[yara] Update to 4.3.0 and add features (#30485)

* [yara] Update to 4.3.0 and add features * update version * add patch * update version * fix build error * update version
2025-01-19 04:53:02 +08:00 · 2023-04-03 12:01:43 +08:00 · 2023-04-03 12:01:43 +08:00 · 9eb91c199e
commit 9eb91c199e
parent 21c801ea47
6 changed files with 94 additions and 21 deletions
--- a/ports/yara/CMakeLists.txt
+++ b/ports/yara/CMakeLists.txt
@ -7,9 +7,6 @@ endif()


 find_package(OpenSSL REQUIRED)
-find_path(JANSSON_INCLUDE_DIR NAMES jansson.h)
-find_library(JANSSON_LIBRARY NAMES jansson)
-

 include_directories(
  .
@ -53,16 +50,19 @@ set(
  libyara/mem.c
  libyara/modules.c
  libyara/modules/console/console.c
-  libyara/modules/cuckoo/cuckoo.c
-  libyara/modules/dotnet/dotnet.c
-  libyara/modules/elf/elf.c
  libyara/modules/hash/hash.c
  libyara/modules/math/math.c
  libyara/modules/macho/macho.c
  libyara/modules/pe/pe.c
  libyara/modules/pe/pe_utils.c
+  libyara/modules/pe/authenticode-parser/authenticode.c
+  libyara/modules/pe/authenticode-parser/certificate.c
+  libyara/modules/pe/authenticode-parser/helper.c
+  libyara/modules/pe/authenticode-parser/countersignature.c
+  libyara/modules/pe/authenticode-parser/structs.c
  libyara/modules/tests/tests.c
  libyara/modules/time/time.c
+  libyara/modules/string/string.c  
  libyara/notebook.c
  libyara/object.c
  libyara/parser.c
@ -80,6 +80,12 @@ set(
  libyara/stream.c
  libyara/strutils.c
  libyara/threading.c
+  
+  # Module elf request new library tlshc(https://github.com/avast/tlshc), the related upstream PR: https://github.com/VirusTotal/yara/pull/1624.
+  # libyara/modules/elf/elf.c
+  # libyara/tlshc/tlsh.c
+  # libyara/tlshc/tlsh_impl.c
+  # libyara/tlshc/tlsh_util.c
 )

 set(
@ -95,7 +101,6 @@ set( yarac_sources
  cli/yarac.c
 )

-
 find_package(Threads REQUIRED)

 set(
@ -103,10 +108,9 @@ set(
  OpenSSL::SSL
  OpenSSL::Crypto 
  Threads::Threads
-  ${JANSSON_LIBRARY}
 )

-IF(CMAKE_SYSTEM_NAME MATCHES "Windows")
+if(CMAKE_SYSTEM_NAME MATCHES "Windows")
 list(APPEND libyara_dependencies Crypt32.lib Ws2_32.lib)
 endif()
 if("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
@ -117,15 +121,25 @@ set(
  libyara_definitions
  -DHAVE_LIBCRYPTO
  -D${PROC_PLATFORM_INTERFACE}
-  -DCUCKOO_MODULE
  -DHASH_MODULE
-  -DDOTNET_MODULE
 )

+if(CUCKOO_MODULE)
+  list(APPEND libyara_definitions -DCUCKOO_MODULE)
+  list(APPEND libyara_sources libyara/modules/cuckoo/cuckoo.c)
+  find_package(jansson CONFIG REQUIRED)
+  list(APPEND libyara_dependencies jansson::jansson)
+endif()
+
+if(DOTNET_MODULE)
+  list(APPEND libyara_definitions -DDOTNET_MODULE)
+  list(APPEND libyara_sources libyara/modules/dotnet/dotnet.c)
+endif()
+
 add_library(libyara ${libyara_sources})
 target_link_libraries(libyara PRIVATE ${libyara_dependencies})
 target_compile_definitions(libyara PRIVATE ${libyara_definitions})
-
+target_include_directories(libyara INTERFACE $<INSTALL_INTERFACE:include>)

 add_executable(yara  ${yara_sources})
 add_executable(yarac  ${yarac_sources})
@ -134,12 +148,27 @@ target_link_libraries(yarac PRIVATE libyara ${libyara_dependencies})
 target_link_libraries(yara PRIVATE libyara ${libyara_dependencies})

 install(
-  TARGETS libyara
-  RUNTIME DESTINATION bin
+  TARGETS libyara EXPORT unofficial-libyaraTargets
  LIBRARY DESTINATION lib
  ARCHIVE DESTINATION lib
 )

+install(EXPORT unofficial-libyaraTargets
+    NAMESPACE unofficial::libyara::
+    DESTINATION share/unofficial-libyara
+)
+file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/unofficial-libyara-config.cmake.in"
+[[include(CMakeFindDependencyMacro)
+find_dependency(OpenSSL)
+find_dependency(Threads)
+if(@CUCKOO_MODULE@)
+  find_dependency(jansson CONFIG)
+endif()
+include("${CMAKE_CURRENT_LIST_DIR}/unofficial-libyaraTargets.cmake")
+]])
+configure_file("${CMAKE_CURRENT_BINARY_DIR}/unofficial-libyara-config.cmake.in" "${CMAKE_CURRENT_BINARY_DIR}/unofficial-libyara-config.cmake" @ONLY)
+install(FILES ${CMAKE_CURRENT_BINARY_DIR}/unofficial-libyara-config.cmake DESTINATION share/unofficial-libyara)
+
 if(NOT DISABLE_INSTALL_TOOLS)
  install (
    TARGETS yarac yara
--- a/ports/yara/Disable-module-elf.patch
+++ b/ports/yara/Disable-module-elf.patch
@ -0,0 +1,13 @@
+diff --git a/libyara/modules/module_list b/libyara/modules/module_list
+index 35e848a..e11433e 100644
+--- a/libyara/modules/module_list
+++ b/libyara/modules/module_list
+@@ -1,6 +1,8 @@
+ MODULE(tests)
+ MODULE(pe)
+#ifdef DELF_MODULE
+ MODULE(elf)
+#endif
+ MODULE(math)
+ MODULE(time)
+ MODULE(console)
--- a/ports/yara/portfile.cmake
+++ b/ports/yara/portfile.cmake
@ -3,21 +3,33 @@ vcpkg_check_linkage(ONLY_STATIC_LIBRARY)
 vcpkg_from_github(
  OUT_SOURCE_PATH SOURCE_PATH
  REPO VirusTotal/yara
-  REF ba94b4f8ebb6d56786d14f6a0f7529b32d7c216f #v4.2.3
-  SHA512 34bbe80c0f108691c7dd36fe56a2f866fc90424417a14df80781670f8150662a6160fecc4b697c6ff7eca3f98d78cdcb91f38e7f2a6542814b739869662d6608
+  REF "v${VERSION}"
+  SHA512 fe239ae2f29fac7b4dbdc0ec84eba057dd4d93c6ae3a53d6bc2a333cc15ed45b1ff5cb896faf02813be667ce191ccbe1d64549552ea4f0834804ad0ec4b29092
  HEAD_REF master
+  PATCHES
+    # Module elf request new library tlshc(https://github.com/avast/tlshc), the related upstream PR: https://github.com/VirusTotal/yara/pull/1624.
+    Disable-module-elf.patch
+)
+
+vcpkg_check_features(OUT_FEATURE_OPTIONS FEATURE_OPTIONS
+  FEATURES
+    cuckoo    CUCKOO_MODULE
+    dotnet    DOTNET_MODULE
 )

 file(COPY "${CMAKE_CURRENT_LIST_DIR}/CMakeLists.txt" DESTINATION "${SOURCE_PATH}")

 vcpkg_cmake_configure(
  SOURCE_PATH "${SOURCE_PATH}"
+  OPTIONS
+      ${FEATURE_OPTIONS}
  OPTIONS_DEBUG 
      -DDISABLE_INSTALL_HEADERS=ON 
      -DDISABLE_INSTALL_TOOLS=ON
 )

 vcpkg_cmake_install()
+vcpkg_cmake_config_fixup(PACKAGE_NAME unofficial-libyara)

 # Handle copyright
-file(INSTALL "${SOURCE_PATH}/COPYING" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}" RENAME copyright)
+vcpkg_install_copyright(FILE_LIST "${SOURCE_PATH}/COPYING")
--- a/ports/yara/vcpkg.json
+++ b/ports/yara/vcpkg.json
@ -1,15 +1,29 @@
 {
  "name": "yara",
-  "version": "4.2.3",
+  "version": "4.3.0",
  "description": "The pattern matching swiss knife",
  "homepage": "https://github.com/VirusTotal/yara",
  "license": "BSD-3-Clause",
  "dependencies": [
-    "jansson",
    "openssl",
    {
      "name": "vcpkg-cmake",
      "host": true
+    },
+    {
+      "name": "vcpkg-cmake-config",
+      "host": true
    }
-  ]
+  ],
+  "features": {
+    "cuckoo": {
+      "description": "The Cuckoo module enables you to create YARA rules based on behavioral information generated by Cuckoo sandbox.",
+      "dependencies": [
+        "jansson"
+      ]
+    },
+    "dotnet": {
+      "description": "The dotnet module allows you to create more fine-grained rules for .NET files by using attributes and features of the .NET file format."
+    }
+  }
 }
--- a/versions/baseline.json
+++ b/versions/baseline.json
@ -8633,7 +8633,7 @@
      "port-version": 1
    },
    "yara": {
-      "baseline": "4.2.3",
+      "baseline": "4.3.0",
      "port-version": 0
    },
    "yas": {
--- a/versions/y-/yara.json
+++ b/versions/y-/yara.json
@ -1,5 +1,10 @@
 {
  "versions": [
+    {
+      "git-tree": "33fe4f18e0ce42f7ff01fde67f188eed7d74616e",
+      "version": "4.3.0",
+      "port-version": 0
+    },
    {
      "git-tree": "0551c4f9ac51859d9063f6482ff44acf3d7bfa2a",
      "version": "4.2.3",