Skip to content

v0.8.0
Compare
Choose a tag to compare
@github-actions github-actions released this 09 Jun 21:30
v0.8.0
bcc738a

This release consists of several changes to make the library easier to use in any context
or target:

  • The dependency on OpenSSL (through the authenticode feature) is removed and replaced by pure-Rust dependencies, through the use of two features:

    • The authenticode feature is retained but is now enabled by default. It uses two new dependencies to parse the authenticode signatures.
    • A new authenticode-verify feature is added to handle the pe.is_signed, pe.signatures[*].verified and pe.signatures[*].countersignatures[*].verified fields. See the dedicated documentation for details.

  • The patched version of object has been removed, making the use of the library much easier.

Those changes make boreal depend only on Rust libraries (except for the magic feature), which means the library can be used with any targets and is much easier to integrate.

In addition, this release brings full compatibility with YARA 4.5.1.

⚠ Breaking changes

  • The authenticode feature has been revamped. It is now split into two features:

    • The authenticode feature, which implements all the pe.signatures field except the ones related to signature verification. This feature is now enabled by default.
    • The authenticode-verify feature, which implements the pe.is_signed and *.verified fields. This feature is disabled by default. See the dedicated documentation for details.

  • The Compiler API has been reworked to remove all the ugly workarounds that were needed due to the unsafety brought by the OpenSSL dependency. The Compiler::new_with_pe_signatures and Compiler::new_without_pe_module functions has been removed.

Added

  • add authenticode-verify feature for signature verification 9ced02bf.

Changed

  • Remove hex dependency bb46e49e
  • Remove object patched version #159.
  • Replace authenticode-parser dependency with a custom impl f9521c5c
  • Remove authenticode-parser dependency and clean API 21c5cd74
  • Enable hash dependencies when authenticode feature is enabled b88fedb6

YARA 4.5.1 compatibility:

  • only consider valid ascii bytes for pe dll names c219245e.
  • add some safety checks in pe module for corrupted values 00235005
  • update rva resolution in pe module 66c2d5f4
  • list dotnet resources that are not located in the file b2fa436d

Fixed

  • limit size of version info key and value in pe module 4a20f5c4
  • fix parsing issues in version_info of pe module 8c00218a
Assets 6
Loading