From 831dc577f40408f5954fbbd94be40da570f82172 Mon Sep 17 00:00:00 2001
From: Moritz Raabe <moritz.raabe@fireeye.com>
Date: Tue, 8 Jun 2021 14:17:14 +0200
Subject: [PATCH 1/3] add breaking change section and reorg

---
 CHANGELOG.md | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1f5bcde4..8fcde2f0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,13 +7,16 @@ It includes many new rules, including all new techniques introduced in MITRE ATT
 
 ### New Features
 
+- rules: update ATT&CK and MBC mappings https://github.com/fireeye/capa-rules/pull/317 @williballenthin
 - main: use FLIRT signatures to identify and ignore library code #446 @williballenthin
 - explorer: IDA 7.6 support #497 @williballenthin
+- tests: update test cases and caching #545 @mr-tz
 - scripts: capa2yara.py convert capa rules to YARA rules #561 @ruppde
 - rule: add file-scope feature (`function-name`) for recognized library functions #567 @williballenthin
 - main: auto detect shellcode based on file extension #516 @mr-tz
 - main: more detailed progress bar output when matching functions #562 @mr-tz
 - main: detect file limitations without doing code analysis for better performance #583 @williballenthin
+- show-features: don't show features from library functions #569 @williballenthin
 
 ### New Rules (89)
 
@@ -115,26 +118,22 @@ It includes many new rules, including all new techniques introduced in MITRE ATT
 - explorer: add support for function-name feature #618 @mike-hunhoff
 - explorer: circular import workaround #654 @mike-hunhoff
 
-### Changes
+### Breaking Changes
 
 - py3: drop Python 2 support #480 @Ana06
-- deps: bump ruamel yaml parser to 0.17.4 #519 @williballenthin
-- explorer: explain how to install IDA 7.6 patch to enable the plugin #528 @williballenthin
-- explorer: document IDA 7.6sp1 as alternative to the patch #536 @Ana06
-- rules: update ATT&CK and MBC mappings https://github.com/fireeye/capa-rules/pull/317 @williballenthin
-- tests: update test cases and caching #545 @mr-tz
-- show-features: don't show features from library functions #569 @williballenthin
-- linter: summarize results at the end #571 @williballenthin
 - meta: added `library_functions` field, `feature_counts.functions` does not include library functions any more #562 @mr-tz
-- linter: check for `or` with always true child statement, e.g. `optional`, colors #348 @mr-tz
-- json: breaking change in results document; now contains parsed ATT&CK and MBC fields instead of canonical representation #526 @mr-tz
-- json: breaking change: record all matching strings for regex #159 @williballenthin
+- json: results document now contains parsed ATT&CK and MBC fields instead of canonical representation #526 @mr-tz
+- json: record all matching strings for regex #159 @williballenthin
 - main: implement file limitations via rules not code #390 @williballenthin
 - json: breaking change: correctly render negative offsets #619 @williballenthin
 - library: breaking change: remove logic from `__init__.py` throughout #622 @williballenthin
 - main: don't create .viv files unless CAPA_SAVE_WORKSPACE environment variable is set #507 @williballenthin
 - library: add type annotations for use with mypy #447 @williballenthin
 
+### Documentation
+- explorer: explain how to install IDA 7.6 patch to enable the plugin #528 @williballenthin
+- explorer: document IDA 7.6sp1 as alternative to the patch #536 @Ana06
+
 ### Development
 
 - ci: add capa release link to capa-rules tag #517 @Ana06
@@ -142,6 +141,8 @@ It includes many new rules, including all new techniques introduced in MITRE ATT
 - ci, changelog: support multiple author in sync GH https://github.com/fireeye/capa-rules/pull/378 @Ana06
 - ci, lint: check statements for single child statements #563 @mr-tz
 - ci: reject PRs without CHANGELOG update to ensure CHANGELOG is kept up-to-date. #584 @Ana06
+- linter: summarize results at the end #571 @williballenthin
+- linter: check for `or` with always true child statement, e.g. `optional`, colors #348 @mr-tz
 
 ### Raw diffs
 

From 45c4b4019a39755325118c4d23512b45b9c96222 Mon Sep 17 00:00:00 2001
From: Moritz Raabe <moritz.raabe@fireeye.com>
Date: Wed, 9 Jun 2021 09:43:26 +0200
Subject: [PATCH 2/3] move breaking changes to top

---
 CHANGELOG.md | 35 ++++++++++++++++-------------------
 1 file changed, 16 insertions(+), 19 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8fcde2f0..53226dc8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,6 @@ It includes many new rules, including all new techniques introduced in MITRE ATT
 
 - rules: update ATT&CK and MBC mappings https://github.com/fireeye/capa-rules/pull/317 @williballenthin
 - main: use FLIRT signatures to identify and ignore library code #446 @williballenthin
-- explorer: IDA 7.6 support #497 @williballenthin
 - tests: update test cases and caching #545 @mr-tz
 - scripts: capa2yara.py convert capa rules to YARA rules #561 @ruppde
 - rule: add file-scope feature (`function-name`) for recognized library functions #567 @williballenthin
@@ -17,6 +16,18 @@ It includes many new rules, including all new techniques introduced in MITRE ATT
 - main: more detailed progress bar output when matching functions #562 @mr-tz
 - main: detect file limitations without doing code analysis for better performance #583 @williballenthin
 - show-features: don't show features from library functions #569 @williballenthin
+- linter: summarize results at the end #571 @williballenthin
+- linter: check for `or` with always true child statement, e.g. `optional`, colors #348 @mr-tz
+
+### Breaking Changes
+
+- py3: drop Python 2 support #480 @Ana06
+- meta: added `library_functions` field, `feature_counts.functions` does not include library functions any more #562 @mr-tz
+- json: results document now contains parsed ATT&CK and MBC fields instead of canonical representation #526 @mr-tz
+- json: record all matching strings for regex #159 @williballenthin
+- main: implement file limitations via rules not code #390 @williballenthin
+- json: correctly render negative offsets #619 @williballenthin
+- library: remove logic from `__init__.py` throughout #622 @williballenthin
 
 ### New Rules (89)
 
@@ -110,29 +121,17 @@ It includes many new rules, including all new techniques introduced in MITRE ATT
 - nursery/get-storage-device-properties michael.hunhoff@fireeye.com
 -
 
-
 ### Bug Fixes
 
 - build: use Python 3.8 for PyInstaller to support consistently running across multiple operating systems including Windows 7 #505 @mr-tz
 - main: correctly match BB-scope matches at file scope #605 @williballenthin
-- explorer: add support for function-name feature #618 @mike-hunhoff
-- explorer: circular import workaround #654 @mike-hunhoff
 
-### Breaking Changes
-
-- py3: drop Python 2 support #480 @Ana06
-- meta: added `library_functions` field, `feature_counts.functions` does not include library functions any more #562 @mr-tz
-- json: results document now contains parsed ATT&CK and MBC fields instead of canonical representation #526 @mr-tz
-- json: record all matching strings for regex #159 @williballenthin
-- main: implement file limitations via rules not code #390 @williballenthin
-- json: breaking change: correctly render negative offsets #619 @williballenthin
-- library: breaking change: remove logic from `__init__.py` throughout #622 @williballenthin
-- main: don't create .viv files unless CAPA_SAVE_WORKSPACE environment variable is set #507 @williballenthin
-- library: add type annotations for use with mypy #447 @williballenthin
-
-### Documentation
+### capa explorer IDA Pro plugin
+- explorer: IDA 7.6 support #497 @williballenthin
 - explorer: explain how to install IDA 7.6 patch to enable the plugin #528 @williballenthin
 - explorer: document IDA 7.6sp1 as alternative to the patch #536 @Ana06
+- explorer: add support for function-name feature #618 @mike-hunhoff
+- explorer: circular import workaround #654 @mike-hunhoff
 
 ### Development
 
@@ -141,8 +140,6 @@ It includes many new rules, including all new techniques introduced in MITRE ATT
 - ci, changelog: support multiple author in sync GH https://github.com/fireeye/capa-rules/pull/378 @Ana06
 - ci, lint: check statements for single child statements #563 @mr-tz
 - ci: reject PRs without CHANGELOG update to ensure CHANGELOG is kept up-to-date. #584 @Ana06
-- linter: summarize results at the end #571 @williballenthin
-- linter: check for `or` with always true child statement, e.g. `optional`, colors #348 @mr-tz
 
 ### Raw diffs
 

From 44b47eb39cd9eb46f9a77555670669a9155d9397 Mon Sep 17 00:00:00 2001
From: Moritz Raabe <moritz.raabe@fireeye.com>
Date: Fri, 11 Jun 2021 09:17:06 +0200
Subject: [PATCH 3/3] update release checklist

---
 doc/release.md | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/doc/release.md b/doc/release.md
index efd60aa9..fb154ff7 100644
--- a/doc/release.md
+++ b/doc/release.md
@@ -10,13 +10,7 @@
 - [ ] Update [CHANGELOG.md](https://github.com/fireeye/capa/blob/master/CHANGELOG.md)
   - Do not forget to add a nice introduction thanking contributors
   - Remember that we need a major release if we introduce breaking changes
-  - Sections
-    - New Features
-    - New Rules
-    - Bug Fixes
-    - Changes
-    - Development
-    - Raw diffs
+  - Sections: see template below
   - Update `Raw diffs` links
   - Create placeholder for `master (unreleased)` section
     ```
@@ -24,13 +18,15 @@
 
     ### New Features
 
+    ### Breaking Changes
+
     ### New Rules (0)
 
     -
 
     ### Bug Fixes
 
-    ### Changes
+    ### capa explorer IDA Pro plugin
 
     ### Development