vthib · vthib · Apr 7, 2023 · Apr 6, 2023 · Apr 7, 2023
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -25,12 +25,17 @@ jobs:
           sudo apt install libssl-dev:i386 gcc-multilib
           echo "OPENSSL_INCLUDE_DIR=/usr/include" >> $GITHUB_ENV
           echo "OPENSSL_LIB_DIR=/usr/lib/i386-linux-gnu" >> $GITHUB_ENV
+          echo "YARA_OPENSSL_INCLUDE_DIR=/usr/include" >> $GITHUB_ENV
       - uses: actions/checkout@v3
       - uses: dtolnay/rust-toolchain@stable
         with:
           target: ${{matrix.target}}
       - run: cargo test --target=${{matrix.target}}
+        env:
+          YARA_CRYPTO_LIB: openssl
       - run: cargo test --features authenticode --target=${{matrix.target}}
+        env:
+          YARA_CRYPTO_LIB: openssl
 
     strategy:
       fail-fast: false
@@ -66,6 +71,8 @@ jobs:
         run: |
           echo "VCPKGRS_TRIPLET=${{ matrix.vcpkg_triplet }}" >> $GITHUB_ENV
           echo "OPENSSL_DIR=${{ runner.workspace }}\\vcpkg\\installed\\${{ matrix.vcpkg_triplet }}" >> $GITHUB_ENV
+          echo "YARA_OPENSSL_DIR=${{ runner.workspace }}\\vcpkg\\installed\\${{ matrix.vcpkg_triplet }}" >> $GITHUB_ENV
+          echo "YARA_CRYPTO_LIB=openssl" >> $GITHUB_ENV
 
       - uses: dtolnay/rust-toolchain@stable
         with:

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -18,8 +18,3 @@ members = [
 # - Handle VirtualSize=0 when searching through sections
 #   - 89de6a730a4f60c005862b294de2f9fe444d1235
 object = { git = 'https://github.com/vthib/boreal-object', branch = "version-0.30" }
-
-# Fork of yara-rust crate, for some changes not yet released:
-#
-# - Update to yara 4.3
-yara = { git = "https://github.com/vthib/yara-rust", branch = "update-yara-4.3" }
diff --git a/boreal/Cargo.toml b/boreal/Cargo.toml
@@ -67,7 +67,7 @@ base64 = "0.21"
 glob = "0.3.0"
 tempfile = "3.4"
 walkdir = "2.3"
-yara = { version = "0.17", features = ["vendored"] }
+yara = { version = "0.19", features = ["vendored"] }
 
 # Only needed in tests because Mutex::new is not const
 # in 1.62 MSRV. Can be remove once MSRV is bumped above it.

diff --git a/boreal/src/module/pe.rs b/boreal/src/module/pe.rs
@@ -1605,7 +1605,7 @@ fn add_exports(
                             // -1 is set by libyara to indicate an invalid offset.
                             None => match va_to_file_offset(mem, sections, address) {
                                 Some(v) => v.into(),
-                                None => Value::Integer(-1),
+                                None => Value::Undefined,
                             },
                         },
                     ),

diff --git a/boreal/tests/it/macho.rs b/boreal/tests/it/macho.rs
@@ -149,14 +149,7 @@ fn test_coverage_macho_tiny_universal() {
 
 #[test]
 fn test_coverage_macho_entry_points() {
-    compare_module_values_on_file(
-        MachO,
-        "tests/assets/macho/entry_points",
-        &[
-            // TODO: Bug in LIBYARA
-            "macho.file[7].entry_point",
-        ],
-    );
+    compare_module_values_on_file(MachO, "tests/assets/macho/entry_points", &[]);
 }
 
 #[test]