diff --git a/security/py-plaso/Makefile b/security/py-plaso/Makefile index 234f54a7fb2d..5dccf3b21350 100644 --- a/security/py-plaso/Makefile +++ b/security/py-plaso/Makefile @@ -1,71 +1,70 @@ PORTNAME= plaso -PORTVERSION= 20240826 -PORTREVISION= 2 +PORTVERSION= 20260512 CATEGORIES= security python MASTER_SITES= https://github.com/log2timeline/plaso/releases/download/${PORTVERSION}/ \ LOCAL/antoine PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} MAINTAINER= antoine@FreeBSD.org COMMENT= Automatic creation of a super timeline WWW= https://github.com/log2timeline/plaso/wiki LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= ${PY_SETUPTOOLS} \ ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} RUN_DEPENDS= libcaes>=a:security/libcaes \ libesedb>=e:devel/libesedb \ libevt>=a:devel/libevt \ libevtx>=a:devel/libevtx \ libfcrypto>=a:security/libfcrypto \ libfwsi>=e:devel/libfwsi \ liblnk>=0:devel/liblnk \ libmsiecf>=a:devel/libmsiecf \ libolecf>=a:devel/libolecf \ libregf>=a:devel/libregf \ libscca>=a:devel/libscca \ libsigscan>=e:devel/libsigscan \ ${PYTHON_PKGNAMEPREFIX}acstore>=0:devel/py-acstore@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}artifacts>=0:security/py-artifacts@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}bencode.py>=0:converters/py-bencode.py@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}certifi>=0:security/py-certifi@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}defusedxml>=0:devel/py-defusedxml@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}dfdatetime>=0:security/py-dfdatetime@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}dfvfs>=0:filesystems/py-dfvfs@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}dfwinreg>=0:security/py-dfwinreg@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}dtfabric>=0:devel/py-dtfabric@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}Flor>=0:textproc/py-flor@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}lz4>=0:archivers/py-lz4@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}opensearch-py>=0:textproc/py-opensearch-py@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pefile>=0:devel/py-pefile@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}psutil>=0:sysutils/py-psutil@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyparsing>=0:devel/py-pyparsing@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}python-dateutil>=0:devel/py-python-dateutil@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}pytsk>=0:sysutils/py-pytsk@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pytsk3>=0:sysutils/py-pytsk@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytz>=0:devel/py-pytz@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyzmq>=0:net/py-pyzmq@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}redis>=0:databases/py-redis@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}requests>=0:www/py-requests@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}six>=0:devel/py-six@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}sqlite3>=0:databases/py-sqlite3@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}xattr>=0:devel/py-xattr@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}xlsxwriter>=0:textproc/py-xlsxwriter@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyyaml>=0:devel/py-pyyaml@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}yara>=0:security/py-yara@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}yara-python>=0:security/py-yara@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}zstd>=0:archivers/py-zstd@${PY_FLAVOR} TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}fakeredis>=0:databases/py-fakeredis@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}mock>=0:devel/py-mock@${PY_FLAVOR} USES= python USE_LOCALE= en_US.UTF-8 USE_PYTHON= autoplist concurrent cryptography pep517 # Upstream archive contains files with UTF-8 names EXTRACT_CMD= ${SETENV} LANG=${USE_LOCALE} LC_ALL=${USE_LOCALE} ${TAR} DO_MAKE_TEST= ${SETENV} ${TEST_ENV} ${PYTHON_CMD} TEST_TARGET= run_tests.py NO_ARCH= yes .include diff --git a/security/py-plaso/distinfo b/security/py-plaso/distinfo index 89e97705d81c..478996d04557 100644 --- a/security/py-plaso/distinfo +++ b/security/py-plaso/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1739801390 -SHA256 (plaso-20240826.tar.gz) = 4ac3a65cf31b87e507edc4c4d628a693703a6f1b933553da2fbe402a2250ef30 -SIZE (plaso-20240826.tar.gz) = 196604839 +TIMESTAMP = 1779286465 +SHA256 (plaso-20260512.tar.gz) = 85789d8424d1f53d9ca65992d7b8335910d5883cb7f50ca3dcb37f553118a83a +SIZE (plaso-20260512.tar.gz) = 199345836 diff --git a/security/py-plaso/files/patch-plaso_output_winevt__rc.py b/security/py-plaso/files/patch-plaso_output_winevt__rc.py index 8513d7181c47..adde4caec04b 100644 --- a/security/py-plaso/files/patch-plaso_output_winevt__rc.py +++ b/security/py-plaso/files/patch-plaso_output_winevt__rc.py @@ -1,47 +1,47 @@ ---- plaso/output/winevt_rc.py.orig 2024-06-08 09:38:22 UTC +--- plaso/output/winevt_rc.py.orig 2026-05-12 13:50:02 UTC +++ plaso/output/winevt_rc.py -@@ -16,7 +16,7 @@ class Sqlite3DatabaseFile(object): +@@ -18,7 +18,7 @@ class Sqlite3DatabaseFile: _HAS_TABLE_QUERY = ( 'SELECT name FROM sqlite_master ' - 'WHERE type = "table" AND name = "{0:s}"') + 'WHERE type = \'table\' AND name = \'{0:s}\'') def __init__(self): """Initializes the database file object.""" -@@ -166,7 +166,7 @@ class WinevtResourcesSqlite3DatabaseReader(object): +@@ -168,7 +168,7 @@ class WinevtResourcesSqlite3DatabaseReader: """ table_names = ['event_log_providers'] column_names = ['event_log_provider_key'] - condition = f'log_source == "{log_source:s}"' + condition = f'log_source == \'{log_source:s}\'' values_list = list(self._database_file.GetValues( table_names, column_names, condition)) -@@ -202,7 +202,7 @@ class WinevtResourcesSqlite3DatabaseReader(object): +@@ -204,7 +204,7 @@ class WinevtResourcesSqlite3DatabaseReader: return None column_names = ['message_string'] - condition = f'message_identifier == "0x{message_identifier:08x}"' + condition = f'message_identifier == \'0x{message_identifier:08x}\'' values = list(self._database_file.GetValues( [table_name], column_names, condition)) -@@ -290,7 +290,7 @@ class WinevtResourcesSqlite3DatabaseReader(object): +@@ -292,7 +292,7 @@ class WinevtResourcesSqlite3DatabaseReader: return None column_names = ['value'] - condition = f'name == "{attribute_name:s}"' + condition = f'name == \'{attribute_name:s}\'' values = list(self._database_file.GetValues( [table_name], column_names, condition)) -@@ -485,7 +485,7 @@ class WinevtResourcesHelper(object): +@@ -784,7 +784,7 @@ class WinevtResourcesHelper: 'windows_wevt_template_event'): # TODO: add message_file_identifiers to filter_expression filter_expression = ( - f'provider_identifier == "{provider_identifier:s}" and ' + f'provider_identifier == \'{provider_identifier:s}\' and ' f'identifier == {message_identifier:d}') if event_version is not None: filter_expression = ( diff --git a/security/py-plaso/files/patch-plaso_parsers_sqlite.py b/security/py-plaso/files/patch-plaso_parsers_sqlite.py index 617764ff23a8..4521ed837644 100644 --- a/security/py-plaso/files/patch-plaso_parsers_sqlite.py +++ b/security/py-plaso/files/patch-plaso_parsers_sqlite.py @@ -1,13 +1,13 @@ ---- plaso/parsers/sqlite.py.orig 2024-06-08 09:38:22 UTC +--- plaso/parsers/sqlite.py.orig 2026-05-12 13:50:02 UTC +++ plaso/parsers/sqlite.py -@@ -118,8 +118,8 @@ class SQLiteDatabase(object): +@@ -117,8 +117,8 @@ class SQLiteDatabase: SCHEMA_QUERY = ( 'SELECT tbl_name, sql ' 'FROM sqlite_master ' - 'WHERE type = "table" AND tbl_name != "xp_proc" ' - 'AND tbl_name != "sqlite_sequence"') + 'WHERE type = \'table\' AND tbl_name != \'xp_proc\' ' + 'AND tbl_name != \'sqlite_sequence\'') def __init__(self, filename, temporary_directory=None): """Initializes a SQLite database. diff --git a/security/py-plaso/files/patch-plaso_parsers_sqlite__plugins_imessage.py b/security/py-plaso/files/patch-plaso_parsers_sqlite__plugins_imessage.py index 7e11a5b021d3..5fce3592abdf 100644 --- a/security/py-plaso/files/patch-plaso_parsers_sqlite__plugins_imessage.py +++ b/security/py-plaso/files/patch-plaso_parsers_sqlite__plugins_imessage.py @@ -1,11 +1,11 @@ ---- plaso/parsers/sqlite_plugins/imessage.py.orig 2024-06-08 09:38:22 UTC +--- plaso/parsers/sqlite_plugins/imessage.py.orig 2026-05-12 13:50:02 UTC +++ plaso/parsers/sqlite_plugins/imessage.py -@@ -81,7 +81,7 @@ class IMessagePlugin(interface.SQLitePlugin): +@@ -80,7 +80,7 @@ class IMessagePlugin(interface.SQLitePlugin): _CLIENT_VERSION_QUERY = ( 'SELECT key, value FROM _SqliteDatabaseProperties ' - 'WHERE key = "_ClientVersion"') + 'WHERE key = \'_ClientVersion\'') def _GetClientVersion(self, cache, database): """Retrieves the client version. diff --git a/security/py-plaso/files/patch-plaso_parsers_sqlite__plugins_windows__timeline.py b/security/py-plaso/files/patch-plaso_parsers_sqlite__plugins_windows__timeline.py index 19263bebcf9b..d76fd7e594eb 100644 --- a/security/py-plaso/files/patch-plaso_parsers_sqlite__plugins_windows__timeline.py +++ b/security/py-plaso/files/patch-plaso_parsers_sqlite__plugins_windows__timeline.py @@ -1,16 +1,16 @@ ---- plaso/parsers/sqlite_plugins/windows_timeline.py.orig 2024-06-08 09:38:22 UTC +--- plaso/parsers/sqlite_plugins/windows_timeline.py.orig 2026-05-12 13:50:02 UTC +++ plaso/parsers/sqlite_plugins/windows_timeline.py -@@ -89,10 +89,10 @@ class WindowsTimelinePlugin(interface.SQLitePlugin): +@@ -86,10 +86,10 @@ class WindowsTimelinePlugin(interface.SQLitePlugin): QUERIES = [ (('SELECT StartTime, Payload, PackageName FROM Activity ' 'INNER JOIN Activity_PackageId ON Activity.Id = ' - 'Activity_PackageId.ActivityId WHERE instr(Payload, "UserEngaged") > 0' - ' AND Platform = "packageid"'), 'ParseUserEngagedRow'), + 'Activity_PackageId.ActivityId WHERE instr(Payload, \'UserEngaged\') > 0' + ' AND Platform = \'packageid\''), 'ParseUserEngagedRow'), (('SELECT StartTime, Payload, AppId FROM Activity ' - 'WHERE instr(Payload, "UserEngaged") = 0'), 'ParseGenericRow')] + 'WHERE instr(Payload, \'UserEngaged\') = 0'), 'ParseGenericRow')] SCHEMAS = [{ 'Activity': ( diff --git a/security/py-plaso/files/patch-pyproject.toml b/security/py-plaso/files/patch-pyproject.toml new file mode 100644 index 000000000000..79c85e5be86d --- /dev/null +++ b/security/py-plaso/files/patch-pyproject.toml @@ -0,0 +1,12 @@ +--- pyproject.toml.orig 2026-05-12 13:50:02 UTC ++++ pyproject.toml +@@ -9,8 +9,7 @@ maintainers = [ + maintainers = [ + { name = "Log2Timeline maintainers", email = "log2timeline-maintainers@googlegroups.com" }, + ] +-license = "Apache-2.0" +-license-files = ["ACKNOWLEDGEMENTS", "AUTHORS", "LICENSE"] ++license = {text = "Apache-2.0"} + readme = "README.md" + classifiers = [ + "Development Status :: 4 - Beta", diff --git a/security/py-plaso/files/patch-tests_storage_sqlite_sqlite__file.py b/security/py-plaso/files/patch-tests_storage_sqlite_sqlite__file.py index 96cf800956fc..eaa94dbb120f 100644 --- a/security/py-plaso/files/patch-tests_storage_sqlite_sqlite__file.py +++ b/security/py-plaso/files/patch-tests_storage_sqlite_sqlite__file.py @@ -1,18 +1,18 @@ ---- tests/storage/sqlite/sqlite_file.py.orig 2024-06-08 09:38:23 UTC +--- tests/storage/sqlite/sqlite_file.py.orig 2026-05-12 13:50:03 UTC +++ tests/storage/sqlite/sqlite_file.py -@@ -136,13 +136,13 @@ class SQLiteStorageFileTest(test_lib.StorageTestCase): +@@ -134,13 +134,13 @@ class SQLiteStorageFileTest(test_lib.StorageTestCase): event_data_stream.CONTAINER_TYPE, column_names=column_names)) self.assertEqual(len(containers), 1) - filter_expression = 'md5_hash == "8f0bf95a7959baad9666b21a7feed79d"' + filter_expression = 'md5_hash == \'8f0bf95a7959baad9666b21a7feed79d\'' containers = list(test_store._GetAttributeContainersWithFilter( event_data_stream.CONTAINER_TYPE, column_names=column_names, filter_expression=filter_expression)) self.assertEqual(len(containers), 1) - filter_expression = 'md5_hash != "8f0bf95a7959baad9666b21a7feed79d"' + filter_expression = 'md5_hash != \'8f0bf95a7959baad9666b21a7feed79d\'' containers = list(test_store._GetAttributeContainersWithFilter( event_data_stream.CONTAINER_TYPE, column_names=column_names, filter_expression=filter_expression))