import yara-4.2.1-4.el8

.gitignore

@@ -0,0 +1,2 @@
+SOURCES/androguard-yara-2020-04-22-3eea86a.tar.gz
+SOURCES/yara-4.2.1.tar.gz

.yara.metadata

@@ -0,0 +1,2 @@
+69f66263250e1b37e0a40cd0fe3a1227dbef419e SOURCES/androguard-yara-2020-04-22-3eea86a.tar.gz
+6752396d0441ed5f38569431260527db298d91e9 SOURCES/yara-4.2.1.tar.gz

SOURCES/yara-androguard.patch

@@ -0,0 +1,24 @@
+diff --git a/libyara/Makefile.am b/libyara/Makefile.am
+index 4fa363a..a9242b2 100644
+--- a/libyara/Makefile.am
++++ b/libyara/Makefile.am
+@@ -48,6 +48,7 @@ MODULES += modules/pe/pe_utils.c
+ 
+ if CUCKOO_MODULE
+ MODULES += modules/cuckoo/cuckoo.c
++MODULES += modules/androguard/androguard.c
+ endif
+ 
+ if MAGIC_MODULE
+diff --git a/libyara/modules/module_list b/libyara/modules/module_list
+index d81b8f3..ba43609 100644
+--- a/libyara/modules/module_list
++++ b/libyara/modules/module_list
+@@ -10,6 +10,7 @@ MODULE(dotnet)
+ 
+ #ifdef CUCKOO_MODULE
+ MODULE(cuckoo)
++MODULE(androguard)
+ #endif
+ 
+ #ifdef MAGIC_MODULE

SOURCES/yara-docs-theme.patch

@@ -0,0 +1,23 @@
+diff -ru yara-74734418a256c5304ccaf1d322c57e305ff75362/docs/conf.py yara-74734418a256c5304ccaf1d322c57e305ff75362.new/docs/conf.py
+--- yara-74734418a256c5304ccaf1d322c57e305ff75362/docs/conf.py	2016-08-02 22:08:18.000000000 +0200
++++ yara-74734418a256c5304ccaf1d322c57e305ff75362.new/docs/conf.py	2016-08-08 23:08:47.637063737 +0200
+@@ -102,12 +102,13 @@
+ # The theme to use for HTML and HTML Help pages.  See the documentation for
+ # a list of builtin themes.
+ 
+-try:
+-	import sphinx_rtd_theme
+-	html_theme = "sphinx_rtd_theme"
+-	html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
+-except:
+-	html_theme = "default"
++#try:
++#	import sphinx_rtd_theme
++#	html_theme = "sphinx_rtd_theme"
++#	html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
++#except:
++#	html_theme = "default"
++html_theme = "default"
+ 
+ # Theme options are theme-specific and customize the look and feel of a theme
+ # further.  For a list of options available for each theme, see the

SPECS/yara.spec

@@ -0,0 +1,347 @@
+Name:           yara
+Version:        4.2.1
+Release:        4%{?dist}
+Summary:        Pattern matching Swiss knife for malware researchers
+
+License:        BSD-3-Clause
+VCS:            http://github.com/VirusTotal/yara/
+#               http://github.com/VirusTotal/yara/releases
+URL:            http://VirusTotal.github.io/yara/
+
+
+%global         gituser         VirusTotal
+%global         gitname         yara
+# Commit of version 4.1.1
+%global         commit          8206dc6f728fe50e21af92cb40e454b68ef6af05
+%global         shortcommit     %(c=%{commit}; echo ${c:0:7})
+
+# additional module for yara
+%global         androguard_gituser         Koodous
+%global         androguard_gitname         androguard-yara
+# Commit from 2020-04-22
+%global         androguard_commit          3eea86ae2c4ee6ad3cc1cb3c2711b03db078831a
+%global         androguard_shortcommit     %(c=%{androguard_commit}; echo ${c:0:7})
+%global         androguard_gitdate         2020-04-22
+
+# Build from git commit baseline
+#Source0:       https://github.com/%%{gituser}/%%{gitname}/archive/%%{commit}/%%{name}-%%{version}-%%{shortcommit}.tar.gz
+# Build from git release version
+Source0:        https://github.com/%{gituser}/%{gitname}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+
+#               http://github.com/Koodous/androguard-yara/
+Source1:        https://github.com/%{androguard_gituser}/%{androguard_gitname}/archive/%{androguard_commit}/%{androguard_gitname}-%{androguard_gitdate}-%{androguard_shortcommit}.tar.gz
+
+# Patch based on the androguard-yara installation guide to enable the androguard module
+Patch0:         yara-androguard.patch
+
+# Use default sphix theme to generate documentation rather than sphinx_rtd_theme
+# to avoid static installation of font files on fedora >= 24
+Patch1:         yara-docs-theme.patch
+
+# Fixed in 3.6.0 upstream
+# Patch https://patch-diff.githubusercontent.com/raw/VirusTotal/yara/pull/627.patch
+# Fixes: CVE-2016-10210 CVE-2016-10211 CVE-2017-5923 CVE-2017-5924
+# Patch2:       %%{name}-pull627.patch
+
+# API of yr_re_match changed, fix needed for Androguard
+# https://github.com/Koodous/androguard-yara/issues/8
+# merged in https://github.com/Koodous/androguard-yara/commit/034f0a49e58d798abcaa28c9864451da9da29413
+# Patch3: yara-androguard-matchapi.patch
+
+
+
+BuildRequires:  git
+BuildRequires:  gcc
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  m4
+BuildRequires:  binutils
+BuildRequires:  coreutils
+BuildRequires:  sharutils
+BuildRequires:  file
+BuildRequires:  gawk
+BuildRequires:  gzip
+BuildRequires:  xz
+BuildRequires:  pcre
+BuildRequires:  bison
+BuildRequires:  flex
+BuildRequires:  libtool
+BuildRequires:  file-devel
+BuildRequires:  jansson-devel >= 2.5
+BuildRequires:  openssl-devel
+BuildRequires:  protobuf-c-devel
+BuildRequires:  protobuf-compiler
+
+# html doc generation
+BuildRequires:  /usr/bin/sphinx-build
+
+%description
+YARA is a tool aimed at (but not limited to) helping malware researchers to
+identify and classify malware samples. With YARA you can create descriptions
+of malware families (or whatever you want to describe) based on textual or
+binary patterns. Each description, a.k.a rule, consists of a set of strings
+and a Boolean expression which determine its logic.
+
+
+%package doc
+Summary:        Documentation for %{name}
+BuildArch:      noarch
+
+%description doc
+This package contains documentation for %{name}.
+
+
+%package        devel
+Summary:        Development files for %{name}
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+
+
+%description    devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+
+%prep
+# autosetup -n %%{gitname}-%%{commit} -p 1 -S git
+%autosetup -p 1 -S git
+
+# Add the Androguard module
+# %%setup -qn %%{gitname}-%%{commit} -a 1 -D -T
+%setup -q -a 1 -D -T
+pushd %{androguard_gitname}-%{androguard_commit}
+
+mkdir -p ../libyara/modules/androguard
+cp -p androguard.c ../libyara/modules/androguard/
+popd
+
+
+autoreconf --force --install
+
+
+%build
+
+# Add missing definition on RHEL7
+%if 0%{?rhel} && 0%{?rhel} == 7
+export CFLAGS="$CFLAGS -D PROTOBUF_C_FIELD_FLAG_ONEOF=4"
+%endif
+
+# macro %%configure already does use CFLAGS="\{optflags}" and yara build
+# scripts configure/make already honors that CFLAGS
+%configure --enable-magic --enable-cuckoo --enable-debug --enable-dotnet \
+        --enable-macho --enable-dex --enable-pb-tests \
+        --with-crypto \
+        --htmldir=%{_datadir}/doc/%{name}/html
+%make_build
+
+# build the HTML documentation
+pushd docs
+make html
+popd
+
+
+%install
+%make_install
+
+# Remove static libraries
+rm %{buildroot}%{_libdir}/lib%{name}.la
+rm %{buildroot}%{_libdir}/lib%{name}.a
+
+# Remove the rebuild-needed tag so it is not installed in doc pkg
+rm -f %{buildroot}%{_datadir}/doc/%{name}/html/.buildinfo
+
+
+#%if 0%{?rhel} && 0%{?rhel} <= 7
+#%ldconfig_scriptlets
+#%endif
+
+
+%files
+%license COPYING
+%doc AUTHORS CONTRIBUTORS README.md
+%{_bindir}/%{name}
+%{_bindir}/%{name}c
+%{_libdir}/lib%{name}.so.*
+%{_mandir}/man1/%{name}.1*
+%{_mandir}/man1/%{name}c.1*
+
+
+%files devel
+%{_includedir}/%{name}.h
+%{_includedir}/%{name}/
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/%{name}.pc
+
+
+%files doc
+%license COPYING
+%doc docs/_build/html
+
+
+%changelog
+* Thu Jun 16 2022 Mark Huth <mhuth@redhat.com> - 4.2.1-4
+- Use licence identifier BSD-3-Clause
+
+* Thu Jun 9 2022 Mark Huth <mhuth@redhat.com> - 4.2.1-2
+- Change spec file license to match COPYING file
+
+* Mon May 9 2022 Mark Huth <mhuth@redhat.com> - 4.2.1-1
+- bump to 4.2.1
+
+* Fri Mar 25 2022 Mark Huth <mhuth@redhat.com> - 4.2.0-1
+- bump to 4.2.0
+
+* Wed Nov 10 2021 Michal Ambroz <rebus at, seznam.cz> - 4.1.3-1
+- bump to 4.1.3
+
+* Sat Nov 06 2021 Adrian Reber <adrian@lisas.de> - 4.1.1-5
+- Rebuilt for protobuf 3.19.0
+
+* Mon Oct 25 2021 Adrian Reber <adrian@lisas.de> - 4.1.1-4
+- Rebuilt for protobuf 3.18.1
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 4.1.1-3
+- Rebuilt with OpenSSL 3.0.0
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Mon May 24 2021 Michal Ambroz <rebus at, seznam.cz> - 4.1.1-1
+- bump to 4.1.1
+
+* Mon Apr 26 2021 Michal Ambroz <rebus at, seznam.cz> - 4.1.0-1
+- bump to 4.1.0
+
+* Sun Apr 25 2021 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-2
+- rebuild for epel
+
+* Fri Feb 5 2021 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-1
+- bump to yara bugfix 4.0.5 release
+
+* Wed Feb 3 2021 Michal Ambroz <rebus at, seznam.cz> - 4.0.4-1
+- bump to yara bugfix 4.0.4 release
+
+* Thu Jul 16 2020 Michal Ambroz <rebus at, seznam.cz> - 4.0.2-1
+- bump to yara bugfix 4.0.2 release
+- fix build on epel7
+
+* Sun Jun 14 2020 Adrian Reber <adrian@lisas.de> - 4.0.1-2
+- Rebuilt for protobuf 3.12
+
+* Tue Jun 2 2020 Michal Ambroz <rebus at, seznam.cz> - 4.0.1-1
+- bump to yara bugfix 4.0.1 release
+
+* Tue Apr 28 2020 Michal Ambroz <rebus at, seznam.cz> - 4.0.0-1
+- bump to yara 4.0.0 release
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.11.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Oct 11 2019 Michal Ambroz <rebus at, seznam.cz> - 3.11.0-1
+- bump to 3.11.0 release (#1760678)
+- BUGFIX: Some regexp character classes not matching correctly when used with “nocase” modifier (upstream #1117)
+- BUGFIX: Reduce the number of ERROR_TOO_MANY_RE_FIBERS errors for certain hex pattern containing large jumps (upstream #1107)
+- BUGFIX: Buffer overrun in “dotnet” module (upstream #1108)
+- BUGFIX: Memory leak while attaching to a process fails (upstream #1070)
+
+* Sat Sep 28 2019 Michal Ambroz <rebus at, seznam.cz> - 3.10.0-3
+- change the sphinx build dependency
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.10.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri May 03 2019 Michal Ambroz <rebus at, seznam.cz> - 3.10.0-1
+- bump to 3.10.0 release (#1680204)
+- Harden virtual machine against malicious code.
+- BUGFIX: Regression bug in hex strings containing wildcards (upstream #1025).
+- BUGFIX: Buffer overrun in “elf” module.
+- BUGFIX: Buffer overrun in “dotnet” module.
+
+* Sat Mar 16 2019 Michal Ambroz <rebus at, seznam.cz> - 3.9.0-1
+- bump to 3.9.0 release (#1680203)
+- switch from python-sphinx to python3-sphinx for generating the documentation for fc31+
+- should fix also #1660398 (CVE-2018-19974 CVE-2018-19975 CVE-2018-19976),
+  but by design it might be always dangerous to run yara signatures compiled by 3rd party,
+  so it is advised to re-compile yara rules instead
+- BUGFIX: Denial of service when using "dex" module. Found by the Cisco Talos team. (upstream #1023, CVE-2019-5020)
+- BUGFIX: Buffer overflow in "dotnet" module.
+- BUGFIX: Regexp regression when using nested quantifiers {x,y} for certain values of x and y. (#1018)
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.8.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Aug 27 2018 Michal Ambroz <rebus at, seznam.cz> - 3.8.1-1
+- bump to 3.8.1 release (#1613093)
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.7.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.7.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Mon Feb 05 2018 Michal Ambroz <rebus at, seznam.cz> - 3.7.1-1
+- bump to 3.7.1 release (#1534993)
+
+* Wed Nov 15 2017 Michal Ambroz <rebus at, seznam.cz> - 3.7.0-1
+- bump to 3.7.0 release (#1511921)
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sun Jul 16 2017 Michal Ambroz <rebus at, seznam.cz> - 3.6.3-1
+- bump to 3.6.3 release - bugfix CVE-2017-11328
+
+* Mon Jul 03 2017 Michal Ambroz <rebus at, seznam.cz> - 3.6.2-1
+- bump to 3.6.2 release - bugfix CVE-2017-9304, CVE-2017-9465
+
+* Wed May 24 2017 Michal Ambroz <rebus at, seznam.cz> - 3.6.0-1
+- bump to 3.6.0 release
+- update the androguard-yara with bugfixes
+
+* Thu Apr 13 2017 Michal Ambroz <rebus at, seznam.cz> - 3.5.0-7
+- Adding patch from pull request 627 until 3.5.1 is released
+- https://patch-diff.githubusercontent.com/raw/VirusTotal/yara/pull/627.patch
+- Fixes CVE-2016-10210 CVE-2016-10211 CVE-2017-5923 CVE-2017-5924
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Aug 09 2016 Michal Ambroz <rebus at, seznam.cz> - 3.5.0-5
+- import package to Fedora
+- remove unnecessary .buildinfo tag from doc package
+
+* Fri Aug 05 2016 Michal Ambroz <rebus at, seznam.cz> - 3.5.0-4
+- package review - bugzilla #1362265
+- cosmetics of the changelog
+- using default spinx theme to remove the static fonts
+
+* Fri Aug 05 2016 Michal Ambroz <rebus at, seznam.cz> - 3.5.0-3
+- package review - bugzilla #1362265
+- dropped Buildroot, pkgconfig, zlib-devel, defattr
+- added buildrequires gcc
+- change license back to ASL 2.0 only
+
+* Thu Aug 04 2016 Michal Ambroz <rebus at, seznam.cz> - 3.5.0-2
+- package review - bugzilla #1362265
+- changed packaging of doc sub-package
+
+* Thu Aug 04 2016 Michal Ambroz <rebus at, seznam.cz> - 3.5.0-1
+- bump to new 3.5.0
+
+* Wed Aug 03 2016 Michal Ambroz <rebus at, seznam.cz> - 3.4.0-6
+- package review - bugzilla #1362265
+- dropped dependency of python-tools
+
+* Mon Aug 01 2016 Michal Ambroz <rebus at, seznam.cz> - 3.4.0-4
+- compile with the androguard module
+
+* Wed Jun 08 2016 Michal Ambroz <rebus at, seznam.cz> - 3.4.0-2
+- jansson dependency >= 2.5
+
+* Wed Jun 08 2016 Michal Ambroz <rebus at, seznam.cz> - 3.4.0-1
+- python3 stuff
+
+* Mon Jun 22 2015 Michal Ambroz <rebus at, seznam.cz> - 3.4.0-0.git20150618
+- initial build for Fedora Project