-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
filemap: define PROC_SUPER_MAGIC, avoid linux/magic.h #2103
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
plusvic
reviewed
Sep 5, 2024
libyara/filemap.c
Outdated
@@ -159,7 +159,7 @@ YR_API int yr_filemap_map_fd( | |||
|
|||
#ifdef __linux__ | |||
#include <sys/vfs.h> | |||
#include <linux/magic.h> | |||
#define PROC_SUPER_MAGIC 0x9fa0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add a comment here pointing to the github issue? I wasn't to make sure that in the future we known where this constant came from.
PR VirusTotal#1848 caused build issues with some "unusual" build configurations – apparently we can't rely on linux/magic.h being present when cross-building for musl libc. Defining PROC_SUPER_MAGIC should not cause a problems since it should be considered part of the Linux kernel/user API and it is unlikely to change.
plusvic
approved these changes
Sep 5, 2024
DavidTurland
pushed a commit
to DavidTurland/yara
that referenced
this pull request
Sep 9, 2024
PR VirusTotal#1848 caused build issues with some "unusual" build configurations – apparently we can't rely on linux/magic.h being present when cross-building for musl libc. Defining PROC_SUPER_MAGIC should not cause a problems since it should be considered part of the Linux kernel/user API and it is unlikely to change.
DavidTurland
added a commit
to DavidTurland/yara
that referenced
this pull request
Sep 9, 2024
* Fix crash while parsing PE Rich header File e77b007c9a964411c5e33afeec18be32c86963b78f3c3e906b28fcf1382f46c3 has a Rich header of only 8 bytes, which is smaller than the RICH_SIGNATURE structure. This was causing a crash when some of the `rich_xxx` functions were used with this file. * Fix warning `_rich_version` in PE module should return an `int64_t` instead of `uint64_t`. * Use YR_MAX_PATH instead of MAX_PATH (VirusTotal#2090) Replace all instances of `MAX_PATH` with `YR_MAX_PATH`. * Adding Veeam (VirusTotal#2083) Adding Veeam to list of companies that use YARA. * Add Cado to who is using Yara (VirusTotal#2086) * Mitigate stack overflow when scanning very deep directory trees. Closes VirusTotal#2088. * Remove all references to ERROR_TOO_MANY_SCAN_THREADS This error code is not used anymore. Closes VirusTotal#2068. * Use latest MacOS in build workflow. * Use MacOS 13 in build workflow. For some reason in MacOS 14 the build fails because the `configure` script is unable to find the Jansson library, even thought it is correctly installed by `brew`. * docs: minor updates to xor (VirusTotal#2098) * use new module macros in docs (VirusTotal#2100) Co-authored-by: Tad Keller <logisch@pm.me> * filemap: define PROC_SUPER_MAGIC, avoid linux/magic.h (VirusTotal#2103) PR VirusTotal#1848 caused build issues with some "unusual" build configurations – apparently we can't rely on linux/magic.h being present when cross-building for musl libc. Defining PROC_SUPER_MAGIC should not cause a problems since it should be considered part of the Linux kernel/user API and it is unlikely to change. --------- Co-authored-by: Victor M. Alvarez <vmalvarez@virustotal.com> Co-authored-by: Chris Arceneaux <carcenea@gmail.com> Co-authored-by: chrisdoman <chris.doman@cantab.net> Co-authored-by: Wes <5124946+wesinator@users.noreply.github.com> Co-authored-by: Tad Keller <43346260+GLMONTER@users.noreply.github.com> Co-authored-by: Tad Keller <logisch@pm.me> Co-authored-by: Hilko Bengen <bengen@hilluzination.de>
DavidTurland
added a commit
to DavidTurland/yara
that referenced
this pull request
Sep 9, 2024
* Fix crash while parsing PE Rich header File e77b007c9a964411c5e33afeec18be32c86963b78f3c3e906b28fcf1382f46c3 has a Rich header of only 8 bytes, which is smaller than the RICH_SIGNATURE structure. This was causing a crash when some of the `rich_xxx` functions were used with this file. * Fix warning `_rich_version` in PE module should return an `int64_t` instead of `uint64_t`. * Use YR_MAX_PATH instead of MAX_PATH (VirusTotal#2090) Replace all instances of `MAX_PATH` with `YR_MAX_PATH`. * Adding Veeam (VirusTotal#2083) Adding Veeam to list of companies that use YARA. * Add Cado to who is using Yara (VirusTotal#2086) * Mitigate stack overflow when scanning very deep directory trees. Closes VirusTotal#2088. * Remove all references to ERROR_TOO_MANY_SCAN_THREADS This error code is not used anymore. Closes VirusTotal#2068. * Use latest MacOS in build workflow. * Use MacOS 13 in build workflow. For some reason in MacOS 14 the build fails because the `configure` script is unable to find the Jansson library, even thought it is correctly installed by `brew`. * docs: minor updates to xor (VirusTotal#2098) * use new module macros in docs (VirusTotal#2100) Co-authored-by: Tad Keller <logisch@pm.me> * filemap: define PROC_SUPER_MAGIC, avoid linux/magic.h (VirusTotal#2103) PR VirusTotal#1848 caused build issues with some "unusual" build configurations – apparently we can't rely on linux/magic.h being present when cross-building for musl libc. Defining PROC_SUPER_MAGIC should not cause a problems since it should be considered part of the Linux kernel/user API and it is unlikely to change. --------- Co-authored-by: Victor M. Alvarez <vmalvarez@virustotal.com> Co-authored-by: Chris Arceneaux <carcenea@gmail.com> Co-authored-by: chrisdoman <chris.doman@cantab.net> Co-authored-by: Wes <5124946+wesinator@users.noreply.github.com> Co-authored-by: Tad Keller <43346260+GLMONTER@users.noreply.github.com> Co-authored-by: Tad Keller <logisch@pm.me> Co-authored-by: Hilko Bengen <bengen@hilluzination.de>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR #1848 caused build issues with some "unusual" build configurations – apparently we can't rely on linux/magic.h being present when cross-building for musl libc.
Defining PROC_SUPER_MAGIC should not cause a problems since it should be considered part of the Linux kernel/user API and it is unlikely to change.