SLFO-pool/velociraptor
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main velociraptor revision 32038eed04002d3239eb9f33168ae9e9

Browse Source
This commit is contained in:
Adrian Schröter 2024-10-11 10:10:25 +02:00
parent 566f67b596
commit cd9cad0edd
6 changed files with 1495 additions and 1412 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
View File

@ -1,30 +0,0 @@
diff --git a/gui/velociraptor/package-lock.json b/gui/velociraptor/package-lock.json
index e6c46c00..2a6c8114 100644
--- a/gui/velociraptor/package-lock.json
+++ b/gui/velociraptor/package-lock.json
@@ -4750,9 +4750,9 @@
}
},
"node_modules/follow-redirects": {
- "version": "1.15.2",
- "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
- "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==",
+ "version": "1.15.6",
+ "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
+ "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==",
"funding": [
{
"type": "individual",
@@ -14720,9 +14720,9 @@
}
},
"follow-redirects": {
- "version": "1.15.2",
- "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
- "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA=="
+ "version": "1.15.6",
+ "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
+ "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA=="
},
"for-each": {
"version": "0.3.3",

1121
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

BIN
velociraptor-node_modules.obscpio (Stored with Git LFS)
View File

Binary file not shown.

1739
velociraptor-nodejs.spec.inc
View File

File diff suppressed because it is too large Load Diff

8
velociraptor.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Aug 19 20:45:30 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update node modules with security fixes.
* Fixes CVE-2024-39338 (bsc#1229424)
* Remove CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
as the update is included.
-------------------------------------------------------------------
Mon Aug 12 20:47:33 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>

5
velociraptor.spec
View File

@ -100,10 +100,8 @@ Source12: package-lock.json
Patch1: vendor-build-fixes-for-SLE12.patch
Patch2: sdjournal-build-fix-for-SLE12.patch
Patch3: velociraptor-reproducible-timestamp.diff
# PATCH-FIX-UPSTREAM CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch bsc#1221456 -- follow-redirects: Drop Proxy-Athorization across hosts
Patch4: CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
# PATCH-FIX-UPSTREAM CVE-2022-25883-npm-watch-semver-deps.patch bsc#1212572 -- upgrade npm-watch
Patch5: CVE-2022-25883-npm-watch-semver-deps.patch
Patch4: CVE-2022-25883-npm-watch-semver-deps.patch
BuildRequires: fileb0x
%if 0%{?suse_version}
BuildRequires: systemd-rpm-macros
@ -257,7 +255,6 @@ This package provides a shared system user for all velociraptor components
%patch -P 2 -p1
%patch -P 3 -p1
%patch -P 4 -p1
%patch -P 5 -p1
# Set the version to something more specific than <next-tag>-dev
sed -ie "s/\([[:space:]]VERSION *= \).*/\1 \"%{VERSION}\"/" constants/constants.go