mirror/aur
1
0
Fork 0
mirror of https://github.com/archlinux/aur.git synced 2026-02-07 12:41:55 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

initial commit

Browse source
This commit is contained in:
Luis Martinez 2021-09-17 16:45:52 -05:00
commit 922b7beab1
No known key found for this signature in database
GPG key ID: B48AD8FC0F860CE1
3 changed files with 406 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.SRCINFO Normal file
View file

@ -0,0 +1,15 @@
pkgbase = evtx
pkgdesc = Cross-platform parser for Windows XML EventLog Format
pkgver = 0.7.2
pkgrel = 1
url = https://github.com/omerbenamram/evtx
changelog = CHANGELOG.md
arch = x86_64
license = MIT
license = Apache
makedepends = cargo
depends = glibc
source = evtx-0.7.2.tar.gz::https://github.com/omerbenamram/evtx/archive/v0.7.2.tar.gz
sha256sums = 31967e3b175a7e0ad4a5d786418066bde66d5ddd4d48626312f59f5081c61ca6
pkgname = evtx

349
CHANGELOG.md Normal file
View file

@ -0,0 +1,349 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [0.7.1 - 2021-03-26]
### Changed
- `fast-alloc` is no longer on by default, to support static MUSL builds for `evtx-dump`
to enable it, build with `--features fast-alloc`.
- static binaries are now published for linux! take `evtx-dump` with you everywhere :)
- CI was migrated to github actions from azure pipelines.
## [0.6.9 - 2021-01-30]
### Fixed
- Fixed some imports which mistakingly imported serde internals.
## [0.6.8 - 2020-10-01]
### Fixed
- Allow for arbitrarily large EVTX files to parse correctly. (#128)
## [0.6.7 - 2020-08-28]
### Added
- calculated_chunk_count field to EvtxParser
- impl Debug for EvtxParser
### Changed
- Use calculated chunk count rather than header chunk count to continue parsing past
4294901760 bytes of chunk data.
- Moved function/error chunk indexes to u64 instead of u16 to allow for chunk indexes larger than u16 MAX
## [0.6.6 - 2020-01-22]
### Fixed
Another tiny fix where the parser might loop for very specific samples - @codekoala thanks for the patch!
## [0.6.5 - 2020-01-14]
10% Speedup by using LTO on release.
### Changed
- Enabled link-time-optimizations.
## [0.6.4 - 2020-01-14]
This release should make `evtx_dump` 3 times faster on windows machines!
Also - about 25% faster on linux machines.
*NOTE*: this does not affect library code using `evtx`, only the binary target `evtx_dump`.
If you are using `evtx` as a library, you might benefit significantly from adapting a custom allocator!
### Changed
- Added `jemalloc`/`rpmalloc`(windows) to take advantage of smarter allocation management.
- Use buffered writing on `evtx_dump`.
- Better utilization of cached strings.
## [0.6.3 - 2020-01-11]
This version should be 10-15% faster!
### Fixed
- When using separate json attributes, if the element's value is empty, remove the empty mapping. #71
## [0.6.2 - 2019-12-17]
### Fixed
- An edge case where huge files could cause the parser to get stuck.
## [0.6.1 - 2019-12-05]
### Fixed
- A regression with `--seperate-json-attributes`
caused by improvements in 0.6.0 to JSON parsing for non-standard xml documents.
## [0.6.0 - 2019-11-26]
### Added
- Support for `EntityRef` nodes.
### Changed
- Error reporting should be better with this version.
### Fixed
- A bug where parser was accepting NUL bytes as strings.
- Fixed a bug where UTF-16 strings would yield more bytes after UTF-8 conversion and would be rejected.
- Support an edge case when some data might be missing from `OpenStartElement` node.
- A bug where XML records having multiple nodes with the same name will be incorrectly converted to JSON, ex.
```
<HTTPResponseHeadersInfo>
<Header>HTTP/1.1 200 OK</Header>
<Header>Connection: keep-alive</Header>
<Header>Date: Thu, 18 May 2017 11:37:58 GMT</Header>
<Header>Content-Length: 813</Header>
<Header>Content-Type: application/pkix-crl</Header>
<Header>Last-Modified: Tue, 02 May 2017 22:24:24 GMT</Header>
<Header>ETag: 0x8D491A9FD112A27</Header>
<Header>Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0</Header>
<Header>x-ms-request-id: 477c132d-0001-0045-443b-c49ae1000000</Header>
<Header>x-ms-version: 2009-09-19</Header>
<Header>x-ms-lease-status: unlocked</Header>
<Header>x-ms-blob-type: BlockBlob</Header>
</HTTPResponseHeadersInfo>
```
Will now be converted to:
```json
{
"HTTPResponseHeadersInfo": {
"Header": "x-ms-blob-type: BlockBlob",
"Header_1": "HTTP/1.1 200 OK",
"Header_10": "x-ms-version: 2009-09-19",
"Header_11": "x-ms-lease-status: unlocked",
"Header_2": "Connection: keep-alive",
"Header_3": "Date: Thu, 18 May 2017 11:37:58 GMT",
"Header_4": "Content-Length: 813",
"Header_5": "Content-Type: application/pkix-crl",
"Header_6": "Last-Modified: Tue, 02 May 2017 22:24:24 GMT",
"Header_7": "ETag: 0x8D491A9FD112A27",
"Header_8": "Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"Header_9": "x-ms-request-id: 477c132d-0001-0045-443b-c49ae1000000"
}
}
```
## [0.5.1 - 2019-10-30]
### Fixed
- A bug which causes a panic (bounds check) on some corrupted records.
## [0.5.0 - 2019-10-07]
### Added
- `EvtxParser::records_json_value()` to allow working with records with a `serde_json::Value`. See `test_into_json_value_records` for an example.
- `EvtxRecord::into_output`, allowing serializing a record using a user-defined `BinXmlOutput` type.
### Changed
- `SerializedEvtxRecord` is now generic over it's `data`, allowing a simplified `BinXmlOutput` trait.
## [0.4.2 - 2019-09-05]
### Added
- `--separate_json_attributes` to allow producing a flat JSON structure.
### Changed
- updated deps.
## [0.4.0 - 2019-06-01]
File output is now supported by `evtx_dump`
### Added
- `--output` to allow writing to files, `--no-confirm-overwrite` to allow binary to overwrite existing files.
### Changed
- Logs are now printed to stderr instead of stdout
- Failure exit code is now `1` instead of `-1`
- Some of the structs used in parsing evtx have been moved to [`winstructs`](https://github.com/omerbenamram/winstructs)
## [0.3.3] - 2019-05-23
### Fixed
- A sneaky dbg! print found it's way into the release, added `#![deny(clippy:dbg_macro)]` to ensure this won't happen again.
## [0.3.2] - 2019-05-20
### Changed
- `EvtxParser::from_read_seek` is now public.
- updated deps.
## [0.3.1] - 2019-05-19
Implemented Ansi codecs!
### Added
- `--ansi-codec` to control the codec that will be used to decode ansi encoded strings inside the document.
### Fixed
- Parser will now print nicer messages when passed non-evtx files.
## [0.3.0] - 2019-05-14
This is a minor release due to the removal of `failure`.
### Added
- `--backtraces` to control backtraces in errors
- `-v, -vv, -vv` to control trace output in `evtx_dump`.
### Changed
- All errors in the crate are all of a uniform `evtx::err::Error` type.
Errors are implemented with `snafu`, and are std compatible.
In addition, errors now all contain backtraces.
### Fixed
- Parser will now correctly parse files which refer to binxml fragments as sized values. (#33)
## [0.2.6] - 2019-05-09
### Fixed
- Parser is less strict with samples that contain multiple EOF markers (inside nested XML fragments)
## [0.2.5] - 2019-05-03
This version is the first .2 version to have python support!
### Added
- `IntoIterChunks` for owned iteration over the chunks.
## [0.2.4] - 2019-05-01
### Added
- `--no-indent` flag for xml and json
- `--dont-show-record-number` to avoid printing records number.
- `-o jsonl` for JSON lines output (same as `-o json --no-indent --dont-show-record-number`).
### Fixed
- Parser is less strict in dirty samples which contain
some amount of corrupted binxml data, and will try to recover the record.
- Don't unwrap on empty binxmlname elements.
## [0.2.2] - 2019-04-29
### Added
- Performance improvements. Parser should be ~15% faster (thanks @ohadravid)
- `--validate-checksums` flag to optionally be strict about checksum checks for chunk headers.
### Fixed
- Fixed missing data when parsing `StringArray` nodes. (thanks @ohadravid)
- Samples containing empty chunks (thanks @ohadravid)
## [0.2.1] - 2019-04-21
### Changed
- More API is now public, for use by library authors who want access to lower level primitives and types.
## [0.2.0] - 2019-04-20
This release contains some minor breaking changes to the API.
### Added
- Added JSON output support!
JSON support is powered by serde and is zero-copy!
This means there isn't much performance difference between the XML output and the JSON output.
- The deserializer is now lazy (thanks @ohadravid !).
This will allow to perform some filtering on records based on their metadata before serializing them to save time.
### Changed
- Changed parallel iteration to rely only on `ParserSettings`, so `.parallel_records` has been removed.
- `EvtxParser` now needs to be mutable when deserializing records.
- When outputting target as XML, inner xml strings will be escaped, when using JSON, they will not be escaped.
### Fixed
- Parser will now coerce values of booleans which are not zero or one to true.
## [0.1.9] - 2019-04-19
### Added
- Now supporting `SystemTime`, floating types, and all numerical array types.
### Fixed
- strip nuls from ascii strings as well.
### Changed
- Now using `quick-xml`, which microbenchmarks show that is about 15-20% faster than `xml-rs`.
## [0.1.8] - 2019-04-18
### Fixed
- Removed trailing nul terminators from all strings.
### Changed
- Changed hex formatting padding.
- Changed binary output formatting to hexdump.
## [0.1.7] - 2019-04-18
### Fixed
- Range error when reading last chunk (#2)
### Changed
- Parser will now try to read more records even when surpassing the declared chunk number.
## [0.1.6] - 2019-04-13
### Fixed
- Fixed missing xml close tag (#1)
### Changed
- Removed `.unwrap()` from xml parsing code.
## [0.1.5] - 2019-04-02
### Added
- renamed associated binary to `evtx_dump`
### Fixed
- changed `assert_eq` to `debug_assert_eq`, to ensure the library won't crash in FFI.
## [0.1.4] - 2019-04-01
### Fixed
- A regression introduced from [#6](https://github.com/omerbenamram/evtx/pull/6) for files with a single chunk.
## [0.1.3] - 2019-04-01
### Changed
- Removed some uses on `.unwrap()` inside the records iterator, to communicate errors better.
### Fixed
- A bug with files that have only a single chunk failing at the end.
## [0.1.2] - 2019-03-31
### Added
- Multithreading support via rayon
### Changed
- Removed unsafe memory mapping code, use generics instead.
### Fixed
## [0.1.1] - 2019-03-30
### Added
### Changed
- Fixed a bug with chunk iteration
### Fixed
- Fixed a bug with chunk iteration
## [0.1.0] - 2019-03-30
Initial Release

42
PKGBUILD Normal file
View file

@ -0,0 +1,42 @@
# Maintainer: Luis Martinez <luis dot martinez at disroot dot org>
pkgname=evtx
pkgver=0.7.2
pkgrel=1
pkgdesc="Cross-platform parser for Windows XML EventLog Format"
arch=('x86_64')
url="https://github.com/omerbenamram/evtx"
license=('MIT' 'Apache')
depends=('glibc')
makedepends=('cargo')
changelog=CHANGELOG.md
source=("$pkgname-$pkgver.tar.gz::$url/archive/v$pkgver.tar.gz")
sha256sums=('31967e3b175a7e0ad4a5d786418066bde66d5ddd4d48626312f59f5081c61ca6')
prepare() {
cd "$pkgname-$pkgver"
cargo fetch --locked --target "$CARCH-unknown-linux-gnu"
}
build() {
export RUSTUP_TOOLCHAIN=stable
export CARGO_TARGET_DIR=target
cd "$pkgname-$pkgver"
## must be --locked because not all dependencies are downloaded at this point
cargo build --locked --release --all-features
}
check() {
export RUSTUP_TOOLCHAIN=stable
cd "$pkgname-$pkgver"
cargo test --frozen --all-features
}
package() {
cd "$pkgname-$pkgver"
install -Dm 644 target/release/evtx_dump -t "$pkgdir/usr/bin/"
install -Dm 644 LICENSE-{APACHE,MIT} -t "$pkgdir/usr/share/licenses/$pkgname/"
install -Dm 644 README.md -t "$pkgdir/usr/share/doc/$pkgname/"
}