From 241ebf3914da6e09cec713f3ebffcad18fcc5b477f4463ef74d9298502d7eafe Mon Sep 17 00:00:00 2001
From: Antonio Teixeira <antonio.teixeira@suse.com>
Date: Mon, 25 Mar 2024 20:16:39 +0000
Subject: [PATCH] Accepting request 1161552 from
 home:ateixeira:branches:security:sensor

- Update to version 0.7.0.4.git66.eea7659:
  * dnssnoop: fix loading protocol from ip header on s390
  * dnssnoop: fix htons() so it works on s390 too
  * Fix systemd Services artifact missing events
  * chattrsnoop: replace global variables with locals
  * tcpsnoop: fix garbled results on s390
  * chattrsnoop: fix immutable attribute set on s390
  * chattrsnoop: fix bpf_probe_read for s390
  * tcpsnoop: remove unused filtering code
  * Add artifact to collect new files without owner
  * bpf plugins: set a logger callback
- Add CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
  (bsc#1221456)

OBS-URL: https://build.opensuse.org/request/show/1161552
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=65
---
 ...w-redirects-drop-proxy-authorization.patch | 23 +++++++++++++++++++
 _servicedata                                  |  2 +-
 velociraptor-0.7.0.4.git47.0f8a4de1.obscpio   |  3 ---
 velociraptor-0.7.0.4.git66.eea7659.obscpio    |  3 +++
 velociraptor-go_modules.tar.zst               |  4 ++--
 velociraptor.changes                          | 17 ++++++++++++++
 velociraptor.obsinfo                          |  6 ++---
 velociraptor.spec                             |  9 ++++++--
 8 files changed, 56 insertions(+), 11 deletions(-)
 create mode 100644 CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
 delete mode 100644 velociraptor-0.7.0.4.git47.0f8a4de1.obscpio
 create mode 100644 velociraptor-0.7.0.4.git66.eea7659.obscpio

diff --git a/CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch b/CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
new file mode 100644
index 0000000..62c26a9
--- /dev/null
+++ b/CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
@@ -0,0 +1,23 @@
+From c4f847f85176991f95ab9c88af63b1294de8649b Mon Sep 17 00:00:00 2001
+From: Ruben Verborgh <ruben@verborgh.org>
+Date: Thu, 14 Mar 2024 17:36:10 +0100
+Subject: [PATCH] Drop Proxy-Authorization across hosts.
+
+---
+ index.js     | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletion(-)
+
+diff --git a/gui/velociraptor/node_modules/follow-redirects/index.js b/gui/velociraptor/node_modules/follow-redirects/index.js
+index f58b933..c649cab 100644
+--- a/gui/velociraptor/node_modules/follow-redirects/index.js
++++ b/gui/velociraptor/node_modules/follow-redirects/index.js
+@@ -430,7 +430,7 @@ RedirectableRequest.prototype._processResponse = function (response) {
+      redirectUrlParts.protocol !== "https:" ||
+      redirectUrlParts.host !== currentHost &&
+      !isSubdomain(redirectUrlParts.host, currentHost)) {
+-    removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers);
++    removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers);
+   }
+ 
+   // Evaluate the beforeRedirect callback
+
diff --git a/_servicedata b/_servicedata
index 25af2ef..1ad6b8f 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/SUSE/linux-security-sensor</param>
-              <param name="changesrevision">0f8a4de1d5c872a77b0a3887f01707dec55ee47f</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">eea7659c5f2abd277001ea6c2ce3771346ccd6dd</param></service></servicedata>
\ No newline at end of file
diff --git a/velociraptor-0.7.0.4.git47.0f8a4de1.obscpio b/velociraptor-0.7.0.4.git47.0f8a4de1.obscpio
deleted file mode 100644
index 84cdec0..0000000
--- a/velociraptor-0.7.0.4.git47.0f8a4de1.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:42e6a04330671ae8c2bdbf7c1dc0e279ec211aef8a5dd8aed2cb76f9121ceda5
-size 140181006
diff --git a/velociraptor-0.7.0.4.git66.eea7659.obscpio b/velociraptor-0.7.0.4.git66.eea7659.obscpio
new file mode 100644
index 0000000..d05be37
--- /dev/null
+++ b/velociraptor-0.7.0.4.git66.eea7659.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:02043af4c9d1e6cc055ce42b1e21d180b20ae351fbf5b62edd06760755e1272b
+size 140184078
diff --git a/velociraptor-go_modules.tar.zst b/velociraptor-go_modules.tar.zst
index 212af57..4a95922 100644
--- a/velociraptor-go_modules.tar.zst
+++ b/velociraptor-go_modules.tar.zst
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:5c00d92d32e9ec68fabd40fb09aa460a02fb746971c84c65940eeefe12a16d47
-size 29079417
+oid sha256:b3b899de249205810f8a4f29c1e6453b7079a31a50b71cf20f026952f14f214b
+size 29081043
diff --git a/velociraptor.changes b/velociraptor.changes
index 40d2ff6..6319a73 100644
--- a/velociraptor.changes
+++ b/velociraptor.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Mon Mar 25 17:19:16 UTC 2024 - antonio.teixeira@suse.com
+
+- Update to version 0.7.0.4.git66.eea7659:
+  * dnssnoop: fix loading protocol from ip header on s390
+  * dnssnoop: fix htons() so it works on s390 too
+  * Fix systemd Services artifact missing events
+  * chattrsnoop: replace global variables with locals
+  * tcpsnoop: fix garbled results on s390
+  * chattrsnoop: fix immutable attribute set on s390
+  * chattrsnoop: fix bpf_probe_read for s390
+  * tcpsnoop: remove unused filtering code
+  * Add artifact to collect new files without owner
+  * bpf plugins: set a logger callback
+- Add CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
+  (bsc#1221456)
+
 -------------------------------------------------------------------
 Thu Feb 29 18:48:52 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
 
diff --git a/velociraptor.obsinfo b/velociraptor.obsinfo
index 45e4132..c770fa5 100644
--- a/velociraptor.obsinfo
+++ b/velociraptor.obsinfo
@@ -1,4 +1,4 @@
 name: velociraptor
-version: 0.7.0.4.git47.0f8a4de1
-mtime: 1708624030
-commit: 0f8a4de1d5c872a77b0a3887f01707dec55ee47f
+version: 0.7.0.4.git66.eea7659
+mtime: 1711385479
+commit: eea7659c5f2abd277001ea6c2ce3771346ccd6dd
diff --git a/velociraptor.spec b/velociraptor.spec
index e0e905d..3aa3296 100644
--- a/velociraptor.spec
+++ b/velociraptor.spec
@@ -67,7 +67,7 @@
 %endif
 
 Name:           velociraptor%{name_suffix}
-Version:        0.7.0.4.git47.0f8a4de1
+Version:        0.7.0.4.git66.eea7659
 Release:        0
 %if %{build_server}
 Summary:        Endpoint visibility and collection tool
@@ -983,6 +983,8 @@ Source10882:    https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz#/
 Patch1:         vendor-build-fixes-for-SLE12.patch
 Patch2:         sdjournal-build-fix-for-SLE12.patch
 Patch3:         velociraptor-reproducible-timestamp.diff
+# CVE-2024-28849 - bsc#1221456 - follow-redirects: Drop Proxy-Athorization across hosts
+Patch4:         CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
 BuildRequires:  fileb0x
 %if 0%{?suse_version}
 BuildRequires:  golang-packaging
@@ -1106,7 +1108,9 @@ console, please install the 'velociraptor' package.
 
 %prep
 %setup -q -a 1 -a 2 -n %{projname}-%{VERSION}
-%autopatch -p1
+%patch -P 1 -p1
+%patch -P 2 -p1
+%patch -P 3 -p1
 
 # Set the version to something more specific than <next-tag>-dev
 sed -ie "s/\([[:space:]]VERSION *= \).*/\1 \"%{VERSION}\"/" constants/constants.go
@@ -1133,6 +1137,7 @@ pushd gui/velociraptor
 rm -f package-lock.json
 local-npm-registry %{_sourcedir} install
 popd
+%patch -P 4 -p1
 %endif
 
 %build