.com/) - FireEye, Inc. (http://www.fireeye.com) - Fidelis XPS (http://www.fidelissecurity.com/network-security-appliance/ \ Fidelis-XPS) . The Volatility Framework is an example of the software that uses YARA. . This package provides development libraries and headers. Package: python-yara Section: python Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: help to identify and classify malwares (Python bindings) YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. This is useful in forensics analysis. . Complex and powerful rules can be created by using binary strings with wild-cards, case-insensitive text strings, special operators, regular expressions and many other features. . Are examples of the organizations and services using YARA: . - VirusTotal Intelligence (https://www.virustotal.com/intelligence/) - jsunpack-n (http://jsunpack.jeek.org/) - We Watch Your Website (http://www.wewatchyourwebsite.com/) - FireEye, Inc. (http://www.fireeye.com) - Fidelis XPS (http://www.fidelissecurity.com/network-security-appliance/ \ Fidelis-XPS) . The Volatility Framework is an example of the software that uses YARA. . This package provides Python 2 bindings. Package: python3-yara Section: python Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: help to identify and classify malwares (Python 3 bindings) YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. This is useful in forensics analysis. . Complex and powerful rules can be created by using binary strings with wild-cards, case-insensitive text strings, special operators, regular expressions and many other features. . Are examples of the organizations and services using YARA: . - VirusTotal Intelligence (https://www.virustotal.com/intelligence/) - jsunpack-n (http://jsunpack.jeek.org/) - We Watch Your Website (http://www.wewatchyourwebsite.com/) - FireEye, Inc. (http://www.fireeye.com) - Fidelis XPS (http://www.fidelissecurity.com/network-security-appliance/ \ Fidelis-XPS) . The Volatility Framework is an example of the software that uses YARA. . This package provides Python 3 bindings. debian/exlib0000644000000000000000000000004412264614623010220 0ustar boolstuff chef iptables slapd sordi debian/python3-yara.lintian-overrides0000644000000000000000000000016512264614623015114 0ustar # Not an error, but a site name (We Watch Your Website). python3-yara: using-first-person-in-description line 13: We debian/patches/0000755000000000000000000000000012264614623010623 5ustar debian/patches/build-fixes0000644000000000000000000000375312264614623012771 0ustar From b6050968f2219affa6e2c81dfb2987dcc470c407 Mon Sep 17 00:00:00 2001 From: "Victor M. Alvarez" Date: Fri, 10 Jan 2014 13:17:01 +0100 Subject: [PATCH] Apply patches proposed by Hilko Bengen from Debian --- Makefile.am | 4 ++-- libyara/Makefile.am | 2 ++ libyara/libyara.sym | 26 ++++++++++++++++++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 libyara/libyara.sym diff --git a/Makefile.am b/Makefile.am index 988b829..d588707 100644 --- a/Makefile.am +++ b/Makefile.am @@ -9,10 +9,10 @@ ACLOCAL_AMFLAGS=-I m4 bin_PROGRAMS = yara yarac yara_SOURCES = threading.c yara.c -yara_LDADD = libyara/.libs/libyara.a +yara_LDADD = libyara/.libs/libyara.la yarac_SOURCES = yarac.c -yarac_LDADD = libyara/.libs/libyara.a +yarac_LDADD = libyara/.libs/libyara.la # man page man1_MANS = yara.man diff --git a/libyara/Makefile.am b/libyara/Makefile.am index e25f7a4..a2901b9 100644 --- a/libyara/Makefile.am +++ b/libyara/Makefile.am @@ -8,6 +8,8 @@ include_HEADERS = yara.h lib_LTLIBRARIES = libyara.la +libyara_la_LDFLAGS = -export-symbols libyara.sym -version-number 2:0 + libyara_la_SOURCES = \ ahocorasick.c \ ahocorasick.h \ diff --git a/libyara/libyara.sym b/libyara/libyara.sym new file mode 100644 index 0000000..f377341 --- /dev/null +++ b/libyara/libyara.sym @@ -0,0 +1,26 @@ +yr_initialize +yr_finalize +yr_finalize_thread +yr_get_tidx +yr_set_tidx +yr_compiler_create +yr_compiler_destroy +yr_compiler_add_file +yr_compiler_add_string +yr_compiler_push_file_name +yr_compiler_pop_file_name +yr_compiler_get_error_message +yr_compiler_get_current_file_name +yr_compiler_define_integer_variable +yr_compiler_define_boolean_variable +yr_compiler_define_string_variable +yr_compiler_get_rules +yr_rules_scan_mem +yr_rules_scan_file +yr_rules_scan_proc +yr_rules_save +yr_rules_load +yr_rules_destroy +yr_rules_define_integer_variable +yr_rules_define_boolean_variable +yr_rules_define_string_variable \ No newline at end of file -- 1.8.5.2 debian/patches/manpage0000644000000000000000000000152012264614623012154 0ustar Description: fix some hyphens in manpage. Author: Joao Eriberto Mota Filho Last-Update: 2014-01-05 --- a/yara.man +++ b/yara.man @@ -80,7 +80,7 @@ to all files on current directory. Subdirectories are not scanned. .RE .PP -$ yara -t Packer -t Compiler /foo/bar/rules bazfile +$ yara \-t Packer \-t Compiler /foo/bar/rules bazfile .RS .PP Apply rules on @@ -93,7 +93,7 @@ .I Compiler. .RE .PP -$ cat /foo/bar/rules1 | yara -r /foo +$ cat /foo/bar/rules1 | yara \-r /foo .RS .PP Scan all files in the @@ -101,7 +101,7 @@ directory and its subdirectories. Rules are read from standard input. .RE .PP -$ yara -d mybool=true -d myint=5 -d mystring="my string" /foo/bar/rules bazfile +$ yara \-d mybool=true \-d myint=5 \-d mystring="my string" /foo/bar/rules bazfile .RS .PP Defines three external variables debian/patches/fix-python-build0000644000000000000000000000062312264614623013751 0ustar Description: fix python build. Author: Hilko Bengen Last-Update: 2014-01-05 --- a/yara-python/setup.py +++ b/yara-python/setup.py @@ -8,5 +8,6 @@ name='yara', sources=['yara-python.c'], libraries=['yara'], - include_dirs=['../windows/include', '../libyara'], + include_dirs=['../libyara'], + library_dirs=['../libyara/.libs'] )]) debian/patches/series0000644000000000000000000000004412264614623012036 0ustar fix-python-build manpage build-fixesdebian/man/0000755000000000000000000000000012264614623007747 5ustar debian/man/header.txt0000644000000000000000000000007612264614623011743 0ustar .TH YARAC "1" "Jan 2014" "YARAC 2.0" "compile rules to yara" debian/man/yarac.txt0000644000000000000000000000252012264614623011606 0ustar NAME yarac - compile rules to yara SYNOPSIS yarac [OPTION]... [RULE_FILE]... OUTPUT_FILE DESCRIPTION To invoke YARA you will need two things: a file with the rules you want to use (either in source code or compiled form) and the target to be scanned. The target can be a file, a folder, or a process. Rule files can be passed directly in source code form, or can be previously compiled with the yarac tool. You may prefer to use your rules in compiled form if you are going to invoke YARA multiple times with the same rules. This way you’ll save time, because for YARA is faster to load compiled rules than compiling the same rules over and over again. The rules will be applied to the target specified as the last argument to YARA, if it’s a path to a directory all the files contained in it will be scanned. OPTIONS -d = define external variable. -w disable warnings. -v show version information. EXAMPLE The -d is used to define external variables. For example: -d flag=true -d beast=666 -d name="James Bond" SE ALSO yara(1) AUTHOR yarac was written by Victor M. Alvarez . This manual page was written by Joao Eriberto Mota Filho for the Debian project (but may be used by others). debian/man/yarac.10000644000000000000000000000302112264614623011124 0ustar .\"Text automatically generated by txt2man .TH YARAC "1" "Jan 2014" "YARAC 2.0" "compile rules to yara" .SH NAME \fByarac \fP- compile rules to yara .SH SYNOPSIS .nf .fam C \fByarac\fP [OPTION]\.\.\. [RULE_FILE]\.\.\. \fIOUTPUT_FILE\fP .fam T .fi .fam T .fi .SH DESCRIPTION To invoke YARA you will need two things: a file with the rules you want to use (either in source code or compiled form) and the target to be scanned. The target can be a file, a folder, or a process. .PP Rule files can be passed directly in source code form, or can be previously compiled with the \fByarac\fP tool. You may prefer to use your rules in compiled form if you are going to invoke YARA multiple times with the same rules. This way you’ll save time, because for YARA is faster to load compiled rules than compiling the same rules over and over again. .PP The rules will be applied to the target specified as the last argument to YARA, if it’s a path to a directory all the files contained in it will be scanned. .SH OPTIONS .TP .B \fB-d\fP = define external variable. .TP .B \fB-w\fP disable warnings. .TP .B \fB-v\fP show version information. .SH EXAMPLE The \fB-d\fP is used to define external variables. For example: .PP \fB-d\fP flag=true .PP \fB-d\fP beast=666 .PP \fB-d\fP name="James Bond" .SH SE ALSO \fByara\fP(1) .SH AUTHOR \fByarac\fP was written by Victor M. Alvarez . This manual page was written by Joao Eriberto Mota Filho for the Debian project (but may be used by others). debian/python3-yara.install0000644000000000000000000000002112264614623013113 0ustar /usr/lib/python3*debian/yara.docs0000644000000000000000000000001212264614623010773 0ustar README.md debian/python3-yara.docs0000644000000000000000000000002312264614623012377 0ustar yara-python/README debian/yara.lintian-overrides0000644000000000000000000000015512264614623013511 0ustar # Not an error, but a site name (We Watch Your Website). yara: using-first-person-in-description line 13: We debian/python-yara.lintian-overrides0000644000000000000000000000016412264614623015030 0ustar # Not an error, but a site name (We Watch Your Website). python-yara: using-first-person-in-description line 13: We debian/libyara-dev.install0000644000000000000000000000006512264614623012764 0ustar usr/include usr/lib/*/libyara.a usr/lib/*/libyara.so debian/python-yara.install0000644000000000000000000000002112264614623013030 0ustar /usr/lib/python2*debian/changelog.upstream0000644000000000000000000000772412264614623012717 0ustar 2.0.0 (26/12/2013) * Faster matching algorithm * Command-line scanner is now multi-threaded * Compiled rules can be saved to and loaded from a file * Added support for unbounded jumps * New libyara API 1.7.2 (02/12/2013) * BUGFIX: Regular expressions marked as both "wide" and "ascii" were treated as just "wide" * BUGFIX: Bug in "n of ()" operator * BUGFIX: Bug in get_process_memory could cause infinite loop 1.7.1 (25/11/2013) * BUGFIX: Fix SIGABORT in ARM * BUGFIX: Failing to detect one-byte strings at the end of a file. * BUGFIX: Strings being incorrectly printed when marked both as wide and ascii * BUGFIX: Stack overflow while following circular symlinks * BUGFIX: Expression "/re/ matches var" always matching if "var" was an empty string * BUGFIX: Strings marked as "fullword" were incorrectly matching in some cases. 1.7 (29/03/2013) * Faster compilation * Added suport for modulus (%) and bitwise xor (|) operators * Better hashing of regular expressions * BUGFIX: yara-python segfault when using dir() on Rules and Match classes * BUGFIX: Integer overflow causing infinite loop * BUGFIX: Handling strings containing \x00 characters correctly * BUGFIX: Regular expressions not matching at the end of the file when compiled with RE2 * BUGFIX: Memory leaks * BUGFIX: File handle leaks 1.6 (04/08/2011) * Added support for bitwise operators * Added support for multi-line hex strings * Scan speed improvement for regular expressions (with PCRE) * yara-python ported to Python 3.x * yara-python support for 64-bits Python under Windows * BUGFIX: Buffer overflow in error printing 1.5 (22/03/2011) * Added -l parameter to abort scanning after a number of matches * Added support for scanning processes memory * Entrypoint now works with ELF as well as PE files * Added support for linking with the faster RE2 library (http://code.google.com/p/re2/) instead of PCRE * Implemented index operator to access offsets where string was found * Implemented new operator "for < quantifier > < variable > in < set or range > : (< expression >) " * BUGFIX: Memory leaks in yara-python * BUGFIX: yara.compile namespaces not working with filesources 1.4 (13/05/2010) * Added external variables * Scan speed improvements * Added fast scan mode * BUGFIX: crash in 64-bits Windows 1.3 (26/10/2009) * Added a C-like "include" directive * Added support for multi-sources compilation in yara-python * Added support for metadata declaration in rules * BUGFIX: Incorrect handling of single-line comments at the end of the file * BUGFIX: Integer underflow when scanning files of size <= 2 bytes 1.2.1 (14/04/2009) * libyara: added support for compiling rules directly from memory * libyara: interface refactored * libyara: is thread-safe now * BUGFIX: Invoking pcre_compile with non-terminated string * BUGFIX: Underscore not recognized in string identifiers * BUGFIX: Memory leak * BUGFIX: Access violation on xxcompare functions 1.2 (13/01/2009) * Added support for global rules * Added support for declaring alternative sub-strings in hex strings * Added support for anonymous strings * Added support for intXX and uintXX functions * Operator "of" was enhanced * Implemented new operator "for..of" * "widechar" is now "wide" and can be used in conjuntion with "ascii" * Improved syntax error reporting in yara-python * "compile" method in yara-python was enhanced * "matchfile" method in yara-python was substituted by "match" * Some performance improvements * BUGFIX: Wrong behavior of escaped characters in regular expressions * BUGFIX: Fatal error in yara-python when invoking matchfile with invalid path twice * BUGFIX: Wrong precedence of OR and AND operators * BUGFIX: Access violation when scanning MZ files with e_lfanew == -1 * BUGFIX: Incorrect handling of hex strings in lexer 1.1 (05/01/2009) * Added support for strings containing null (\x00) chars * Added syntactic construct "x of them" * Regular expressions syntax changed * Now regular expressions can begin with any character 1.0 (24/09/2008) * First release debian/libyara2.lintian-overrides0000644000000000000000000000016112264616065014261 0ustar # Not an error, but a site name (We Watch Your Website). libyara2: using-first-person-in-description line 13: We debian/python-yara.docs0000644000000000000000000000002312264614623012314 0ustar yara-python/README