Update to 0.52.2

2024-06-19 18:19:40 +02:00 · 2024-06-19 18:19:40 +02:00 · 661ba95127
commit 661ba95127
parent adb3b06bd8
9 changed files with 227 additions and 9 deletions
--- a/2
+++ b/2
@ -2,7 +2,7 @@
  <service name="tar_scm" mode="manual">
    <param name="url">https://github.com/aquasecurity/trivy</param>
    <param name="scm">git</param>
-    <param name="revision">v0.52.1</param>
+    <param name="revision">v0.52.2</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="changesgenerate">enable</param>
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/aquasecurity/trivy</param>
-              <param name="changesrevision">a3caf0658c9eccea18c261123112f2679a205ad9</param></service></servicedata>
+              <param name="changesrevision">8709d4f9c8ae29df1ff2e0d45b414cc075d3ea0b</param></service></servicedata>
--- a/add-opensuse-tumbleweed-db.patch
+++ b/add-opensuse-tumbleweed-db.patch
@ -0,0 +1,103 @@
+From f055a591d0ad779eab39ad0b13bd240653c9f137 Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <meissner@suse.de>
+Date: Wed, 19 Jun 2024 09:59:41 +0200
+Subject: [PATCH 1/2] added openSUSE Tumbleweed version detection
+
+(Tumbleweed has no version as it is rolling)
+
+https://github.com/aquasecurity/trivy-db/issues/410
+---
+ pkg/vulnsrc/suse-cvrf/suse-cvrf.go      | 18 +++++++++++++++---
+ pkg/vulnsrc/suse-cvrf/suse-cvrf_test.go |  4 ++++
+ 2 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+index be3d4eff..297b29eb 100644
+--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+@@ -24,8 +24,10 @@ type Distribution int
+ const (
+ 	SUSEEnterpriseLinux Distribution = iota
+ 	OpenSUSE
+	OpenSUSETumbleweed
+ 
+-	platformOpenSUSEFormat  = "openSUSE Leap %s"
+	platformOpenSUSETumbleweedFormat  = "openSUSE Tumbleweed"
+	platformOpenSUSELeapFormat  = "openSUSE Leap %s"
+ 	platformSUSELinuxFormat = "SUSE Linux Enterprise %s"
+ )
+ 
+@@ -55,6 +57,9 @@ func (vs VulnSrc) Name() types.SourceID {
+ 	if vs.dist == OpenSUSE {
+ 		return "opensuse-cvrf"
+ 	}
+	if vs.dist == OpenSUSETumbleweed {
+		return "opensuse-tumbleweed-cvrf"
+	}
+ 	return source.ID
+ }
+ 
+@@ -66,6 +71,7 @@ func (vs VulnSrc) Update(dir string) error {
+ 	case SUSEEnterpriseLinux:
+ 		rootDir = filepath.Join(rootDir, "suse")
+ 	case OpenSUSE:
+	case OpenSUSETumbleweed:
+ 		rootDir = filepath.Join(rootDir, "opensuse")
+ 	default:
+ 		return xerrors.New("unknown distribution")
+@@ -185,6 +191,10 @@ func getOSVersion(platformName string) string {
+ 		// SUSE Linux Enterprise Module for SUSE Manager Server 4.0
+ 		return ""
+ 	}
+	if strings.HasPrefix(platformName, "openSUSE Tumbleweed") {
+		// Tumbleweed has no version, it is a rolling release
+		return platformOpenSUSETumbleweedFormat
+	}
+ 	if strings.HasPrefix(platformName, "openSUSE Leap") {
+ 		// openSUSE Leap 15.0
+ 		ss := strings.Split(platformName, " ")
+@@ -196,7 +206,7 @@ func getOSVersion(platformName string) string {
+ 			log.Printf("invalid version: %s, err: %s", platformName, err)
+ 			return ""
+ 		}
+-		return fmt.Sprintf(platformOpenSUSEFormat, ss[2])
+		return fmt.Sprintf(platformOpenSUSELeapFormat, ss[2])
+ 	}
+ 	if strings.Contains(platformName, "SUSE Linux Enterprise") {
+ 		// e.g. SUSE Linux Enterprise Storage 7, SUSE Linux Enterprise Micro 5.1
+@@ -276,7 +286,9 @@ func (vs VulnSrc) Get(version string, pkgName string) ([]types.Advisory, error)
+ 	case SUSEEnterpriseLinux:
+ 		bucket = fmt.Sprintf(platformSUSELinuxFormat, version)
+ 	case OpenSUSE:
+-		bucket = fmt.Sprintf(platformOpenSUSEFormat, version)
+		bucket = fmt.Sprintf(platformOpenSUSELeapFormat, version)
+	case OpenSUSETumbleweed:
+		bucket = platformOpenSUSETumbleweedFormat
+ 	default:
+ 		return nil, xerrors.New("unknown distribution")
+ 	}
+
+From a6bad64919d94263c6e075f2f3676b6cdbfe811d Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <meissner@suse.de>
+Date: Wed, 19 Jun 2024 16:07:49 +0200
+Subject: [PATCH 2/2] Update pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+
+Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
+---
+ pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+index 297b29eb..f616990e 100644
+--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+@@ -70,8 +70,7 @@ func (vs VulnSrc) Update(dir string) error {
+ 	switch vs.dist {
+ 	case SUSEEnterpriseLinux:
+ 		rootDir = filepath.Join(rootDir, "suse")
+-	case OpenSUSE:
+-	case OpenSUSETumbleweed:
+	case OpenSUSE, OpenSUSETumbleweed:
+ 		rootDir = filepath.Join(rootDir, "opensuse")
+ 	default:
+ 		return xerrors.New("unknown distribution")
--- a/add-opensuse-tumbleweed-support.patch
+++ b/add-opensuse-tumbleweed-support.patch
@ -0,0 +1,94 @@
+From 3e9c8361a53b33bdd8bfe3009fae69a50fe5f261 Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <meissner@suse.de>
+Date: Wed, 19 Jun 2024 10:32:34 +0200
+Subject: [PATCH] feat: add openSUSE tumbleweed detection and scanning
+
+needs changes in trivy-db to go along from https://github.com/aquasecurity/trivy-db/pull/411 to go along
+
+https://github.com/aquasecurity/trivy-db/issues/410
+---
+ docs/docs/coverage/os/index.md  | 1 +
+ docs/docs/coverage/os/suse.md   | 5 +++--
+ pkg/detector/ospkg/detect.go    | 1 +
+ pkg/detector/ospkg/suse/suse.go | 9 +++++++++
+ 4 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/docs/docs/coverage/os/index.md b/docs/docs/coverage/os/index.md
+index a8d2670d7d6..49982b1b2d6 100644
+--- a/docs/docs/coverage/os/index.md
+++ b/docs/docs/coverage/os/index.md
+@@ -22,6 +22,7 @@ Trivy supports operating systems for
+ | [CBL-Mariner](cbl-mariner.md)        | 1.0, 2.0                            | dnf/yum/rpm      |
+ | [Amazon Linux](amazon.md)            | 1, 2, 2023                          | dnf/yum/rpm      |
+ | [openSUSE Leap](suse.md)             | 42, 15                              | zypper/rpm       |
+| [openSUSE Tumbleweed](suse.md)       | (n/a)                               | zypper/rpm       |
+ | [SUSE Enterprise Linux](suse.md)     | 11, 12, 15                          | zypper/rpm       |
+ | [Photon OS](photon.md)               | 1.0, 2.0, 3.0, 4.0                  | tndf/yum/rpm     |
+ | [Debian GNU/Linux](debian.md)        | 7, 8, 9, 10, 11, 12                 | apt/dpkg         |
+diff --git a/docs/docs/coverage/os/suse.md b/docs/docs/coverage/os/suse.md
+index 6ff52de31c8..15cfb1e9379 100644
+--- a/docs/docs/coverage/os/suse.md
+++ b/docs/docs/coverage/os/suse.md
+@@ -2,6 +2,7 @@
+ Trivy supports the following distributions:
+ 
+ - openSUSE Leap
+- openSUSE Tumbleweed
+ - SUSE Enterprise Linux (SLE)
+ 
+ Please see [here](index.md#supported-os) for supported versions.
+@@ -35,6 +36,6 @@ Trivy identifies licenses by examining the metadata of RPM packages.
+ 
+ 
+ [dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
+-[cvrf]: http://ftp.suse.com/pub/projects/security/cvrf/
+[cvrf]: https://ftp.suse.com/pub/projects/security/cvrf/
+ 
+-[vulnerability statuses]: ../../configuration/filtering.md#by-status
+\ No newline at end of file
+[vulnerability statuses]: ../../configuration/filtering.md#by-status
+diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go
+index bbeb8e8649d..56c4b76d147 100644
+--- a/pkg/detector/ospkg/detect.go
+++ b/pkg/detector/ospkg/detect.go
+@@ -40,6 +40,7 @@ var (
+ 		ftypes.CentOS:       redhat.NewScanner(),
+ 		ftypes.Rocky:        rocky.NewScanner(),
+ 		ftypes.Oracle:       oracle.NewScanner(),
+		ftypes.OpenSUSETumbleweed: suse.NewScanner(suse.OpenSUSETumbleweed),
+ 		ftypes.OpenSUSELeap: suse.NewScanner(suse.OpenSUSE),
+ 		ftypes.SLES:         suse.NewScanner(suse.SUSEEnterpriseLinux),
+ 		ftypes.Photon:       photon.NewScanner(),
+diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go
+index a5ccade5c81..439cad3ce28 100644
+--- a/pkg/detector/ospkg/suse/suse.go
+++ b/pkg/detector/ospkg/suse/suse.go
+@@ -66,6 +66,7 @@ const (
+ 	SUSEEnterpriseLinux Type = iota
+ 	// OpenSUSE for open versions
+ 	OpenSUSE
+	OpenSUSETumbleweed
+ )
+ 
+ // Scanner implements the SUSE scanner
+@@ -84,6 +85,10 @@ func NewScanner(t Type) *Scanner {
+ 		return &Scanner{
+ 			vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSE),
+ 		}
+	case OpenSUSETumbleweed:
+		return &Scanner{
+			vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSETumbleweed),
+		}
+ 	}
+ 	return nil
+ }
+@@ -128,5 +133,9 @@ func (s *Scanner) IsSupportedVersion(ctx context.Context, osFamily ftypes.OSType
+ 	if osFamily == ftypes.SLES {
+ 		return osver.Supported(ctx, slesEolDates, osFamily, osVer)
+ 	}
+	// tumbleweed is a rolling release, it has no version and no eol
+	if osFamily == ftypes.OpenSUSETumbleweed {
+		return true
+	}
+ 	return osver.Supported(ctx, opensuseEolDates, osFamily, osVer)
+ }
--- a/trivy-0.52.1.tar.zst
+++ b/trivy-0.52.1.tar.zst
--- a/trivy-0.52.2.tar.zst
+++ b/trivy-0.52.2.tar.zst
--- a/trivy.changes
+++ b/trivy.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Wed Jun 19 15:58:20 UTC 2024 - dmueller@suse.com
+
+- Update to version 0.52.2:
+  * release: v0.52.2 [release/v0.52] (#6896)
+  * ci: use `ubuntu-latest-m` runner [backport: release/v0.52] (#6933)
+  * chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 [backport: release/v0.52] (#6919)
+  * test: bump docker API to 1.45  [backport: release/v0.52] (#6922)
+  * ci: bump `github.com/goreleaser/goreleaser` to `v2.0.0` [backport: release/v0.52] (#6893)
+  * fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892)
+- add add-opensuse-tumbleweed-db.patch,
+  add-opensuse-tumbleweed-support.patch: patches for tumbleweed
+  support
+
 -------------------------------------------------------------------
 Wed Jun 12 14:19:45 UTC 2024 - dmueller@suse.com

--- a/trivy.spec
+++ b/trivy.spec
@ -17,7 +17,7 @@


 Name:           trivy
-Version:        0.52.1
+Version:        0.52.2
 Release:        0
 Summary:        A Simple and Comprehensive Vulnerability Scanner for Containers
 License:        Apache-2.0
@ -25,6 +25,9 @@ Group:          System/Management
 URL:            https://github.com/aquasecurity/trivy
 Source:         %{name}-%{version}.tar.zst
 Source1:        vendor.tar.zst
+# From https://github.com/aquasecurity/trivy-db/pull/411.patch
+Patch1:         add-opensuse-tumbleweed-db.patch
+Patch2:         https://github.com/aquasecurity/trivy/pull/6965.patch#/add-opensuse-tumbleweed-support.patch
 BuildRequires:  golang(API) = 1.22
 BuildRequires:  golang-packaging
 BuildRequires:  zstd
@ -43,7 +46,11 @@ scan. All you need to do for scanning is to specify a target such as an image
 name of the container.

 %prep
-%autosetup -p1 -a1
+%setup -a1
+pushd vendor/github.com/aquasecurity/trivy-db
+%patch -P 1 -p1
+popd
+%patch -P 2 -p1

 %build
 export CGO_ENABLED=1
--- a/vendor.tar.zst
+++ b/vendor.tar.zst