-remove BuildRequires: %{python_module pbr} -- no longer needed
-remove BuildRequires: %{python_module devel} -- no longer needed
-add %if logic to allow PyYAML to install on 15.4 and tumbleweed
- update to version 20220428
* The 20220428 release did not come with release note. The previous 5 are at:
* https://osdfir.blogspot.com/2021/02/plaso-20210213-released.html
* https://osdfir.blogspot.com/2021/04/plaso-20210412-released.html
* https://osdfir.blogspot.com/2021/06/plaso-20210606-released.html
* https://osdfir.blogspot.com/2021/10/plaso-20211024-released.html
* https://osdfir.blogspot.com/2021/10/plaso-20211024-released.html
* Key notes from the above
* Beggining migration from elasticsearch to opensearch
* Initial support to directly read from Mac OS disk images (.dmg, .sparseimage, .sparsebundle) (#3540).
- added requires python-defusedxml
- remove references to non-existing folders from for loop that preps the source code folder.
- add %define pythons python39 - python39 also works for opensuse 15.4
-- Trying to bulid python38, python39, python310 is failing for unknown reasons
- update to version 20201007
* The Elasticsearch output module now includes default type mappings thanks to @william-billaud.
This avoids fields containing both numbers and text being misinterpreted by Elasticsearch.
* A new parser containing initial support for Spotlight store database (store.db) files.
* libfsext/pytfsext has been added as an experimental feature to overcome shortcomings in the pytsk ext implementation. Use the `--vfs-back-end=fsext` option to use libfsext instead of SleuthKit.
* Log2timeline will now not attempt to extract events from MacOS sleep and swap files.
- from version 20200630
* new unattended mode
* The linear status view now shows more information about the overall processing status
* Time zone handling was overhauled. There are now two separate timezone-related options:
`--timezone` indicates the time zone of the source data, and will be used when Plaso can’t determine the appropriate time zone automatically.
`--output_time_zone` specifies a time zone to use when outputting events. This is currently only supported by the ‘dynamic’ and ‘l2tcsv’ output modules.
* There are some new additions to the Windows and Linux tag files, courtesy of pyllyukko@
* It’s now possible to specify an elasticsearch password on the command line thanks to new contributor william-billaud@. Note that this password will be visible to anyone who is able to list running processes, so be careful about using this on any shared system.
* New parsers / supported data formats:
Apple's Transparency, Consent, and Control (TCC) SQlite database.
Google Log (glog) files.
- update to version 20200227
* Changes to handle multi string Windows computer name value #2819 (#2820)
* Removed 4n6time output modules #2809 (#2810)
* Changes Elasticsearch output module to support version 7 (#2830)
* Various small updates to file processors
- add reguires python-libluksde
- convert to new python singlespec syntax
- ran spec-cleaner
- add python3 support and drop python 2 builds
- update to version 20200121
* first openSUSE update in 2 years
* see release announcements: http://blog.kiddaland.net
* removal of Python 2.7 and 3.4 support
* Migration to Cryptography.io, as pycrypto appears to be unmaintained
- version 20191203
* image_export now supports json output
- version 20190531
* added new event and path filtering
- version 20181219
* added APFS support
- version 20180930
* added python 3 support
* migrated binary file processing to drfabrick
- update to 20171231
* includes the new psteal supervisor program. All users should consider using psteal
* upstream had changed to using dates for release numbers
* events are now represented via the new dfDateTime library
* preparing for a switch to a SQL backend
* significant effort has been spent on automated testing
* For addition release notes:
See http://blog.kiddaland.net/2017/10/drink-joyful-good-mead-plaso-20170925.html
- There is no storage compatibility with databases created with older releases
- prepare for python2/python3 support
- In Requires: lines for libyal python bindings, use the python-lib* variant of the package
Python singlespec automatically converts that to python2 / python3 as appropriate
- Rename dependency OleFileIO_PL to python-olefile
- Update Dependency on python-PyYAML: this package had been renamed
a long time ago to follow the naming convention. The compat
symbol 'python-yaml' was lost with the migration to singlespec.
- update to v1.5.1
* add support for Sleuthkit 4.4.0
* Requires recent python-tsk
- fix a major bug where the front-end files were being removed.
* Apparently there was old plaso install bug that installed 2 copies
- change python-construct require to only accept v2.5.2. Testing showed 2.5.5 was incompatible.
- require python-efilter >= 1.1.5 to fix a bug found in testing
- update to v1.5.0 (Gna)
* See release announcement for details:
- http://blog.kiddaland.net/2016/09/what-flies-there-what-fares-there-or.html
- DC3 - The DoD Computer Foresics Lap made significant contributions to plaso 1.5
- Add Requires: pyscca, pyfvde, python-dfwinreg, python-efilter, python-yara
- Update Source: tag to the new location
- Change capitalization of xlsxwriter to XlsxWriter
- Add GITHUB_version tag to allow pre-release testing
- remove python-psutil < 3.0 restriction
- update to v1.4.0
* See release announcement for details:
- http://blog.kiddaland.net/2016/01/sprinkling-morning-dew-and-summer.html
* New features
- Parsers for $MFT and the NTFS USN change journal
- Docker file
- ZeroMQ
- File content hashing is now on by default
- Window status view now on by default for non-Windows OS’. log2timeline has a new look.
- A new parser for client-local SCCM logs
- An XSLX output module, for writing events directly to a file readable with Microsoft Excel
- Distributed link tracking support in the winlnk parser
- The Windows Registry handling functionality has been moved to a separate submodule
- Add Requires: libzmq5 >= 4.1.2
- Add Requires: python-protobuf
- Add Requires: python-xlsxwriter
- Add Requires: artifacts-validator instead of just artifacts
- Add Requires: python-requests
- Add Requires: pybde
- Add Requires: pyfsntfs
- Add Requires: pysmraw
- Add Require pyesedb >= 20150409
- Add Recommends: python-mock # Used by internal test suite
- Require libewf2 = 0~20140608 # Newer versions are buggy
- Require pyewf = 0~20140608 # Newer versions are buggy
- Require pyesedb >= 20150409
- Require pyevtx >= 20160107
- Require pylnk >= 20150830
- Require pyolecf >= 20160107
- Require python-dfVFS >= 20160108
- Require python-psutil < 3.0.0 # Not yet compatible with newer psutil
- remove references to subdir winreg
- Add removal of duplicate files %{buildroot}/usr/share/doc/plaso/ACKNOWLEDGEMENTS, etc
- update to v1.3.0
* Numerous new features
* See http://blog.kiddaland.net/2015/07/bringing-end-to-sorrow-new-plaso-release.html
* Major stability improvements
- add /usr/share/plaso as a data directory
- add requires python-pefile >= 1.2.1+139
- add requires pysigscan
- require recent python-dateutils
- remove frontend test files. They have been isolated by upstream.
- remove frontend/plasm, plasm.py, pprof.py, pshell.ph Removed by upstream
- add a openSUSE 13.1 workaround for a unicode bug
- update minimum depency versions
- add a loop to force %py_compile - getting an rpmlint warning without this
- Make iPython a requirement, not a recommendation.
* It is needed for preg and pshell
* version 1.2.1 or newer is required
- update to v1.2.0
* Increased stabiity, less memory, faster extraction
* Fixed excessive momory consusmption bugs
* Source scanner moved from plaso to dfVFS
* New JSON storage back-end available for testing only
* preg overhauled
* New parsers and plug-ins
- update some Requires tag version levels to agree with check_dependencies
- remove #DL_URL field and make #Source a full URL
- added "internal_version" macro useful when building git code
- Added Requires: pyfwsi
- add numerous lines to %prep to eliminate shebang lines which rpmlint was complaining about
- add check_dependencies.py to the %doc files so users can check their own dependencies
- remove frontend python files that are in both /usr/bin and under the python tree structure
- remove other unneeded python files instead of excluding them. Do this prior to calling fdupes
- add explicit "%py_compile ." to resolve rpmlint complaint about datestamps not matching
- update to v1.1.0
* This is a major update
* See the announcement at http://blog.kiddaland.net/2014/06/what-is-one-to-say-about-june-time-of.html
* Highlights
** the ability to read the storage media image formats EWF, QCOW, VHD and VMDK, besides RAW;
** improved existing parsers and plugins, e.g. multi volume support in the Windows Prefetch parser;
** various additional parsers and plugins;
** new features.
- change Requires to use upstream naming where we can
- change Requires to use recent version of core python modules
- correct Requires: py* lines to have the 0~ at the start of the version
* For normal symbols, the 0~ is required NOT to be present, but is required on these
- Add all remaining dependencies that plaso v1.1.0 can leverage at run time
* add Requires: pyesedb since it is now in OBS
* add Requires: pyqcow since it is now in OBS
* add Requires: pyvmdk since it is now in OBS
* add Requires: pyvhdi since it is now in OBS
* Add Requires: python-bencode since it is now in OBS
- remove %attr(755...) line and instead use sed to remove #!/usr/bin/python from *py files
- specfile cleanup
-- added %doc directive
-- added fdupes call
-- fixes a few permissions issues reported by rpmlint
-- ran spec-cleaner
- update to v1.0.2
* Lots of upstream development
* Several new parsers
* first support of TSK v4.1
* improvements in export_image.py
* For detaiils see http://blog.kiddaland.net/2013/10/halloween-brings-with-it-riding-witches.html
- reverse hack associated with plaso in a sub-folder. Now handled properly by upstream
- remove support of openSUSE 11.1 and older
- add requires for OleFileIO_PL
- add requires for python-libolecf
- add requires for python-binplist
- add requires for python-construct
- add requires for python-dpkt
- add requires for python-pyparsing
- quit using the --record-files feature to know what files to put in the %files section
- update to v1.0.1alpha
- update build and install to handle upstream change to have plaso in a sub-folder
- initial build
OBS-URL: https://build.opensuse.org/request/show/981949
OBS-URL: https://build.opensuse.org/package/show/security:forensics/python-plaso?expand=0&rev=43
- update to version 20201007
* The Elasticsearch output module now includes default type mappings thanks to @william-billaud.
This avoids fields containing both numbers and text being misinterpreted by Elasticsearch.
* A new parser containing initial support for Spotlight store database (store.db) files.
* libfsext/pytfsext has been added as an experimental feature to overcome shortcomings in the pytsk ext implementation. Use the `--vfs-back-end=fsext` option to use libfsext instead of SleuthKit.
* Log2timeline will now not attempt to extract events from MacOS sleep and swap files.
- from version 20200630
* new unattended mode
* The linear status view now shows more information about the overall processing status
* Time zone handling was overhauled. There are now two separate timezone-related options:
`--timezone` indicates the time zone of the source data, and will be used when Plaso can’t determine the appropriate time zone automatically.
`--output_time_zone` specifies a time zone to use when outputting events. This is currently only supported by the ‘dynamic’ and ‘l2tcsv’ output modules.
* There are some new additions to the Windows and Linux tag files, courtesy of pyllyukko@
* It’s now possible to specify an elasticsearch password on the command line thanks to new contributor william-billaud@. Note that this password will be visible to anyone who is able to list running processes, so be careful about using this on any shared system.
* New parsers / supported data formats:
Apple's Transparency, Consent, and Control (TCC) SQlite database.
Google Log (glog) files.
OBS-URL: https://build.opensuse.org/request/show/858560
OBS-URL: https://build.opensuse.org/package/show/security:forensics/python-plaso?expand=0&rev=35
- update to version 20200227
* Changes to handle multi string Windows computer name value #2819 (#2820)
* Removed 4n6time output modules #2809 (#2810)
* Changes Elasticsearch output module to support version 7 (#2830)
* Various small updates to file processors
- add reguires python-libluksde
- convert to new python singlespec syntax
- ran spec-cleaner
- add python3 support and drop python 2 builds
- update to version 20200121
* first openSUSE update in 2 years
* see release announcements: http://blog.kiddaland.net
* removal of Python 2.7 and 3.4 support
* Migration to Cryptography.io, as pycrypto appears to be unmaintained
- version 20191203
* image_export now supports json output
- version 20190531
* added new event and path filtering
- version 20181219
* added APFS support
- version 20180930
* added python 3 support
* migrated binary file processing to drfabrick
- update to 20171231
* includes the new psteal supervisor program. All users should consider using psteal
* upstream had changed to using dates for release numbers
* events are now represented via the new dfDateTime library
* preparing for a switch to a SQL backend
* significant effort has been spent on automated testing
* For addition release notes:
See http://blog.kiddaland.net/2017/10/drink-joyful-good-mead-plaso-20170925.html
- There is no storage compatibility with databases created with older releases
- prepare for python2/python3 support
- In Requires: lines for libyal python bindings, use the python-lib* variant of the package
Python singlespec automatically converts that to python2 / python3 as appropriate
- Rename dependency OleFileIO_PL to python-olefile
- Update Dependency on python-PyYAML: this package had been renamed
a long time ago to follow the naming convention. The compat
symbol 'python-yaml' was lost with the migration to singlespec.
- update to v1.5.1
* add support for Sleuthkit 4.4.0
* Requires recent python-tsk
- fix a major bug where the front-end files were being removed.
* Apparently there was old plaso install bug that installed 2 copies
- change python-construct require to only accept v2.5.2. Testing showed 2.5.5 was incompatible.
- require python-efilter >= 1.1.5 to fix a bug found in testing
- update to v1.5.0 (Gna)
* See release announcement for details:
- http://blog.kiddaland.net/2016/09/what-flies-there-what-fares-there-or.html
- DC3 - The DoD Computer Foresics Lap made significant contributions to plaso 1.5
- Add Requires: pyscca, pyfvde, python-dfwinreg, python-efilter, python-yara
- Update Source: tag to the new location
- Change capitalization of xlsxwriter to XlsxWriter
- Add GITHUB_version tag to allow pre-release testing
- remove python-psutil < 3.0 restriction
- update to v1.4.0
* See release announcement for details:
- http://blog.kiddaland.net/2016/01/sprinkling-morning-dew-and-summer.html
* New features
- Parsers for $MFT and the NTFS USN change journal
- Docker file
- ZeroMQ
- File content hashing is now on by default
- Window status view now on by default for non-Windows OS’. log2timeline has a new look.
- A new parser for client-local SCCM logs
- An XSLX output module, for writing events directly to a file readable with Microsoft Excel
- Distributed link tracking support in the winlnk parser
- The Windows Registry handling functionality has been moved to a separate submodule
- Add Requires: libzmq5 >= 4.1.2
- Add Requires: python-protobuf
- Add Requires: python-xlsxwriter
- Add Requires: artifacts-validator instead of just artifacts
- Add Requires: python-requests
- Add Requires: pybde
- Add Requires: pyfsntfs
- Add Requires: pysmraw
- Add Require pyesedb >= 20150409
- Add Recommends: python-mock # Used by internal test suite
- Require libewf2 = 0~20140608 # Newer versions are buggy
- Require pyewf = 0~20140608 # Newer versions are buggy
- Require pyesedb >= 20150409
- Require pyevtx >= 20160107
- Require pylnk >= 20150830
- Require pyolecf >= 20160107
- Require python-dfVFS >= 20160108
- Require python-psutil < 3.0.0 # Not yet compatible with newer psutil
- remove references to subdir winreg
- Add removal of duplicate files %{buildroot}/usr/share/doc/plaso/ACKNOWLEDGEMENTS, etc
- update to v1.3.0
* Numerous new features
* See http://blog.kiddaland.net/2015/07/bringing-end-to-sorrow-new-plaso-release.html
* Major stability improvements
- add /usr/share/plaso as a data directory
- add requires python-pefile >= 1.2.1+139
- add requires pysigscan
- require recent python-dateutils
- remove frontend test files. They have been isolated by upstream.
- remove frontend/plasm, plasm.py, pprof.py, pshell.ph Removed by upstream
- add a openSUSE 13.1 workaround for a unicode bug
- update minimum depency versions
- add a loop to force %py_compile - getting an rpmlint warning without this
- Make iPython a requirement, not a recommendation.
* It is needed for preg and pshell
* version 1.2.1 or newer is required
- update to v1.2.0
* Increased stabiity, less memory, faster extraction
* Fixed excessive momory consusmption bugs
* Source scanner moved from plaso to dfVFS
* New JSON storage back-end available for testing only
* preg overhauled
* New parsers and plug-ins
- update some Requires tag version levels to agree with check_dependencies
- remove #DL_URL field and make #Source a full URL
- added "internal_version" macro useful when building git code
- Added Requires: pyfwsi
- add numerous lines to %prep to eliminate shebang lines which rpmlint was complaining about
- add check_dependencies.py to the %doc files so users can check their own dependencies
- remove frontend python files that are in both /usr/bin and under the python tree structure
- remove other unneeded python files instead of excluding them. Do this prior to calling fdupes
- add explicit "%py_compile ." to resolve rpmlint complaint about datestamps not matching
- update to v1.1.0
* This is a major update
* See the announcement at http://blog.kiddaland.net/2014/06/what-is-one-to-say-about-june-time-of.html
* Highlights
** the ability to read the storage media image formats EWF, QCOW, VHD and VMDK, besides RAW;
** improved existing parsers and plugins, e.g. multi volume support in the Windows Prefetch parser;
** various additional parsers and plugins;
** new features.
- change Requires to use upstream naming where we can
- change Requires to use recent version of core python modules
- correct Requires: py* lines to have the 0~ at the start of the version
* For normal symbols, the 0~ is required NOT to be present, but is required on these
- Add all remaining dependencies that plaso v1.1.0 can leverage at run time
* add Requires: pyesedb since it is now in OBS
* add Requires: pyqcow since it is now in OBS
* add Requires: pyvmdk since it is now in OBS
* add Requires: pyvhdi since it is now in OBS
* Add Requires: python-bencode since it is now in OBS
- remove %attr(755...) line and instead use sed to remove #!/usr/bin/python from *py files
- specfile cleanup
-- added %doc directive
-- added fdupes call
-- fixes a few permissions issues reported by rpmlint
-- ran spec-cleaner
- update to v1.0.2
* Lots of upstream development
* Several new parsers
* first support of TSK v4.1
* improvements in export_image.py
* For detaiils see http://blog.kiddaland.net/2013/10/halloween-brings-with-it-riding-witches.html
- reverse hack associated with plaso in a sub-folder. Now handled properly by upstream
- remove support of openSUSE 11.1 and older
- add requires for OleFileIO_PL
- add requires for python-libolecf
- add requires for python-binplist
- add requires for python-construct
- add requires for python-dpkt
- add requires for python-pyparsing
- quit using the --record-files feature to know what files to put in the %files section
- update to v1.0.1alpha
- update build and install to handle upstream change to have plaso in a sub-folder
- initial build
OBS-URL: https://build.opensuse.org/request/show/792777
OBS-URL: https://build.opensuse.org/package/show/security:forensics/python-plaso?expand=0&rev=31
