From 3832cafa29dcfc261776f7b5f5c3329d6e34ff50 Mon Sep 17 00:00:00 2001 From: David Turland Date: Mon, 9 Sep 2024 21:44:26 +0100 Subject: [PATCH] Merge from VT master (#6) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fix crash while parsing PE Rich header File e77b007c9a964411c5e33afeec18be32c86963b78f3c3e906b28fcf1382f46c3 has a Rich header of only 8 bytes, which is smaller than the RICH_SIGNATURE structure. This was causing a crash when some of the `rich_xxx` functions were used with this file. * Fix warning `_rich_version` in PE module should return an `int64_t` instead of `uint64_t`. * Use YR_MAX_PATH instead of MAX_PATH (#2090) Replace all instances of `MAX_PATH` with `YR_MAX_PATH`. * Adding Veeam (#2083) Adding Veeam to list of companies that use YARA. * Add Cado to who is using Yara (#2086) * Mitigate stack overflow when scanning very deep directory trees. Closes #2088. * Remove all references to ERROR_TOO_MANY_SCAN_THREADS This error code is not used anymore. Closes #2068. * Use latest MacOS in build workflow. * Use MacOS 13 in build workflow. For some reason in MacOS 14 the build fails because the `configure` script is unable to find the Jansson library, even thought it is correctly installed by `brew`. * docs: minor updates to xor (#2098) * use new module macros in docs (#2100) Co-authored-by: Tad Keller * filemap: define PROC_SUPER_MAGIC, avoid linux/magic.h (#2103) PR #1848 caused build issues with some "unusual" build configurations – apparently we can't rely on linux/magic.h being present when cross-building for musl libc. Defining PROC_SUPER_MAGIC should not cause a problems since it should be considered part of the Linux kernel/user API and it is unlikely to change. --------- Co-authored-by: Victor M. Alvarez Co-authored-by: Chris Arceneaux Co-authored-by: chrisdoman Co-authored-by: Wes <5124946+wesinator@users.noreply.github.com> Co-authored-by: Tad Keller <43346260+GLMONTER@users.noreply.github.com> Co-authored-by: Tad Keller Co-authored-by: Hilko Bengen