Date: Wednesday, June 3, 2020 @ 21:34:22 Author: anatolik Revision: 638586
Add pacman support osquery got a new table called pacman_packages that contains information about installed packages Modified: osquery/trunk/PKGBUILD Deleted: osquery/trunk/yara4.patch -------------+ PKGBUILD | 10 ++------- yara4.patch | 59 ---------------------------------------------------------- 2 files changed, 3 insertions(+), 66 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2020-06-03 21:28:08 UTC (rev 638585) +++ PKGBUILD 2020-06-03 21:34:22 UTC (rev 638586) @@ -2,7 +2,7 @@ pkgname=osquery pkgver=4.3.0 -pkgrel=2 +pkgrel=3 pkgdesc='SQL powered operating system instrumentation, monitoring, and analytics' arch=(x86_64) url='https://osquery.io' @@ -13,12 +13,10 @@ _smartmontools_commit=5f7669fba545f32a6d0c07e2be67df16f3eb354b source=(osquery-$pkgver.zip::https://github.com/osquery/osquery/archive/$pkgver.zip third-party-smartmontools.zip::https://github.com/osquery/third-party-smartmontools/archive/$_smartmontools_commit.zip - devendorize.patch::https://github.com/anatol/osquery/compare/$pkgver...$pkgver-archlinux.patch - yara4.patch) + devendorize.patch::https://github.com/anatol/osquery/compare/$pkgver...237764c7367a6056917b66eb0616101cc444699c.patch) sha256sums=('69b570a6e5b4d3a92a7f3812fc78137383aa564025d697cef6e8717e404e3b66' '891f11acd804aa0d53dbec599e6a32ad9c1e5392a3eb4022714871f3a1ce95ee' - 'b916c36f7e0394baf627fb0991431f77d796b29014719b754e05a761576def05' - '201b3a9f5594214b3133492618b321f428fd2cfbdec63e88436a50c748710158') + 'b2f3dfbdd472f085c895807e7fefe11be3ec301afb4a2e172cdff2ceda3f6b62') prepare() { cd osquery-$pkgver @@ -26,8 +24,6 @@ rm -rf libraries/cmake/source/smartmontools/src ln -sf `pwd`/../third-party-smartmontools-$_smartmontools_commit libraries/cmake/source/smartmontools/src - - patch -p1 < ../yara4.patch } build() { Deleted: yara4.patch =================================================================== --- yara4.patch 2020-06-03 21:28:08 UTC (rev 638585) +++ yara4.patch 2020-06-03 21:34:22 UTC (rev 638586) @@ -1,59 +0,0 @@ -commit 01d01e39a87e339c88cab216b85ee14428c0f2ec -Author: Anatol Pomozov <[email protected]> -Date: Fri May 15 19:04:57 2020 -0700 - - Adopt code for the YARA 4 API changes - - https://github.com/VirusTotal/yara/wiki/Backward-incompatible-changes-in-YARA-4.0-API - -diff --git a/osquery/tables/yara/yara_utils.cpp b/osquery/tables/yara/yara_utils.cpp -index 897c18c2..d08bf437 100644 ---- a/osquery/tables/yara/yara_utils.cpp -+++ b/osquery/tables/yara/yara_utils.cpp -@@ -31,6 +31,7 @@ bool yaraShouldSkipFile(const std::string& path, mode_t st_mode) { - void YARACompilerCallback(int error_level, - const char* file_name, - int line_number, -+ const YR_RULE* rule, - const char* message, - void* user_data) { - if (error_level == YARA_ERROR_LEVEL_ERROR) { -@@ -209,7 +210,7 @@ Status handleRuleFiles(const std::string& category, - * This is the YARA callback. Used to store matching rules in the row which is - * passed in as user_data. - */ --int YARACallback(int message, void* message_data, void* user_data) { -+int YARACallback(YR_SCAN_CONTEXT* context, int message, void* message_data, void* user_data) { - if (message == CALLBACK_MSG_RULE_MATCHING) { - Row* r = (Row*)user_data; - YR_RULE* rule = (YR_RULE*)message_data; -@@ -223,7 +224,7 @@ int YARACallback(int message, void* message_data, void* user_data) { - YR_STRING* string = nullptr; - yr_rule_strings_foreach(rule, string) { - YR_MATCH* match = nullptr; -- yr_string_matches_foreach(string, match) { -+ yr_string_matches_foreach(context, string, match) { - if ((*r)["strings"].length() > 0) { - (*r)["strings"] += "," + std::string(string->identifier); - } else { -diff --git a/osquery/tables/yara/yara_utils.h b/osquery/tables/yara/yara_utils.h -index dd860041..bf984240 100644 ---- a/osquery/tables/yara/yara_utils.h -+++ b/osquery/tables/yara/yara_utils.h -@@ -28,6 +28,7 @@ const std::string kYARAHome{OSQUERY_HOME "yara/"}; - void YARACompilerCallback(int error_level, - const char* file_name, - int line_number, -+ const YR_RULE* rule, - const char* message, - void* user_data); - -@@ -42,7 +43,7 @@ Status handleRuleFiles(const std::string& category, - */ - bool yaraShouldSkipFile(const std::string& path, mode_t st_mode); - --int YARACallback(int message, void* message_data, void* user_data); -+int YARACallback(YR_SCAN_CONTEXT* context, int message, void* message_data, void* user_data); - - /** - * @brief A simple ConfigParserPlugin for a "yara" dictionary key.
