chore: update Changelog on yara 4.3 changes

vthib · Feb 11, 2023 · 93a3d97 · 93a3d97
1 parent c14ea8b
commit 93a3d97
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 Main changes:
 
+- Updated to be compatible with Yara 4.3
 - Compilation and evaluation of rules have been hardened, and it is now
   possible to use `boreal` with untrusted rules and inputs.
   - Protections against stack overflows in parsing and evaluation
@@ -19,6 +20,19 @@ Main changes:
 - A new warning system has been added, compiled rules can now generate
   warnings.
 
+Yara 4.3 compatibility:
+
+- Negation in hex strings, eg `{ ~C3 ~?F }`.
+- New `to_string` function in `math` module.
+- New `string` module with `to_int` and `length` functions.
+- `rva` field in imported functions in `pe` module.
+- `pe.import_rva` and `pe.delayed_import_rva` functions.
+- Iterator on bytes literal, eg `for any s in ("foo", "bar"): (...)`.
+- `at` for expression, eg `any of them at 0`.
+- New functions `import_md5` and `telfhash` in `elf` module.
+- Use of the `authenticode-parser` lib to parse signatures in `pe` module.
+  This adds a lot of fields in `pe.signatures`.
+
 ### Added
 
 - Stack overflow protection during parsing and evaluation.
@@ -32,12 +46,15 @@ Main changes:
   timeout is reached.
 - Minimal Rust version is now 1.62 and checked in CI
 - `ModuleValue` now has an `Undefined` value.
-- `openssl` feature for `boreal-cli`.
+- `authenticode` feature for `boreal-cli`.
 - **CI**: Coverage computation
 - **CI**: Build with openssl is now properly tested on Windows.
 
 ### Changed
 
+- `openssl` feature removed, replaced with the `authenticode` feature.
+- Using the `pe` module with the `signatures` parsing now requires
+  calling the unsafe function `Compiler::new_with_pe_signatures`.
 - Module values are now tested for exact match with module values produced
   by YARA. This caught a few bugs and improves compatibility.
 
@@ -60,6 +77,7 @@ Main changes:
   in the iterator (#15).
 - `pe.entry_point` is now -1 when its file offset is outside the file
   (#16).
+- Improved handling on invalid ranges in '$a in (from..to)' expression.
 
 ### Removed