Accepting request 1161552 from home:ateixeira:branches:security:sensor

- Update to version 0.7.0.4.git66.eea7659: * dnssnoop: fix loading protocol from ip header on s390 * dnssnoop: fix htons() so it works on s390 too * Fix systemd Services artifact missing events * chattrsnoop: replace global variables with locals * tcpsnoop: fix garbled results on s390 * chattrsnoop: fix immutable attribute set on s390 * chattrsnoop: fix bpf_probe_read for s390 * tcpsnoop: remove unused filtering code * Add artifact to collect new files without owner * bpf plugins: set a logger callback - Add CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch (bsc#1221456) OBS-URL: https://build.opensuse.org/request/show/1161552 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=65
2024-03-25 20:16:39 +00:00 · 2024-03-25 20:16:39 +00:00 · 241ebf3914
commit 241ebf3914
parent 5968657952
8 changed files with 56 additions and 11 deletions
--- a/CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
+++ b/CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
@ -0,0 +1,23 @@
+From c4f847f85176991f95ab9c88af63b1294de8649b Mon Sep 17 00:00:00 2001
+From: Ruben Verborgh <ruben@verborgh.org>
+Date: Thu, 14 Mar 2024 17:36:10 +0100
+Subject: [PATCH] Drop Proxy-Authorization across hosts.
+
+---
+ index.js     | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletion(-)
+
+diff --git a/gui/velociraptor/node_modules/follow-redirects/index.js b/gui/velociraptor/node_modules/follow-redirects/index.js
+index f58b933..c649cab 100644
+--- a/gui/velociraptor/node_modules/follow-redirects/index.js
+++ b/gui/velociraptor/node_modules/follow-redirects/index.js
+@@ -430,7 +430,7 @@ RedirectableRequest.prototype._processResponse = function (response) {
+      redirectUrlParts.protocol !== "https:" ||
+      redirectUrlParts.host !== currentHost &&
+      !isSubdomain(redirectUrlParts.host, currentHost)) {
+-    removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers);
+    removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers);
+   }
+ 
+   // Evaluate the beforeRedirect callback
+
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/SUSE/linux-security-sensor</param>
-              <param name="changesrevision">0f8a4de1d5c872a77b0a3887f01707dec55ee47f</param></service></servicedata>
+              <param name="changesrevision">eea7659c5f2abd277001ea6c2ce3771346ccd6dd</param></service></servicedata>
--- a/velociraptor-0.7.0.4.git47.0f8a4de1.obscpio
+++ b/velociraptor-0.7.0.4.git47.0f8a4de1.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:42e6a04330671ae8c2bdbf7c1dc0e279ec211aef8a5dd8aed2cb76f9121ceda5
-size 140181006
--- a/velociraptor-0.7.0.4.git66.eea7659.obscpio
+++ b/velociraptor-0.7.0.4.git66.eea7659.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:02043af4c9d1e6cc055ce42b1e21d180b20ae351fbf5b62edd06760755e1272b
+size 140184078
--- a/velociraptor-go_modules.tar.zst
+++ b/velociraptor-go_modules.tar.zst
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:5c00d92d32e9ec68fabd40fb09aa460a02fb746971c84c65940eeefe12a16d47
-size 29079417
+oid sha256:b3b899de249205810f8a4f29c1e6453b7079a31a50b71cf20f026952f14f214b
+size 29081043
--- a/velociraptor.changes
+++ b/velociraptor.changes
@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Mon Mar 25 17:19:16 UTC 2024 - antonio.teixeira@suse.com
+
+- Update to version 0.7.0.4.git66.eea7659:
+  * dnssnoop: fix loading protocol from ip header on s390
+  * dnssnoop: fix htons() so it works on s390 too
+  * Fix systemd Services artifact missing events
+  * chattrsnoop: replace global variables with locals
+  * tcpsnoop: fix garbled results on s390
+  * chattrsnoop: fix immutable attribute set on s390
+  * chattrsnoop: fix bpf_probe_read for s390
+  * tcpsnoop: remove unused filtering code
+  * Add artifact to collect new files without owner
+  * bpf plugins: set a logger callback
+- Add CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
+  (bsc#1221456)
+
 -------------------------------------------------------------------
 Thu Feb 29 18:48:52 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>

--- a/velociraptor.obsinfo
+++ b/velociraptor.obsinfo
@ -1,4 +1,4 @@
 name: velociraptor
-version: 0.7.0.4.git47.0f8a4de1
-mtime: 1708624030
-commit: 0f8a4de1d5c872a77b0a3887f01707dec55ee47f
+version: 0.7.0.4.git66.eea7659
+mtime: 1711385479
+commit: eea7659c5f2abd277001ea6c2ce3771346ccd6dd
--- a/velociraptor.spec
+++ b/velociraptor.spec
@ -67,7 +67,7 @@
 %endif

 Name:           velociraptor%{name_suffix}
-Version:        0.7.0.4.git47.0f8a4de1
+Version:        0.7.0.4.git66.eea7659
 Release:        0
 %if %{build_server}
 Summary:        Endpoint visibility and collection tool
@ -983,6 +983,8 @@ Source10882:    https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz#/
 Patch1:         vendor-build-fixes-for-SLE12.patch
 Patch2:         sdjournal-build-fix-for-SLE12.patch
 Patch3:         velociraptor-reproducible-timestamp.diff
+# CVE-2024-28849 - bsc#1221456 - follow-redirects: Drop Proxy-Athorization across hosts
+Patch4:         CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
 BuildRequires:  fileb0x
 %if 0%{?suse_version}
 BuildRequires:  golang-packaging
@ -1106,7 +1108,9 @@ console, please install the 'velociraptor' package.

 %prep
 %setup -q -a 1 -a 2 -n %{projname}-%{VERSION}
-%autopatch -p1
+%patch -P 1 -p1
+%patch -P 2 -p1
+%patch -P 3 -p1

 # Set the version to something more specific than <next-tag>-dev
 sed -ie "s/\([[:space:]]VERSION *= \).*/\1 \"%{VERSION}\"/" constants/constants.go
@ -1133,6 +1137,7 @@ pushd gui/velociraptor
 rm -f package-lock.json
 local-npm-registry %{_sourcedir} install
 popd
+%patch -P 4 -p1
 %endif

 %build