5 files changed, 70 insertions, 2 deletions

diff --git a/app-forensics/Manifest.gz b/app-forensics/Manifest.gz
index 9160800e206c..ff6bd89ef24d 100644
--- a/app-forensics/Manifest.gz
+++ b/app-forensics/Manifest.gz
diff --git a/app-forensics/volatility3/Manifest b/app-forensics/volatility3/Manifest
index 589891682f41..aff0fac0d62d 100644
--- a/app-forensics/volatility3/Manifest
+++ b/app-forensics/volatility3/Manifest
@@ -7,5 +7,5 @@ DIST volatility3-linux-sample-1.bin.gz 143967523 BLAKE2B 3321e991a50b6e4ccf19e0e
 DIST volatility3-win-xp-laptop-2005-06-25.img.gz 180343409 BLAKE2B 9fc10ddb9208d7023854e9619f6cf5ce140f2a2aa5772ccd8bcd852dd50c6f77e36298dbf7df1512334e7976b6ab35dd77f4c49505e531c3a289dd0f26cfc01e SHA512 a1f758cc1b4febcf11f64bc01b872c7528d19c686d81f8e03d742424fa0600254914e656cdf35c3752b406354f769a8aa256622b2f2afe2d691c4bb6d3be3f52
 EBUILD volatility3-2.0.1.ebuild 1075 BLAKE2B ac2c0c43b7d1a34402f02a6e6081c66af2a4ab77085a5664edde6a32113f5ee8c01376979ee8e3ed6d18da58866d07ce151f78060ff05a2386b4d712348badf3 SHA512 f20c054f84810af6b340dc429bfd64259a9e2fc7212edc367eafc0a308c236245ce98978982a00022d28dee9cec3048867ba450d628ba1e2a7ebff96d3b036dd
 EBUILD volatility3-2.4.0-r1.ebuild 1916 BLAKE2B c4c9bdf15b29c60df0515ce022bf5f82679acbfafc81c2fdedd875ae4b09a7132c10532a6c651f1f0f1f860708615b22b1393af4ea0019c2978dd11fe9eb99a9 SHA512 9b879ea3e2f56bdab05cce8d1a3d922a57b9377e5cd5bdda03f37340fe54d247ebede6c757082506c3fb880dbaca243954315995b9bd6f4698e560213235671d
-EBUILD volatility3-2.4.1.ebuild 1885 BLAKE2B 268fb78584d55338457ba744dcda1fdc69940d3109bb8c155f7a3b3ec620b7a09852f5921d2e3b49c1020a3fd19c74ff8bcbafd8d48b299d16bd0b0b769f3496 SHA512 caeb0df8f777f6c44124b6b317f6759535164cb59ef27e784b7dc5b8144e897c7f4823883caa213ccf5196c97d23527cafa1c2ff47d6328cf260fa0e18dad005
+EBUILD volatility3-2.4.1-r1.ebuild 2090 BLAKE2B 82d84b0526f147194d19457c532b217bf8bf460e5a939fc25f3756f19c74a280384b6009d993ab9843d8f5a3e50e93c600f72735fb7d84b8eef03f45b572f1e9 SHA512 9931541534e634d816df2c89913bcb319206bddf8a9ca3257ae2e0b85bc1ebed37d0fe1b8921c7054d80d20661d7a41200cc5801b08c085569f139a15b17a532
 MISC metadata.xml 1353 BLAKE2B 6646bfc20fcabe361b50e05b55aa5f16d2b551706bb16d34477409611d10bd3ca398f487435bcc95e2f6c7eb2b2cf6b4104bae6bb6e5e603bc17c366631895d0 SHA512 b52a0032a4b6d5b9ba46dccf4cc7c4dc0f25afb9cb9051815366eda62de29fc67b78aea16b2835994ee5885f206868bf7311b7a1cf1646108441cee90c01bf3e
diff --git a/app-forensics/volatility3/volatility3-2.4.1.ebuild b/app-forensics/volatility3/volatility3-2.4.1-r1.ebuild
index a48a538532d8..9d2368de6171 100644
--- a/app-forensics/volatility3/volatility3-2.4.1.ebuild
+++ b/app-forensics/volatility3/volatility3-2.4.1-r1.ebuild
@@ -26,13 +26,20 @@ SLOT="0"
 KEYWORDS="~amd64 ~x86"
 IUSE="crypt disasm jsonschema leechcore snappy test yara"
 
+# We need to select *all* subslots of app-arch/snappy which select
+# SONAME=libsnappy.so.1. See (https://github.com/gentoo/gentoo/pull/30585#discussion_r1167753625)
 RDEPEND="
 	>=dev-python/pefile-2017.8.1[${PYTHON_USEDEP}]
 	crypt? ( >=dev-python/pycryptodome-3[${PYTHON_USEDEP}] )
 	disasm? ( >=dev-libs/capstone-3.0.5[python,${PYTHON_USEDEP}] )
 	jsonschema? ( >=dev-python/jsonschema-2.3.0[${PYTHON_USEDEP}] )
 	leechcore? ( >=dev-python/leechcorepyc-2.4.0[${PYTHON_USEDEP}] )
-	snappy? ( app-arch/snappy:0/1 )
+	snappy? (
+		|| (
+			app-arch/snappy:0/1
+			app-arch/snappy:0/1.1
+		)
+	)
 	yara? ( >=dev-python/yara-python-3.8.0[${PYTHON_USEDEP}] )
 "
 DEPEND="${RDEPEND}"
diff --git a/app-forensics/yara/Manifest b/app-forensics/yara/Manifest
index 1314b3430f81..b9900955d681 100644
--- a/app-forensics/yara/Manifest
+++ b/app-forensics/yara/Manifest
@@ -2,7 +2,9 @@ AUX yara-4.2-test.patch 450 BLAKE2B b15319c9921e88504057deead820a884b963e2c240c5
 AUX yara-4.2.3-libmagic.patch 2690 BLAKE2B 904f2b47c16f5134f48ac8765b7cbe119e807ea113ccf6d62767ea67f9ebd7347884eab924591cf2c48802f984978fd504bef61c09717b0baaef55d212447880 SHA512 45a610e89fa9f2e1555291b2254baa8381beb3ef404223222cb5075660a43540cebab2529dd1542d2cebf52ad42e71715f332322f721451fe49a896313e79839
 DIST yara-4.2.3.tar.gz 1288334 BLAKE2B 4e92570e4dced5c1aa114065d791fc6780ea1281919eb1e908d4181fb5a966137c58d82ae09e8ba18edc69a25d542e3820d8e8de4ac62c0636e273e158086954 SHA512 1df23837d14d3f9f72db901190e7412241514a8914d72b753df32ad8a44c7a49ad8f14941a95de83754e4d1dd0f23d712d8e6a43916343341b92cb1bc66f3c09
 DIST yara-4.3.0.tar.gz 2179006 BLAKE2B 97d755c5ffea7fbfc61087f384f4b29543af794af64f86ee2fad10073905fd623480cc1be1c64c8ebf7561c9a8bd323ba5a3fad13044219f110e6a3d04816f36 SHA512 fe239ae2f29fac7b4dbdc0ec84eba057dd4d93c6ae3a53d6bc2a333cc15ed45b1ff5cb896faf02813be667ce191ccbe1d64549552ea4f0834804ad0ec4b29092
+DIST yara-4.3.1.tar.gz 2179177 BLAKE2B 071bd2201653b094f828a5ea1ca2dd08fb0e3e8ea0439784bd949fc9ebfeb3c1aa9408581c8808d2d648d988c3aaab676d61605b53446efa12d838898b7ffe16 SHA512 93a2243d54397e76175fa0106451965b7f3a1f1918307c2bae6193f3725b69f60f70c3901a12c1690368f5b37e973a65c63a299624a521d204b12b48d5efe496
 EBUILD yara-4.2.3.ebuild 1284 BLAKE2B 45912674a4be4d1f5cbcc307313d3e1c48806917716581521a2d367e60c65e7490cc5a6e8020013b42d728886d58080dc023593d663c2ed29b4b6c8035673205 SHA512 594237e4d050c5015bb41c950903e06e5a643867aef286e52a0f3002b0919bb8299c97c023f9447113e8e906a5f0ce8cd0c73a1db5af3e7a84078e52045bd04e
 EBUILD yara-4.3.0.ebuild 1271 BLAKE2B d96bc8732c7d227cbb42d34aa1fc0ec2fdd59eb0cf9e86034aae210e883591f8c5b3953217c5919c731515136754bbb0a3670887cb7bfbb6c2bad45140622f8d SHA512 60ed8c97271d032384048663f12575f80ab8a3ecbc75ac37b021ed9122162c1e964d2e2847d48eb37c8d8e0590db6ecfdb4e4b31deaa2030766370c715ef33a4
+EBUILD yara-4.3.1.ebuild 1271 BLAKE2B d96bc8732c7d227cbb42d34aa1fc0ec2fdd59eb0cf9e86034aae210e883591f8c5b3953217c5919c731515136754bbb0a3670887cb7bfbb6c2bad45140622f8d SHA512 60ed8c97271d032384048663f12575f80ab8a3ecbc75ac37b021ed9122162c1e964d2e2847d48eb37c8d8e0590db6ecfdb4e4b31deaa2030766370c715ef33a4
 EBUILD yara-9999.ebuild 1271 BLAKE2B d96bc8732c7d227cbb42d34aa1fc0ec2fdd59eb0cf9e86034aae210e883591f8c5b3953217c5919c731515136754bbb0a3670887cb7bfbb6c2bad45140622f8d SHA512 60ed8c97271d032384048663f12575f80ab8a3ecbc75ac37b021ed9122162c1e964d2e2847d48eb37c8d8e0590db6ecfdb4e4b31deaa2030766370c715ef33a4
 MISC metadata.xml 1284 BLAKE2B 5e8b7f95170b97d4d55fda012f1108acfb0cae362d4da0f3559375d529194b5e4f9644d8ca3d0fc7e438b873f3827aec307dc664808a56561153679fc0bd5729 SHA512 64048379eb1d51afeee050ea906a8fa7bda9d5bdc78807d04c1f5f5b5a425b512de5facb6b79f23ed8d5517caf779ef327d7eb148ae2a32407904db05efb337f
diff --git a/app-forensics/yara/yara-4.3.1.ebuild b/app-forensics/yara/yara-4.3.1.ebuild
new file mode 100644
index 000000000000..3862dff1c51a
--- /dev/null
+++ b/app-forensics/yara/yara-4.3.1.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools
+
+DESCRIPTION="A malware identification and classification tool"
+HOMEPAGE="https://virustotal.github.io/yara/"
+
+if [[ ${PV} == "9999" ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/VirusTotal/yara.git"
+else
+	SRC_URI="https://github.com/virustotal/yara/archive/v${PV/_/-}.tar.gz -> ${P}.tar.gz"
+	S="${WORKDIR}/${PN}-${PV/_/-}"
+	KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0/8"
+IUSE="+dex +dotnet +cuckoo +macho +magic profiling python test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+	dev-libs/openssl:=
+	cuckoo? ( dev-libs/jansson:= )
+	magic? ( sys-apps/file:= )
+"
+RDEPEND="${DEPEND}"
+PDEPEND="python? ( =dev-python/yara-python-$(ver_cut 1)* )"
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		$(use_enable profiling) \
+		$(use_enable cuckoo) \
+		$(use_enable magic) \
+		$(use_enable dotnet) \
+		$(use_enable macho) \
+		$(use_enable dex) \
+		$(use_enable test static)
+}
+
+src_test() {
+	emake check
+}
+
+src_install() {
+	default
+
+	# TODO: Allow tests to work against dyn. lib rather than building
+	# statically just for tests.
+	find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
+}