pool/velociraptor
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update to version 0.7.0.4.git142.862ef23:

Browse Source 
* github: fix deprecated upload artifact again
  * Update npm packages
    Includes fixes for the following vulnerabilities:
    CVE-2023-45133
    CVE-2023-46234
    CVE-2024-55565
    CVE-2024-45296
    CVE-2023-44270
    CVE-2024-47068
    CVE-2024-23331
    CVE-2024-31207
    CVE-2024-45812
    CVE-2024-45811
  * Update go dependencies
    Includes fixes for the following vulnerabilities:
    CVE-2024-45338
    CVE-2024-37298
    CVE-2024-24786
    CVE-2023-45683 (bsc#1216310)
    CVE-2023-1732
  * Update jwt to 4.5.1
    Fixes CVE-2024-51744 (bsc#1232944)
  * Update go-retryablehttp to 0.7.7
    Fixes CVE-2024-6104 (bsc#1227061)
  * Update go-oidc and go-jose
    Fixes CVE-2024-28180 (bsc#1235168)
  * Update dompurify to 3.1.3
    Fixes CVE-2024-47875 (bsc#1231574)
  * Update package-lock.json
  * Update micromatch to 4.0.8
    Partial fix for CVE-2024-4067 (bsc#1224367)
    Partial fix for CVE-2024-4068 (bsc#1224296)
  * Update axios to 1.7.9
    Fixes CVE-2024-39338 (bsc#1229424)
  * Update cross-spawn to 7.0.6
    Fixes CVE-2024-21538 (bsc#1233845)
  * Update elliptic to 6.6.1
    Update contains fixes for:
    CVE-2024-48949 (bsc#1231558)
    CVE-2024-48948 (bsc#1231685)
    CVE-2024-42459 (bsc#1232543)
    CVE-2024-42460 (bsc#1232543)
    CVE-2024-42461 (bsc#1232543)
  * Update follow-redirects to 1.15.6
    Fixes CVE-2024-28849 (bsc#1221456)
  * fix: gui/velociraptor/package.json to reduce vulnerabilities
    Fixes CVE-2022-25883 (bsc#1212572)

OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=85
This commit is contained in:
Antonio Teixeira 2025-01-17 15:17:19 +00:00 committed by Git OBS Bridge
parent 0c486d078c
commit 356fc93fac
11 changed files with 1104 additions and 1023 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2022-25883-npm-watch-semver-deps.patch
View File

@ -1,24 +0,0 @@
From 76e999d0976ad6559574c92b79fe7432596d2d6c Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 27 Apr 2024 00:20:54 +0000
Subject: [PATCH] fix: gui/velociraptor/package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
---
gui/velociraptor/package.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: b/gui/velociraptor/package.json
===================================================================
--- a/gui/velociraptor/package.json
+++ b/gui/velociraptor/package.json
@@ -31,7 +31,7 @@
"lodash": "^4.17.21",
"moment": "^2.29.4",
"moment-timezone": "0.5.43",
- "npm-watch": "^0.11.0",
+ "npm-watch": "^0.12.0",
"prop-types": "^15.8.1",
"qs": "^6.11.2",
"query-string": "^6.14.1",

2
_servicedata
View File

@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/SUSE/linux-security-sensor</param>
<param name="changesrevision">27cfbe1d85e866af8962bd6be49267eac9df3396</param></service></servicedata>
<param name="changesrevision">862ef239506b42b208625b83420ebed67804e11e</param></service></servicedata>

744
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

3
velociraptor-0.7.0.4.git126.27cfbe1.obscpio
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3a1ffcb458eb6ceff91898126f74ead7e9684696ef801ce72db8dbf3250d99b1
size 140263950

BIN
velociraptor-0.7.0.4.git142.862ef23.obscpio (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
velociraptor-go_modules.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

BIN
velociraptor-node_modules.obscpio (Stored with Git LFS)
View File

Binary file not shown.

1276
velociraptor-nodejs.spec.inc
View File

File diff suppressed because it is too large Load Diff

52
velociraptor.changes
View File

@ -1,3 +1,55 @@
-------------------------------------------------------------------
Fri Jan 17 13:49:28 UTC 2025 - antonio.teixeira@suse.com
- Update to version 0.7.0.4.git142.862ef23:
* github: fix deprecated upload artifact again
* Update npm packages
Includes fixes for the following vulnerabilities:
CVE-2023-45133
CVE-2023-46234
CVE-2024-55565
CVE-2024-45296
CVE-2023-44270
CVE-2024-47068
CVE-2024-23331
CVE-2024-31207
CVE-2024-45812
CVE-2024-45811
* Update go dependencies
Includes fixes for the following vulnerabilities:
CVE-2024-45338
CVE-2024-37298
CVE-2024-24786
CVE-2023-45683 (bsc#1216310)
CVE-2023-1732
* Update jwt to 4.5.1
Fixes CVE-2024-51744 (bsc#1232944)
* Update go-retryablehttp to 0.7.7
Fixes CVE-2024-6104 (bsc#1227061)
* Update go-oidc and go-jose
Fixes CVE-2024-28180 (bsc#1235168)
* Update dompurify to 3.1.3
Fixes CVE-2024-47875 (bsc#1231574)
* Update package-lock.json
* Update micromatch to 4.0.8
Partial fix for CVE-2024-4067 (bsc#1224367)
Partial fix for CVE-2024-4068 (bsc#1224296)
* Update axios to 1.7.9
Fixes CVE-2024-39338 (bsc#1229424)
* Update cross-spawn to 7.0.6
Fixes CVE-2024-21538 (bsc#1233845)
* Update elliptic to 6.6.1
Update contains fixes for:
CVE-2024-48949 (bsc#1231558)
CVE-2024-48948 (bsc#1231685)
CVE-2024-42459 (bsc#1232543)
CVE-2024-42460 (bsc#1232543)
CVE-2024-42461 (bsc#1232543)
* Update follow-redirects to 1.15.6
Fixes CVE-2024-28849 (bsc#1221456)
* fix: gui/velociraptor/package.json to reduce vulnerabilities
Fixes CVE-2022-25883 (bsc#1212572)
-------------------------------------------------------------------
Tue Jan 14 20:22:25 UTC 2025 - doreilly@suse.com

6
velociraptor.obsinfo
View File

@ -1,4 +1,4 @@
name: velociraptor
version: 0.7.0.4.git126.27cfbe1
mtime: 1733321465
commit: 27cfbe1d85e866af8962bd6be49267eac9df3396
version: 0.7.0.4.git142.862ef23
mtime: 1737120535
commit: 862ef239506b42b208625b83420ebed67804e11e

9
velociraptor.spec
View File

@ -71,7 +71,7 @@
%endif
Name: velociraptor%{name_suffix}
Version: 0.7.0.4.git126.27cfbe1
Version: 0.7.0.4.git142.862ef23
Release: 0
%if %{build_server}
Summary: Endpoint visibility and collection tool
@ -100,8 +100,6 @@ Source12: package-lock.json
Patch1: vendor-build-fixes-for-SLE12.patch
Patch2: sdjournal-build-fix-for-SLE12.patch
Patch3: velociraptor-reproducible-timestamp.diff
# PATCH-FIX-UPSTREAM CVE-2022-25883-npm-watch-semver-deps.patch bsc#1212572 -- upgrade npm-watch
Patch4: CVE-2022-25883-npm-watch-semver-deps.patch
BuildRequires: fileb0x
%if 0%{?suse_version}
BuildRequires: systemd-rpm-macros
@ -251,10 +249,7 @@ This package provides a shared system user for all velociraptor components
%prep
%setup -q -a 1 -a 2 -n %{projname}-%{VERSION}
%patch -P 1 -p1
%patch -P 2 -p1
%patch -P 3 -p1
%patch -P 4 -p1
%autopatch -p1
# Set the version to something more specific than <next-tag>-dev
sed -ie "s/\([[:space:]]VERSION *= \).*/\1 \"%{VERSION}\"/" constants/constants.go