Sync from SUSE:SLFO:Main velociraptor revision 64d0e1a891dd8dd792ebab77a729787f

CVE-2022-25883-npm-watch-semver-deps.patch

@@ -1,24 +0,0 @@
-From 76e999d0976ad6559574c92b79fe7432596d2d6c Mon Sep 17 00:00:00 2001
-From: snyk-bot <snyk-bot@snyk.io>
-Date: Sat, 27 Apr 2024 00:20:54 +0000
-Subject: [PATCH] fix: gui/velociraptor/package.json to reduce vulnerabilities
-
-The following vulnerabilities are fixed with an upgrade:
-- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
----
- gui/velociraptor/package.json | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: b/gui/velociraptor/package.json
-===================================================================
---- a/gui/velociraptor/package.json
-+++ b/gui/velociraptor/package.json
-@@ -31,7 +31,7 @@
-         "lodash": "^4.17.21",
-         "moment": "^2.29.4",
-         "moment-timezone": "0.5.43",
--        "npm-watch": "^0.11.0",
-+        "npm-watch": "^0.12.0",
-         "prop-types": "^15.8.1",
-         "qs": "^6.11.2",
-         "query-string": "^6.14.1",

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/SUSE/linux-security-sensor</param>
-              <param name="changesrevision">675e45f90f6a78190d8428bd0a375e9dfd483589</param></service></servicedata>
+              <param name="changesrevision">862ef239506b42b208625b83420ebed67804e11e</param></service></servicedata>

velociraptor.changes

@@ -1,3 +1,89 @@
+-------------------------------------------------------------------
+Fri Jan 17 17:37:39 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
+
+- Reorganize llvm dependency version conditionals
+- Use llvm17 for Leap 15.5
+
+-------------------------------------------------------------------
+Fri Jan 17 13:49:28 UTC 2025 - antonio.teixeira@suse.com
+
+- Update to version 0.7.0.4.git142.862ef23:
+  * github: fix deprecated upload artifact again
+  * Update npm packages
+    Includes fixes for the following vulnerabilities:
+    CVE-2023-45133
+    CVE-2023-46234
+    CVE-2024-55565
+    CVE-2024-45296
+    CVE-2023-44270
+    CVE-2024-47068
+    CVE-2024-23331
+    CVE-2024-31207
+    CVE-2024-45812
+    CVE-2024-45811
+  * Update go dependencies
+    Includes fixes for the following vulnerabilities:
+    CVE-2024-45338
+    CVE-2024-37298
+    CVE-2024-24786
+    CVE-2023-45683 (bsc#1216310)
+    CVE-2023-1732
+  * Update jwt to 4.5.1
+    Fixes CVE-2024-51744 (bsc#1232944)
+  * Update go-retryablehttp to 0.7.7
+    Fixes CVE-2024-6104 (bsc#1227061)
+  * Update go-oidc and go-jose
+    Fixes CVE-2024-28180 (bsc#1235168)
+  * Update dompurify to 3.1.3
+    Fixes CVE-2024-47875 (bsc#1231574)
+  * Update package-lock.json
+  * Update micromatch to 4.0.8
+    Partial fix for CVE-2024-4067 (bsc#1224367)
+    Partial fix for CVE-2024-4068 (bsc#1224296)
+  * Update axios to 1.7.9
+    Fixes CVE-2024-39338 (bsc#1229424)
+  * Update cross-spawn to 7.0.6
+    Fixes CVE-2024-21538 (bsc#1233845)
+  * Update elliptic to 6.6.1
+    Update contains fixes for:
+    CVE-2024-48949 (bsc#1231558)
+    CVE-2024-48948 (bsc#1231685)
+    CVE-2024-42459 (bsc#1232543)
+    CVE-2024-42460 (bsc#1232543)
+    CVE-2024-42461 (bsc#1232543)
+  * Update follow-redirects to 1.15.6
+    Fixes CVE-2024-28849 (bsc#1221456)
+  * fix: gui/velociraptor/package.json to reduce vulnerabilities
+    Fixes CVE-2022-25883 (bsc#1212572)
+- Drop CVE-2022-25883-npm-watch-semver-deps.patch
+  * Fix was included upstream
+
+-------------------------------------------------------------------
+Tue Jan 14 20:22:25 UTC 2025 - doreilly@suse.com
+
+- Update to version 0.7.0.4.git126.27cfbe1:
+  * bpf: fix plugins not stopping when context cancelled
+  * tcpsnoop: move parsing to its own function
+  * bpf plugins: remove depreciated libbpfgo calls
+  * bpf plugins: add context to error logs
+  * chattrsnoop: fix files not getting closed
+  * chattrsnoop: move hashing from plugin to artifact
+  * RPM artifact: start checks immediately on artifact load
+  * rpm plugin: fix ndb magic error
+  * audit s390x: fix arch filter rules errors
+  * github: fix deprecated upload artifact
+  * tcpsnoop: fix ipv6 local and remote addresses order
+  * tcpsnoop: fix missing ipv6 outbound connections
+  * Linux.Events.ProcessExecutions: remove parent cmdline
+  * audit: reduce FileBufferLeaseSize to ease GC overhead
+  * audit: fix auditBuf allocation and go vet warnings
+  * audit: fix plugin shutdown race condition
+  * audit: fix audit client data races
+  * audit: fix race in subscriber
+  * audit: prevent Windows loading audit package
+  * sdjournal: fix package causing test failures
+  * github: run linux unit tests
+
 -------------------------------------------------------------------
 Mon Aug 19 20:45:30 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
 

velociraptor.obsinfo

@@ -1,4 +1,4 @@
 name: velociraptor
-version: 0.7.0.4.git97.675e45f9
-mtime: 1719345654
-commit: 675e45f90f6a78190d8428bd0a375e9dfd483589
+version: 0.7.0.4.git142.862ef23
+mtime: 1737120535
+commit: 862ef239506b42b208625b83420ebed67804e11e

velociraptor.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package velociraptor
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -51,6 +51,18 @@
 %bcond_without bpf
 %endif
 
+%if %{with bpf} && 0%{?suse_version}
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} == 150600 || (0%{?sle_version} == 150500 && 0%{?is_opensuse})
+%global llvm_version 17
+%else
+%if 0%{?sle_version} >= 150300
+%global llvm_version 16
+%else
+%global llvm_version 13
+%endif
+%endif
+%endif
+
 %if "%{_vendor}" == "debbuild"
 %define _unitdir /usr/lib/systemd/system
 %endif
@@ -71,7 +83,7 @@
 %endif
 
 Name:           velociraptor%{name_suffix}
-Version:        0.7.0.4.git97.675e45f9
+Version:        0.7.0.4.git142.862ef23
 Release:        0
 %if %{build_server}
 Summary:        Endpoint visibility and collection tool
@@ -100,8 +112,6 @@ Source12:       package-lock.json
 Patch1:         vendor-build-fixes-for-SLE12.patch
 Patch2:         sdjournal-build-fix-for-SLE12.patch
 Patch3:         velociraptor-reproducible-timestamp.diff
-# PATCH-FIX-UPSTREAM CVE-2022-25883-npm-watch-semver-deps.patch bsc#1212572 -- upgrade npm-watch
-Patch4:         CVE-2022-25883-npm-watch-semver-deps.patch
 BuildRequires:  fileb0x
 %if 0%{?suse_version}
 BuildRequires:  systemd-rpm-macros
@@ -124,23 +134,14 @@ BuildRequires:  local-npm-registry
 BuildRequires:  nodejs >= 18
 BuildRequires:  npm >= 18
 %endif
+
 %if %{with bpf}
 %if 0%{?suse_version}
-%if 0%{?suse_version} > 1500 || 0%{?sle_version} == 150600
-BuildRequires:  clang17
-BuildRequires:  llvm17
-%else
-%if 0%{?sle_version} >= 150300
-BuildRequires:  clang16
-BuildRequires:  llvm16
-%if 0%{?sle_version} > 150400
+BuildRequires:  clang%{?llvm_version}
+BuildRequires:  llvm%{?llvm_version}
+%if 0%{?sle_version} == 150500 && !0%{?is_opensuse}
 BuildRequires:  llvm16-libclang13
 %endif
-%else
-BuildRequires:  clang13
-BuildRequires:  llvm13
-%endif
-%endif
 BuildRequires:  libelf-devel
 BuildRequires:  libzstd-devel
 BuildRequires:  zlib-devel
@@ -251,10 +252,7 @@ This package provides a shared system user for all velociraptor components
 
 %prep
 %setup -q -a 1 -a 2 -n %{projname}-%{VERSION}
-%patch -P 1 -p1
-%patch -P 2 -p1
-%patch -P 3 -p1
-%patch -P 4 -p1
+%autopatch -p1
 
 # Set the version to something more specific than <next-tag>-dev
 sed -ie "s/\([[:space:]]VERSION *= \).*/\1 \"%{VERSION}\"/" constants/constants.go