Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

filemap: define PROC_SUPER_MAGIC, avoid linux/magic.h #2103

Merged
merged 1 commit into from
Sep 5, 2024

Conversation

hillu
Copy link
Contributor

@hillu hillu commented Sep 5, 2024

PR #1848 caused build issues with some "unusual" build configurations – apparently we can't rely on linux/magic.h being present when cross-building for musl libc.

Defining PROC_SUPER_MAGIC should not cause a problems since it should be considered part of the Linux kernel/user API and it is unlikely to change.

@@ -159,7 +159,7 @@ YR_API int yr_filemap_map_fd(

#ifdef __linux__
#include <sys/vfs.h>
#include <linux/magic.h>
#define PROC_SUPER_MAGIC 0x9fa0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a comment here pointing to the github issue? I wasn't to make sure that in the future we known where this constant came from.

PR VirusTotal#1848 caused build issues with some "unusual" build configurations
– apparently we can't rely on linux/magic.h being present when
cross-building for musl libc.

Defining PROC_SUPER_MAGIC should not cause a problems since it should
be considered part of the Linux kernel/user API and it is unlikely to
change.
@plusvic plusvic merged commit 5194025 into VirusTotal:master Sep 5, 2024
10 checks passed
DavidTurland pushed a commit to DavidTurland/yara that referenced this pull request Sep 9, 2024
PR VirusTotal#1848 caused build issues with some "unusual" build configurations
– apparently we can't rely on linux/magic.h being present when
cross-building for musl libc.

Defining PROC_SUPER_MAGIC should not cause a problems since it should
be considered part of the Linux kernel/user API and it is unlikely to
change.
DavidTurland added a commit to DavidTurland/yara that referenced this pull request Sep 9, 2024
* Fix crash while parsing PE Rich header

File e77b007c9a964411c5e33afeec18be32c86963b78f3c3e906b28fcf1382f46c3 has a Rich header of only 8 bytes, which is smaller than the RICH_SIGNATURE structure. This was causing a crash when some of the `rich_xxx` functions were used with this file.

* Fix warning

`_rich_version` in PE module should return an `int64_t` instead of `uint64_t`.

* Use YR_MAX_PATH instead of MAX_PATH (VirusTotal#2090)

Replace all instances of `MAX_PATH` with `YR_MAX_PATH`.

* Adding Veeam (VirusTotal#2083)

Adding Veeam to list of companies that use YARA.

* Add Cado to who is using Yara (VirusTotal#2086)

* Mitigate stack overflow when scanning very deep directory trees.

Closes VirusTotal#2088.

* Remove all references to ERROR_TOO_MANY_SCAN_THREADS

This error code is not used anymore. Closes VirusTotal#2068.

* Use latest MacOS in build workflow.

* Use MacOS 13 in build workflow.

For some reason in MacOS 14 the build fails because the `configure` script is unable to find the Jansson library, even thought it is correctly installed by `brew`.

* docs: minor updates to xor (VirusTotal#2098)

* use new module macros in docs (VirusTotal#2100)

Co-authored-by: Tad Keller <logisch@pm.me>

* filemap: define PROC_SUPER_MAGIC, avoid linux/magic.h (VirusTotal#2103)

PR VirusTotal#1848 caused build issues with some "unusual" build configurations
– apparently we can't rely on linux/magic.h being present when
cross-building for musl libc.

Defining PROC_SUPER_MAGIC should not cause a problems since it should
be considered part of the Linux kernel/user API and it is unlikely to
change.

---------

Co-authored-by: Victor M. Alvarez <vmalvarez@virustotal.com>
Co-authored-by: Chris Arceneaux <carcenea@gmail.com>
Co-authored-by: chrisdoman <chris.doman@cantab.net>
Co-authored-by: Wes <5124946+wesinator@users.noreply.github.com>
Co-authored-by: Tad Keller <43346260+GLMONTER@users.noreply.github.com>
Co-authored-by: Tad Keller <logisch@pm.me>
Co-authored-by: Hilko Bengen <bengen@hilluzination.de>
DavidTurland added a commit to DavidTurland/yara that referenced this pull request Sep 9, 2024
* Fix crash while parsing PE Rich header

File e77b007c9a964411c5e33afeec18be32c86963b78f3c3e906b28fcf1382f46c3 has a Rich header of only 8 bytes, which is smaller than the RICH_SIGNATURE structure. This was causing a crash when some of the `rich_xxx` functions were used with this file.

* Fix warning

`_rich_version` in PE module should return an `int64_t` instead of `uint64_t`.

* Use YR_MAX_PATH instead of MAX_PATH (VirusTotal#2090)

Replace all instances of `MAX_PATH` with `YR_MAX_PATH`.

* Adding Veeam (VirusTotal#2083)

Adding Veeam to list of companies that use YARA.

* Add Cado to who is using Yara (VirusTotal#2086)

* Mitigate stack overflow when scanning very deep directory trees.

Closes VirusTotal#2088.

* Remove all references to ERROR_TOO_MANY_SCAN_THREADS

This error code is not used anymore. Closes VirusTotal#2068.

* Use latest MacOS in build workflow.

* Use MacOS 13 in build workflow.

For some reason in MacOS 14 the build fails because the `configure` script is unable to find the Jansson library, even thought it is correctly installed by `brew`.

* docs: minor updates to xor (VirusTotal#2098)

* use new module macros in docs (VirusTotal#2100)

Co-authored-by: Tad Keller <logisch@pm.me>

* filemap: define PROC_SUPER_MAGIC, avoid linux/magic.h (VirusTotal#2103)

PR VirusTotal#1848 caused build issues with some "unusual" build configurations
– apparently we can't rely on linux/magic.h being present when
cross-building for musl libc.

Defining PROC_SUPER_MAGIC should not cause a problems since it should
be considered part of the Linux kernel/user API and it is unlikely to
change.

---------

Co-authored-by: Victor M. Alvarez <vmalvarez@virustotal.com>
Co-authored-by: Chris Arceneaux <carcenea@gmail.com>
Co-authored-by: chrisdoman <chris.doman@cantab.net>
Co-authored-by: Wes <5124946+wesinator@users.noreply.github.com>
Co-authored-by: Tad Keller <43346260+GLMONTER@users.noreply.github.com>
Co-authored-by: Tad Keller <logisch@pm.me>
Co-authored-by: Hilko Bengen <bengen@hilluzination.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants