Add support for YARA 4

Gbp-Pq: Name 0019-Add-support-for-YARA-4.patch

diff --git a/appliance/packagelist.in b/appliance/packagelist.in
index 641a06d828ca86e1ff818a215e3e2e474b790fe6..25e3f80e39b31fcf7096d44584fc29332aba5a98 100644 (file)
--- a/appliance/packagelist.in
+++ b/appliance/packagelist.in
@@ -90,6 +90,7 @@ dnl iproute has been renamed to iproute2
   libsystemd-id128-0
   libsystemd-journal0
   libtirpc1
+  libyara4
   libyara3
   linux-image
   dnl syslinux 'suggests' mtools, but in reality it's a hard dependency:
@@ -159,6 +160,7 @@ ifelse(SUSE,1,
   libjansson4
   libselinux1
   libtirpc3
+  libyara4
   libyara3
   mkisofs
   ntfsprogs

diff --git a/daemon/yara.c b/daemon/yara.c
index 9e7bc94149578605e5ce15128daa639bd1055b55..d90d4714e4a5741f00854f88f1c50fd4298d5bd2 100644 (file)
--- a/daemon/yara.c
+++ b/daemon/yara.c
@@ -58,7 +58,11 @@ static bool initialized = false;
 static int compile_rules_file (const char *);
 static void compile_error_callback (int, const char *, int, const char *, void *);
 static void cleanup_destroy_yara_compiler (void *ptr);
-static int yara_rules_callback (int , void *, void *);
+#if YARA_MAJOR_VERSION==3
+static int yara_rules_callback (int, void *, void *);
+#else if YARA_MAJOR_VERSION==4
+static int yara_rules_callback (YR_SCAN_CONTEXT*, int, void *, void *);
+#endif
 static int send_detection_info (const char *, YR_RULE *);
 
 /* Has one FileIn parameter.
@@ -221,8 +225,13 @@ compile_error_callback (int level, const char *name, int line,
 /* Yara scan callback, called by yr_rules_scan_file.
  * Return 0 on success, -1 on error.
  */
+#if YARA_MAJOR_VERSION==3
 static int
 yara_rules_callback (int code, void *message, void *data)
+#else if YARA_MAJOR_VERSION==4
+static int
+yara_rules_callback (YR_SCAN_CONTEXT *context, int code, void *message, void *data)
+#endif
 {
   int ret = 0;