Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package velociraptor for openSUSE:Factory
checked in at 2024-04-05 20:28:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/velociraptor (Old)
and /work/SRC/openSUSE:Factory/.velociraptor.new.1905 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "velociraptor"
Fri Apr 5 20:28:36 2024 rev:7 rq:1165646 version:unknown
Changes:
--------
--- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes
2023-07-27 16:53:26.126704807 +0200
+++ /work/SRC/openSUSE:Factory/.velociraptor.new.1905/velociraptor.changes
2024-04-05 20:29:09.841534357 +0200
@@ -1,0 +2,726 @@
+Fri Apr 5 13:01:05 UTC 2024 - Antonio Teixeira <antonio.teixe...@suse.com>
+
+- Obsolete old velociraptor-kafka-humio-gateway package
+
+-------------------------------------------------------------------
+Wed Apr 03 14:21:30 UTC 2024 - Antonio Teixeira <antonio.teixe...@suse.com>
+
+- Update to version 0.7.0.4.git74.3426c0a:
+ * Fix services artifact symbol pid not found error
+ * chattrsnoop: correct read size for flags
+ * chattrsnoop: fix wrong FS_IOC_SETFLAGS value for ppc
+ * chattrsnoop: fix do_vfs_ioctl kprobe failure
+
+-------------------------------------------------------------------
+Wed Apr 3 13:54:19 UTC 2024 - Antonio Teixeira <antonio.teixe...@suse.com>
+
+- Remove nodejs sources from main spec file.
+
+-------------------------------------------------------------------
+Tue Apr 02 21:52:32 UTC 2024 - Antonio Teixeira <antonio.teixe...@suse.com>
+
+- Update to version 0.7.0.4.git68.ad1f4e5:
+ * Fix undefined binary.NativeEndian build errors
+- Add llvm16-libclang13 dependency for SLE 15 SP5 and above
+
+-------------------------------------------------------------------
+Tue Apr 2 12:02:12 UTC 2024 - Antonio Teixeira <antonio.teixe...@suse.com>
+
+- Disable eBPF for SLE 15 SP2
+
+-------------------------------------------------------------------
+Sun Mar 31 23:38:18 UTC 2024 - Antonio Teixeira <antonio.teixe...@suse.com>
+
+- Fix builds for SLE 15 SP3 and SLE 12
+ * Revert to gzip compression instead of zstd for go modules
+
+-------------------------------------------------------------------
+Mon Mar 25 17:19:16 UTC 2024 - Antonio Teixeira <antonio.teixe...@suse.com>
+
+- Update to version 0.7.0.4.git66.eea7659:
+ * dnssnoop: fix loading protocol from ip header on s390
+ * dnssnoop: fix htons() so it works on s390 too
+ * Fix systemd Services artifact missing events
+ * chattrsnoop: replace global variables with locals
+ * tcpsnoop: fix garbled results on s390
+ * chattrsnoop: fix immutable attribute set on s390
+ * chattrsnoop: fix bpf_probe_read for s390
+ * tcpsnoop: remove unused filtering code
+ * Add artifact to collect new files without owner
+ * bpf plugins: set a logger callback
+- Add CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
+ (bsc#1221456)
+
+-------------------------------------------------------------------
+Thu Feb 29 18:48:52 UTC 2024 - Antonio Teixeira <antonio.teixe...@suse.com>
+
+- Reintroduce system-user-velociraptor package due to client %pre
+ and %postun scripts depending on velociraptor user and group.
+
+-------------------------------------------------------------------
+Tue Feb 27 22:37:09 UTC 2024 - Antonio Teixeira <antonio.teixe...@suse.com>
+
+- Obsolete old system-user-velociraptor package.
+- Use zst compression for go modules.
+
+-------------------------------------------------------------------
+Thu Feb 22 20:11:34 UTC 2024 - dorei...@suse.com
+
+- Update to version 0.7.0.4.git47.0f8a4de1:
+ * Rename SUSE specific artifacts to have SUSE prefix
+ * Add SUSE.Linux.Events.NewZeroSizeLogFile artifact
+ * Move NewFiles artifact to SUSE
+ * Move ImmutableFile artifact to SUSE
+ * Make ImmutableFile artifact consistent with others
+ * Fix absolute path case in ExecutableFiles artifact
+ * Add client monitoring artifact for RPMs
+ * Add artifact to collect new hidden files
+ * Add artifact to monitor ssh authorized_keys files
+ * Fix split_records error on older clients
+ * Add hash fields to Linux.Events.ProcessExecutions
+ * Add artifact to collect systemd service events
+ * Fix SystemLogins artifacts file extensions
+ * Add SUSE.Linux.Events.Timers artifact
+ * Fix audit filter key typo in Linux.Events.NewFiles
+ * Add server artifact to delete old client data on server
+ * Add SUSE.Linux.Sys.At artifact
+ * chattrsnoop: include full error details in logs
+ * chattrsnoop: handle os.Stat() error properly
+ * chattrsnoop: don't log.Fatal() on hash error
+ * Fix Linux.Events.ImmutableFile not showing hash in GUI
+ * SUSE.Linux.Events.Crontab: Add task execution artifacts
+ * Raise client connection log level to ERROR
+ * sdjournal: Correctly seek to current tail
+- Remove verbose flag from client config
+
+-------------------------------------------------------------------
+Thu Feb 22 15:56:44 UTC 2024 - dorei...@suse.com
+
+- Update to version 0.7.0.4.git6.7b40b8b:
+ * go.mod: increase go version to 1.19
+
+-------------------------------------------------------------------
+Thu Feb 22 13:19:14 UTC 2024 - Antonio Teixeira <antonio.teixe...@suse.com>
+
+- Use clang16 for SLE 15 SP4 and above.
+
+-------------------------------------------------------------------
+Thu Jan 18 15:36:50 UTC 2024 - Antonio Teixeira <antonio.teixe...@suse.com>
+
+- Fixed Debian %postun scripts being used for other distros.
+
+-------------------------------------------------------------------
+Wed Dec 20 21:08:36 UTC 2023 - Jeff Mahoney <je...@suse.com>
+
+- Added workaround for missing Maintainers tag in Debian-based packages.
+ obs-service-format_spec_file strips the Packager tag from the spec file
+ before committing. The build service replaces it with its own. debbuild
+ expects the Packager field to be present to generate the Maintainers tag
+ in the output but it only receives the "cleaned" spec file.
+
+-------------------------------------------------------------------
+Tue Dec 19 21:53:37 UTC 2023 - Jeff Mahoney <je...@suse.com>
+
+- Added Recommends: auditd
+ - Technically not *required* but Velociraptor's audit client enables
+ audit and then listens on the multicast socket. Without a listener
+ on the unicast socket, the kernel will spam the system log with events.
+
+-------------------------------------------------------------------
+Tue Dec 19 19:29:06 UTC 2023 - Jeff Mahoney <je...@suse.com>
+
+- Fixed debian packaging:
+ * /etc/sysconfig -> /etc/default
+ * %postun for systemd service cleanup
+ * Note: obs-service-format_spec_file strips the Packager tag that
+ debbuild uses to generate the Maintainer tag
+
+-------------------------------------------------------------------
+Tue Dec 19 14:24:44 UTC 2023 - Jeff Mahoney <je...@suse.com>
+
+- Fix %SOURCE references.
+
+-------------------------------------------------------------------
+Fri Dec 15 22:35:01 UTC 2023 - Jeff Mahoney <je...@suse.com>
+
+- Temporarily use the NODE_MODULES BEGIN/END form of the node_modules
+ service due to a bug in debbuild preventing Debian builds from succeeding.
+
+-------------------------------------------------------------------
+Fri Dec 15 19:32:04 UTC 2023 - Jeff Mahoney <je...@suse.com>
+
+- Update to version 0.7.0.4.git4.c1b68a5b:
+ * hash: fix nil pointer dereference panic
+ * velociraptor: add dummy main function for mage
+- Removed patch:
+ * velociraptor-golang-mage-vendoring.diff
+- Rebased patch:
+ * velociraptor-reproducible-timestamp.diff
+- Switched to using go_modules and node_modules source services
+ * Eliminated bespoke vendoring scripts.
+- Pulled sysuser definition into the velociraptor package.
+
+-------------------------------------------------------------------
+Tue Dec 5 13:54:03 UTC 2023 - Darragh O'Reilly <dorei...@suse.com>
+
+- Remove PrivateTmp and PrivateDevices settings in velociraptor-client.service
(SENS-70)
+
+-------------------------------------------------------------------
+Wed Nov 15 18:17:04 UTC 2023 - Jeff Mahoney <je...@suse.com>
+
+- Update to version 0.7.0.4.git0.e09a0df8:
+ * Add additional sanitization to HTML templates on JS side. (#2) (#3077)
(CVE-2023-5950)
+ * vql/linux/sdjournal: Fix open/close lifetimes
+ * vql/linux/audit: fix shutdown races
+ * vql/linux/audit: fix goroutine lifetimes
+ * vql/linux/audit: limit messageQueue to within runService
+ * vql/linux/audit: add auditService.Log()
+ * vql/linux/audit: pull parts of shutdown into shutdown watcher
+ * vql/linux/audit: remove unnecessary error handling for reassembler
+ * vql/linux/audit: remove unused waitgroup from main event loop
+ * vql/linux/audit: handle top-level cancelation properly
+ * vql/linux/audit: make explicit that goroutines in the main errgroup don't
return errors
+ * vql/linux/audit: make stats reporting separate from debug prints
+ * vql/linux/audit: simplify polling in listener
+ * vql/linux/audit: tests, check various rule scenarios
+ * vql/linux/audit: Add more client failure test cases
+ * vql/linux/audit: Fix audit client lifecycle
+ * vql/linux/audit: Change listener lifecycle to enable testing
+ * vql/linux/audit: Fix DeleteRule in mock client
+ * vql/linux/audit: Fix typo causing double-lock in notifyMissingRule
+ * vql/linux/audit: Close reassembler if NewListenerBytes fails
+ * vql/linux/audit: limit messageQueue scope to within runService
+ * vql/linux/audit: Make messageQueue lifetime more apparent
+ * vql/linux/audit: mainEventLoop shouldn't exit on canceled context
+ * vql/linux/audit: Clean up context handling in shutdown goroutine
+ * vql/linux/audit: fix test suite handling
+ * bpf: only build libbpf in the go generate stage
+ * bpf: add libbpf/include/uapi to the include path for bpf.h
+
+-------------------------------------------------------------------
+Fri Nov 3 01:36:35 UTC 2023 - Jeff Mahoney <je...@suse.com>
+
+- Enabled builds on CentOS 7/8 (currently without eBPF, needs llvm)
+- Enabled builds on Ubuntu 20.04 and 22.04 (23.* pending OBS changes)
+- Enabled builds on Debian 11, 12, Unstable, Testing, and Next
+- Limit server builds to x86_64 until esbuild issue is sorted
+
+-------------------------------------------------------------------
+Tue Oct 31 20:07:16 UTC 2023 - Jeff Mahoney <je...@suse.com>
+
+- Update to version sensor-base-0.7.0~git0.602f673:
+ * vql/linux/audit: fix staticcheck checks
+ * vql/linux/audit: gofumpt -extra
+ * vql/linux/audit: don't overload EAGAIN
+ * vql/linux/audit: actually add test cases
+ * cronsnoop: fix panic when crontab has empty line
+ * SUSE: Add docker-compose environment
+ * SUSE: add Docker files
+ * SUSE: Do build tests on every pull request
+ * Github: Run build workflow on each pull request
+ * vql/functions/hash: cache results on Linux
+ * rpm: introduce rpm vql plugin
+ * Add Linux.Sys.Bash to Server.Monitor.Shell artifact
+ * Updating the NewFiles and ProcessStatuses Artifacts
+ * vql/linux/cronsnoop: Add cronsnoop() plugin
+ * Extend audit artifacts to use new interface
+ * vql/linux/audit: rearchitect plugin for scalability
+ * vql/linux/audit: use go-libaudit v2 for live audit message processing
+ * file_store/directory/listener_bytes: Add listener to use serialized
interface
+ * utils/refcount: add simple refcount implementation
+ * file_store/directory/buffer: add direct-serialized interface
+ * Add artifact to monitor user group updates (#24)
+ * Linux.Events.ProcessExecutions: catch 32-bit execve calls
+ * Add custom artifacts for login and logout attempts recorded by auditd
+ * vql/linux/bpflib: add sample vmlinux.h includes for test builds
+ * vql/linux/bpf/chattrsnoop: Add plugin to catch changes to inode attributes
+ * vql/linux/bpf/dnssnoop: Add dnssnoop() plugin
+ * vql/linux/bpf/tcpsnoop: Add tcpsnoop plugin
+ * vql/linux/bpf: add support to add bpf plugins for Linux
+ * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
+ * SUSE: Add SSHLogin artifacts
+ * Update the Linux.Events.SSHLogin artifact to scan the systemd journal
+ * Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
+ * Add parser to read systemd journal on Linux
+ * Linux.Detection.ImmutableFiles: Enumerate immutable files under a path
+ * linux: add lsattr() function to enumerate file attributes
+ * github/workflows/linux: do apt-get update to refresh package lists
+ * github: run testcases on Linux builds in new workflow
+ * Add systemd-dev as build dependency for github workflow
+ * magefile.go: use current architecture for Linux builds
+ * build: update to mage 0.15
+ * Update tool dependencies on each build (#2987) (#2989)
+ * Various Bugfixes (#2981)
+ * Fixed IPv6 formatting in Windows.Forensics.UserAccessLogs (#2980)
+ * Add Yara device scanning (#44) (#2978)
+ * Added a sample bash script for offline collector generation. (#2975)
+ * Implemented a fix for Windows.Timeline.Prefetch (#2974)
+ * Include MAC addresses in client host dashboard (#2943)
+ * logscale: fix stats_interval parameter handling (#2973)
+ * Update Lnk.yaml (#2972)
+ * [Snyk] Upgrade: @babel/core, @babel/plugin-transform-react-jsx,
@babel/runtime (#2970)
+ * add suspicious field and targeted default (#2971)
+ * Add filesystem type to data returned by file accessor on Unix (#2967)
+ * [Snyk] Upgrade axios-retry from 3.6.1 to 3.7.0 (#2963)
+ * Implemented a writeback service to manage the writeback file. (#2966)
+ * [Snyk] Upgrade axios-retry from 3.6.0 to 3.6.1 (#2949)
+ * Added FAT accessor for parsing FAT filesystems (#2961)
+ * [Snyk] Upgrade recharts from 2.7.3 to 2.8.0 (#2950)
+ * [Snyk] Upgrade axios from 1.4.0 to 1.5.0 (#2951)
+ * Fix device major/minor number calculations (#2958)
+ * Relay hunt creation errors to the Hunts API (#2953)
+ * [Snyk] Upgrade: @babel/core, @babel/runtime (#2948)
+ * Improve various bits of VQL documentation (#2945)
+ * Update bluemonday dependency. (#2941)
+ * Users testcases (#2942)
+ * Order columns in hostname flatten output (#2939)
+ * Add a generic hostsfile artifact (#2930)
+ * Report process names as well as pid for errors (#2937)
+ * Send hard coded labels in periodic client info updates (#2935)
+ * [Snyk] Upgrade ace-builds from 1.24.0 to 1.24.1 (#2932)
+ * Add Modify() method to client info manager. (#2933)
+ * Remove unused parameter by Bloodhound artifact (#2924)
+ * [Snyk] Upgrade ace-builds from 1.23.4 to 1.24.0 (#2928)
+ * Fix AptSources deb822 parsing bug and add deb822 test (#2926)
+ * Bugfixes: Artifact bugs due to FullPath->OSPath refactor (#2923)
+ * [Snyk] Upgrade: @babel/core, @babel/runtime (#2917)
+ * fix: upgrade recharts from 2.7.2 to 2.7.3
+ * Update the config file docs.
+ * Bugfix: Include tool versions from root org (#2913)
+ * Fix issues in AptSources artifact and support deb822 format (#2851)
+ * Disable compatibility with URL style paths (#2912)
+ * [Snyk] Upgrade: @fortawesome/fontawesome-svg-core,
@fortawesome/free-solid-svg-icons (#2907)
+ * Added Windows.ETW.FileCreation (#2905)
+ * Various documentation improvements (#2904)
+ * [Snyk] Upgrade interactjs from 1.10.17 to 1.10.18 (#2902)
+ * Update to latest SQLiteHunter (#2901)
+ * [Snyk] Upgrade axios-retry from 3.5.1 to 3.6.0 (#2900)
++++ 436 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes
++++ and /work/SRC/openSUSE:Factory/.velociraptor.new.1905/velociraptor.changes
Old:
----
sysconfig.velociraptor-kafka-humio-gateway
update-vendoring.sh
velociraptor-0.6.7.5~git81.01be570.obscpio
velociraptor-golang-mage-vendoring.diff
velociraptor-kafka-humio-gateway.service
velociraptor-kafka.sysusers
vendor-golang-0.6.7.5~git77.997aa73.tar.xz
vendor-golang-kafka-humio-gateway-0.6.7.5~git77.997aa73.tar.xz
vendor-nodejs-0.6.7.5~git77.997aa73.tar.xz
New:
----
CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
velociraptor-0.7.0.4.git74.3426c0a.obscpio
velociraptor-go_modules.tar.gz
velociraptor-node_modules.obscpio
velociraptor-nodejs.spec.inc
BETA DEBUG BEGIN:
Old:- Removed patch:
* velociraptor-golang-mage-vendoring.diff
- Rebased patch:
BETA DEBUG END:
BETA DEBUG BEGIN:
New: * bpf plugins: set a logger callback
- Add CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
(bsc#1221456)
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ velociraptor.spec ++++++
--- /var/tmp/diff_new_pack.al2KLy/_old 2024-04-05 20:29:15.109728102 +0200
+++ /var/tmp/diff_new_pack.al2KLy/_new 2024-04-05 20:29:15.125728690 +0200
@@ -1,7 +1,7 @@
#
-# spec file
+# spec file for package velociraptor
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,32 +21,43 @@
%if "%{flavor}" == "client"
%define build_client 1
%define build_server 0
-%define build_kafka_humio_gateway 0
%define name_suffix -client
%define make_target linux_bare
-%define config_perms %attr(0600, root, root)
-%define state_dir_perms %attr(0700, root, root)
+%define config_perms 0600, root, root
+%define state_dir_perms 0700, root, root
%else
-%define build_kafka_humio_gateway 1
%define build_server 1
%define build_client 0
%define name_suffix %{nil}
%define make_target linux
-%define config_perms %attr(0640, root, velociraptor)
-%define state_dir_perms %attr(0700, velociraptor, velociraptor)
+%define config_perms 0640, root, velociraptor
+%define state_dir_perms 0700, velociraptor, velociraptor
%endif
%define projname velociraptor
-%define vendor_version 0.6.7.5~git77.997aa73
%define vmlinux_h_version 5.14.21150400.22-150400-default
-# SLE 15 SP2 / Leap 15.2 or newer gets eBPF
+# SLE 15 SP3 / Leap 15.3 or newer gets eBPF
# Earlier versions don't have a usable eBPF and the
# release doesn't easily build llvm13
-%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150200
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} > 150200
+%bcond_without bpf
+%endif
+%if "%{_vendor}" == "debbuild"
+%bcond_without bpf
+%endif
+%if 0%{?rhel}
+# RHEL can do BPF but we need llvm for it
%bcond_without bpf
-%else
-%bcond_with bpf
+%endif
+
+%if "%{_vendor}" == "debbuild"
+%define _unitdir /usr/lib/systemd/system
+%endif
+
+# Older SLE releases and debbuild don't support uppercase VERSION macro
+%if "%{_vendor}" == "debbuild" || 0%{?sle_version} < 150000
+%define VERSION %{version}
%endif
#Compat macro for new _fillupdir macro introduced in Nov 2017
@@ -60,7 +71,7 @@
%endif
Name: velociraptor%{name_suffix}
-Version: 0.6.7.5~git81.01be570
+Version: 0.7.0.4.git74.3426c0a
Release: 0
%if %{build_server}
Summary: Endpoint visibility and collection tool
@@ -70,54 +81,113 @@
Group: System/Monitoring
License: AGPL-3.0-only
URL: https://github.com/Velocidex/velociraptor
-Source: %{projname}-%{version}.tar.xz
-Source1: vendor-golang-%{vendor_version}.tar.xz
-Source2: vendor-golang-kafka-humio-gateway-%{vendor_version}.tar.xz
-Source3: vendor-nodejs-%{vendor_version}.tar.xz
-Source4: vmlinux.h-%{vmlinux_h_version}.tar.xz
-Source5: velociraptor.service
-Source6: velociraptor-server.config.placeholder
-Source7: velociraptor-client.service
-Source8: velociraptor-client.config.placeholder
-Source9: update-vendoring.sh
-Source10: sysconfig.velociraptor
-Source11: sysconfig.velociraptor-client
-Source12: %{projname}.obsinfo
-Source13: system-user-velociraptor.sysusers
-Source14: velociraptor-kafka.sysusers
-Source15: velociraptor-kafka-humio-gateway.service
-Source16: sysconfig.velociraptor-kafka-humio-gateway
-Patch1: velociraptor-golang-mage-vendoring.diff
-Patch2: vendor-build-fixes-for-SLE12.patch
-Patch3: sdjournal-build-fix-for-SLE12.patch
-Patch4: velociraptor-reproducible-timestamp.diff
+Source: %{projname}-%{version}.tar.gz
+Source1: velociraptor-go_modules.tar.gz
+Source2: vmlinux.h-%{vmlinux_h_version}.tar.xz
+Source3: velociraptor.service
+Source4: velociraptor-server.config.placeholder
+Source5: velociraptor-client.service
+Source6: velociraptor-client.config.placeholder
+Source7: sysconfig.velociraptor
+Source8: sysconfig.velociraptor-client
+Source9: %{projname}.obsinfo
+Source10: system-user-velociraptor.sysusers
+Source11: velociraptor-nodejs.spec.inc
+
+%include %{_sourcedir}/velociraptor-nodejs.spec.inc
+
+Patch1: vendor-build-fixes-for-SLE12.patch
+Patch2: sdjournal-build-fix-for-SLE12.patch
+Patch3: velociraptor-reproducible-timestamp.diff
+# CVE-2024-28849 - bsc#1221456 - follow-redirects: Drop Proxy-Athorization
across hosts
+Patch4: CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
BuildRequires: fileb0x
+%if 0%{?suse_version}
BuildRequires: golang-packaging
-BuildRequires: mage
BuildRequires: systemd-rpm-macros
-BuildRequires: golang(API) >= 1.18
+BuildRequires: golang(API) >= 1.19
+BuildRequires: pkgconfig(libsystemd)
+%endif
+%if "%{_vendor}" == "debbuild"
+BuildRequires: golang >= 2:1.19~0
+BuildRequires: libsystemd-dev
+BuildRequires: pkg-config
+%endif
+%if 0%{?rhel}
+BuildRequires: golang >= 1.19
+BuildRequires: python3
+BuildRequires: systemd-devel
BuildRequires: pkgconfig(libsystemd)
+%endif
%if %{build_server}
+BuildRequires: local-npm-registry
BuildRequires: nodejs >= 18
BuildRequires: npm >= 18
%endif
%if %{with bpf}
-# clang15 causes libbpfgo to crash immediately
+%if 0%{?suse_version}
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150300
BuildRequires: clang16
+BuildRequires: llvm16
+%if 0%{?sle_version} > 150400
+BuildRequires: llvm16-libclang13
+%endif
+%else
+BuildRequires: clang13
+BuildRequires: llvm13
+%endif
BuildRequires: libelf-devel
BuildRequires: libzstd-devel
+BuildRequires: zlib-devel
+%endif
+%if "%{_vendor}" == "debbuild"
+BuildRequires: clang
+BuildRequires: libelf-dev
+BuildRequires: libzstd-dev
+BuildRequires: llvm
+BuildRequires: zlib1g-dev
+%endif
+%if 0%{?rhel}
+BuildRequires: clang >= 13
+BuildRequires: libelf-devel
BuildRequires: libzstd-devel
-BuildRequires: llvm16
+BuildRequires: llvm >= 13
BuildRequires: zlib-devel
%endif
-ExclusiveArch: x86_64 ppc64le aarch64 s390x
+%endif
%if %{build_server}
BuildRequires: sysuser-tools
Requires: group(velociraptor)
Requires: user(velociraptor)
+Obsoletes: velociraptor-kafka-humio-gateway < %{version}
%{?sysusers_requires}
%endif
+%if 0%{?suse_version}
+%if %{build_server}
+ExclusiveArch: x86_64
+%endif
+%else
+%if %{build_server}
+ExclusiveArch: do_not_build
+%else
+ExclusiveArch: x86_64 ppc64le aarch64 s390x
+%endif
+%endif
+
+%if 0%{?rhel}
+# RHEL builds aren't working yet
+ExclusiveArch: do_not_build
+%endif
+
+# Not *required* but without it, we spam the system log
+Recommends: auditd
+
+%if "%{vendor}" == "debbuild"
+%define mtag Packager: https://www.suse.com
+%mtag
+%endif
+
%if %{build_server}
%description
Velociraptor is a tool for collecting host based state information
@@ -143,18 +213,6 @@
%endif
-%if %{build_kafka_humio_gateway}
-%package kafka-humio-gateway
-Summary: Gateway between Kafka and Humio for Velociraptor Artifacts
-Version: 0.6.7.5~git81.01be570
-Requires: group(velociraptor-kafka)
-Requires: user(velociraptor-kafka)
-
-%description kafka-humio-gateway
-This tool is used to consume events generated by the Kafka Velociraptor plugin
-and post them to a Humio cluster.
-%endif
-
%if %{build_client}
%description
Velociraptor is a tool for collecting host based state information
@@ -169,16 +227,23 @@
%endif
%prep
-%setup -q -a 1 -a 2 -a 3 -a 4 -n %{projname}-%{version}
-%autopatch -p1
+%setup -q -a 1 -a 2 -n %{projname}-%{VERSION}
+%patch -P 1 -p1
+%patch -P 2 -p1
+%patch -P 3 -p1
# Set the version to something more specific than <next-tag>-dev
-sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go
+sed -ie "s/\([[:space:]]VERSION *= \).*/\1 \"%{VERSION}\"/"
constants/constants.go
%if %{with bpf}
mkdir -p third_party/libbpfgo/output
-cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
+arch=%{_arch}
+if test "$arch" = "amd64"; then
+ arch=x86_64
+fi
+
+cp vmlinux.h-%{vmlinux_h_version}/vmlinux-${arch}.h \
third_party/libbpfgo/output/vmlinux.h
%endif
@@ -187,27 +252,38 @@
# removing them outright.
# rm -rf artifacts/definitions/Windows
+%if %{build_server}
+pushd gui/velociraptor
+rm -f package-lock.json
+local-npm-registry %{_sourcedir} install
+popd
+%patch -P 4 -p1
+%endif
+
%build
-# Reproductible builds need stable timestamps
-timestamp=$(date -Iseconds --utc --date=@$(grep mtime: %{SOURCE12}|sed -e
's/mtime: //'))
-git_commit=$(grep commit: %{SOURCE12}|sed -e 's/commit: //g')
+# Reproducible builds need stable timestamps
+timestamp=$(date -Iseconds --utc --date=@$(grep mtime: %{SOURCE9}|sed -e
's/mtime: //'))
+git_commit=$(grep commit: %{SOURCE9}|sed -e 's/commit: //g')
export VELOCIRAPTOR_BUILD_TIME=$timestamp
export VELOCIRAPTOR_GIT_HEAD=$git_commit
%if %{build_server}
(cd gui/velociraptor ; npm run build)
-%sysusers_generate_pre %{SOURCE13} velociraptor-user
+%sysusers_generate_pre %{SOURCE10} velociraptor-user
%endif
-make %{make_target} BUILD_LIBBPFGO=%{with bpf} GIT=echo
-
-%if %{build_kafka_humio_gateway}
-(cd contrib/kafka-humio-gateway; go build -o %{name}-kafka-humio-gateway)
-%sysusers_generate_pre %{SOURCE16} kafka-user
+%if 0%{?suse_version}
+LLVM_STRIP=llvm-strip
+%else
+LLVM_STRIP=llvm-strip
%endif
+CLANG=clang
+
+PATH=$PATH:/usr/sbin make %{make_target} BUILD_BPF_PLUGINS=%{with bpf}
CLANG=$CLANG STRIP=$LLVM_STRIP
+
%install
install -D -d -m 0750 %buildroot/%{_sysconfdir}/velociraptor
install -D -d -m 0700 %buildroot/%{_sharedstatedir}/%{name}/data
@@ -215,35 +291,29 @@
install -D -d -m 0700 %buildroot/%{_sharedstatedir}/%{name}/tmp
%if %{build_server}
-service_file_source=%{SOURCE5}
-config_file_source=%{SOURCE6}
-sysconfig_file_source=%{SOURCE10}
+service_file_source=%{SOURCE3}
+config_file_source=%{SOURCE4}
+sysconfig_file_source=%{SOURCE7}
config_file=server.config
-install -D -m 0644 %{SOURCE13}
%{buildroot}%{_sysusersdir}/system-user-velociraptor.conf
+install -D -m 0644 %{SOURCE10}
%{buildroot}%{_sysusersdir}/system-user-velociraptor.conf
%else
-service_file_source=%{SOURCE7}
-config_file_source=%{SOURCE8}
-sysconfig_file_source=%{SOURCE11}
+service_file_source=%{SOURCE5}
+config_file_source=%{SOURCE6}
+sysconfig_file_source=%{SOURCE8}
config_file=client.config
%endif
-install -D -m 0644 "$service_file_source"
%{buildroot}%{_unitdir}/%{name}.service
+%if 0%{?suse_version}
install -D -m 0644 "$sysconfig_file_source"
%{buildroot}%{_fillupdir}/sysconfig.%{name}
-install -D -m 0640 "$config_file_source"
"%{buildroot}%{_sysconfdir}/velociraptor/$config_file"
-install -D -m 0755 output/velociraptor-v%{version}-linux-*
%buildroot/%{_bindir}/%{name}
-
-%if %{build_kafka_humio_gateway}
-install -D -m 0644 %{SOURCE15} %{buildroot}%{_unitdir}/
-install -D -m 0644 %{SOURCE16} %{buildroot}%{_fillupdir}/
-install -D -m 0755
contrib/kafka-humio-gateway/velociraptor-kafka-humio-gateway
%buildroot/%{_bindir}
-install -D -m 0644 contrib/kafka-humio-gateway/sample-config.yml \
-
%buildroot/%{_datadir}/velociraptor-kafka-humio-gateway/sample-config.yml
-install -D -m 0644 %{SOURCE14}
%{buildroot}%{_sysusersdir}/velociraptor-kafka.conf
-install -D -d -m 0750
%{buildroot}%{_sysconfdir}/velociraptor-kafka-humio-gateway
-install -D -m 0640 contrib/kafka-humio-gateway/sample-config.yml \
-
%buildroot/%{_sysconfdir}/velociraptor-kafka-humio-gateway/transport.yml
%endif
+%if "%{vendor}" == "debbuild"
+install -D -m 0644 "$sysconfig_file_source"
%{buildroot}/%{_sysconfdir}/default/%{name}
+%endif
+
+install -D -m 0644 "$service_file_source"
%{buildroot}%{_unitdir}/%{name}.service
+install -D -m 0640 "$config_file_source"
"%{buildroot}%{_sysconfdir}/velociraptor/$config_file"
+install -D -m 0755 output/velociraptor-v%{VERSION}-linux-*
%buildroot/%{_bindir}/%{name}
%files
%defattr(-, root, root)
@@ -251,16 +321,30 @@
%doc README.md
%{_bindir}/%{name}
%{_unitdir}/%{name}.service
+%if 0%{?suse_version}
%{_fillupdir}/sysconfig.%{name}
+%endif
+%if "%{vendor}" == "debbuild"
+%{_sysconfdir}/default/%{name}
+%endif
%dir %attr(-, root, velociraptor) %{_sysconfdir}/velociraptor
-%config(noreplace) %{config_perms} %{_sysconfdir}/velociraptor/*.config
-%dir %{state_dir_perms} %{_sharedstatedir}/%{name}
-%dir %{state_dir_perms} %{_sharedstatedir}/%{name}/data
-%dir %{state_dir_perms} %{_sharedstatedir}/%{name}/logs
-%dir %{state_dir_perms} %{_sharedstatedir}/%{name}/tmp
+%config(noreplace) %attr(%{config_perms}) %{_sysconfdir}/velociraptor/*.config
+%dir %attr(%{state_dir_perms}) %{_sharedstatedir}/%{name}
+%dir %attr(%{state_dir_perms}) %{_sharedstatedir}/%{name}/data
+%dir %attr(%{state_dir_perms}) %{_sharedstatedir}/%{name}/logs
+%dir %attr(%{state_dir_perms}) %{_sharedstatedir}/%{name}/tmp
+
+%if %{build_server}
+%files -n system-user-velociraptor
+%defattr(-, root, root)
+%{_sysusersdir}/system-user-velociraptor.conf
+
+%pre -n system-user-velociraptor -f velociraptor-user.pre
+%endif
+%if 0%{?suse_version}
%pre
%service_add_pre %{name}.service
@@ -273,41 +357,21 @@
%postun
%service_del_postun %{name}.service
-
-%if %{build_server}
-%pre -n system-user-velociraptor -f velociraptor-user.pre
-
-%files -n system-user-velociraptor
-%defattr(-, root, root)
-%{_sysusersdir}/system-user-velociraptor.conf
%endif
-%if %{build_kafka_humio_gateway}
-%files kafka-humio-gateway
-%defattr(-, root, root)
-%license LICENSE
-%doc contrib/kafka-humio-gateway/README.md
-%{_bindir}/velociraptor-kafka-humio-gateway
-%dir %{_datadir}/velociraptor-kafka-humio-gateway
-%{_datadir}/velociraptor-kafka-humio-gateway/sample-config.yml
-%{_sysusersdir}/velociraptor-kafka.conf
-%{_unitdir}/velociraptor-kafka-humio-gateway.service
-%{_fillupdir}/sysconfig.velociraptor-kafka-humio-gateway
-%dir %attr(750, root, velociraptor-kafka)
%{_sysconfdir}/velociraptor-kafka-humio-gateway
-%config(noreplace) %attr(0640, root, velociraptor-kafka)
%{_sysconfdir}/velociraptor-kafka-humio-gateway/transport.yml
-
-%pre kafka-humio-gateway -f kafka-user.pre
-%service_add_pre velociraptor-kafka-humio-gateway.service
-
-%post kafka-humio-gateway
-%{fillup_only -s kafka-humio-gateway}
-%service_add_post velociraptor-kafka-humio-gateway.service
-
-%preun kafka-humio-gateway
-%service_del_preun velociraptor-kafka-humio-gateway.service
-
-%postun kafka-humio-gateway
-%service_del_postun velociraptor-kafka-humio-gateway.service
-
+%if "%{_vendor}" == "debbuild"
+%postun
+# Automatically added by dh_installsystemd/13.11.4
+if [ "$1" = remove ] && [ -d /run/systemd/system ] ; then
+ systemctl --system daemon-reload >/dev/null || true
+fi
+# End automatically added section
+# Automatically added by dh_installsystemd/13.11.4
+if [ "$1" = "purge" ]; then
+ if [ -x "/usr/bin/deb-systemd-helper" ]; then
+ deb-systemd-helper purge 'velociraptor-client.service'
>/dev/null || true
+ fi
+fi
+# End automatically added section
%endif
++++++ CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch ++++++
>From c4f847f85176991f95ab9c88af63b1294de8649b Mon Sep 17 00:00:00 2001
From: Ruben Verborgh <ru...@verborgh.org>
Date: Thu, 14 Mar 2024 17:36:10 +0100
Subject: [PATCH] Drop Proxy-Authorization across hosts.
---
index.js | 2 +-
1 files changed, 1 insertions(+), 1 deletion(-)
diff --git a/gui/velociraptor/node_modules/follow-redirects/index.js
b/gui/velociraptor/node_modules/follow-redirects/index.js
index f58b933..c649cab 100644
--- a/gui/velociraptor/node_modules/follow-redirects/index.js
+++ b/gui/velociraptor/node_modules/follow-redirects/index.js
@@ -430,7 +430,7 @@ RedirectableRequest.prototype._processResponse = function
(response) {
redirectUrlParts.protocol !== "https:" ||
redirectUrlParts.host !== currentHost &&
!isSubdomain(redirectUrlParts.host, currentHost)) {
- removeMatchingHeaders(/^(?:authorization|cookie)$/i,
this._options.headers);
+ removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i,
this._options.headers);
}
// Evaluate the beforeRedirect callback
++++++ _service ++++++
--- /var/tmp/diff_new_pack.al2KLy/_old 2024-04-05 20:29:15.489742077 +0200
+++ /var/tmp/diff_new_pack.al2KLy/_new 2024-04-05 20:29:15.501742519 +0200
@@ -3,19 +3,34 @@
<param name="url">https://github.com/SUSE/linux-security-sensor</param>
<param name="filename">velociraptor</param>
<param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
- <param name="revision">sensor-base-0.6.7</param>
+ <param name="revision">sensor-base-0.7.0</param>
<param name="scm">git</param>
- <param name="parent-tag">v0.6.7-5</param>
- <param name="versionrewrite-pattern">v([0-9\.\-]*)-(.*)</param>
- <param name="versionrewrite-replacement">\1.\2</param>
+ <param name="parent-tag">sensor-base-0.7.0-4</param>
+ <param
name="versionrewrite-pattern">sensor-base-([0-9\.]*)-([0-9]*)~(.*)</param>
+ <param name="versionrewrite-replacement">\1.\2.\3</param>
<param name="changesgenerate">enable</param>
<param name="submodules">enable</param>
</service>
<service name="set_version" mode="manual" />
+ <service name="extract_file" mode="manual">
+ <param
name="files">velociraptor-*/gui/velociraptor/package-lock.json</param>
+ <param name="archive">velociraptor-[0-9]*.obscpio</param>
+ <param name="outfilename">package-lock.json</param>
+ </service>
+ <service mode="manual" name="go_modules">
+ <param name="compression">gz</param>
+ <param name="archive">velociraptor-0*.obscpio</param>
+ <param name="vendorname">velociraptor-go_modules</param>
+ </service>
+ <service mode="manual" name="node_modules">
+ <param name="cpio">velociraptor-node_modules.obscpio</param>
+ <param name="source-offset">10000</param>
+ <param name="output">velociraptor-nodejs.spec.inc</param>
+ </service>
<service mode="buildtime" name="tar"/>
<service mode="buildtime" name="recompress">
- <param name="file">*.tar</param>
- <param name="compression">xz</param>
+ <param name="file">velociraptor-[0-9]*.tar</param>
+ <param name="compression">gz</param>
</service>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.al2KLy/_old 2024-04-05 20:29:15.661748403 +0200
+++ /var/tmp/diff_new_pack.al2KLy/_new 2024-04-05 20:29:15.685749286 +0200
@@ -1,8 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/SUSE/linux-security-sensor</param>
- <param
name="changesrevision">01be57033daf2e1505c5ac686fb7b25df7cae760</param></service><service
name="tar_scm">
- <param
name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
- <param
name="changesrevision">02020f9752134efd8a6a92ab83a7b55b498e1948</param></service></servicedata>
+ <param
name="changesrevision">3426c0acec7d33e39ada1cd2e26f8a33af766197</param></service></servicedata>
(No newline at EOF)
++++++ sysconfig.velociraptor-client ++++++
--- /var/tmp/diff_new_pack.al2KLy/_old 2024-04-05 20:29:15.861755758 +0200
+++ /var/tmp/diff_new_pack.al2KLy/_new 2024-04-05 20:29:15.877756346 +0200
@@ -6,5 +6,5 @@
#
# Options for velociraptor-client
#
-VELOCIRAPTOR_CLIENT_OPTS="-v"
+VELOCIRAPTOR_CLIENT_OPTS=""
++++++ velociraptor-client.service ++++++
--- /var/tmp/diff_new_pack.al2KLy/_old 2024-04-05 20:29:16.033762084 +0200
+++ /var/tmp/diff_new_pack.al2KLy/_new 2024-04-05 20:29:16.037762232 +0200
@@ -9,11 +9,10 @@
MemoryHigh=4G
MemoryMax=8G
EnvironmentFile=-/etc/sysconfig/velociraptor-client
+EnvironmentFile=-/etc/default/velociraptor-client
Environment=TMPDIR=/var/lib/velociraptor-client/tmp
ExecStart=/usr/bin/velociraptor-client client --config
/etc/velociraptor/client.config $VELOCIRAPTOR_CLIENT_OPTS
-PrivateTmp=true
-PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
++++++ velociraptor-nodejs.spec.inc ++++++
++++ 884 lines (skipped)
++++++ velociraptor-reproducible-timestamp.diff ++++++
--- /var/tmp/diff_new_pack.al2KLy/_old 2024-04-05 20:29:16.081763849 +0200
+++ /var/tmp/diff_new_pack.al2KLy/_new 2024-04-05 20:29:16.101764585 +0200
@@ -3,11 +3,13 @@
In order to create reprodicible builds, we can't have timestamps that vary
without anything else changing.
-diff --git a/magefile.go b/magefile.go
-index 16badc2b..76011657 100644
---- a/magefile.go
-+++ b/magefile.go
-@@ -428,10 +428,18 @@ func build_gui_files() error {
+---
+ magefiles/magefile.go | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/magefiles/magefile.go
++++ b/magefiles/magefile.go
+@@ -472,10 +472,18 @@ func build_gui_files() error {
}
func flags() string {
++++++ velociraptor.obsinfo ++++++
--- /var/tmp/diff_new_pack.al2KLy/_old 2024-04-05 20:29:16.177767380 +0200
+++ /var/tmp/diff_new_pack.al2KLy/_new 2024-04-05 20:29:16.213768704 +0200
@@ -1,5 +1,5 @@
name: velociraptor
-version: 0.6.7.5~git81.01be570
-mtime: 1683679734
-commit: 01be57033daf2e1505c5ac686fb7b25df7cae760
+version: 0.7.0.4.git74.3426c0a
+mtime: 1712141066
+commit: 3426c0acec7d33e39ada1cd2e26f8a33af766197
++++++ velociraptor.service ++++++
--- /var/tmp/diff_new_pack.al2KLy/_old 2024-04-05 20:29:16.397775471 +0200
+++ /var/tmp/diff_new_pack.al2KLy/_new 2024-04-05 20:29:16.425776501 +0200
@@ -7,6 +7,7 @@
User=velociraptor
Group=velociraptor
EnvironmentFile=-/etc/sysconfig/velociraptor
+EnvironmentFile=-/etc/default/velociraptor
Environment=TMPDIR=/var/lib/velociraptor/tmp
ExecStart=/usr/bin/velociraptor frontend --verbose --config
/etc/velociraptor/server.config $VELOCIRAPTOR_OPTS
