Changes for deployment

.github/workflows/build.yml

@@ -27,7 +27,7 @@ jobs:
           compiler: 'gcc'
           configure_options: '--enable-static-executables=yes --enable-multi-threading-support=no'
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install build dependencies
       run: |
         sudo apt-get -y install autoconf automake autopoint build-essential git libtool pkg-config
@@ -42,6 +42,30 @@ jobs:
     - name: Run tests
       run: |
         tests/runtests.sh
+  build_dist:
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        include:
+        - architecture: 'x64'
+          compiler: 'gcc'
+          configure_options: ''
+    steps:
+    - uses: actions/checkout@v4
+    - name: Install build dependencies
+      run: |
+        sudo apt-get -y install autoconf automake autopoint build-essential git libtool pkg-config
+    - name: Download test data
+      run: |
+        if test -x "synctestdata.sh"; then ./synctestdata.sh; fi
+    - name: Building from source
+      env:
+        CC: ${{ matrix.compiler }}
+      run: |
+        tests/build.sh ${{ matrix.configure_options }}
+    - name: Run tests
+      run: |
+        make distcheck
   build_python_ubuntu:
     runs-on: ubuntu-22.04
     strategy:
@@ -52,7 +76,7 @@ jobs:
           configure_options: '--enable-python'
           python_version: ''
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install build dependencies
       run: |
         sudo add-apt-repository universe &&
@@ -81,7 +105,7 @@ jobs:
           configure_options: ''
           python-version: '3.10'
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@v1
       with:
@@ -111,7 +135,7 @@ jobs:
           compiler: 'gcc'
           configure_options: '--enable-wide-character-type'
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install build dependencies
       run: |
         sudo apt-get -y install autoconf automake autopoint build-essential git libtool pkg-config
@@ -132,6 +156,7 @@ jobs:
           (cd ${DIRECTORY} && find . -maxdepth 1 -name \*.gcno -type f -exec gcov -pb {} \;) \
         done
     - name: Upload coverage report to Codecov
-      uses: codecov/codecov-action@v3
+      uses: codecov/codecov-action@v4
       with:
         name: linux-${{ matrix.architecture }}-gcc-no-optimization
+        token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/build_freebsd.yml

@@ -6,7 +6,7 @@ jobs:
   build_freebsd:
     runs-on: ubuntu-22.04
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Building from source
       id: build_freebsd
       uses: vmactions/freebsd-vm@v1

.github/workflows/build_shared.yml

@@ -17,7 +17,7 @@ jobs:
           compiler: 'gcc'
           configure_options: '--enable-wide-character-type'
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install build dependencies
       run: |
         sudo apt-get -y install autoconf automake autopoint build-essential git libtool pkg-config

.github/workflows/build_wheel.yml

@@ -21,7 +21,7 @@ jobs:
         - python-version: '3.12'
           toxenv: 'py312'
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install build dependencies
       run: |
         sudo add-apt-repository universe &&

.gitignore

@@ -151,6 +151,7 @@ stamp-h[1-9]
 /tests/evtx_test_tools_resource_file
 /tests/evtx_test_tools_signal
 /tests/input
+/tests/notify_stream.log
 /tests/tmp*
 
 # Local library dependencies specific files

Makefile.am

@@ -70,8 +70,15 @@ EXTRA_DIST = \
 	$(SETUP_PY_FILES) \
 	$(SPEC_FILES)
 
-MAINTAINERCLEANFILES = \
-	Makefile.in
+DISTCLEANFILES = \
+	config.status \
+	config.cache \
+	config.log \
+	libevtx.pc \
+	libevtx.spec \
+	Makefile \
+	Makefile.in \
+	po/Makevars
 
 pkgconfigdir = $(libdir)/pkgconfig
 
@@ -106,15 +113,3 @@ library:
 	(cd $(srcdir)/libevtx && $(MAKE) $(AM_MAKEFLAGS))
 	(cd $(srcdir)/po && $(MAKE) $(AM_MAKEFLAGS))
 
-distclean: clean
-	-rm -f Makefile
-	-rm -f config.status
-	-rm -f config.cache
-	-rm -f config.log
-	-rm -f libevtx.pc
-	-rm -f libevtx.spec
-	@for dir in ${subdirs}; do \
-		(cd $$dir && $(MAKE) distclean) \
-		|| case "$(MFLAGS)" in *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-

appveyor.yml

@@ -241,6 +241,10 @@ environment:
     CFLAGS: "--coverage -O0"
     CPPFLAGS: "-DOPTIMIZATION_DISABLED"
     LDFLAGS: "--coverage"
+  - TARGET: mingw-w64-gcc-python
+    BUILD_ENVIRONMENT: mingw-w64
+    APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2022
+    CONFIGURE_OPTIONS: "--enable-python"
   - TARGET: mingw-w64-gcc-static-executables
     BUILD_ENVIRONMENT: mingw-w64
     APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2022
@@ -254,13 +258,13 @@ install:
 - cmd: if [%BUILD_ENVIRONMENT%]==[python-tox] (
     "%PYTHON%" -m pip install -U tox twine )
 - sh: if test `uname -s` = "Darwin" && test ${BUILD_ENVIRONMENT} = "python-tox"; then brew install -q python@${PYTHON_VERSION} tox twine-pypi || true; fi
-- sh: if test `uname -s` = "Linux" && test ${BUILD_ENVIRONMENT} = "python-tox"; then sudo apt-get update && sudo apt-get -y install autoconf automake autopoint build-essential git libtool patchelf pkg-config python3 python3-dev python3-distutils python3-pip python3-setuptools tox twine; fi
+- sh: if test `uname -s` = "Linux" && test ${BUILD_ENVIRONMENT} = "python-tox"; then sudo apt-get update && sudo apt-get -y install autoconf automake autopoint build-essential flex git libtool patchelf pkg-config python3 python3-dev python3-distutils python3-pip python3-setuptools tox twine; fi
 - ps: If ($env:BUILD_ENVIRONMENT -eq "cygwin64") {
     (New-Object Net.WebClient).DownloadFile("https://cygwin.com/setup-x86_64.exe", "C:\\cygwin64\\setup-x86_64.exe") }
 - cmd: if [%BUILD_ENVIRONMENT%]==[cygwin64] (
-    C:\cygwin64\setup-x86_64.exe -qgnNdO -l C:\cygwin64\var\cache\setup -R c:\cygwin64 -s http://cygwin.mirror.constant.com -P gettext-devel -P wget -P python3-devel )
+    C:\cygwin64\setup-x86_64.exe -qgnNdO -l C:\cygwin64\var\cache\setup -R c:\cygwin64 -s http://cygwin.mirror.constant.com -P gettext-devel -P python3-devel -P wget )
 - cmd: if [%BUILD_ENVIRONMENT%]==[mingw-w64] (
-    C:\msys64\usr\bin\pacman -S --noconfirm --needed autoconf automake gettext-devel libtool make mingw-w64-x86_64-gcc )
+    C:\msys64\usr\bin\pacman -S --noconfirm --needed autoconf automake gettext-devel libtool make mingw-w64-x86_64-gcc mingw-w64-x86_64-python3 )
 - ps: If ( ( "cygwin64-gcc-no-optimization", "mingw-w64-gcc-no-optimization" ).Contains( $env:TARGET ) ) {
     $ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri https://uploader.codecov.io/latest/windows/codecov.exe -Outfile ..\codecov.exe }
 

autogen.ps1

@@ -1,6 +1,6 @@
 # Script to generate the necessary files for a msvscpp build
 #
-# Version: 20230118
+# Version: 20240306
 
 $WinFlex = "..\win_flex_bison\win_flex.exe"
 $WinBison = "..\win_flex_bison\win_bison.exe"
@@ -29,33 +29,36 @@ If (Test-Path "${Prefix}.net")
 
 $NamePrefix = ""
 
-ForEach (${DirectoryElement} in Get-ChildItem -Path "${Library}\*.l")
+ForEach (${Library} in Get-ChildItem -Directory -Path "lib*")
 {
-	$OutputFile = ${DirectoryElement} -Replace ".l$",".c"
+	ForEach (${DirectoryElement} in Get-ChildItem -Path "${Library}\*.l")
+	{
+		$OutputFile = ${DirectoryElement} -Replace ".l$",".c"
 
-	$NamePrefix = Split-Path -path ${DirectoryElement} -leaf
-	$NamePrefix = ${NamePrefix} -Replace ".l$","_"
+		$NamePrefix = Split-Path -path ${DirectoryElement} -leaf
+		$NamePrefix = ${NamePrefix} -Replace ".l$","_"
 
-	Write-Host "Running: ${WinFlex} -Cf ${DirectoryElement}"
+		Write-Host "Running: ${WinFlex} -Cf ${DirectoryElement}"
 
-	# PowerShell will raise NativeCommandError if win_flex writes to stdout or stderr
-	# therefore 2>&1 is added and the output is stored in a variable.
-	$Output = Invoke-Expression -Command "& '${WinFlex}' -Cf ${DirectoryElement} 2>&1"
-	Write-Host ${Output}
+		# PowerShell will raise NativeCommandError if win_flex writes to stdout or stderr
+		# therefore 2>&1 is added and the output is stored in a variable.
+		$Output = Invoke-Expression -Command "& '${WinFlex}' -Cf ${DirectoryElement} 2>&1"
+		Write-Host ${Output}
 
-	# Moving manually since `win_flex -o filename' does not provide the expected behavior.
-	Move-Item "lex.yy.c" ${OutputFile} -force
-}
+		# Moving manually since `win_flex -o filename' does not provide the expected behavior.
+		Move-Item "lex.yy.c" ${OutputFile} -force
+	}
 
-ForEach (${DirectoryElement} in Get-ChildItem -Path "${Library}\*.y")
-{
-	$OutputFile = ${DirectoryElement} -Replace ".y$",".c"
+	ForEach (${DirectoryElement} in Get-ChildItem -Path "${Library}\*.y")
+	{
+		$OutputFile = ${DirectoryElement} -Replace ".y$",".c"
 
-	Write-Host "Running: ${WinBison} -d -v -l -p ${NamePrefix} -o ${OutputFile} ${DirectoryElement}"
+		Write-Host "Running: ${WinBison} -d -v -l -p ${NamePrefix} -o ${OutputFile} ${DirectoryElement}"
 
-	# PowerShell will raise NativeCommandError if win_bison writes to stdout or stderr
-	# therefore 2>&1 is added and the output is stored in a variable.
-	$Output = Invoke-Expression -Command "& '${WinBison}' -d -v -l -p ${NamePrefix} -o ${OutputFile} ${DirectoryElement} 2>&1"
-	Write-Host ${Output}
+		# PowerShell will raise NativeCommandError if win_bison writes to stdout or stderr
+		# therefore 2>&1 is added and the output is stored in a variable.
+		$Output = Invoke-Expression -Command "& '${WinBison}' -d -v -l -p ${NamePrefix} -o ${OutputFile} ${DirectoryElement} 2>&1"
+		Write-Host ${Output}
+	}
 }
 

common/Makefile.am

@@ -1,4 +1,5 @@
-AM_CPPFLAGS = -I$(top_srcdir)/include
+AM_CPPFLAGS = \
+	-I../include -I$(top_srcdir)/include
 
 EXTRA_DIST = \
 	byte_stream.h \
@@ -15,11 +16,9 @@ EXTRA_DIST = \
 	types.h.in \
 	wide_string.h
 
-MAINTAINERCLEANFILES = \
+DISTCLEANFILES = \
+	config.h \
+	types.h \
+	Makefile \
 	Makefile.in
 
-distclean: clean
-	-rm -f config.h
-	-rm -f types.h
-	-rm -f Makefile
-

configure.ac

@@ -2,7 +2,7 @@ AC_PREREQ([2.71])
 
 AC_INIT(
  [libevtx],
- [20240204],
+ [20240421],
  [[email protected]])
 
 AC_CONFIG_SRCDIR(

documentation/Windows XML Event Log (EVTX).asciidoc

@@ -75,6 +75,7 @@ April 2012 | Additional information.
 | 0.0.22 | J.B. Metz | December 2021 | Additional information about MUI language neutral file.
 | 0.0.23 | J.B. Metz | December 2023 | Updated references and additional information about SystemResources directory.
 | 0.0.24 | J.B. Metz | January 2024 | Additional information about parameter message files.
+| 0.0.25 | J.B. Metz | April 2024 | Additional information about dependency identifier.
 |===
 
 :numbered:
@@ -387,7 +388,7 @@ See section: <<token_types,Token types>>
 4+| _Common_
 | 3 | 4 | | Data size +
 The size of the data. +
-This includes the size of the element name, attribute list, close element tag, content and end element tag, except for the first 7 bytes of the element start.
+This includes the size of the element name, attribute list, close element tag, content and end element tag, except for the first 5 or 7 bytes of the element start.
 4+| _Optional see notes below_
 | 7 | 4 | | Element name offset +
 The offset is relative from the start of the chunk +
@@ -409,8 +410,9 @@ The name offset is not present in the binary XML in the Windows Event Template
 resource.
 
 [NOTE]
-The dependency identifier is not present when the element start is used in a
-substitution token with value type: Binary XML (0x21).
+According to `[MS-EVEN6]` the dependency identifier is not present when the
+element start is used in a substitution token with value type: Binary XML
+(0x21).
 
 ==== [[attribute_list]]Attribute list
 

evtxtools/Makefile.am

@@ -1,6 +1,6 @@
 AM_CPPFLAGS = \
-	-I$(top_srcdir)/include \
-	-I$(top_srcdir)/common \
+	-I../include -I$(top_srcdir)/include \
+	-I../common -I$(top_srcdir)/common \
 	@LIBCERROR_CPPFLAGS@ \
 	@LIBCDATA_CPPFLAGS@ \
 	@LIBCTHREADS_CPPFLAGS@ \
@@ -124,12 +124,10 @@ evtxinfo_LDADD = \
 	@LIBINTL@ \
 	@PTHREAD_LIBADD@
 
-MAINTAINERCLEANFILES = \
+DISTCLEANFILES = \
+	Makefile \
 	Makefile.in
 
-distclean: clean
-	-rm -f Makefile
-
 splint-local:
 	@echo "Running splint on evtxexport ..."
 	-splint -preproc -redef $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(evtxexport_SOURCES)

evtxtools/export_handle.c

@@ -2632,13 +2632,24 @@ int export_handle_export_records(
 			 function,
 			 record_index );
 
-			return( -1 );
+			/* Be error tollerant for corrupt records in dirty files
+			 */
+#if defined( HAVE_DEBUG_OUTPUT )
+			if( ( error != NULL )
+			 && ( *error != NULL ) )
+			{
+				libcnotify_print_error_backtrace(
+				 *error );
+			}
+#endif
+			libcerror_error_free(
+			 error );
 		}
-		if( export_handle_export_record(
-		     export_handle,
-		     record,
-		     log_handle,
-		     error ) != 1 )
+		else if( export_handle_export_record(
+		          export_handle,
+		          record,
+		          log_handle,
+		          error ) != 1 )
 		{
 			fprintf(
 			 export_handle->notify_stream,

include/Makefile.am

@@ -15,13 +15,11 @@ EXTRA_DIST = \
 	libevtx/features.h.in \
 	libevtx/types.h.in
 
-MAINTAINERCLEANFILES = \
+DISTCLEANFILES = \
+	libevtx.h \
+	libevtx/definitions.h \
+	libevtx/features.h \
+	libevtx/types.h \
+	Makefile \
 	Makefile.in
 
-distclean: clean
-	-rm -f libevtx.h
-	-rm -f libevtx/definitions.h
-	-rm -f libevtx/features.h
-	-rm -f libevtx/types.h
-	-rm -f Makefile
-