commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package velociraptor for openSUSE:Factory checked in at 2024-08-20 16:13:41 Comparing /work/SRC/openSUSE:Factory/velociraptor (Old) and /work/SRC/openSUSE:Factory/.velociraptor.new.2698 (New) Package is "velociraptor" Tue Aug 20 16:13:41 2024 rev:14 rq:1194777 version:0.7.0.4.git97.675e45f9 Changes: --- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes 2024-08-13 13:25:11.143100466 +0200 +++ /work/SRC/openSUSE:Factory/.velociraptor.new.2698/velociraptor.changes 2024-08-20 16:14:12.664192585 +0200 @@ -1,0 +2,8 @@ +Mon Aug 19 20:45:30 UTC 2024 - Antonio Teixeira + +- Update node modules with security fixes. + * Fixes CVE-2024-39338 (bsc#1229424) + * Remove CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch +as the update is included. + +--- Old: CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch BETA DEBUG BEGIN: Old: * Fixes CVE-2024-39338 (bsc#1229424) * Remove CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch as the update is included. BETA DEBUG END: Other differences: -- ++ velociraptor.spec ++ --- /var/tmp/diff_new_pack.zMfFCM/_old 2024-08-20 16:14:14.520268766 +0200 +++ /var/tmp/diff_new_pack.zMfFCM/_new 2024-08-20 16:14:14.520268766 +0200 @@ -100,10 +100,8 @@ Patch1: vendor-build-fixes-for-SLE12.patch Patch2: sdjournal-build-fix-for-SLE12.patch Patch3: velociraptor-reproducible-timestamp.diff -# PATCH-FIX-UPSTREAM CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch bsc#1221456 -- follow-redirects: Drop Proxy-Athorization across hosts -Patch4: CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch # PATCH-FIX-UPSTREAM CVE-2022-25883-npm-watch-semver-deps.patch bsc#1212572 -- upgrade npm-watch -Patch5: CVE-2022-25883-npm-watch-semver-deps.patch +Patch4: CVE-2022-25883-npm-watch-semver-deps.patch BuildRequires: fileb0x %if 0%{?suse_version} BuildRequires: systemd-rpm-macros @@ -257,7 +255,6 @@ %patch -P 2 -p1 %patch -P 3 -p1 %patch -P 4 -p1 -%patch -P 5 -p1 # Set the version to something more specific than -dev sed -ie "s/\([[:space:]]VERSION *= \).*/\1 \"%{VERSION}\"/" constants/constants.go ++ package-lock.json ++ 1910 lines (skipped) between /work/SRC/openSUSE:Factory/velociraptor/package-lock.json and /work/SRC/openSUSE:Factory/.velociraptor.new.2698/package-lock.json ++ velociraptor-node_modules.obscpio ++ /work/SRC/openSUSE:Factory/velociraptor/velociraptor-node_modules.obscpio /work/SRC/openSUSE:Factory/.velociraptor.new.2698/velociraptor-node_modules.obscpio differ: char 15312, line 74 ++ velociraptor-nodejs.spec.inc ++ 1750 lines (skipped) between /work/SRC/openSUSE:Factory/velociraptor/velociraptor-nodejs.spec.inc and /work/SRC/openSUSE:Factory/.velociraptor.new.2698/velociraptor-nodejs.spec.inc
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package velociraptor for openSUSE:Factory checked in at 2024-08-13 13:24:37 Comparing /work/SRC/openSUSE:Factory/velociraptor (Old) and /work/SRC/openSUSE:Factory/.velociraptor.new.7232 (New) Package is "velociraptor" Tue Aug 13 13:24:37 2024 rev:13 rq:1193528 version:0.7.0.4.git97.675e45f9 Changes: --- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes 2024-07-11 20:32:11.374696725 +0200 +++ /work/SRC/openSUSE:Factory/.velociraptor.new.7232/velociraptor.changes 2024-08-13 13:25:11.143100466 +0200 @@ -1,0 +2,6 @@ +Mon Aug 12 20:47:33 UTC 2024 - Antonio Teixeira + +- Move system-user-velociraptor to the client flavor build in order + to build it on all architectures. + +--- Other differences: -- ++ velociraptor.spec ++ --- /var/tmp/diff_new_pack.nCg9rs/_old 2024-08-13 13:25:12.643162966 +0200 +++ /var/tmp/diff_new_pack.nCg9rs/_new 2024-08-13 13:25:12.647163133 +0200 @@ -57,7 +57,7 @@ # Older SLE releases and debbuild don't support uppercase VERSION macro %if "%{_vendor}" == "debbuild" || 0%{?sle_version} < 15 -%define VERSION %{version} +%global VERSION %{version} %endif #Compat macro for new _fillupdir macro introduced in Nov 2017 @@ -163,16 +163,20 @@ %endif %endif %if %{build_server} -BuildRequires: sysuser-tools +BuildRequires: group(velociraptor) Requires: group(velociraptor) Requires: user(velociraptor) Obsoletes: velociraptor-kafka-humio-gateway < %{version} +%else +%if 0%{?suse_version} +BuildRequires: sysuser-tools %{?sysusers_requires} %endif +%endif %if 0%{?suse_version} -# SLE12 doesn't support sysusers and releases lower than SP4 don't build the server flavor which includes the system-user-velociraptor package. -%if 0%{?sle_version} >= 12 && 0%{?sle_version} < 150400 +# SLE12 doesn't support sysusers +%if 0%{?sle_version} >= 12 && 0%{?sle_version} < 15 Requires(pre): pwdutils %define pre_create_group 1 %else @@ -219,20 +223,7 @@ This package contains the velociraptor server and full console GUI. For just the endpoint agent, please install the 'velociraptor-client' package. -%package -n system-user-velociraptor -Summary:System user and group 'velociraptor' -Version:1.0.0 -License:Apache-2.0 -Group: System/Monitoring -Provides: group(velociraptor) -Provides: user(velociraptor) -BuildArch: noarch - -%description -n system-user-velociraptor -This package provides a shared system user for all velociraptor components - %endif - %if %{build_client} %description Velociraptor is a tool for collecting host based state information @@ -244,6 +235,20 @@ This package contains only the endpoint agent. For the full server and GUI console, please install the 'velociraptor' package. + +%if 0%{?suse_version} +%package -n system-user-velociraptor +Summary:System user and group 'velociraptor' +Version:1.0.0 +License:Apache-2.0 +Group: System/Monitoring +Provides: group(velociraptor) +Provides: user(velociraptor) +BuildArch: noarch + +%description -n system-user-velociraptor +This package provides a shared system user for all velociraptor components +%endif %endif %prep @@ -291,8 +296,11 @@ %if %{build_server} (cd gui/velociraptor ; npm run build) +%else +%if 0%{?suse_version} %sysusers_generate_pre %{SOURCE10} velociraptor-user %endif +%endif %if 0%{?suse_version} LLVM_STRIP=llvm-strip @@ -316,8 +324,10 @@ sysconfig_file_source=%{SOURCE7} config_file=server.config -install -D -m 0644 %{SOURCE10} %{buildroot}%{_sysusersdir}/system-user-velociraptor.conf %else +%if 0%{?suse_version} +install -D -m 0644 %{SOURCE10} %{buildroot}%{_sysusersdir}/system-user-velociraptor.conf +%endif service_file_source=%{SOURCE5} config_file_source=%{SOURCE6} sysconfig_file_source=%{SOURCE8} @@ -356,13 +366,15 @@ %dir %attr(%{state_dir_perms}) %{_sharedstatedir}/%{name}/logs %dir %attr(%{state_dir_perms}) %{_sharedstatedir}/%{name}/tmp -%if %{build_server} +%if %{build_client} +%if 0%{?suse_version} %files -n system-user-velociraptor %defattr(-, root, root) %{_sysusersdir}/system-user-velociraptor.conf %pre -n system-user-velociraptor -f velociraptor-user.pre %endif +%endif %if 0%{?suse_version} %pre
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package velociraptor for openSUSE:Factory checked in at 2024-05-30 15:33:20 Comparing /work/SRC/openSUSE:Factory/velociraptor (Old) and /work/SRC/openSUSE:Factory/.velociraptor.new.24587 (New) Package is "velociraptor" Thu May 30 15:33:20 2024 rev:11 rq:1177630 version:unknown Changes: --- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes 2024-04-29 09:02:41.149969054 +0200 +++ /work/SRC/openSUSE:Factory/.velociraptor.new.24587/velociraptor.changes 2024-05-30 15:35:00.825845996 +0200 @@ -1,0 +2,9 @@ +Tue May 28 16:45:51 UTC 2024 - Antonio Teixeira + +- Patches changes: + * Change CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch +to update the follow-redirects package instead of patching directly. + * Added CVE-2022-25883-npm-watch-semver-deps.patch (bsc#1212572) +- Add a package-lock.json to the package + +--- New: CVE-2022-25883-npm-watch-semver-deps.patch package-lock.json BETA DEBUG BEGIN: New:to update the follow-redirects package instead of patching directly. * Added CVE-2022-25883-npm-watch-semver-deps.patch (bsc#1212572) - Add a package-lock.json to the package BETA DEBUG END: Other differences: -- ++ velociraptor.spec ++ --- /var/tmp/diff_new_pack.gysvdB/_old 2024-05-30 15:35:03.453942178 +0200 +++ /var/tmp/diff_new_pack.gysvdB/_new 2024-05-30 15:35:03.457942324 +0200 @@ -93,14 +93,17 @@ Source9:%{projname}.obsinfo Source10: system-user-velociraptor.sysusers Source11: velociraptor-nodejs.spec.inc +Source12: package-lock.json %include %{_sourcedir}/velociraptor-nodejs.spec.inc Patch1: vendor-build-fixes-for-SLE12.patch Patch2: sdjournal-build-fix-for-SLE12.patch Patch3: velociraptor-reproducible-timestamp.diff -# CVE-2024-28849 - bsc#1221456 - follow-redirects: Drop Proxy-Athorization across hosts +# PATCH-FIX-UPSTREAM CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch bsc#1221456 -- follow-redirects: Drop Proxy-Athorization across hosts Patch4: CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch +# PATCH-FIX-UPSTREAM CVE-2022-25883-npm-watch-semver-deps.patch bsc#1212572 -- upgrade npm-watch +Patch5: CVE-2022-25883-npm-watch-semver-deps.patch BuildRequires: fileb0x %if 0%{?suse_version} BuildRequires: systemd-rpm-macros @@ -243,6 +246,8 @@ %patch -P 1 -p1 %patch -P 2 -p1 %patch -P 3 -p1 +%patch -P 4 -p1 +%patch -P 5 -p1 # Set the version to something more specific than -dev sed -ie "s/\([[:space:]]VERSION *= \).*/\1 \"%{VERSION}\"/" constants/constants.go @@ -263,13 +268,11 @@ # Note: There are dependencies on these that need to be resolved before # removing them outright. # rm -rf artifacts/definitions/Windows - %if %{build_server} pushd gui/velociraptor rm -f package-lock.json -local-npm-registry %{_sourcedir} install +local-npm-registry %{_sourcedir} install --include=dev --legacy-peer-deps popd -%patch -P 4 -p1 %endif %build ++ CVE-2022-25883-npm-watch-semver-deps.patch ++ >From 76e999d0976ad6559574c92b79fe7432596d2d6c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 27 Apr 2024 00:20:54 + Subject: [PATCH] fix: gui/velociraptor/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795 --- gui/velociraptor/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: b/gui/velociraptor/package.json === --- a/gui/velociraptor/package.json +++ b/gui/velociraptor/package.json @@ -31,7 +31,7 @@ "lodash": "^4.17.21", "moment": "^2.29.4", "moment-timezone": "0.5.43", -"npm-watch": "^0.11.0", +"npm-watch": "^0.12.0", "prop-types": "^15.8.1", "qs": "^6.11.2", "query-string": "^6.14.1", ++ CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch ++ --- /var/tmp/diff_new_pack.gysvdB/_old 2024-05-30 15:35:03.501943934 +0200 +++ /var/tmp/diff_new_pack.gysvdB/_new 2024-05-30 15:35:03.505944081 +0200 @@ -1,24 +1,31 @@ -From c4f847f85176991f95ab9c88af63b1294de8649b Mon Sep 17 00:00:00 2001 -From: Ruben Verborgh -Date: Thu, 14 Mar 2024 17:36:10 +0100 -Subject: [PATCH] Drop Proxy-Authorization across hosts. - - index.js | 2 +- - 1 files changed, 1 insertions(+), 1 deletion(-) - -diff --git a/gui/velociraptor/node_modules/follow-redirects/index.js b/gui/velociraptor/node_modules/follow-redirects/index.js -index f58b933..c649cab 100644
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package velociraptor for openSUSE:Factory checked in at 2024-04-28 21:50:38 Comparing /work/SRC/openSUSE:Factory/velociraptor (Old) and /work/SRC/openSUSE:Factory/.velociraptor.new.1880 (New) Package is "velociraptor" Sun Apr 28 21:50:38 2024 rev:10 rq:1170491 version:unknown Changes: --- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes 2024-04-23 18:57:51.986346872 +0200 +++ /work/SRC/openSUSE:Factory/.velociraptor.new.1880/velociraptor.changes 2024-04-29 09:02:41.149969054 +0200 @@ -1,0 +2,5 @@ +Sat Apr 27 16:11:14 UTC 2024 - Antonio Teixeira + +- Fix group(velociraptor) dependency for SLE 15 SP3 + +--- Other differences: -- ++ velociraptor.spec ++ --- /var/tmp/diff_new_pack.eiVyw1/_old 2024-04-29 09:02:43.146042010 +0200 +++ /var/tmp/diff_new_pack.eiVyw1/_new 2024-04-29 09:02:43.150042156 +0200 @@ -163,8 +163,8 @@ %endif %if 0%{?suse_version} -# SLE12 doesn't support sysusers -%if 0%{?sle_version} >= 12 && 0%{?sle_version} < 15 +# SLE12 doesn't support sysusers and releases lower than SP4 don't build the server flavor which includes the system-user-velociraptor package. +%if 0%{?sle_version} >= 12 && 0%{?sle_version} < 150400 Requires(pre): pwdutils %define pre_create_group 1 %else
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package velociraptor for openSUSE:Factory checked in at 2024-04-18 22:12:21 Comparing /work/SRC/openSUSE:Factory/velociraptor (Old) and /work/SRC/openSUSE:Factory/.velociraptor.new.26366 (New) Package is "velociraptor" Thu Apr 18 22:12:21 2024 rev:8 rq:1168852 version:unknown Changes: --- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes 2024-04-05 20:29:09.841534357 +0200 +++ /work/SRC/openSUSE:Factory/.velociraptor.new.26366/velociraptor.changes 2024-04-18 22:13:25.067271374 +0200 @@ -1,0 +2,12 @@ +Wed Apr 17 21:53:20 UTC 2024 - Jeff Mahoney + +- Fix unresolveable Debian group-velociraptor dependency. + +--- +Wed Apr 17 15:52:52 UTC 2024 - Jeff Mahoney + +- Restore velociraptor group for client +- Add %{name}(project:%_project) Provides for SLE15 and newer +- Fixed SLE12-SP5 build + +--- Other differences: -- ++ velociraptor.spec ++ --- /var/tmp/diff_new_pack.w6a2fR/_old 2024-04-18 22:13:26.867337563 +0200 +++ /var/tmp/diff_new_pack.w6a2fR/_new 2024-04-18 22:13:26.871337710 +0200 @@ -103,7 +103,6 @@ Patch4: CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch BuildRequires: fileb0x %if 0%{?suse_version} -BuildRequires: golang-packaging BuildRequires: systemd-rpm-macros BuildRequires: golang(API) >= 1.19 BuildRequires: pkgconfig(libsystemd) @@ -164,16 +163,24 @@ %endif %if 0%{?suse_version} +# SLE12 doesn't support sysusers +%if 0%{?sle_version} >= 12 && 0%{?sle_version} < 15 +Requires(pre): pwdutils +%define pre_create_group 1 +%else +Requires: group(velociraptor) +%endif +%endif + %if %{build_server} +%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400 ExclusiveArch: x86_64 -%endif %else -%if %{build_server} ExclusiveArch: do_not_build +%endif %else ExclusiveArch: x86_64 ppc64le aarch64 s390x %endif -%endif %if 0%{?rhel} # RHEL builds aren't working yet @@ -183,6 +190,10 @@ # Not *required* but without it, we spam the system log Recommends: auditd +%if 0%{?_project:1} && (0%{?suse_version} > 1500 || 0%{?sle_version} > 15) +Provides: %{name}(project:%_project) +%endif + %if "%{vendor}" == "debbuild" %define mtag Packager: https://www.suse.com %mtag @@ -346,6 +357,10 @@ %if 0%{?suse_version} %pre +%if 0%{?pre_create_group} +# create velociraptor group if it doesn't exist +groupadd -f -r velociraptor 2>/dev/null || : +%endif %service_add_pre %{name}.service %post
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package velociraptor for openSUSE:Factory checked in at 2024-04-05 20:28:36 Comparing /work/SRC/openSUSE:Factory/velociraptor (Old) and /work/SRC/openSUSE:Factory/.velociraptor.new.1905 (New) Package is "velociraptor" Fri Apr 5 20:28:36 2024 rev:7 rq:1165646 version:unknown Changes: --- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes 2023-07-27 16:53:26.126704807 +0200 +++ /work/SRC/openSUSE:Factory/.velociraptor.new.1905/velociraptor.changes 2024-04-05 20:29:09.841534357 +0200 @@ -1,0 +2,726 @@ +Fri Apr 5 13:01:05 UTC 2024 - Antonio Teixeira + +- Obsolete old velociraptor-kafka-humio-gateway package + +--- +Wed Apr 03 14:21:30 UTC 2024 - Antonio Teixeira + +- Update to version 0.7.0.4.git74.3426c0a: + * Fix services artifact symbol pid not found error + * chattrsnoop: correct read size for flags + * chattrsnoop: fix wrong FS_IOC_SETFLAGS value for ppc + * chattrsnoop: fix do_vfs_ioctl kprobe failure + +--- +Wed Apr 3 13:54:19 UTC 2024 - Antonio Teixeira + +- Remove nodejs sources from main spec file. + +--- +Tue Apr 02 21:52:32 UTC 2024 - Antonio Teixeira + +- Update to version 0.7.0.4.git68.ad1f4e5: + * Fix undefined binary.NativeEndian build errors +- Add llvm16-libclang13 dependency for SLE 15 SP5 and above + +--- +Tue Apr 2 12:02:12 UTC 2024 - Antonio Teixeira + +- Disable eBPF for SLE 15 SP2 + +--- +Sun Mar 31 23:38:18 UTC 2024 - Antonio Teixeira + +- Fix builds for SLE 15 SP3 and SLE 12 + * Revert to gzip compression instead of zstd for go modules + +--- +Mon Mar 25 17:19:16 UTC 2024 - Antonio Teixeira + +- Update to version 0.7.0.4.git66.eea7659: + * dnssnoop: fix loading protocol from ip header on s390 + * dnssnoop: fix htons() so it works on s390 too + * Fix systemd Services artifact missing events + * chattrsnoop: replace global variables with locals + * tcpsnoop: fix garbled results on s390 + * chattrsnoop: fix immutable attribute set on s390 + * chattrsnoop: fix bpf_probe_read for s390 + * tcpsnoop: remove unused filtering code + * Add artifact to collect new files without owner + * bpf plugins: set a logger callback +- Add CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch + (bsc#1221456) + +--- +Thu Feb 29 18:48:52 UTC 2024 - Antonio Teixeira + +- Reintroduce system-user-velociraptor package due to client %pre + and %postun scripts depending on velociraptor user and group. + +--- +Tue Feb 27 22:37:09 UTC 2024 - Antonio Teixeira + +- Obsolete old system-user-velociraptor package. +- Use zst compression for go modules. + +--- +Thu Feb 22 20:11:34 UTC 2024 - dorei...@suse.com + +- Update to version 0.7.0.4.git47.0f8a4de1: + * Rename SUSE specific artifacts to have SUSE prefix + * Add SUSE.Linux.Events.NewZeroSizeLogFile artifact + * Move NewFiles artifact to SUSE + * Move ImmutableFile artifact to SUSE + * Make ImmutableFile artifact consistent with others + * Fix absolute path case in ExecutableFiles artifact + * Add client monitoring artifact for RPMs + * Add artifact to collect new hidden files + * Add artifact to monitor ssh authorized_keys files + * Fix split_records error on older clients + * Add hash fields to Linux.Events.ProcessExecutions + * Add artifact to collect systemd service events + * Fix SystemLogins artifacts file extensions + * Add SUSE.Linux.Events.Timers artifact + * Fix audit filter key typo in Linux.Events.NewFiles + * Add server artifact to delete old client data on server + * Add SUSE.Linux.Sys.At artifact + * chattrsnoop: include full error details in logs + * chattrsnoop: handle os.Stat() error properly + * chattrsnoop: don't log.Fatal() on hash error + * Fix Linux.Events.ImmutableFile not showing hash in GUI + * SUSE.Linux.Events.Crontab: Add task execution artifacts + * Raise client connection log level to ERROR + * sdjournal: Correctly seek to current tail +- Remove verbose flag from client config + +--- +Thu Feb 22 15:56:44 UTC 2024 - dorei...@suse.com + +- Update to version 0.7.0.4.git6.7b40b8b: + * go.mod: increase go version to 1.19 + +---
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package velociraptor for openSUSE:Factory checked in at 2023-07-27 16:53:11 Comparing /work/SRC/openSUSE:Factory/velociraptor (Old) and /work/SRC/openSUSE:Factory/.velociraptor.new.32662 (New) Package is "velociraptor" Thu Jul 27 16:53:11 2023 rev:6 rq:1101044 version:unknown Changes: --- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes 2023-05-10 16:19:23.207280758 +0200 +++ /work/SRC/openSUSE:Factory/.velociraptor.new.32662/velociraptor.changes 2023-07-27 16:53:26.126704807 +0200 @@ -1,0 +2,5 @@ +Tue Jul 18 09:31:19 UTC 2023 - Marcus Meissner + +- require the group / user only in the server build + +--- Other differences: -- ++ velociraptor.spec ++ --- /var/tmp/diff_new_pack.wgKEhl/_old 2023-07-27 16:53:27.718713803 +0200 +++ /var/tmp/diff_new_pack.wgKEhl/_new 2023-07-27 16:53:27.726713848 +0200 @@ -110,11 +110,11 @@ BuildRequires: llvm16 BuildRequires: zlib-devel %endif -Requires: group(velociraptor) -Requires: user(velociraptor) ExclusiveArch: x86_64 ppc64le aarch64 s390x %if %{build_server} BuildRequires: sysuser-tools +Requires: group(velociraptor) +Requires: user(velociraptor) %{?sysusers_requires} %endif
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package velociraptor for openSUSE:Factory checked in at 2023-05-10 16:19:17 Comparing /work/SRC/openSUSE:Factory/velociraptor (Old) and /work/SRC/openSUSE:Factory/.velociraptor.new.1533 (New) Package is "velociraptor" Wed May 10 16:19:17 2023 rev:5 rq:1085933 version:unknown Changes: --- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes 2023-05-09 13:08:44.501522320 +0200 +++ /work/SRC/openSUSE:Factory/.velociraptor.new.1533/velociraptor.changes 2023-05-10 16:19:23.207280758 +0200 @@ -1,0 +2,13 @@ +Wed May 10 00:49:09 UTC 2023 - je...@suse.com + +- Update to version 0.6.7.5~git81.01be570: + * libbpfgo: pull fix for double-free + * logscale: add documentation for plugin + +--- +Tue May 9 14:10:31 UTC 2023 - Marcus Rueckert + +- bump minimum nodejs to 18: + building against 16 causes errors + +--- Old: velociraptor-0.6.7.5~git78.2bef6fc.obscpio New: velociraptor-0.6.7.5~git81.01be570.obscpio Other differences: -- ++ velociraptor.spec ++ --- /var/tmp/diff_new_pack.g9AzHu/_old 2023-05-10 16:19:24.707289631 +0200 +++ /var/tmp/diff_new_pack.g9AzHu/_new 2023-05-10 16:19:24.711289655 +0200 @@ -60,7 +60,7 @@ %endif Name: velociraptor%{name_suffix} -Version:0.6.7.5~git78.2bef6fc +Version:0.6.7.5~git81.01be570 Release:0 %if %{build_server} Summary:Endpoint visibility and collection tool @@ -98,8 +98,8 @@ BuildRequires: golang(API) >= 1.18 BuildRequires: pkgconfig(libsystemd) %if %{build_server} -BuildRequires: nodejs >= 16 -BuildRequires: npm >= 16 +BuildRequires: nodejs >= 18 +BuildRequires: npm >= 18 %endif %if %{with bpf} # clang15 causes libbpfgo to crash immediately @@ -146,7 +146,7 @@ %if %{build_kafka_humio_gateway} %package kafka-humio-gateway Summary:Gateway between Kafka and Humio for Velociraptor Artifacts -Version:0.6.7.5~git78.2bef6fc +Version:0.6.7.5~git81.01be570 Requires: group(velociraptor-kafka) Requires: user(velociraptor-kafka) ++ _servicedata ++ --- /var/tmp/diff_new_pack.g9AzHu/_old 2023-05-10 16:19:24.827290341 +0200 +++ /var/tmp/diff_new_pack.g9AzHu/_new 2023-05-10 16:19:24.831290365 +0200 @@ -1,7 +1,7 @@ https://github.com/SUSE/linux-security-sensor - 2bef6fce8e26733a13a3bbfeaa8c4828db1a99ba + 01be57033daf2e1505c5ac686fb7b25df7cae760 https://github.com/jeffmahoney/linux-security-sensor 02020f9752134efd8a6a92ab83a7b55b498e1948 (No newline at EOF) ++ velociraptor-0.6.7.5~git78.2bef6fc.obscpio -> velociraptor-0.6.7.5~git81.01be570.obscpio ++ /work/SRC/openSUSE:Factory/velociraptor/velociraptor-0.6.7.5~git78.2bef6fc.obscpio /work/SRC/openSUSE:Factory/.velociraptor.new.1533/velociraptor-0.6.7.5~git81.01be570.obscpio differ: char 50, line 1 ++ velociraptor.obsinfo ++ --- /var/tmp/diff_new_pack.g9AzHu/_old 2023-05-10 16:19:24.987291288 +0200 +++ /var/tmp/diff_new_pack.g9AzHu/_new 2023-05-10 16:19:24.991291312 +0200 @@ -1,5 +1,5 @@ name: velociraptor -version: 0.6.7.5~git78.2bef6fc -mtime: 1683577211 -commit: 2bef6fce8e26733a13a3bbfeaa8c4828db1a99ba +version: 0.6.7.5~git81.01be570 +mtime: 1683679734 +commit: 01be57033daf2e1505c5ac686fb7b25df7cae760
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package velociraptor for openSUSE:Factory checked in at 2023-05-09 13:08:33 Comparing /work/SRC/openSUSE:Factory/velociraptor (Old) and /work/SRC/openSUSE:Factory/.velociraptor.new.1533 (New) Package is "velociraptor" Tue May 9 13:08:33 2023 rev:4 rq:1085597 version:unknown Changes: --- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes 2023-02-11 21:57:31.147695652 +0100 +++ /work/SRC/openSUSE:Factory/.velociraptor.new.1533/velociraptor.changes 2023-05-09 13:08:44.501522320 +0200 @@ -2 +2,67 @@ -Thu Jan 26 20:06:09 UTC 2023 - je...@suse.com +Tue May 9 01:25:01 UTC 2023 - Jeff Mahoney + +- Provide sysuser template for velociraptor user and group. + +--- +Mon May 08 20:21:03 UTC 2023 - je...@suse.com + +- Update to version 0.6.7.5~git78.2bef6fc: + * bpf: fix path to vmlinux.h + +--- +Mon May 08 19:42:58 UTC 2023 - Jeff Mahoney + +- Update to version 0.6.7.5~git77.997aa73: + * file_store/test_utils/server_config.go: update test certificate + * Update bluemonday dependency. + * vql/functions/hash: cache results on Linux + * libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0 + * logscale/backport: don't use networking.GetHttpTransport + * vql/tools/logscale: add plugin to post events to LogScale ingestion endpoint + * file_store/directory: add ability to report pending size +- Change clang dependency to clang16 +- Fix velociraptor-golang-mage-vendoring.diff to account for newer + 'go mod vendor' honoring build flags. +- Fix update-vendoring.sh script to actually run the %setup part of + the spec. +- Merge client package into server spec and use _multibuild to create + client package from same spec file. +- Adjust changelog to retain changes for client package. +- Fix building in static mode on earlier releases. + - Added patch: velociraptor-libbpfgo-only-build-libbpf.patch +- Removed patch: velociraptor-skip-git-submodule-import-for-OBS-build.patch + +--- +Fri Mar 10 18:54:37 UTC 2023 - Marcus Rueckert + +- Tightening the security of the services a bit: + - tmp files are now moved to /var/lib/velociraptor{,-client}/tmp +from /tmp + - run velociraptor server as user velociraptor instead of root +we do not really need root permissions here + - introduce /var/lib/velociraptor/filestore to make it easier to +split out large file upload + - change permissions for the data directory and subdirectories to +/var/lib/velociraptor/ u=rwX,go= velociraptor:velociraptor +/var/lib/velociraptor-client/ u=rwX,go= root:root + - change permissions of config directory to: +/etc/velociraptor/ u=rwX,g=rX,o= root:velociraptor +/etc/velociraptor/server.config u=rw,g=r,o= root:velociraptor +/etc/velociraptor/client.config u=rw,go=root:root + +--- +Fri Mar 10 15:36:18 UTC 2023 - Jeff Mahoney + +- Update to version 0.6.7.5~git6.73efb2a: + * libbpfgo: update submodule to require libzstd for newer libelf + * utils/time.js: fix handling of nanosecond-resolution timestamps + * libbpfgo: switch to using regular static builds + * Create a new 0.6.7-5 release (#2385) +- Verify FILESYSTEM_WRITE permission on copy() function (#2384) (bsc#1207936, CVE-2023-0242) +- Also ensure client id is considered unsafe (bsc#1207937, CVE-2023-0290) + * github/workflows/linux: do apt-get update to refresh package lists +- Remove unnecessary dependency on libtsan0. +- Allow velociraptor and velociraptor-client packages to coexist. + +--- +Thu Jan 26 20:06:09 UTC 2023 - Jeff Mahoney @@ -15 +81 @@ -Tue Jan 24 15:07:09 UTC 2023 - je...@suse.com +Tue Jan 24 15:07:09 UTC 2023 - Jeff Mahoney @@ -51,0 +118,5 @@ +Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller + +- client: add memory limit to systemd unit + +--- @@ -80,0 +152,5 @@ +Mon Jan 9 16:01:44 UTC 2023 - Jeff Mahoney + +- Added Restart=on-failure to restart the client automatically. + +--- @@ -1033 +1109,6 @@ -Thu Jan 06 20:14:39 UTC 2022 - Jeff Mahoney +Thu Jan 6 21:50:43 UTC 2022 - Jeff Mahoney + +- client: Remove dependencies on nodejs since we don't use it in client mode. + +--- +Thu Jan 6 20:14:39 UTC 2022 - Jeff Mahoney @@ -1058,0 +1140,2 @@ + - Now building the client with linux_bare target that disables +the GUI for endpoint usag
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package velociraptor for openSUSE:Factory checked in at 2023-02-11 21:56:34 Comparing /work/SRC/openSUSE:Factory/velociraptor (Old) and /work/SRC/openSUSE:Factory/.velociraptor.new.1848 (New) Package is "velociraptor" Sat Feb 11 21:56:34 2023 rev:3 rq:1064242 version:0.6.7.4~git63.4a1ed09d Changes: --- /work/SRC/openSUSE:Factory/velociraptor/velociraptor-client.changes 2023-01-21 19:10:40.120992749 +0100 +++ /work/SRC/openSUSE:Factory/.velociraptor.new.1848/velociraptor-client.changes 2023-02-11 21:57:31.119695478 +0100 @@ -1,0 +2,22 @@ +Thu Jan 26 20:06:09 UTC 2023 - je...@suse.com + +- Update to version 0.6.7.4~git63.4a1ed09d: + * utils/time.js: fix handling of nanosecond-resolution timestamps +- Added patches: + * velociraptor-reproducible-timestamp.diff + +--- +Tue Jan 24 20:57:08 UTC 2023 - Jeff Mahoney + +- Use obsinfo mtime to produce stable build timestamp (bsc#1207369). + +--- +Tue Jan 24 15:07:09 UTC 2023 - je...@suse.com + +- Update to version 0.6.7.4~git60.8abed37a: + * http_comms: create ring buffer temporary file in the same directory + * cronsnoop: plumb in real scope logging + * cronsnoop: don't treat routine errors as fatal + * cronsnoop: fix typo + +--- @@ -30,5 +51,0 @@ -Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller - -- add memory limit to systemd unit - -- velociraptor.changes: same change Old: velociraptor-0.6.7.4~git53.0e85855.obscpio New: velociraptor-0.6.7.4~git63.4a1ed09d.obscpio velociraptor-reproducible-timestamp.diff Other differences: -- ++ velociraptor-client.spec ++ --- /var/tmp/diff_new_pack.YofiXb/_old 2023-02-11 21:57:31.635698691 +0100 +++ /var/tmp/diff_new_pack.YofiXb/_new 2023-02-11 21:57:31.639698716 +0100 @@ -40,7 +40,7 @@ %endif Name: velociraptor-client -Version:0.6.7.4~git53.0e85855 +Version:0.6.7.4~git63.4a1ed09d Release:0 Summary:Endpoint visibility and collection tool (endpoint only) Group: System/Monitoring @@ -53,10 +53,12 @@ Source4:vmlinux.h-%{vmlinux_h_version}.tar.xz Source5:update-vendoring.sh Source6:sysconfig.%{name} +Source7:%{projname}.obsinfo Patch1: velociraptor-golang-mage-vendoring.diff Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch Patch3: vendor-build-fixes-for-SLE12.patch Patch4: sdjournal-build-fix-for-SLE12.patch +Patch5: velociraptor-reproducible-timestamp.diff BuildRequires: fileb0x BuildRequires: golang-packaging BuildRequires: mage @@ -107,6 +109,14 @@ # rm -rf artifacts/definitions/Windows %build + +# Reproductible builds need stable timestamps +timestamp=$(date -Iseconds --utc --date=@$(grep mtime: %{SOURCE7}|sed -e 's/mtime: //')) +git_commit=$(grep commit: %{SOURCE7}|sed -e 's/commit: //g') + +export VELOCIRAPTOR_BUILD_TIME=$timestamp +export VELOCIRAPTOR_GIT_HEAD=$git_commit + PATH=$PATH:/usr/sbin make linux_bare BUILD_LIBBPFGO=%{with bpf} %install ++ velociraptor.spec ++ --- /var/tmp/diff_new_pack.YofiXb/_old 2023-02-11 21:57:31.683698990 +0100 +++ /var/tmp/diff_new_pack.YofiXb/_new 2023-02-11 21:57:31.691699039 +0100 @@ -40,7 +40,7 @@ %endif Name: velociraptor -Version:0.6.7.4~git53.0e85855 +Version:0.6.7.4~git63.4a1ed09d Release:0 Summary:Endpoint visibility and collection tool Group: System/Monitoring @@ -58,10 +58,12 @@ Source9:update-vendoring.sh Source10: sysconfig.%{name} Source11: sysconfig.%{name}-client +Source12: %{projname}.obsinfo Patch1: velociraptor-golang-mage-vendoring.diff Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch Patch3: vendor-build-fixes-for-SLE12.patch Patch4: sdjournal-build-fix-for-SLE12.patch +Patch5: velociraptor-reproducible-timestamp.diff BuildRequires: fileb0x BuildRequires: golang-packaging BuildRequires: mage @@ -96,7 +98,7 @@ %package kafka-humio-gateway Summary:Gateway between Kafka and Humio for Velociraptor Artifacts -Version:0.6.7.4~git53.0e85855 +Version:0.6.7.4~git63.4a1ed09d %description kafka-humio-gateway This tool is used to consume events generated by the Kafka Velociraptor plugin @@ -122,6 +124,14 @@ # rm -rf artifacts/definitions/Windows %build + +# Reproductible builds need s
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package velociraptor for openSUSE:Factory checked in at 2023-01-21 19:10:27 Comparing /work/SRC/openSUSE:Factory/velociraptor (Old) and /work/SRC/openSUSE:Factory/.velociraptor.new.32243 (New) Package is "velociraptor" Sat Jan 21 19:10:27 2023 rev:2 rq:1060080 version:0.6.7.4~git53.0e85855 Changes: --- /work/SRC/openSUSE:Factory/velociraptor/velociraptor-client.changes 2023-01-20 17:38:29.788460252 +0100 +++ /work/SRC/openSUSE:Factory/.velociraptor.new.32243/velociraptor-client.changes 2023-01-21 19:10:40.120992749 +0100 @@ -0,0 +1,38 @@ +--- +Sat Jan 21 04:07:38 UTC 2023 - Jeff Mahoney + +- Fixed release detection to include Tumblweed + +--- +Sat Jan 21 02:20:07 UTC 2023 - Jeff Mahoney + +- Increase required release to enable eBPF to SLE 15 SP2 and + openSUSE Leap 15.2. Earlier versions don't have a usable eBPF + and can't easily build llvm13. + +--- +Sat Jan 21 01:44:59 UTC 2023 - Jeff Mahoney + +- Remove dependency on bpftool. We use the vmlinux.h archive + to provide vmlinux.h. + +--- +Fri Jan 20 20:18:49 UTC 2023 - Jeff Mahoney + +- Restored %defattr due to SLE12 using rpm-4.11. +- Fix builds in vendor code on SLE12 +- Fix build in third_party/sdjournal due to older systemd on SLE12 +- Added patches: + - vendor-build-fixes-for-SLE12.patch + - sdjournal-build-fix-for-SLE12.patch + +--- +Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller + +- add memory limit to systemd unit + +- +Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller + +- add memory limit to systemd unit + --- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes 2023-01-20 17:38:29.888460805 +0100 +++ /work/SRC/openSUSE:Factory/.velociraptor.new.32243/velociraptor.changes 2023-01-21 19:10:40.196993183 +0100 @@ -1,0 +2,28 @@ +Sat Jan 21 04:07:38 UTC 2023 - Jeff Mahoney + +- Fixed release detection to include Tumblweed + +--- +Sat Jan 21 02:20:07 UTC 2023 - Jeff Mahoney + +- Increase required release to enable eBPF to SLE 15 SP2 and + openSUSE Leap 15.2. Earlier versions don't have a usable eBPF + and can't easily build llvm13. + +--- +Sat Jan 21 01:44:59 UTC 2023 - Jeff Mahoney + +- Remove dependency on bpftool. We use the vmlinux.h archive + to provide vmlinux.h. + +--- +Fri Jan 20 20:18:49 UTC 2023 - Jeff Mahoney + +- Restored %defattr due to SLE12 using rpm-4.11. +- Fix builds in vendor code on SLE12 +- Fix build in third_party/sdjournal due to older systemd on SLE12 +- Added patches: + - vendor-build-fixes-for-SLE12.patch + - sdjournal-build-fix-for-SLE12.patch + +--- New: sdjournal-build-fix-for-SLE12.patch vendor-build-fixes-for-SLE12.patch Other differences: -- ++ velociraptor-client.spec ++ --- /var/tmp/diff_new_pack.4drjIp/_old 2023-01-21 19:10:42.229004783 +0100 +++ /var/tmp/diff_new_pack.4drjIp/_new 2023-01-21 19:10:42.233004805 +0100 @@ -1,7 +1,7 @@ # -# spec file for package velociraptor +# spec file for package velociraptor-client # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,16 +15,30 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # + %define projname velociraptor %define vendor_version 0.6.7.4~git41.678ed56 %define vmlinux_h_version 5.14.21150400.22-150400-default -%if 0%{?suse_version} >= 1500 +# SLE 15 SP2 / Leap 15.2 or newer gets eBPF +# Earlier versions don't have a usable eBPF and the +# release doesn't easily build llvm13 +%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150200 %bcond_without bpf %else %bcond_with bpf %endif +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif + +# SLE12 has _sharedstatedir in an odd place +%if 0%{?sle_version} >= 12 && 0%{?sle_version} < 15 +%define _sharedstatedir /var/lib +%endif + Name: velociraptor-client V