_scmsync.obsinfo

@@ -1,4 +1,4 @@
-mtime: 1717765405
-commit: 96ac2f27c0ccdd6423580fc28d828483ef3309a85f4741eb93d275b73f7ef52c
-url: https://src.opensuse.org/pool/trivy.git
-revision: factory
+mtime: 1722525389
+commit: 8c16244bf472c835a73bb96ae7ce1440e4f4c8bfa8cabc7d61d1da1a621c4d00
+url: https://src.opensuse.org/dirkmueller/trivy.git
+revision: 8c16244bf472c835a73bb96ae7ce1440e4f4c8bfa8cabc7d61d1da1a621c4d00

_service

@@ -2,7 +2,7 @@
   <service name="tar_scm" mode="manual">
     <param name="url">https://github.com/aquasecurity/trivy</param>
     <param name="scm">git</param>
-    <param name="revision">v0.56.2</param>
+    <param name="revision">v0.54.1</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/aquasecurity/trivy</param>
-              <param name="changesrevision">f2252c833d4dee18546577f0c32ceb83c8bf20ae</param></service></servicedata>
+              <param name="changesrevision">854c61d34a550a9fcbab3bc59e55b868c15d1962</param></service></servicedata>

add-opensuse-tumbleweed-db.patch

@@ -0,0 +1,103 @@
+From f055a591d0ad779eab39ad0b13bd240653c9f137 Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <meissner@suse.de>
+Date: Wed, 19 Jun 2024 09:59:41 +0200
+Subject: [PATCH 1/2] added openSUSE Tumbleweed version detection
+
+(Tumbleweed has no version as it is rolling)
+
+https://github.com/aquasecurity/trivy-db/issues/410
+---
+ pkg/vulnsrc/suse-cvrf/suse-cvrf.go      | 18 +++++++++++++++---
+ pkg/vulnsrc/suse-cvrf/suse-cvrf_test.go |  4 ++++
+ 2 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+index be3d4eff..297b29eb 100644
+--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
++++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+@@ -24,8 +24,10 @@ type Distribution int
+ const (
+ 	SUSEEnterpriseLinux Distribution = iota
+ 	OpenSUSE
++	OpenSUSETumbleweed
+ 
+-	platformOpenSUSEFormat  = "openSUSE Leap %s"
++	platformOpenSUSETumbleweedFormat  = "openSUSE Tumbleweed"
++	platformOpenSUSELeapFormat  = "openSUSE Leap %s"
+ 	platformSUSELinuxFormat = "SUSE Linux Enterprise %s"
+ )
+ 
+@@ -55,6 +57,9 @@ func (vs VulnSrc) Name() types.SourceID {
+ 	if vs.dist == OpenSUSE {
+ 		return "opensuse-cvrf"
+ 	}
++	if vs.dist == OpenSUSETumbleweed {
++		return "opensuse-tumbleweed-cvrf"
++	}
+ 	return source.ID
+ }
+ 
+@@ -66,6 +71,7 @@ func (vs VulnSrc) Update(dir string) error {
+ 	case SUSEEnterpriseLinux:
+ 		rootDir = filepath.Join(rootDir, "suse")
+ 	case OpenSUSE:
++	case OpenSUSETumbleweed:
+ 		rootDir = filepath.Join(rootDir, "opensuse")
+ 	default:
+ 		return xerrors.New("unknown distribution")
+@@ -185,6 +191,10 @@ func getOSVersion(platformName string) string {
+ 		// SUSE Linux Enterprise Module for SUSE Manager Server 4.0
+ 		return ""
+ 	}
++	if strings.HasPrefix(platformName, "openSUSE Tumbleweed") {
++		// Tumbleweed has no version, it is a rolling release
++		return platformOpenSUSETumbleweedFormat
++	}
+ 	if strings.HasPrefix(platformName, "openSUSE Leap") {
+ 		// openSUSE Leap 15.0
+ 		ss := strings.Split(platformName, " ")
+@@ -196,7 +206,7 @@ func getOSVersion(platformName string) string {
+ 			log.Printf("invalid version: %s, err: %s", platformName, err)
+ 			return ""
+ 		}
+-		return fmt.Sprintf(platformOpenSUSEFormat, ss[2])
++		return fmt.Sprintf(platformOpenSUSELeapFormat, ss[2])
+ 	}
+ 	if strings.Contains(platformName, "SUSE Linux Enterprise") {
+ 		// e.g. SUSE Linux Enterprise Storage 7, SUSE Linux Enterprise Micro 5.1
+@@ -276,7 +286,9 @@ func (vs VulnSrc) Get(version string, pkgName string) ([]types.Advisory, error)
+ 	case SUSEEnterpriseLinux:
+ 		bucket = fmt.Sprintf(platformSUSELinuxFormat, version)
+ 	case OpenSUSE:
+-		bucket = fmt.Sprintf(platformOpenSUSEFormat, version)
++		bucket = fmt.Sprintf(platformOpenSUSELeapFormat, version)
++	case OpenSUSETumbleweed:
++		bucket = platformOpenSUSETumbleweedFormat
+ 	default:
+ 		return nil, xerrors.New("unknown distribution")
+ 	}
+
+From a6bad64919d94263c6e075f2f3676b6cdbfe811d Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <meissner@suse.de>
+Date: Wed, 19 Jun 2024 16:07:49 +0200
+Subject: [PATCH 2/2] Update pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+
+Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
+---
+ pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+index 297b29eb..f616990e 100644
+--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
++++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+@@ -70,8 +70,7 @@ func (vs VulnSrc) Update(dir string) error {
+ 	switch vs.dist {
+ 	case SUSEEnterpriseLinux:
+ 		rootDir = filepath.Join(rootDir, "suse")
+-	case OpenSUSE:
+-	case OpenSUSETumbleweed:
++	case OpenSUSE, OpenSUSETumbleweed:
+ 		rootDir = filepath.Join(rootDir, "opensuse")
+ 	default:
+ 		return xerrors.New("unknown distribution")

build.specials.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b575187fee5146cd266ea8f6ade7952590defa34a475b1dae4d3569c6031dbe5
+size 256

trivy.changes

@@ -1,139 +1,3 @@
--------------------------------------------------------------------
-Wed Oct 23 12:47:45 UTC 2024 - dmueller@suse.com
-
-- Update to version 0.56.2:
-  * release: v0.56.2 [release/v0.56] (#7694)
-  * fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (#7702)
-  * fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691)
-
--------------------------------------------------------------------
-Tue Oct 08 16:43:27 UTC 2024 - dmueller@suse.com
-
-- Update to version 0.56.1:
-  * release: v0.56.1 [release/v0.56] (#7648)
-  * fix(db): fix javadb downloading error handling [backport: release/v0.56] (#7646)
-  * release: v0.56.0 [main] (#7447)
-  * fix(misconf): not to warn about missing selectors of libraries (#7638)
-  * feat: support RPM archives (#7628)
-  * fix(secret): change grafana token regex to find them without unquoted (#7627)
-  * chore(deps): Bump trivy-checks to v1.1.0 (#7631)
-  * fix(misconf): Disable deprecated checks by default (#7632)
-  * chore: add prefixes to log messages (#7625)
-  * feat(misconf): Support `--skip-*` for all included modules  (#7579)
-  * feat: support multiple DB repositories for vulnerability and Java DB (#7605)
-  * ci: don't use cache for `setup-go` (#7622)
-  * test: use loaded image names (#7617)
-  * feat(java): add empty versions if `pom.xml` dependency versions can't be detected (#7520)
-  * feat(secret): enhance secret scanning for python binary files (#7223)
-  * refactor: fix auth error handling (#7615)
-  * ci: split `save` and `restore` cache actions (#7614)
-  * fix(misconf): disable DS016 check for image history analyzer (#7540)
-  * feat(suse): added SUSE Linux Enterprise Micro support (#7294)
-  * feat(misconf): add ability to disable checks by ID (#7536)
-  * fix(misconf): escape all special sequences (#7558)
-  * test: use a local registry for remote scanning (#7607)
-  * fix: allow access to '..' in mapfs (#7575)
-  * fix(db): check `DownloadedAt` for `trivy-java-db` (#7592)
-  * chore(deps): bump the common group across 1 directory with 20 updates (#7604)
-  * ci: add `workflow_dispatch` trigger for test workflow. (#7606)
-  * ci: cache test images for `integration`, `VM` and `module` tests (#7599)
-  * chore(deps): remove broken replaces for opa and discovery (#7600)
-  * docs(misconf): Add more info on how to use arbitrary JSON/YAML scan feat (#7458)
-  * fix(misconf): Fixed scope for China Cloud (#7560)
-  * perf(misconf): use port ranges instead of enumeration (#7549)
-  * fix(sbom): export bom-ref when converting a package to a component (#7340)
-  * refactor(misconf): pass options to Rego scanner as is (#7529)
-  * fix(sbom): parse type `framework` as `library` when unmarshalling `CycloneDX` files (#7527)
-  * chore(deps): bump go-ebs-file (#7513)
-  * fix(misconf): Fix logging typo (#7473)
-  * feat(misconf): Register checks only when needed (#7435)
-  * refactor: split `.egg` and `packaging` analyzers (#7514)
-  * fix(java): use `dependencyManagement` from root/child pom's for dependencies from parents (#7497)
-  * chore(vex): add `CVE-2024-34155`, `CVE-2024-34156` and `CVE-2024-34158` in `trivy.openvex.json` (#7510)
-  * chore(deps): bump alpine from 3.20.0 to 3.20.3 (#7508)
-  * chore(vex): suppress openssl vulnerabilities (#7500)
-  * docs: refine go docs (#7442)
-  * revert(java): stop supporting of `test` scope for `pom.xml` files (#7488)
-  * docs(db): add a manifest example (#7485)
-  * feat(license): improve license normalization (#7131)
-  * docs(oci): Add a note About the expected Media Type for the Trivy-DB OCI Artifact (#7449)
-  * fix(report): fix error with unmarshal of `ExperimentalModifiedFindings` (#7463)
-  * fix(report): change a receiver of MarshalJSON (#7483)
-  * fix(oracle): Update EOL date for Oracle 7 (#7480)
-  * chore(deps): bump the aws group with 6 updates (#7468)
-  * chore(deps): bump the common group across 1 directory with 19 updates (#7436)
-  * chore(helm): bump up Trivy Helm chart (#7441)
-  * refactor(java): add error/statusCode for logs when we can't get pom.xml/maven-metadata.xml from remote repo (#7451)
-  * fix(license): stop spliting a long license text (#7336)
-  * release: v0.55.0 [main] (#7271)
-  * feat(go): use `toolchain` as `stdlib` version for `go.mod` files (#7163)
-  * fix(license): add license handling to JUnit template (#7409)
-  * feat(java): add `test` scope support for `pom.xml` files (#7414)
-  * chore(deps): Bump trivy-checks and pin OPA (#7427)
-  * fix(helm): explicitly define `kind` and `apiVersion` of `volumeClaimTemplate` element (#7362)
-  * feat(sbom): set User-Agent header on requests to Rekor (#7396)
-  * test: add integration plugin tests (#7299)
-  * fix(nodejs): check all `importers` to detect dev deps from pnpm-lock.yaml file (#7387)
-  * fix: logger initialization before flags parsing (#7372)
-  * fix(aws): handle ECR repositories in different regions (#6217)
-  * fix(misconf): fix infer type for null value (#7424)
-  * fix(secret): use `.eyJ` keyword for JWT secret (#7410)
-  * fix(misconf): do not recreate filesystem map (#7416)
-  * chore(deps): Bump trivy-checks (#7417)
-  * fix(misconf): do not register Rego libs in checks registry (#7420)
-  * fix(sbom): use `NOASSERTION` for licenses fields in SPDX formats (#7403)
-  * feat(report): export modified findings in JSON (#7383)
-  * feat(server): Make Trivy Server Multiplexer Exported (#7389)
-  * chore: update CODEOWNERS (#7398)
-  * fix(secret): use only line with secret for long secret lines (#7412)
-  * chore: fix allow rule of ignoring test files to make it case insensitive (#7415)
-  * feat(misconf): port and protocol support for EC2 networks (#7146)
-  * fix(misconf): do not filter Terraform plan JSON by name (#7406)
-  * feat(misconf): support for ignore by nested attributes (#7205)
-  * fix(misconf): use module to log when metadata retrieval fails (#7405)
-  * fix(report): escape `Message` field in `asff.tpl` template (#7401)
-  * feat(misconf): Add support for using spec from on-disk bundle (#7179)
-  * docs: add pkg flags to config file page (#7370)
-  * feat(python): use minimum version for pip packages (#7348)
-  * fix(misconf): support deprecating for Go checks (#7377)
-  * fix(misconf): init frameworks before updating them (#7376)
-  * feat(misconf): ignore duplicate checks (#7317)
-  * refactor(misconf): use slog (#7295)
-  * chore(deps): bump trivy-checks (#7350)
-  * feat(server): add internal `--path-prefix` flag for client/server mode (#7321)
-  * chore(deps): bump the aws group across 1 directory with 7 updates (#7358)
-  * fix: safely check if the directory exists (#7353)
-  * feat(misconf): variable support for Terraform Plan (#7228)
-  * feat(misconf): scanning support for YAML and JSON (#7311)
-  * fix(misconf): wrap Azure PortRange in iac types (#7357)
-  * refactor(misconf): highlight only affected rows (#7310)
-  * fix(misconf): change default TLS values for the Azure storage account (#7345)
-  * chore(deps): bump the common group with 9 updates (#7333)
-  * docs(misconf): Update callsites to use correct naming (#7335)
-  * docs: update air-gapped docs (#7160)
-  * refactor: replace ftypes.Gradle with packageurl.TypeGradle (#7323)
-  * perf(misconf): optimize work with context (#6968)
-  * docs: update links to packaging.python.org (#7318)
-  * docs: update client/server docs for misconf and license scanning (#7277)
-  * chore(deps): bump the common group across 1 directory with 7 updates (#7305)
-  * feat(misconf): iterator argument support for dynamic blocks (#7236)
-  * fix(misconf): do not set default value for default_cache_behavior (#7234)
-  * feat(misconf): support for policy and bucket grants (#7284)
-  * fix(misconf): load only submodule if it is specified in source (#7112)
-  * perf(misconf): use json.Valid to check validity of JSON (#7308)
-  * refactor(misconf): remove unused universal scanner (#7293)
-  * perf(misconf): do not convert contents of a YAML file to string (#7292)
-  * fix(terraform): add aws_region name to presets (#7184)
-  * docs: add auto-generated config (#7261)
-  * feat(vuln): Add `--detection-priority` flag for accuracy tuning (#7288)
-  * refactor(misconf): remove file filtering from parsers (#7289)
-  * fix(flag): incorrect behavior for deprected flag `--clear-cache` (#7281)
-  * fix(java): Return error when trying to find a remote pom to avoid segfault (#7275)
-  * fix(plugin): do not call GitHub content API for releases and tags (#7274)
-  * feat(vm): support the Ext2/Ext3 filesystems (#6983)
-  * feat(cli)!: delete deprecated SBOM flags (#7266)
-  * feat(vm): Support direct filesystem (#7058)
-
 -------------------------------------------------------------------
 Thu Aug 01 12:24:35 UTC 2024 - dmueller@suse.com
 

trivy.spec

@@ -17,7 +17,7 @@
 
 
 Name:           trivy
-Version:        0.56.2
+Version:        0.54.1
 Release:        0
 Summary:        A Simple and Comprehensive Vulnerability Scanner for Containers
 License:        Apache-2.0