commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package velociraptor for openSUSE:Factory
checked in at 2024-08-20 16:13:41
Comparing /work/SRC/openSUSE:Factory/velociraptor (Old)
and /work/SRC/openSUSE:Factory/.velociraptor.new.2698 (New)
Package is "velociraptor"
Tue Aug 20 16:13:41 2024 rev:14 rq:1194777 version:0.7.0.4.git97.675e45f9
Changes:
--- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes
2024-08-13 13:25:11.143100466 +0200
+++ /work/SRC/openSUSE:Factory/.velociraptor.new.2698/velociraptor.changes
2024-08-20 16:14:12.664192585 +0200
@@ -1,0 +2,8 @@
+Mon Aug 19 20:45:30 UTC 2024 - Antonio Teixeira
+
+- Update node modules with security fixes.
+ * Fixes CVE-2024-39338 (bsc#1229424)
+ * Remove CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
+as the update is included.
+
+---
Old:
CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
BETA DEBUG BEGIN:
Old: * Fixes CVE-2024-39338 (bsc#1229424)
* Remove CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
as the update is included.
BETA DEBUG END:
Other differences:
--
++ velociraptor.spec ++
--- /var/tmp/diff_new_pack.zMfFCM/_old 2024-08-20 16:14:14.520268766 +0200
+++ /var/tmp/diff_new_pack.zMfFCM/_new 2024-08-20 16:14:14.520268766 +0200
@@ -100,10 +100,8 @@
Patch1: vendor-build-fixes-for-SLE12.patch
Patch2: sdjournal-build-fix-for-SLE12.patch
Patch3: velociraptor-reproducible-timestamp.diff
-# PATCH-FIX-UPSTREAM
CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch bsc#1221456 --
follow-redirects: Drop Proxy-Athorization across hosts
-Patch4: CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
# PATCH-FIX-UPSTREAM CVE-2022-25883-npm-watch-semver-deps.patch bsc#1212572 --
upgrade npm-watch
-Patch5: CVE-2022-25883-npm-watch-semver-deps.patch
+Patch4: CVE-2022-25883-npm-watch-semver-deps.patch
BuildRequires: fileb0x
%if 0%{?suse_version}
BuildRequires: systemd-rpm-macros
@@ -257,7 +255,6 @@
%patch -P 2 -p1
%patch -P 3 -p1
%patch -P 4 -p1
-%patch -P 5 -p1
# Set the version to something more specific than -dev
sed -ie "s/\([[:space:]]VERSION *= \).*/\1 \"%{VERSION}\"/"
constants/constants.go
++ package-lock.json ++
1910 lines (skipped)
between /work/SRC/openSUSE:Factory/velociraptor/package-lock.json
and /work/SRC/openSUSE:Factory/.velociraptor.new.2698/package-lock.json
++ velociraptor-node_modules.obscpio ++
/work/SRC/openSUSE:Factory/velociraptor/velociraptor-node_modules.obscpio
/work/SRC/openSUSE:Factory/.velociraptor.new.2698/velociraptor-node_modules.obscpio
differ: char 15312, line 74
++ velociraptor-nodejs.spec.inc ++
1750 lines (skipped)
between
/work/SRC/openSUSE:Factory/velociraptor/velociraptor-nodejs.spec.inc
and
/work/SRC/openSUSE:Factory/.velociraptor.new.2698/velociraptor-nodejs.spec.inc
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package velociraptor for openSUSE:Factory
checked in at 2024-08-13 13:24:37
Comparing /work/SRC/openSUSE:Factory/velociraptor (Old)
and /work/SRC/openSUSE:Factory/.velociraptor.new.7232 (New)
Package is "velociraptor"
Tue Aug 13 13:24:37 2024 rev:13 rq:1193528 version:0.7.0.4.git97.675e45f9
Changes:
--- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes
2024-07-11 20:32:11.374696725 +0200
+++ /work/SRC/openSUSE:Factory/.velociraptor.new.7232/velociraptor.changes
2024-08-13 13:25:11.143100466 +0200
@@ -1,0 +2,6 @@
+Mon Aug 12 20:47:33 UTC 2024 - Antonio Teixeira
+
+- Move system-user-velociraptor to the client flavor build in order
+ to build it on all architectures.
+
+---
Other differences:
--
++ velociraptor.spec ++
--- /var/tmp/diff_new_pack.nCg9rs/_old 2024-08-13 13:25:12.643162966 +0200
+++ /var/tmp/diff_new_pack.nCg9rs/_new 2024-08-13 13:25:12.647163133 +0200
@@ -57,7 +57,7 @@
# Older SLE releases and debbuild don't support uppercase VERSION macro
%if "%{_vendor}" == "debbuild" || 0%{?sle_version} < 15
-%define VERSION %{version}
+%global VERSION %{version}
%endif
#Compat macro for new _fillupdir macro introduced in Nov 2017
@@ -163,16 +163,20 @@
%endif
%endif
%if %{build_server}
-BuildRequires: sysuser-tools
+BuildRequires: group(velociraptor)
Requires: group(velociraptor)
Requires: user(velociraptor)
Obsoletes: velociraptor-kafka-humio-gateway < %{version}
+%else
+%if 0%{?suse_version}
+BuildRequires: sysuser-tools
%{?sysusers_requires}
%endif
+%endif
%if 0%{?suse_version}
-# SLE12 doesn't support sysusers and releases lower than SP4 don't build the
server flavor which includes the system-user-velociraptor package.
-%if 0%{?sle_version} >= 12 && 0%{?sle_version} < 150400
+# SLE12 doesn't support sysusers
+%if 0%{?sle_version} >= 12 && 0%{?sle_version} < 15
Requires(pre): pwdutils
%define pre_create_group 1
%else
@@ -219,20 +223,7 @@
This package contains the velociraptor server and full console GUI.
For just the endpoint agent, please install the 'velociraptor-client' package.
-%package -n system-user-velociraptor
-Summary:System user and group 'velociraptor'
-Version:1.0.0
-License:Apache-2.0
-Group: System/Monitoring
-Provides: group(velociraptor)
-Provides: user(velociraptor)
-BuildArch: noarch
-
-%description -n system-user-velociraptor
-This package provides a shared system user for all velociraptor components
-
%endif
-
%if %{build_client}
%description
Velociraptor is a tool for collecting host based state information
@@ -244,6 +235,20 @@
This package contains only the endpoint agent. For the full server and GUI
console, please install the 'velociraptor' package.
+
+%if 0%{?suse_version}
+%package -n system-user-velociraptor
+Summary:System user and group 'velociraptor'
+Version:1.0.0
+License:Apache-2.0
+Group: System/Monitoring
+Provides: group(velociraptor)
+Provides: user(velociraptor)
+BuildArch: noarch
+
+%description -n system-user-velociraptor
+This package provides a shared system user for all velociraptor components
+%endif
%endif
%prep
@@ -291,8 +296,11 @@
%if %{build_server}
(cd gui/velociraptor ; npm run build)
+%else
+%if 0%{?suse_version}
%sysusers_generate_pre %{SOURCE10} velociraptor-user
%endif
+%endif
%if 0%{?suse_version}
LLVM_STRIP=llvm-strip
@@ -316,8 +324,10 @@
sysconfig_file_source=%{SOURCE7}
config_file=server.config
-install -D -m 0644 %{SOURCE10}
%{buildroot}%{_sysusersdir}/system-user-velociraptor.conf
%else
+%if 0%{?suse_version}
+install -D -m 0644 %{SOURCE10}
%{buildroot}%{_sysusersdir}/system-user-velociraptor.conf
+%endif
service_file_source=%{SOURCE5}
config_file_source=%{SOURCE6}
sysconfig_file_source=%{SOURCE8}
@@ -356,13 +366,15 @@
%dir %attr(%{state_dir_perms}) %{_sharedstatedir}/%{name}/logs
%dir %attr(%{state_dir_perms}) %{_sharedstatedir}/%{name}/tmp
-%if %{build_server}
+%if %{build_client}
+%if 0%{?suse_version}
%files -n system-user-velociraptor
%defattr(-, root, root)
%{_sysusersdir}/system-user-velociraptor.conf
%pre -n system-user-velociraptor -f velociraptor-user.pre
%endif
+%endif
%if 0%{?suse_version}
%pre
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package velociraptor for openSUSE:Factory
checked in at 2024-05-30 15:33:20
Comparing /work/SRC/openSUSE:Factory/velociraptor (Old)
and /work/SRC/openSUSE:Factory/.velociraptor.new.24587 (New)
Package is "velociraptor"
Thu May 30 15:33:20 2024 rev:11 rq:1177630 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes
2024-04-29 09:02:41.149969054 +0200
+++ /work/SRC/openSUSE:Factory/.velociraptor.new.24587/velociraptor.changes
2024-05-30 15:35:00.825845996 +0200
@@ -1,0 +2,9 @@
+Tue May 28 16:45:51 UTC 2024 - Antonio Teixeira
+
+- Patches changes:
+ * Change CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
+to update the follow-redirects package instead of patching directly.
+ * Added CVE-2022-25883-npm-watch-semver-deps.patch (bsc#1212572)
+- Add a package-lock.json to the package
+
+---
New:
CVE-2022-25883-npm-watch-semver-deps.patch
package-lock.json
BETA DEBUG BEGIN:
New:to update the follow-redirects package instead of patching directly.
* Added CVE-2022-25883-npm-watch-semver-deps.patch (bsc#1212572)
- Add a package-lock.json to the package
BETA DEBUG END:
Other differences:
--
++ velociraptor.spec ++
--- /var/tmp/diff_new_pack.gysvdB/_old 2024-05-30 15:35:03.453942178 +0200
+++ /var/tmp/diff_new_pack.gysvdB/_new 2024-05-30 15:35:03.457942324 +0200
@@ -93,14 +93,17 @@
Source9:%{projname}.obsinfo
Source10: system-user-velociraptor.sysusers
Source11: velociraptor-nodejs.spec.inc
+Source12: package-lock.json
%include %{_sourcedir}/velociraptor-nodejs.spec.inc
Patch1: vendor-build-fixes-for-SLE12.patch
Patch2: sdjournal-build-fix-for-SLE12.patch
Patch3: velociraptor-reproducible-timestamp.diff
-# CVE-2024-28849 - bsc#1221456 - follow-redirects: Drop Proxy-Athorization
across hosts
+# PATCH-FIX-UPSTREAM
CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch bsc#1221456 --
follow-redirects: Drop Proxy-Athorization across hosts
Patch4: CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
+# PATCH-FIX-UPSTREAM CVE-2022-25883-npm-watch-semver-deps.patch bsc#1212572 --
upgrade npm-watch
+Patch5: CVE-2022-25883-npm-watch-semver-deps.patch
BuildRequires: fileb0x
%if 0%{?suse_version}
BuildRequires: systemd-rpm-macros
@@ -243,6 +246,8 @@
%patch -P 1 -p1
%patch -P 2 -p1
%patch -P 3 -p1
+%patch -P 4 -p1
+%patch -P 5 -p1
# Set the version to something more specific than -dev
sed -ie "s/\([[:space:]]VERSION *= \).*/\1 \"%{VERSION}\"/"
constants/constants.go
@@ -263,13 +268,11 @@
# Note: There are dependencies on these that need to be resolved before
# removing them outright.
# rm -rf artifacts/definitions/Windows
-
%if %{build_server}
pushd gui/velociraptor
rm -f package-lock.json
-local-npm-registry %{_sourcedir} install
+local-npm-registry %{_sourcedir} install --include=dev --legacy-peer-deps
popd
-%patch -P 4 -p1
%endif
%build
++ CVE-2022-25883-npm-watch-semver-deps.patch ++
>From 76e999d0976ad6559574c92b79fe7432596d2d6c Mon Sep 17 00:00:00 2001
From: snyk-bot
Date: Sat, 27 Apr 2024 00:20:54 +
Subject: [PATCH] fix: gui/velociraptor/package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
---
gui/velociraptor/package.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: b/gui/velociraptor/package.json
===
--- a/gui/velociraptor/package.json
+++ b/gui/velociraptor/package.json
@@ -31,7 +31,7 @@
"lodash": "^4.17.21",
"moment": "^2.29.4",
"moment-timezone": "0.5.43",
-"npm-watch": "^0.11.0",
+"npm-watch": "^0.12.0",
"prop-types": "^15.8.1",
"qs": "^6.11.2",
"query-string": "^6.14.1",
++ CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch ++
--- /var/tmp/diff_new_pack.gysvdB/_old 2024-05-30 15:35:03.501943934 +0200
+++ /var/tmp/diff_new_pack.gysvdB/_new 2024-05-30 15:35:03.505944081 +0200
@@ -1,24 +1,31 @@
-From c4f847f85176991f95ab9c88af63b1294de8649b Mon Sep 17 00:00:00 2001
-From: Ruben Verborgh
-Date: Thu, 14 Mar 2024 17:36:10 +0100
-Subject: [PATCH] Drop Proxy-Authorization across hosts.
-
- index.js | 2 +-
- 1 files changed, 1 insertions(+), 1 deletion(-)
-
-diff --git a/gui/velociraptor/node_modules/follow-redirects/index.js
b/gui/velociraptor/node_modules/follow-redirects/index.js
-index f58b933..c649cab 100644
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package velociraptor for openSUSE:Factory
checked in at 2024-04-28 21:50:38
Comparing /work/SRC/openSUSE:Factory/velociraptor (Old)
and /work/SRC/openSUSE:Factory/.velociraptor.new.1880 (New)
Package is "velociraptor"
Sun Apr 28 21:50:38 2024 rev:10 rq:1170491 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes
2024-04-23 18:57:51.986346872 +0200
+++ /work/SRC/openSUSE:Factory/.velociraptor.new.1880/velociraptor.changes
2024-04-29 09:02:41.149969054 +0200
@@ -1,0 +2,5 @@
+Sat Apr 27 16:11:14 UTC 2024 - Antonio Teixeira
+
+- Fix group(velociraptor) dependency for SLE 15 SP3
+
+---
Other differences:
--
++ velociraptor.spec ++
--- /var/tmp/diff_new_pack.eiVyw1/_old 2024-04-29 09:02:43.146042010 +0200
+++ /var/tmp/diff_new_pack.eiVyw1/_new 2024-04-29 09:02:43.150042156 +0200
@@ -163,8 +163,8 @@
%endif
%if 0%{?suse_version}
-# SLE12 doesn't support sysusers
-%if 0%{?sle_version} >= 12 && 0%{?sle_version} < 15
+# SLE12 doesn't support sysusers and releases lower than SP4 don't build the
server flavor which includes the system-user-velociraptor package.
+%if 0%{?sle_version} >= 12 && 0%{?sle_version} < 150400
Requires(pre): pwdutils
%define pre_create_group 1
%else
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package velociraptor for openSUSE:Factory
checked in at 2024-04-18 22:12:21
Comparing /work/SRC/openSUSE:Factory/velociraptor (Old)
and /work/SRC/openSUSE:Factory/.velociraptor.new.26366 (New)
Package is "velociraptor"
Thu Apr 18 22:12:21 2024 rev:8 rq:1168852 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes
2024-04-05 20:29:09.841534357 +0200
+++ /work/SRC/openSUSE:Factory/.velociraptor.new.26366/velociraptor.changes
2024-04-18 22:13:25.067271374 +0200
@@ -1,0 +2,12 @@
+Wed Apr 17 21:53:20 UTC 2024 - Jeff Mahoney
+
+- Fix unresolveable Debian group-velociraptor dependency.
+
+---
+Wed Apr 17 15:52:52 UTC 2024 - Jeff Mahoney
+
+- Restore velociraptor group for client
+- Add %{name}(project:%_project) Provides for SLE15 and newer
+- Fixed SLE12-SP5 build
+
+---
Other differences:
--
++ velociraptor.spec ++
--- /var/tmp/diff_new_pack.w6a2fR/_old 2024-04-18 22:13:26.867337563 +0200
+++ /var/tmp/diff_new_pack.w6a2fR/_new 2024-04-18 22:13:26.871337710 +0200
@@ -103,7 +103,6 @@
Patch4: CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
BuildRequires: fileb0x
%if 0%{?suse_version}
-BuildRequires: golang-packaging
BuildRequires: systemd-rpm-macros
BuildRequires: golang(API) >= 1.19
BuildRequires: pkgconfig(libsystemd)
@@ -164,16 +163,24 @@
%endif
%if 0%{?suse_version}
+# SLE12 doesn't support sysusers
+%if 0%{?sle_version} >= 12 && 0%{?sle_version} < 15
+Requires(pre): pwdutils
+%define pre_create_group 1
+%else
+Requires: group(velociraptor)
+%endif
+%endif
+
%if %{build_server}
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
ExclusiveArch: x86_64
-%endif
%else
-%if %{build_server}
ExclusiveArch: do_not_build
+%endif
%else
ExclusiveArch: x86_64 ppc64le aarch64 s390x
%endif
-%endif
%if 0%{?rhel}
# RHEL builds aren't working yet
@@ -183,6 +190,10 @@
# Not *required* but without it, we spam the system log
Recommends: auditd
+%if 0%{?_project:1} && (0%{?suse_version} > 1500 || 0%{?sle_version} > 15)
+Provides: %{name}(project:%_project)
+%endif
+
%if "%{vendor}" == "debbuild"
%define mtag Packager: https://www.suse.com
%mtag
@@ -346,6 +357,10 @@
%if 0%{?suse_version}
%pre
+%if 0%{?pre_create_group}
+# create velociraptor group if it doesn't exist
+groupadd -f -r velociraptor 2>/dev/null || :
+%endif
%service_add_pre %{name}.service
%post
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package velociraptor for openSUSE:Factory checked in at 2024-04-05 20:28:36 Comparing /work/SRC/openSUSE:Factory/velociraptor (Old) and /work/SRC/openSUSE:Factory/.velociraptor.new.1905 (New) Package is "velociraptor" Fri Apr 5 20:28:36 2024 rev:7 rq:1165646 version:unknown Changes: --- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes 2023-07-27 16:53:26.126704807 +0200 +++ /work/SRC/openSUSE:Factory/.velociraptor.new.1905/velociraptor.changes 2024-04-05 20:29:09.841534357 +0200 @@ -1,0 +2,726 @@ +Fri Apr 5 13:01:05 UTC 2024 - Antonio Teixeira + +- Obsolete old velociraptor-kafka-humio-gateway package + +--- +Wed Apr 03 14:21:30 UTC 2024 - Antonio Teixeira + +- Update to version 0.7.0.4.git74.3426c0a: + * Fix services artifact symbol pid not found error + * chattrsnoop: correct read size for flags + * chattrsnoop: fix wrong FS_IOC_SETFLAGS value for ppc + * chattrsnoop: fix do_vfs_ioctl kprobe failure + +--- +Wed Apr 3 13:54:19 UTC 2024 - Antonio Teixeira + +- Remove nodejs sources from main spec file. + +--- +Tue Apr 02 21:52:32 UTC 2024 - Antonio Teixeira + +- Update to version 0.7.0.4.git68.ad1f4e5: + * Fix undefined binary.NativeEndian build errors +- Add llvm16-libclang13 dependency for SLE 15 SP5 and above + +--- +Tue Apr 2 12:02:12 UTC 2024 - Antonio Teixeira + +- Disable eBPF for SLE 15 SP2 + +--- +Sun Mar 31 23:38:18 UTC 2024 - Antonio Teixeira + +- Fix builds for SLE 15 SP3 and SLE 12 + * Revert to gzip compression instead of zstd for go modules + +--- +Mon Mar 25 17:19:16 UTC 2024 - Antonio Teixeira + +- Update to version 0.7.0.4.git66.eea7659: + * dnssnoop: fix loading protocol from ip header on s390 + * dnssnoop: fix htons() so it works on s390 too + * Fix systemd Services artifact missing events + * chattrsnoop: replace global variables with locals + * tcpsnoop: fix garbled results on s390 + * chattrsnoop: fix immutable attribute set on s390 + * chattrsnoop: fix bpf_probe_read for s390 + * tcpsnoop: remove unused filtering code + * Add artifact to collect new files without owner + * bpf plugins: set a logger callback +- Add CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch + (bsc#1221456) + +--- +Thu Feb 29 18:48:52 UTC 2024 - Antonio Teixeira + +- Reintroduce system-user-velociraptor package due to client %pre + and %postun scripts depending on velociraptor user and group. + +--- +Tue Feb 27 22:37:09 UTC 2024 - Antonio Teixeira + +- Obsolete old system-user-velociraptor package. +- Use zst compression for go modules. + +--- +Thu Feb 22 20:11:34 UTC 2024 - dorei...@suse.com + +- Update to version 0.7.0.4.git47.0f8a4de1: + * Rename SUSE specific artifacts to have SUSE prefix + * Add SUSE.Linux.Events.NewZeroSizeLogFile artifact + * Move NewFiles artifact to SUSE + * Move ImmutableFile artifact to SUSE + * Make ImmutableFile artifact consistent with others + * Fix absolute path case in ExecutableFiles artifact + * Add client monitoring artifact for RPMs + * Add artifact to collect new hidden files + * Add artifact to monitor ssh authorized_keys files + * Fix split_records error on older clients + * Add hash fields to Linux.Events.ProcessExecutions + * Add artifact to collect systemd service events + * Fix SystemLogins artifacts file extensions + * Add SUSE.Linux.Events.Timers artifact + * Fix audit filter key typo in Linux.Events.NewFiles + * Add server artifact to delete old client data on server + * Add SUSE.Linux.Sys.At artifact + * chattrsnoop: include full error details in logs + * chattrsnoop: handle os.Stat() error properly + * chattrsnoop: don't log.Fatal() on hash error + * Fix Linux.Events.ImmutableFile not showing hash in GUI + * SUSE.Linux.Events.Crontab: Add task execution artifacts + * Raise client connection log level to ERROR + * sdjournal: Correctly seek to current tail +- Remove verbose flag from client config + +--- +Thu Feb 22 15:56:44 UTC 2024 - dorei...@suse.com + +- Update to version 0.7.0.4.git6.7b40b8b: + * go.mod: increase go version to 1.19 + +---
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package velociraptor for openSUSE:Factory
checked in at 2023-07-27 16:53:11
Comparing /work/SRC/openSUSE:Factory/velociraptor (Old)
and /work/SRC/openSUSE:Factory/.velociraptor.new.32662 (New)
Package is "velociraptor"
Thu Jul 27 16:53:11 2023 rev:6 rq:1101044 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes
2023-05-10 16:19:23.207280758 +0200
+++ /work/SRC/openSUSE:Factory/.velociraptor.new.32662/velociraptor.changes
2023-07-27 16:53:26.126704807 +0200
@@ -1,0 +2,5 @@
+Tue Jul 18 09:31:19 UTC 2023 - Marcus Meissner
+
+- require the group / user only in the server build
+
+---
Other differences:
--
++ velociraptor.spec ++
--- /var/tmp/diff_new_pack.wgKEhl/_old 2023-07-27 16:53:27.718713803 +0200
+++ /var/tmp/diff_new_pack.wgKEhl/_new 2023-07-27 16:53:27.726713848 +0200
@@ -110,11 +110,11 @@
BuildRequires: llvm16
BuildRequires: zlib-devel
%endif
-Requires: group(velociraptor)
-Requires: user(velociraptor)
ExclusiveArch: x86_64 ppc64le aarch64 s390x
%if %{build_server}
BuildRequires: sysuser-tools
+Requires: group(velociraptor)
+Requires: user(velociraptor)
%{?sysusers_requires}
%endif
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package velociraptor for openSUSE:Factory
checked in at 2023-05-10 16:19:17
Comparing /work/SRC/openSUSE:Factory/velociraptor (Old)
and /work/SRC/openSUSE:Factory/.velociraptor.new.1533 (New)
Package is "velociraptor"
Wed May 10 16:19:17 2023 rev:5 rq:1085933 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes
2023-05-09 13:08:44.501522320 +0200
+++ /work/SRC/openSUSE:Factory/.velociraptor.new.1533/velociraptor.changes
2023-05-10 16:19:23.207280758 +0200
@@ -1,0 +2,13 @@
+Wed May 10 00:49:09 UTC 2023 - je...@suse.com
+
+- Update to version 0.6.7.5~git81.01be570:
+ * libbpfgo: pull fix for double-free
+ * logscale: add documentation for plugin
+
+---
+Tue May 9 14:10:31 UTC 2023 - Marcus Rueckert
+
+- bump minimum nodejs to 18:
+ building against 16 causes errors
+
+---
Old:
velociraptor-0.6.7.5~git78.2bef6fc.obscpio
New:
velociraptor-0.6.7.5~git81.01be570.obscpio
Other differences:
--
++ velociraptor.spec ++
--- /var/tmp/diff_new_pack.g9AzHu/_old 2023-05-10 16:19:24.707289631 +0200
+++ /var/tmp/diff_new_pack.g9AzHu/_new 2023-05-10 16:19:24.711289655 +0200
@@ -60,7 +60,7 @@
%endif
Name: velociraptor%{name_suffix}
-Version:0.6.7.5~git78.2bef6fc
+Version:0.6.7.5~git81.01be570
Release:0
%if %{build_server}
Summary:Endpoint visibility and collection tool
@@ -98,8 +98,8 @@
BuildRequires: golang(API) >= 1.18
BuildRequires: pkgconfig(libsystemd)
%if %{build_server}
-BuildRequires: nodejs >= 16
-BuildRequires: npm >= 16
+BuildRequires: nodejs >= 18
+BuildRequires: npm >= 18
%endif
%if %{with bpf}
# clang15 causes libbpfgo to crash immediately
@@ -146,7 +146,7 @@
%if %{build_kafka_humio_gateway}
%package kafka-humio-gateway
Summary:Gateway between Kafka and Humio for Velociraptor Artifacts
-Version:0.6.7.5~git78.2bef6fc
+Version:0.6.7.5~git81.01be570
Requires: group(velociraptor-kafka)
Requires: user(velociraptor-kafka)
++ _servicedata ++
--- /var/tmp/diff_new_pack.g9AzHu/_old 2023-05-10 16:19:24.827290341 +0200
+++ /var/tmp/diff_new_pack.g9AzHu/_new 2023-05-10 16:19:24.831290365 +0200
@@ -1,7 +1,7 @@
https://github.com/SUSE/linux-security-sensor
- 2bef6fce8e26733a13a3bbfeaa8c4828db1a99ba
+ 01be57033daf2e1505c5ac686fb7b25df7cae760
https://github.com/jeffmahoney/linux-security-sensor
02020f9752134efd8a6a92ab83a7b55b498e1948
(No newline at EOF)
++ velociraptor-0.6.7.5~git78.2bef6fc.obscpio ->
velociraptor-0.6.7.5~git81.01be570.obscpio ++
/work/SRC/openSUSE:Factory/velociraptor/velociraptor-0.6.7.5~git78.2bef6fc.obscpio
/work/SRC/openSUSE:Factory/.velociraptor.new.1533/velociraptor-0.6.7.5~git81.01be570.obscpio
differ: char 50, line 1
++ velociraptor.obsinfo ++
--- /var/tmp/diff_new_pack.g9AzHu/_old 2023-05-10 16:19:24.987291288 +0200
+++ /var/tmp/diff_new_pack.g9AzHu/_new 2023-05-10 16:19:24.991291312 +0200
@@ -1,5 +1,5 @@
name: velociraptor
-version: 0.6.7.5~git78.2bef6fc
-mtime: 1683577211
-commit: 2bef6fce8e26733a13a3bbfeaa8c4828db1a99ba
+version: 0.6.7.5~git81.01be570
+mtime: 1683679734
+commit: 01be57033daf2e1505c5ac686fb7b25df7cae760
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package velociraptor for openSUSE:Factory
checked in at 2023-05-09 13:08:33
Comparing /work/SRC/openSUSE:Factory/velociraptor (Old)
and /work/SRC/openSUSE:Factory/.velociraptor.new.1533 (New)
Package is "velociraptor"
Tue May 9 13:08:33 2023 rev:4 rq:1085597 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes
2023-02-11 21:57:31.147695652 +0100
+++ /work/SRC/openSUSE:Factory/.velociraptor.new.1533/velociraptor.changes
2023-05-09 13:08:44.501522320 +0200
@@ -2 +2,67 @@
-Thu Jan 26 20:06:09 UTC 2023 - je...@suse.com
+Tue May 9 01:25:01 UTC 2023 - Jeff Mahoney
+
+- Provide sysuser template for velociraptor user and group.
+
+---
+Mon May 08 20:21:03 UTC 2023 - je...@suse.com
+
+- Update to version 0.6.7.5~git78.2bef6fc:
+ * bpf: fix path to vmlinux.h
+
+---
+Mon May 08 19:42:58 UTC 2023 - Jeff Mahoney
+
+- Update to version 0.6.7.5~git77.997aa73:
+ * file_store/test_utils/server_config.go: update test certificate
+ * Update bluemonday dependency.
+ * vql/functions/hash: cache results on Linux
+ * libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0
+ * logscale/backport: don't use networking.GetHttpTransport
+ * vql/tools/logscale: add plugin to post events to LogScale ingestion
endpoint
+ * file_store/directory: add ability to report pending size
+- Change clang dependency to clang16
+- Fix velociraptor-golang-mage-vendoring.diff to account for newer
+ 'go mod vendor' honoring build flags.
+- Fix update-vendoring.sh script to actually run the %setup part of
+ the spec.
+- Merge client package into server spec and use _multibuild to create
+ client package from same spec file.
+- Adjust changelog to retain changes for client package.
+- Fix building in static mode on earlier releases.
+ - Added patch: velociraptor-libbpfgo-only-build-libbpf.patch
+- Removed patch: velociraptor-skip-git-submodule-import-for-OBS-build.patch
+
+---
+Fri Mar 10 18:54:37 UTC 2023 - Marcus Rueckert
+
+- Tightening the security of the services a bit:
+ - tmp files are now moved to /var/lib/velociraptor{,-client}/tmp
+from /tmp
+ - run velociraptor server as user velociraptor instead of root
+we do not really need root permissions here
+ - introduce /var/lib/velociraptor/filestore to make it easier to
+split out large file upload
+ - change permissions for the data directory and subdirectories to
+/var/lib/velociraptor/ u=rwX,go= velociraptor:velociraptor
+/var/lib/velociraptor-client/ u=rwX,go= root:root
+ - change permissions of config directory to:
+/etc/velociraptor/ u=rwX,g=rX,o= root:velociraptor
+/etc/velociraptor/server.config u=rw,g=r,o= root:velociraptor
+/etc/velociraptor/client.config u=rw,go=root:root
+
+---
+Fri Mar 10 15:36:18 UTC 2023 - Jeff Mahoney
+
+- Update to version 0.6.7.5~git6.73efb2a:
+ * libbpfgo: update submodule to require libzstd for newer libelf
+ * utils/time.js: fix handling of nanosecond-resolution timestamps
+ * libbpfgo: switch to using regular static builds
+ * Create a new 0.6.7-5 release (#2385)
+- Verify FILESYSTEM_WRITE permission on copy() function (#2384)
(bsc#1207936, CVE-2023-0242)
+- Also ensure client id is considered unsafe (bsc#1207937, CVE-2023-0290)
+ * github/workflows/linux: do apt-get update to refresh package lists
+- Remove unnecessary dependency on libtsan0.
+- Allow velociraptor and velociraptor-client packages to coexist.
+
+---
+Thu Jan 26 20:06:09 UTC 2023 - Jeff Mahoney
@@ -15 +81 @@
-Tue Jan 24 15:07:09 UTC 2023 - je...@suse.com
+Tue Jan 24 15:07:09 UTC 2023 - Jeff Mahoney
@@ -51,0 +118,5 @@
+Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller
+
+- client: add memory limit to systemd unit
+
+---
@@ -80,0 +152,5 @@
+Mon Jan 9 16:01:44 UTC 2023 - Jeff Mahoney
+
+- Added Restart=on-failure to restart the client automatically.
+
+---
@@ -1033 +1109,6 @@
-Thu Jan 06 20:14:39 UTC 2022 - Jeff Mahoney
+Thu Jan 6 21:50:43 UTC 2022 - Jeff Mahoney
+
+- client: Remove dependencies on nodejs since we don't use it in client mode.
+
+---
+Thu Jan 6 20:14:39 UTC 2022 - Jeff Mahoney
@@ -1058,0 +1140,2 @@
+ - Now building the client with linux_bare target that disables
+the GUI for endpoint usag
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package velociraptor for openSUSE:Factory
checked in at 2023-02-11 21:56:34
Comparing /work/SRC/openSUSE:Factory/velociraptor (Old)
and /work/SRC/openSUSE:Factory/.velociraptor.new.1848 (New)
Package is "velociraptor"
Sat Feb 11 21:56:34 2023 rev:3 rq:1064242 version:0.6.7.4~git63.4a1ed09d
Changes:
--- /work/SRC/openSUSE:Factory/velociraptor/velociraptor-client.changes
2023-01-21 19:10:40.120992749 +0100
+++
/work/SRC/openSUSE:Factory/.velociraptor.new.1848/velociraptor-client.changes
2023-02-11 21:57:31.119695478 +0100
@@ -1,0 +2,22 @@
+Thu Jan 26 20:06:09 UTC 2023 - je...@suse.com
+
+- Update to version 0.6.7.4~git63.4a1ed09d:
+ * utils/time.js: fix handling of nanosecond-resolution timestamps
+- Added patches:
+ * velociraptor-reproducible-timestamp.diff
+
+---
+Tue Jan 24 20:57:08 UTC 2023 - Jeff Mahoney
+
+- Use obsinfo mtime to produce stable build timestamp (bsc#1207369).
+
+---
+Tue Jan 24 15:07:09 UTC 2023 - je...@suse.com
+
+- Update to version 0.6.7.4~git60.8abed37a:
+ * http_comms: create ring buffer temporary file in the same directory
+ * cronsnoop: plumb in real scope logging
+ * cronsnoop: don't treat routine errors as fatal
+ * cronsnoop: fix typo
+
+---
@@ -30,5 +51,0 @@
-Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller
-
-- add memory limit to systemd unit
-
--
velociraptor.changes: same change
Old:
velociraptor-0.6.7.4~git53.0e85855.obscpio
New:
velociraptor-0.6.7.4~git63.4a1ed09d.obscpio
velociraptor-reproducible-timestamp.diff
Other differences:
--
++ velociraptor-client.spec ++
--- /var/tmp/diff_new_pack.YofiXb/_old 2023-02-11 21:57:31.635698691 +0100
+++ /var/tmp/diff_new_pack.YofiXb/_new 2023-02-11 21:57:31.639698716 +0100
@@ -40,7 +40,7 @@
%endif
Name: velociraptor-client
-Version:0.6.7.4~git53.0e85855
+Version:0.6.7.4~git63.4a1ed09d
Release:0
Summary:Endpoint visibility and collection tool (endpoint only)
Group: System/Monitoring
@@ -53,10 +53,12 @@
Source4:vmlinux.h-%{vmlinux_h_version}.tar.xz
Source5:update-vendoring.sh
Source6:sysconfig.%{name}
+Source7:%{projname}.obsinfo
Patch1: velociraptor-golang-mage-vendoring.diff
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
Patch3: vendor-build-fixes-for-SLE12.patch
Patch4: sdjournal-build-fix-for-SLE12.patch
+Patch5: velociraptor-reproducible-timestamp.diff
BuildRequires: fileb0x
BuildRequires: golang-packaging
BuildRequires: mage
@@ -107,6 +109,14 @@
# rm -rf artifacts/definitions/Windows
%build
+
+# Reproductible builds need stable timestamps
+timestamp=$(date -Iseconds --utc --date=@$(grep mtime: %{SOURCE7}|sed -e
's/mtime: //'))
+git_commit=$(grep commit: %{SOURCE7}|sed -e 's/commit: //g')
+
+export VELOCIRAPTOR_BUILD_TIME=$timestamp
+export VELOCIRAPTOR_GIT_HEAD=$git_commit
+
PATH=$PATH:/usr/sbin make linux_bare BUILD_LIBBPFGO=%{with bpf}
%install
++ velociraptor.spec ++
--- /var/tmp/diff_new_pack.YofiXb/_old 2023-02-11 21:57:31.683698990 +0100
+++ /var/tmp/diff_new_pack.YofiXb/_new 2023-02-11 21:57:31.691699039 +0100
@@ -40,7 +40,7 @@
%endif
Name: velociraptor
-Version:0.6.7.4~git53.0e85855
+Version:0.6.7.4~git63.4a1ed09d
Release:0
Summary:Endpoint visibility and collection tool
Group: System/Monitoring
@@ -58,10 +58,12 @@
Source9:update-vendoring.sh
Source10: sysconfig.%{name}
Source11: sysconfig.%{name}-client
+Source12: %{projname}.obsinfo
Patch1: velociraptor-golang-mage-vendoring.diff
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
Patch3: vendor-build-fixes-for-SLE12.patch
Patch4: sdjournal-build-fix-for-SLE12.patch
+Patch5: velociraptor-reproducible-timestamp.diff
BuildRequires: fileb0x
BuildRequires: golang-packaging
BuildRequires: mage
@@ -96,7 +98,7 @@
%package kafka-humio-gateway
Summary:Gateway between Kafka and Humio for Velociraptor Artifacts
-Version:0.6.7.4~git53.0e85855
+Version:0.6.7.4~git63.4a1ed09d
%description kafka-humio-gateway
This tool is used to consume events generated by the Kafka Velociraptor plugin
@@ -122,6 +124,14 @@
# rm -rf artifacts/definitions/Windows
%build
+
+# Reproductible builds need s
commit velociraptor for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package velociraptor for openSUSE:Factory
checked in at 2023-01-21 19:10:27
Comparing /work/SRC/openSUSE:Factory/velociraptor (Old)
and /work/SRC/openSUSE:Factory/.velociraptor.new.32243 (New)
Package is "velociraptor"
Sat Jan 21 19:10:27 2023 rev:2 rq:1060080 version:0.6.7.4~git53.0e85855
Changes:
--- /work/SRC/openSUSE:Factory/velociraptor/velociraptor-client.changes
2023-01-20 17:38:29.788460252 +0100
+++
/work/SRC/openSUSE:Factory/.velociraptor.new.32243/velociraptor-client.changes
2023-01-21 19:10:40.120992749 +0100
@@ -0,0 +1,38 @@
+---
+Sat Jan 21 04:07:38 UTC 2023 - Jeff Mahoney
+
+- Fixed release detection to include Tumblweed
+
+---
+Sat Jan 21 02:20:07 UTC 2023 - Jeff Mahoney
+
+- Increase required release to enable eBPF to SLE 15 SP2 and
+ openSUSE Leap 15.2. Earlier versions don't have a usable eBPF
+ and can't easily build llvm13.
+
+---
+Sat Jan 21 01:44:59 UTC 2023 - Jeff Mahoney
+
+- Remove dependency on bpftool. We use the vmlinux.h archive
+ to provide vmlinux.h.
+
+---
+Fri Jan 20 20:18:49 UTC 2023 - Jeff Mahoney
+
+- Restored %defattr due to SLE12 using rpm-4.11.
+- Fix builds in vendor code on SLE12
+- Fix build in third_party/sdjournal due to older systemd on SLE12
+- Added patches:
+ - vendor-build-fixes-for-SLE12.patch
+ - sdjournal-build-fix-for-SLE12.patch
+
+---
+Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller
+
+- add memory limit to systemd unit
+
+-
+Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller
+
+- add memory limit to systemd unit
+
--- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes
2023-01-20 17:38:29.888460805 +0100
+++ /work/SRC/openSUSE:Factory/.velociraptor.new.32243/velociraptor.changes
2023-01-21 19:10:40.196993183 +0100
@@ -1,0 +2,28 @@
+Sat Jan 21 04:07:38 UTC 2023 - Jeff Mahoney
+
+- Fixed release detection to include Tumblweed
+
+---
+Sat Jan 21 02:20:07 UTC 2023 - Jeff Mahoney
+
+- Increase required release to enable eBPF to SLE 15 SP2 and
+ openSUSE Leap 15.2. Earlier versions don't have a usable eBPF
+ and can't easily build llvm13.
+
+---
+Sat Jan 21 01:44:59 UTC 2023 - Jeff Mahoney
+
+- Remove dependency on bpftool. We use the vmlinux.h archive
+ to provide vmlinux.h.
+
+---
+Fri Jan 20 20:18:49 UTC 2023 - Jeff Mahoney
+
+- Restored %defattr due to SLE12 using rpm-4.11.
+- Fix builds in vendor code on SLE12
+- Fix build in third_party/sdjournal due to older systemd on SLE12
+- Added patches:
+ - vendor-build-fixes-for-SLE12.patch
+ - sdjournal-build-fix-for-SLE12.patch
+
+---
New:
sdjournal-build-fix-for-SLE12.patch
vendor-build-fixes-for-SLE12.patch
Other differences:
--
++ velociraptor-client.spec ++
--- /var/tmp/diff_new_pack.4drjIp/_old 2023-01-21 19:10:42.229004783 +0100
+++ /var/tmp/diff_new_pack.4drjIp/_new 2023-01-21 19:10:42.233004805 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package velociraptor
+# spec file for package velociraptor-client
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,16 +15,30 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
+
%define projname velociraptor
%define vendor_version 0.6.7.4~git41.678ed56
%define vmlinux_h_version 5.14.21150400.22-150400-default
-%if 0%{?suse_version} >= 1500
+# SLE 15 SP2 / Leap 15.2 or newer gets eBPF
+# Earlier versions don't have a usable eBPF and the
+# release doesn't easily build llvm13
+%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150200
%bcond_without bpf
%else
%bcond_with bpf
%endif
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+ %define _fillupdir %{_localstatedir}/adm/fillup-templates
+%endif
+
+# SLE12 has _sharedstatedir in an odd place
+%if 0%{?sle_version} >= 12 && 0%{?sle_version} < 15
+%define _sharedstatedir /var/lib
+%endif
+
Name: velociraptor-client
V
