telfhash: add support for new TLSH hash format, which has been the

default since TLSH 4.0.0. Deprecate support for the old format.

pkgs/development/python-modules/telfhash/default.nix

@@ -17,6 +17,8 @@ buildPythonPackage {
     sha256 = "jNu6qm8Q/UyJVaCqwFOPX02xAR5DwvCK3PaH6Fvmakk=";
   };
 
+  patches = [ ./telfhash-new-tlsh-hash.patch ];
+
   # The tlsh library's name is just "tlsh"
   postPatch = ''
     substituteInPlace requirements.txt --replace "python-tlsh" "tlsh"

pkgs/development/python-modules/telfhash/telfhash-new-tlsh-hash.patch

@@ -0,0 +1,30 @@
+diff --git a/telfhash/grouping.py b/telfhash/grouping.py
+index c62f8d9..4ee9f0b 100644
+--- a/telfhash/grouping.py
++++ b/telfhash/grouping.py
+@@ -32,10 +32,10 @@ import tlsh
+ def get_combination(telfhash_data):
+ 
+     #
+-    # TLSH hash is 70 characters long. if the telfhash is not 70
++    # The new TLSH hash is 72 characters long. if the telfhash is not 72
+     # characters in length, exclude from the list
+     #
+-    files_list = [x for x in list(telfhash_data.keys()) if telfhash_data[x]["telfhash"] is not None and len(telfhash_data[x]["telfhash"]) == 70]
++    files_list = [x for x in list(telfhash_data.keys()) if telfhash_data[x]["telfhash"] is not None and len(telfhash_data[x]["telfhash"]) == 72]
+ 
+     #
+     # get the combination of all the possible pairs of filenames
+diff --git a/telfhash/telfhash.py b/telfhash/telfhash.py
+index f2bbd25..c6e346c 100755
+--- a/telfhash/telfhash.py
++++ b/telfhash/telfhash.py
+@@ -132,7 +132,7 @@ def get_hash(symbols_list):
+     symbol_string = ",".join(symbols_list)
+     encoded_symbol_string = symbol_string.encode("ascii")
+ 
+-    return tlsh.forcehash(encoded_symbol_string).lower()
++    return tlsh.forcehash(encoded_symbol_string)
+ 
+ 
+ def elf_get_imagebase(elf):