-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use new module macros in docs #2100
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
plusvic
approved these changes
Aug 16, 2024
DavidTurland
pushed a commit
to DavidTurland/yara
that referenced
this pull request
Sep 9, 2024
Co-authored-by: Tad Keller <logisch@pm.me>
DavidTurland
added a commit
to DavidTurland/yara
that referenced
this pull request
Sep 9, 2024
* Fix crash while parsing PE Rich header File e77b007c9a964411c5e33afeec18be32c86963b78f3c3e906b28fcf1382f46c3 has a Rich header of only 8 bytes, which is smaller than the RICH_SIGNATURE structure. This was causing a crash when some of the `rich_xxx` functions were used with this file. * Fix warning `_rich_version` in PE module should return an `int64_t` instead of `uint64_t`. * Use YR_MAX_PATH instead of MAX_PATH (VirusTotal#2090) Replace all instances of `MAX_PATH` with `YR_MAX_PATH`. * Adding Veeam (VirusTotal#2083) Adding Veeam to list of companies that use YARA. * Add Cado to who is using Yara (VirusTotal#2086) * Mitigate stack overflow when scanning very deep directory trees. Closes VirusTotal#2088. * Remove all references to ERROR_TOO_MANY_SCAN_THREADS This error code is not used anymore. Closes VirusTotal#2068. * Use latest MacOS in build workflow. * Use MacOS 13 in build workflow. For some reason in MacOS 14 the build fails because the `configure` script is unable to find the Jansson library, even thought it is correctly installed by `brew`. * docs: minor updates to xor (VirusTotal#2098) * use new module macros in docs (VirusTotal#2100) Co-authored-by: Tad Keller <logisch@pm.me> * filemap: define PROC_SUPER_MAGIC, avoid linux/magic.h (VirusTotal#2103) PR VirusTotal#1848 caused build issues with some "unusual" build configurations – apparently we can't rely on linux/magic.h being present when cross-building for musl libc. Defining PROC_SUPER_MAGIC should not cause a problems since it should be considered part of the Linux kernel/user API and it is unlikely to change. --------- Co-authored-by: Victor M. Alvarez <vmalvarez@virustotal.com> Co-authored-by: Chris Arceneaux <carcenea@gmail.com> Co-authored-by: chrisdoman <chris.doman@cantab.net> Co-authored-by: Wes <5124946+wesinator@users.noreply.github.com> Co-authored-by: Tad Keller <43346260+GLMONTER@users.noreply.github.com> Co-authored-by: Tad Keller <logisch@pm.me> Co-authored-by: Hilko Bengen <bengen@hilluzination.de>
DavidTurland
added a commit
to DavidTurland/yara
that referenced
this pull request
Sep 9, 2024
* Fix crash while parsing PE Rich header File e77b007c9a964411c5e33afeec18be32c86963b78f3c3e906b28fcf1382f46c3 has a Rich header of only 8 bytes, which is smaller than the RICH_SIGNATURE structure. This was causing a crash when some of the `rich_xxx` functions were used with this file. * Fix warning `_rich_version` in PE module should return an `int64_t` instead of `uint64_t`. * Use YR_MAX_PATH instead of MAX_PATH (VirusTotal#2090) Replace all instances of `MAX_PATH` with `YR_MAX_PATH`. * Adding Veeam (VirusTotal#2083) Adding Veeam to list of companies that use YARA. * Add Cado to who is using Yara (VirusTotal#2086) * Mitigate stack overflow when scanning very deep directory trees. Closes VirusTotal#2088. * Remove all references to ERROR_TOO_MANY_SCAN_THREADS This error code is not used anymore. Closes VirusTotal#2068. * Use latest MacOS in build workflow. * Use MacOS 13 in build workflow. For some reason in MacOS 14 the build fails because the `configure` script is unable to find the Jansson library, even thought it is correctly installed by `brew`. * docs: minor updates to xor (VirusTotal#2098) * use new module macros in docs (VirusTotal#2100) Co-authored-by: Tad Keller <logisch@pm.me> * filemap: define PROC_SUPER_MAGIC, avoid linux/magic.h (VirusTotal#2103) PR VirusTotal#1848 caused build issues with some "unusual" build configurations – apparently we can't rely on linux/magic.h being present when cross-building for musl libc. Defining PROC_SUPER_MAGIC should not cause a problems since it should be considered part of the Linux kernel/user API and it is unlikely to change. --------- Co-authored-by: Victor M. Alvarez <vmalvarez@virustotal.com> Co-authored-by: Chris Arceneaux <carcenea@gmail.com> Co-authored-by: chrisdoman <chris.doman@cantab.net> Co-authored-by: Wes <5124946+wesinator@users.noreply.github.com> Co-authored-by: Tad Keller <43346260+GLMONTER@users.noreply.github.com> Co-authored-by: Tad Keller <logisch@pm.me> Co-authored-by: Hilko Bengen <bengen@hilluzination.de>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The docs for learning to write a module doesn't use the updated macro names.