From 7a70bc9b2ab5c6a43ab85a54fdd09d80b3cdb087 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 25 Aug 2023 08:47:11 +0000 Subject: [PATCH 1/6] version: v6.1.0 --- capa/version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capa/version.py b/capa/version.py index f2f931fce..ca521fd6d 100644 --- a/capa/version.py +++ b/capa/version.py @@ -5,7 +5,7 @@ # Unless required by applicable law or agreed to in writing, software distributed under the License # is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and limitations under the License. -__version__ = "6.0.0" +__version__ = "6.1.0" def get_major_version(): From 1905f1bfbd7dd784762ea88bb7dd751796bcfa0c Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 25 Aug 2023 09:02:03 +0000 Subject: [PATCH 2/6] changelog --- CHANGELOG.md | 41 ++++++++++++++++++++++++++++++++++------- 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5bd9b6e7f..cc622684a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,12 +3,41 @@ ## master (unreleased) ### New Features -- ELF: implement file import and export name extractor #1607 #1608 @Aayush-Goel-04 + +### Breaking Changes + +### New Rules (0) + +- + +### Bug Fixes + +### capa explorer IDA Pro plugin + +### Development + +### Raw diffs +- [capa ...master](https://github.com/mandiant/capa/compare/v6.1.0...master) +- [capa-rules ...master](https://github.com/mandiant/capa-rules/compare/v6.1.0...master) + +## v6.1.0 + +capa v6.1.0 is a bug fix release, most notably fixing unhandled exceptions in the capa explorer IDA Pro plugin. +@Aayush-Goel-04 put a lot of effort into improving code quality and adding a script for rule authors. +The script shows which features are present in a sample but not referenced by any existing rule. +You could use this script to find opportunities for new rules. + +Speaking of new rules, we have eight additions, coming from Ronnie, Jakub, Moritz, Ervin, and still@teamt5.org! + +### New Features +- ELF: implement import and export name extractor #1607 #1608 @Aayush-Goel-04 - bump pydantic from 1.10.9 to 2.1.1 #1582 @Aayush-Goel-04 -- develop script to highlight the features that are not used during matching #331 @Aayush-Goel-04 +- develop script to highlight features not used during matching #331 @Aayush-Goel-04 ### Breaking Changes +(none) + ### New Rules (8) - executable/pe/export/forwarded-export ronnie.salomonsen@mandiant.com @@ -22,7 +51,7 @@ ### Bug Fixes -- Fix binja backend stack string detection. #1473 @xusheng6 +- Binary Ninja: Fix stack string detection #1473 @xusheng6 - linter: skip native API check for NtProtectVirtualMemory #1675 @williballenthin - OS: detect Android ELF files #1705 @williballenthin - ELF: fix parsing of symtab #1704 @williballenthin @@ -32,11 +61,9 @@ ### capa explorer IDA Pro plugin - fix unhandled exception when resolving rule path #1693 @mike-hunhoff -### Development - ### Raw diffs -- [capa v6.0.0...master](https://github.com/mandiant/capa/compare/v6.0.0...master) -- [capa-rules v6.0.0...master](https://github.com/mandiant/capa-rules/compare/v6.0.0...master) +- [capa v6.0.0...v6.1.0](https://github.com/mandiant/capa/compare/v6.0.0...v6.1.0) +- [capa-rules v6.0.0...v6.1.0](https://github.com/mandiant/capa-rules/compare/v6.0.0...v6.1.0) ## v6.0.0 From ddff8634dedf5a58b14175317ceb9145995bb52a Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 25 Aug 2023 09:04:26 +0000 Subject: [PATCH 3/6] changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cc622684a..aea1a5bab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -51,6 +51,7 @@ Speaking of new rules, we have eight additions, coming from Ronnie, Jakub, Morit ### Bug Fixes +- rules: fix forwarded export characteristic #1656 @RonnieSalomonsen - Binary Ninja: Fix stack string detection #1473 @xusheng6 - linter: skip native API check for NtProtectVirtualMemory #1675 @williballenthin - OS: detect Android ELF files #1705 @williballenthin From 2b59fef1b2f2b5e79c0ce3cfd3ea856e517f0423 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 25 Aug 2023 09:05:57 +0000 Subject: [PATCH 4/6] changelog --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aea1a5bab..5be5d1654 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -47,7 +47,6 @@ Speaking of new rules, we have eight additions, coming from Ronnie, Jakub, Morit - anti-analysis/anti-vm/vm-detection/check-for-foreground-window-switch ervin.ocampo@mandiant.com - linking/static/sqlite3/linked-against-cppsqlite3 still@teamt5.org - linking/static/sqlite3/linked-against-sqlite3 still@teamt5.org -- ### Bug Fixes From 61202913a66e5845133813efec8ed41315ac046e Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 25 Aug 2023 09:07:09 +0000 Subject: [PATCH 5/6] changelog --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5be5d1654..d52378ad1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,8 +17,8 @@ ### Development ### Raw diffs -- [capa ...master](https://github.com/mandiant/capa/compare/v6.1.0...master) -- [capa-rules ...master](https://github.com/mandiant/capa-rules/compare/v6.1.0...master) +- [capa v6.1.0...master](https://github.com/mandiant/capa/compare/v6.1.0...master) +- [capa-rules v6.1.0...master](https://github.com/mandiant/capa-rules/compare/v6.1.0...master) ## v6.1.0 From 9accb60eff228e7832c86898cbb71c9a51e40d5c Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 25 Aug 2023 09:11:04 +0000 Subject: [PATCH 6/6] changelog --- CHANGELOG.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d52378ad1..27d8ab08b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,10 +34,6 @@ Speaking of new rules, we have eight additions, coming from Ronnie, Jakub, Morit - bump pydantic from 1.10.9 to 2.1.1 #1582 @Aayush-Goel-04 - develop script to highlight features not used during matching #331 @Aayush-Goel-04 -### Breaking Changes - -(none) - ### New Rules (8) - executable/pe/export/forwarded-export ronnie.salomonsen@mandiant.com