Hello community, here is the log from the commit of package python-volatility for openSUSE:Factory checked in at 2017-05-17 10:50:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-volatility (Old) and /work/SRC/openSUSE:Factory/.python-volatility.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-volatility" Wed May 17 10:50:32 2017 rev:1 rq:489602 version:2.6 Changes: -------- New Changes file: --- /dev/null 2017-03-01 00:40:19.279048016 +0100 +++ /work/SRC/openSUSE:Factory/.python-volatility.new/python-volatility.changes 2017-05-17 10:50:41.941679200 +0200 @@ -0,0 +1,82 @@ +------------------------------------------------------------------- +Thu Apr 20 11:35:00 UTC 2017 - [email protected] + +- Trim description of irrelevant stuff + +------------------------------------------------------------------- +Mon Apr 17 10:48:57 UTC 2017 - [email protected] + +- update to v2.6 + * Enhanced support for Windows 10 (including 14393.447) + * Added new profiles for recently patched Windows 7, Windows 8, and Server 2012 + * Optimized page table enumeration and scanning algorithms, especially on 64-bit Windows 10 + * Added support for carving Internet Explorer 10 history records + * Added support for memory dumps from the most recent VirtualBox version + * Updated the svcscan plugin to show FailureCommand + (the command that runs when a service fails to start multiple times) + * Add APIs to paged address spaces (x86 and x64) to allow easy lookups of PTE flags + (i.e. writeable, no-exec, supervisor, copy-on-write) + * Add support for tagging Mac memory ranges as heaps, stacks, etc. + * Add plugins for checking Mac file operation pointers, C++ classes in the kernel, + IOKit interest handlers, timers set by kernel drivers, and enumeration of + processes that filter file system events + * Add support for KASLR Linux kernels +- add %{_docdir}/python-volatility to %files to fix factory build failure +- add obsoletes: volatility <= 2.4 as the package was renamed + +------------------------------------------------------------------- +Thu Feb 11 03:54:06 UTC 2016 - [email protected] + +- update to v2.5 + * Windows memory dump analysis + Added profiles for Windows 8.1 Update 1 + Added basic support for Windows 10 + New plugin to print AmCache information from the registry (amcache) + New plugin to dump registry files to disk (dumpregistry) + New plugin to detect hidden/unlinked service record structures (servicediff) + New plugin to print the shutdown time from the registry (shutdowntime) + New plugin to print editbox controls from the GUI subsystem (editbox) + Malfind plugin detects injected code with erased PE headers + Imagecopy and raw2dmp can display the number of bytes copied or converted + Fix an issue with the memmap and memdump offsets being inconsistent + Fix an issue with vadtree's graphviz fill colors not being rendered by some viewers + Update the well known SIDs reported by the getsids plugin + Add an optional --max-size parameter to yarascan, dump_maps, etc + Fix an issue translating strings in PAE and x64 images + Add options to yarascan for case-insensitive search + Add options to yarascan to scan process and kernel memory at once + * Mac OSX memory dump analysis + Added profiles and support for Mac 10.10 Yosemite and 10.11 El Capitan + New plugin to print and extract compressed swap data (mac_compressed_swap) + New plugin to automatically detect Mac OS X profiles (mac_get_profile) + New plugin(s) to report Kauth scopes and listeners (mac_list_kauth_scopes | listeners) + New plugin to identify applications with promiscuous sockets (mac_list_raw) + New plugin to find hidden threads (mac_orphan_threads) + New plugin to print process environment variables (mac_psenv) + New plugin to print basic and complex thread data (mac_threads, mac_threads_simple) + * Linux/Android memory dump analysis + Addd support for Linux kernels up to 4.2.3 + New plugin to print Linux dynamic environment variables (linux_dynamic_env) + New plugin to print the current working directory of processes (linux_getcwd) + New plugin to carve for network connection structures (linux_netscan) + Speed improvements to various plugins + Improve handling of mprotect() Linux memory regions +-update specfile to match file placement from fedora v2.4 specfile + +------------------------------------------------------------------- +Thu Sep 25 20:12:57 UTC 2014 - [email protected] + +- update to v2.4 + * As of Volatility 2.4, all changes are now tracked on the GitHub site: + https://github.com/volatilityfoundation/volatility + * Volatility 2.0-2.3: all changes were tracked on the Google Code site: + http://code.google.com/p/volatility/source/list +- specfile cleanup + +------------------------------------------------------------------- +Tue Feb 7 00:19:04 UTC 2012 - [email protected] + +- initial package + + An advanced memory forensics framework + New: ---- 2.6.tar.gz python-volatility.changes python-volatility.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-volatility.spec ++++++ # # spec file for package python-volatility # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: python-volatility Version: 2.6 Release: 0 Summary: Volatile memory artifact extraction utility framework License: GPL-2.0+ Group: Development/Libraries/Python Url: http://www.volatilityfoundation.org/ Source: https://github.com/volatilityfoundation/volatility/archive/%{version}.tar.gz BuildRequires: fdupes BuildRequires: python-devel Requires: python-distorm3 Requires: python-yara Requires: python-pycrypto #used in script vol_genprofile for generation of linux profile Requires: libdwarf-tools Obsoletes: volatility <= 2.4 Provides: volatility = %{version} BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The Volatility Framework is a collection of tools, implemented in Python for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed independent of the system being investigated but offer visibilty into the runtime state of the system. %prep %setup -q -n volatility-%{version} %build env CFLAGS="%{optflags}" python setup.py build %install # this entire install section is setup to mirror what fedora does in its spec file python setup.py install --root=%{buildroot} --prefix=%{_prefix} mkdir -p %{buildroot}/%{python_sitelib}/volatility/plugins/contrib mv %{buildroot}/usr/contrib/plugins/* %{buildroot}/%{python_sitelib}/volatility/plugins/contrib rm %{buildroot}/usr/contrib/__init__.py mkdir -p %{buildroot}/%{_datadir}/python-volatility mv %{buildroot}/usr/contrib/library_example %{buildroot}/%{_datadir}/python-volatility mkdir -p %{buildroot}/%{_docdir}/python-volatility mv %{buildroot}/%{_prefix}/tools %{buildroot}/%{_docdir}/python-volatility mv %{buildroot}/%{_docdir}/python-volatility/tools/vtype_diff.py %{buildroot}/%{_bindir}/ # these are in the fedora spec file, but it is not clear why #touch %%{buildroot}/%%{python_sitelib}/volatility/plugins/contrib/__init__.py #touch %%{buildroot}/%%{python_sitelib}/volatility/plugins/contrib/malware/__init__.py %fdupes %{buildroot} %files %defattr(-,root,root) %doc AUTHORS.txt CHANGELOG.txt CREDITS.txt LEGAL.txt LICENSE.txt README.txt %{python_sitelib}/volatility %{python_sitelib}/volatility-%{version}-py2.7.egg-info %{_bindir}/vol.py %{_bindir}/vtype_diff.py %{_datadir}/python-volatility %{_docdir}/python-volatility %changelog
