From e87a2967cdb982df13845a19f92d2b9604fbfd5b Mon Sep 17 00:00:00 2001
From: Bernhard M. Wiedemann <bwiedemann+opensusegit@suse.de>
Date: Aug 21 2020 20:30:42 +0000
Subject: update 2020-08-21 20:30


---

diff --git a/.files b/.files
index 655aab2..3d520eb 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index 631714b..8a093b6 100644
--- a/.rev
+++ b/.rev
@@ -47,4 +47,12 @@
     <comment></comment>
     <requestid>612691</requestid>
   </revision>
+  <revision rev="7" vrev="1">
+    <srcmd5>0ac6a414a78ed5e0a5f844ec08104b9b</srcmd5>
+    <version>4.0.2</version>
+    <time>1598029550</time>
+    <user>dimstar_suse</user>
+    <comment></comment>
+    <requestid>828503</requestid>
+  </revision>
 </revisionlist>
diff --git a/v3.7.1.tar.gz b/v3.7.1.tar.gz
deleted file mode 120000
index 6d58ff6..0000000
--- a/v3.7.1.tar.gz
+++ /dev/null
@@ -1 +0,0 @@
-/ipfs/bafybeidjxjvqg5gmsni3nuiu4v5skckuxek2mj22zguvsuqsqvd2k47e3q
\ No newline at end of file
diff --git a/v4.0.2.tar.gz b/v4.0.2.tar.gz
new file mode 120000
index 0000000..801e667
--- /dev/null
+++ b/v4.0.2.tar.gz
@@ -0,0 +1 @@
+/ipfs/bafybeie5ds6dnnao5jbgag5c3wkwyljsjfng7mpvwscwsocbalh5kcxqxm
\ No newline at end of file
diff --git a/yara.changes b/yara.changes
index 0c5cc58..f2c3b5f 100644
--- a/yara.changes
+++ b/yara.changes
@@ -1,4 +1,116 @@
 -------------------------------------------------------------------
+Mon Aug 17 07:12:04 UTC 2020 - Dirk Mueller <dmueller@suse.com>
+
+- Update to 4.0.2:
+  - BUGFIX: Use-after-free bug in PE module (#1287).
+  - BUGFIX: Incorrect errors in rules when a single rule is badly
+    formatted (#1294).
+  - BUGFIX: Assertion failed with rules that have invalid syntax
+    (#1295).
+  - BUGFIX: Integer overflow causing missed matches on files larger
+    than 2GB (#1304).
+  - BUGFIX: Crashes in Mac OS while scanning binaries with a
+    signature that can't be verified (#1309).
+
+- Update to 4.0.1:
+  - Update sandboxed API (#1276)
+  - BUGFIX: Fix regression in exports parsing in PE module
+    (2bf67e6)
+  - BUGFIX: Fix unaligned accesses in ARM (e1654ae)
+
+- Update to 4.0.0:
+  - New string modifiers base64 and base64wide (#1185).
+  - New string modifier private (#1096)
+  - Iterators for dictionaries and arrays (#1141).
+  - Multiple API changes.
+  - Memory footprint greatly reduced, specially when compiling
+    large numbers of rules.
+  - New commmand-line option --scan-list (#1261).
+  - Added pdb_path field to "pe" module.
+  - Added export_details array to "pe" module.
+  - Added exports_index functions to "pe" module.
+  - Improvements to "cuckoo" module.
+  - BUGFIX: PE files with multiple signatures are parsed correctly
+    (#940).
+  - BUGFIX: Fix PE rich header parsing (#1164).
+  - BUGFIX: Buffer overruns in "dotnet" module (#1167, #1173).
+
+- Bump .so version
+
+- Update to 3.11.0:
+  - Duplicated string modifiers are now an error.
+  - More flexible “xor” modifier.
+  - Implement “private” strings (#1096)
+  - Add “field_offsets” to “dotnet” module.
+  - Implement “crc32” functions in “hash” module.
+  - Improvements to “rich_signature” functions in “pe” module.
+  - Implement sandboxed API using SAPI
+  - BUGFIX: Some regexp character classes not matching correctly
+    when used with “nocase” modifier (#1117)
+  - BUGFIX: Reduce the number of ERROR_TOO_MANY_RE_FIBERS errors
+    for certain hex pattern containing large jumps (#1107)
+  - BUGFIX: Buffer overrun in “dotnet” module (#1108)
+  - BUGFIX: Segfault in certain Windows versions (#1068)
+  - BUGFIX: Memory leak while attaching to a process fails (#1070)
+
+- Update to 3.10.0:
+  - Optimize integer range loops by exiting earlier when possible.
+  - Cache the result of PE module’s imphash function in order to
+    improve performance.
+  - Harden virtual machine against malicious code.
+  - BUGFIX: “xor” modifier not working as expected if not
+    accompanied by “ascii” (#1053).
+  - BUGFIX: \s and \S character classes in regular expressions now
+    include vertical tab, new line, carriage return and form feed
+    characters.
+  - BUGFIX: Regression bug in hex strings containing wildcards
+    (#1025).
+  - BUGFIX: Buffer overrun in “elf” module.
+  - BUGFIX: Buffer overrun in “dotnet” module.
+
+- Update to 3.9.0:
+  - Improve scan performance for certain strings.
+  - Reduce stack usage.
+  - Prevent inadvertent use of compiled rules by forcing the use of
+    -C when using yara command-line tool.
+  - BUGFIX: Buffer overflow in "dotnet" module.
+  - BUGFIX: Internal error when running multiple instances of YARA
+    in Mac OS X. (#945)
+  - BUGFIX: Regexp regression when using nested quantifiers {x,y}
+    for certain values of x and y. (#1018)
+  - BUGFIX: High RAM consumption in "pe" module while parsing
+    certain files.(0c8b461)
+  - BUGFIX: Denial of service when using "dex" module. Found by the
+    Cisco Talos team. (#1023)
+  - BUGFIX: Issues with comments inside hex strings.
+
+- Update to 3.8.1:
+  - BUGFIX: Some combinations of boolean command-line flags were
+    broken in version 3.8.0.
+  - BUGFIX: While reporting errors that occur at the end of the
+    file, the file name appeared as null.
+  - BUGFIX: dex module now works in big-endian architectures.
+  - BUGFIX: Keep ABI compatibility by keeping deprecated functions
+    visible.
+
+- Update to 3.8.0:
+  - Scanner API
+  - New “xor” modifier for strings
+  - New fields and functions in PE module.
+  - Add functions “min” and “max” to math module.
+  - Make compiled.
+  - yara and yaracsupport reading rules from stdin by using - as
+    the file name.
+  - Rule compilation is faster.
+  - BUGFIX: Regression in regex engine. /ba{3}b/ was matching
+    “baaaab”.
+  - BUGFIX: Function yr_compiler_add_fd() was reading only the
+    first 1024 bytes of the file.
+  - BUGFIX: Wrong calculation of sha256 hashes in Windows when
+    using native crypto API.
+  - Lots of more bug fixes.
+
+-------------------------------------------------------------------
 Tue May 22 10:30:37 UTC 2018 - tchvatal@suse.com
 
 - Update to 3.7.1:
diff --git a/yara.spec b/yara.spec
index e6f470a..9a0702f 100644
--- a/yara.spec
+++ b/yara.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package yara
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,18 +12,18 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
-%define soname 3
+%define soname 4
 Name:           yara
-Version:        3.7.1
+Version:        4.0.2
 Release:        0
 Summary:        A malware identification and classification tool
 License:        Apache-2.0
 Group:          System/Filesystems
-URL:            http://plusvic.github.io/yara/
+URL:            https://plusvic.github.io/yara/
 Source:         https://github.com/VirusTotal/yara/archive/v%{version}.tar.gz
 BuildRequires:  file-devel
 BuildRequires:  flex
@@ -36,14 +36,22 @@ BuildRequires:  pkgconfig(libpcrecpp)
 BuildRequires:  pkgconfig(libpcreposix)
 
 %description
-YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. Let's see an example:
+YARA is a tool aimed at helping malware researchers to identify and classify
+malware samples. With YARA you can create descriptions of malware families
+based on textual or binary patterns contained on samples of those families.
+Each description consists of a set of strings and a Boolean expression which
+determines its logic.
 
 %package -n libyara%{soname}
 Summary:        Library to support the yara malware identification tool
 Group:          System/Libraries
 
 %description -n libyara%{soname}
-YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. Let's see an example:
+YARA is a tool aimed at helping malware researchers to identify and classify
+malware samples. With YARA you can create descriptions of malware families
+based on textual or binary patterns contained on samples of those families.
+Each description consists of a set of strings and a Boolean expression which
+determines its logic.
 
 %package -n libyara-devel
 Summary:        Development files to support the yara malware identification tool
@@ -51,7 +59,11 @@ Group:          Development/Libraries/C and C++
 Requires:       libyara%{soname} = %{version}-%{release}
 
 %description -n libyara-devel
-YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. Let's see an example:
+YARA is a tool aimed at helping malware researchers to identify and classify
+malware samples. With YARA you can create descriptions of malware families
+based on textual or binary patterns contained on samples of those families.
+Each description consists of a set of strings and a Boolean expression which
+determines its logic.
 
 %package doc
 Summary:        Documentation files to support the YARA malware identification tool
@@ -61,7 +73,11 @@ Requires:       libyara%{soname} = %{version}-%{release}
 %description doc
 Documentation and guideslines to support YARA.
 
-YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. Let's see an example:
+YARA is a tool aimed at helping malware researchers to identify and classify
+malware samples. With YARA you can create descriptions of malware families
+based on textual or binary patterns contained on samples of those families.
+Each description consists of a set of strings and a Boolean expression which
+determines its logic.
 
 %prep
 %setup -q
@@ -72,7 +88,7 @@ autoreconf -fvi
   --disable-silent-rules \
   --enable-magic \
   --enable-cuckoo
-make %{?_smp_mflags}
+%make_build
 
 %install
 %make_install
@@ -80,7 +96,7 @@ find %{buildroot} -type f -name "*.la" -delete -print
 rm %{buildroot}%{_libdir}/libyara.a
 
 %check
-make %{?_smp_mflags} check
+%make_build check
 
 %post   -n libyara%{soname} -p /sbin/ldconfig
 %postun -n libyara%{soname} -p /sbin/ldconfig
@@ -96,7 +112,7 @@ make %{?_smp_mflags} check
 %files -n libyara%{soname}
 %license COPYING
 %doc README.md CONTRIBUTORS AUTHORS
-%{_libdir}/libyara.so.3
+%{_libdir}/libyara.so.%{soname}
 %{_libdir}/libyara.so.%{version}
 
 %files -n libyara-devel