From cdf1796f88cf295b6a291f5d2dfba8a405d8ce61 Mon Sep 17 00:00:00 2001 From: Ashkan Jazayeri Date: Tue, 5 Jun 2018 22:26:42 +0430 Subject: [PATCH 1/4] yara: add missing config string Missing CONFIG string added at the beginning of Magic and Cuckoo configure variables. Signed-off-by: Ashkan Jazayeri --- utils/yara/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/yara/Makefile b/utils/yara/Makefile index a15f78f0e..bdaf69805 100644 --- a/utils/yara/Makefile +++ b/utils/yara/Makefile @@ -42,8 +42,8 @@ endef CONFIGURE_ARGS += \ --disable-dotnet \ - $(if $(YARA_module_magic),--enable,--disable)-magic \ - $(if $(YARA_module_cuckoo),--enable,--disable)-cuckoo + $(if $(CONFIG_YARA_module_magic),--enable,--disable)-magic \ + $(if $(CONFIG_YARA_module_cuckoo),--enable,--disable)-cuckoo define Package/yara/config source "$(SOURCE)/Config.in" From 5ca68c0cd300590022ed17a8d3acf56ccdd8536b Mon Sep 17 00:00:00 2001 From: Ashkan Jazayeri Date: Tue, 5 Jun 2018 22:29:00 +0430 Subject: [PATCH 2/4] yara: magic module dependancy fix Libmagic dependency replaced with File so Yara magic module can make use of magic patterns. magic.mgc is installed on the target only when the File package is selected. Signed-off-by: Ashkan Jazayeri --- utils/yara/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/yara/Makefile b/utils/yara/Makefile index bdaf69805..709d14728 100644 --- a/utils/yara/Makefile +++ b/utils/yara/Makefile @@ -29,7 +29,7 @@ define Package/yara URL:=http://virustotal.github.io/yara/ MAINTAINER:=Marko Ratkaj DEPENDS:= +libopenssl - DEPENDS+= +YARA_module_magic:libmagic + DEPENDS+= +YARA_module_magic:file DEPENDS+= +YARA_module_cuckoo:jansson MENU:=1 endef From 8d20a24cf53b7837b253a037268597d03743a557 Mon Sep 17 00:00:00 2001 From: Ashkan Jazayeri Date: Tue, 5 Jun 2018 22:31:14 +0430 Subject: [PATCH 3/4] yara: add dotnet module Dotnet module added as a compile time option. The dotnet module allows you to create more fine-grained rules for .NET files by using attributes and features of the .NET file format. http://yara.readthedocs.io/en/latest/modules/dotnet.html Signed-off-by: Ashkan Jazayeri --- utils/yara/Config.in | 7 +++++++ utils/yara/Makefile | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/utils/yara/Config.in b/utils/yara/Config.in index 76e83db6b..328ce4c94 100644 --- a/utils/yara/Config.in +++ b/utils/yara/Config.in @@ -12,5 +12,12 @@ if PACKAGE_yara default n help Create rules based on behavioral info generated by a Cuckoo sandbox + + config YARA_module_dotnet + bool "Dotnet module" + default n + help + The dotnet module allows you to create more fine-grained rules + for .NET files by using attributes and features of the .NET file format endif diff --git a/utils/yara/Makefile b/utils/yara/Makefile index 709d14728..1e908d218 100644 --- a/utils/yara/Makefile +++ b/utils/yara/Makefile @@ -41,7 +41,7 @@ define Package/yara/description endef CONFIGURE_ARGS += \ - --disable-dotnet \ + $(if $(CONFIG_YARA_module_dotnet),--enable,--disable)-dotnet \ $(if $(CONFIG_YARA_module_magic),--enable,--disable)-magic \ $(if $(CONFIG_YARA_module_cuckoo),--enable,--disable)-cuckoo From 6994c18009232e2ca7795285163234daba81f7c4 Mon Sep 17 00:00:00 2001 From: Ashkan Jazayeri Date: Tue, 5 Jun 2018 22:32:58 +0430 Subject: [PATCH 4/4] yara: bump to 3.7.1 Package upgraded to the latest 3.7.1 release. Signed-off-by: Ashkan Jazayeri --- utils/yara/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/yara/Makefile b/utils/yara/Makefile index 1e908d218..5ed2d19ca 100644 --- a/utils/yara/Makefile +++ b/utils/yara/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yara -PKG_VERSION:=3.7.0 +PKG_VERSION:=3.7.1 PKG_RELEASE:=1 PKG_LICENSE:=BSD-3-Clause PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/VirusTotal/yara/archive/v$(PKG_VERSION)/ -PKG_HASH:=01f0841e7387918c2b6d0b7fb48014bda41d1487be1cabf718a0576018969641 +PKG_HASH:=df077a29b0fffbf4e7c575f838a440f42d09b215fcb3971e6fb6360318a64892 PKG_FIXUP:=autoreconf PKG_BUILD_PARALLEL:=1