SHA256
1
0
forked from pool/velociraptor

Accepting request 1194777 from security:sensor

OBS-URL: https://build.opensuse.org/request/show/1194777
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/velociraptor?expand=0&rev=14
This commit is contained in:
Ana Guerrero 2024-08-20 14:13:41 +00:00 committed by Git OBS Bridge
commit ecefcb440b
6 changed files with 1495 additions and 1412 deletions

View File

@ -1,30 +0,0 @@
diff --git a/gui/velociraptor/package-lock.json b/gui/velociraptor/package-lock.json
index e6c46c00..2a6c8114 100644
--- a/gui/velociraptor/package-lock.json
+++ b/gui/velociraptor/package-lock.json
@@ -4750,9 +4750,9 @@
}
},
"node_modules/follow-redirects": {
- "version": "1.15.2",
- "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
- "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==",
+ "version": "1.15.6",
+ "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
+ "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==",
"funding": [
{
"type": "individual",
@@ -14720,9 +14720,9 @@
}
},
"follow-redirects": {
- "version": "1.15.2",
- "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
- "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA=="
+ "version": "1.15.6",
+ "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
+ "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA=="
},
"for-each": {
"version": "0.3.3",

1121
package-lock.json generated

File diff suppressed because it is too large Load Diff

BIN
velociraptor-node_modules.obscpio (Stored with Git LFS)

Binary file not shown.

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Aug 19 20:45:30 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update node modules with security fixes.
* Fixes CVE-2024-39338 (bsc#1229424)
* Remove CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
as the update is included.
-------------------------------------------------------------------
Mon Aug 12 20:47:33 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>

View File

@ -100,10 +100,8 @@ Source12: package-lock.json
Patch1: vendor-build-fixes-for-SLE12.patch
Patch2: sdjournal-build-fix-for-SLE12.patch
Patch3: velociraptor-reproducible-timestamp.diff
# PATCH-FIX-UPSTREAM CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch bsc#1221456 -- follow-redirects: Drop Proxy-Athorization across hosts
Patch4: CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
# PATCH-FIX-UPSTREAM CVE-2022-25883-npm-watch-semver-deps.patch bsc#1212572 -- upgrade npm-watch
Patch5: CVE-2022-25883-npm-watch-semver-deps.patch
Patch4: CVE-2022-25883-npm-watch-semver-deps.patch
BuildRequires: fileb0x
%if 0%{?suse_version}
BuildRequires: systemd-rpm-macros
@ -257,7 +255,6 @@ This package provides a shared system user for all velociraptor components
%patch -P 2 -p1
%patch -P 3 -p1
%patch -P 4 -p1
%patch -P 5 -p1
# Set the version to something more specific than <next-tag>-dev
sed -ie "s/\([[:space:]]VERSION *= \).*/\1 \"%{VERSION}\"/" constants/constants.go