Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package trivy for openSUSE:Factory checked in at 2024-06-20 16:47:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trivy (Old) and /work/SRC/openSUSE:Factory/.trivy.new.18349 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trivy" Thu Jun 20 16:47:35 2024 rev:65 rq:1181783 version:0.52.2 Changes: -------- --- /work/SRC/openSUSE:Factory/trivy/trivy.changes 2024-06-13 15:39:54.266102896 +0200 +++ /work/SRC/openSUSE:Factory/.trivy.new.18349/trivy.changes 2024-06-20 16:48:02.691413344 +0200 @@ -1,0 +2,14 @@ +Wed Jun 19 15:58:20 UTC 2024 - dmuel...@suse.com + +- Update to version 0.52.2: + * release: v0.52.2 [release/v0.52] (#6896) + * ci: use `ubuntu-latest-m` runner [backport: release/v0.52] (#6933) + * chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 [backport: release/v0.52] (#6919) + * test: bump docker API to 1.45 [backport: release/v0.52] (#6922) + * ci: bump `github.com/goreleaser/goreleaser` to `v2.0.0` [backport: release/v0.52] (#6893) + * fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892) +- add add-opensuse-tumbleweed-db.patch, + add-opensuse-tumbleweed-support.patch: patches for tumbleweed + support + +------------------------------------------------------------------- Old: ---- trivy-0.52.1.tar.zst New: ---- add-opensuse-tumbleweed-db.patch add-opensuse-tumbleweed-support.patch trivy-0.52.2.tar.zst BETA DEBUG BEGIN: New: * fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892) - add add-opensuse-tumbleweed-db.patch, add-opensuse-tumbleweed-support.patch: patches for tumbleweed New:- add add-opensuse-tumbleweed-db.patch, add-opensuse-tumbleweed-support.patch: patches for tumbleweed support BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trivy.spec ++++++ --- /var/tmp/diff_new_pack.oBlFtb/_old 2024-06-20 16:48:05.551513939 +0200 +++ /var/tmp/diff_new_pack.oBlFtb/_new 2024-06-20 16:48:05.551513939 +0200 @@ -17,7 +17,7 @@ Name: trivy -Version: 0.52.1 +Version: 0.52.2 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 @@ -25,6 +25,9 @@ URL: https://github.com/aquasecurity/trivy Source: %{name}-%{version}.tar.zst Source1: vendor.tar.zst +# From https://github.com/aquasecurity/trivy-db/pull/411.patch +Patch1: add-opensuse-tumbleweed-db.patch +Patch2: https://github.com/aquasecurity/trivy/pull/6965.patch#/add-opensuse-tumbleweed-support.patch BuildRequires: golang(API) = 1.22 BuildRequires: golang-packaging BuildRequires: zstd @@ -43,7 +46,11 @@ name of the container. %prep -%autosetup -p1 -a1 +%setup -a1 +pushd vendor/github.com/aquasecurity/trivy-db +%patch -P 1 -p1 +popd +%patch -P 2 -p1 %build export CGO_ENABLED=1 ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.oBlFtb/_old 2024-06-20 16:48:05.591515346 +0200 +++ /var/tmp/diff_new_pack.oBlFtb/_new 2024-06-20 16:48:05.595515486 +0200 @@ -1,5 +1,5 @@ -mtime: 1718202186 -commit: 7d888486b3169cd9355313ba1eb6f09523096cbaa9c86dba517e4115db6fcc09 +mtime: 1718814149 +commit: 661ba9512713191dbad2929ae1a76f9ef89bbcaa0f3da1fac367aa96b97f6054 url: https://src.opensuse.org/dirkmueller/trivy.git -revision: 7d888486b3169cd9355313ba1eb6f09523096cbaa9c86dba517e4115db6fcc09 +revision: 661ba9512713191dbad2929ae1a76f9ef89bbcaa0f3da1fac367aa96b97f6054 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.oBlFtb/_old 2024-06-20 16:48:05.615516189 +0200 +++ /var/tmp/diff_new_pack.oBlFtb/_new 2024-06-20 16:48:05.619516331 +0200 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="manual"> <param name="url">https://github.com/aquasecurity/trivy</param> <param name="scm">git</param> - <param name="revision">v0.52.1</param> + <param name="revision">v0.52.2</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.oBlFtb/_old 2024-06-20 16:48:05.643517175 +0200 +++ /var/tmp/diff_new_pack.oBlFtb/_new 2024-06-20 16:48:05.647517316 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/aquasecurity/trivy</param> - <param name="changesrevision">a3caf0658c9eccea18c261123112f2679a205ad9</param></service></servicedata> + <param name="changesrevision">8709d4f9c8ae29df1ff2e0d45b414cc075d3ea0b</param></service></servicedata> (No newline at EOF) ++++++ add-opensuse-tumbleweed-db.patch ++++++ >From f055a591d0ad779eab39ad0b13bd240653c9f137 Mon Sep 17 00:00:00 2001 From: Marcus Meissner <meiss...@suse.de> Date: Wed, 19 Jun 2024 09:59:41 +0200 Subject: [PATCH 1/2] added openSUSE Tumbleweed version detection (Tumbleweed has no version as it is rolling) https://github.com/aquasecurity/trivy-db/issues/410 --- pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 18 +++++++++++++++--- pkg/vulnsrc/suse-cvrf/suse-cvrf_test.go | 4 ++++ 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go index be3d4eff..297b29eb 100644 --- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go +++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go @@ -24,8 +24,10 @@ type Distribution int const ( SUSEEnterpriseLinux Distribution = iota OpenSUSE + OpenSUSETumbleweed - platformOpenSUSEFormat = "openSUSE Leap %s" + platformOpenSUSETumbleweedFormat = "openSUSE Tumbleweed" + platformOpenSUSELeapFormat = "openSUSE Leap %s" platformSUSELinuxFormat = "SUSE Linux Enterprise %s" ) @@ -55,6 +57,9 @@ func (vs VulnSrc) Name() types.SourceID { if vs.dist == OpenSUSE { return "opensuse-cvrf" } + if vs.dist == OpenSUSETumbleweed { + return "opensuse-tumbleweed-cvrf" + } return source.ID } @@ -66,6 +71,7 @@ func (vs VulnSrc) Update(dir string) error { case SUSEEnterpriseLinux: rootDir = filepath.Join(rootDir, "suse") case OpenSUSE: + case OpenSUSETumbleweed: rootDir = filepath.Join(rootDir, "opensuse") default: return xerrors.New("unknown distribution") @@ -185,6 +191,10 @@ func getOSVersion(platformName string) string { // SUSE Linux Enterprise Module for SUSE Manager Server 4.0 return "" } + if strings.HasPrefix(platformName, "openSUSE Tumbleweed") { + // Tumbleweed has no version, it is a rolling release + return platformOpenSUSETumbleweedFormat + } if strings.HasPrefix(platformName, "openSUSE Leap") { // openSUSE Leap 15.0 ss := strings.Split(platformName, " ") @@ -196,7 +206,7 @@ func getOSVersion(platformName string) string { log.Printf("invalid version: %s, err: %s", platformName, err) return "" } - return fmt.Sprintf(platformOpenSUSEFormat, ss[2]) + return fmt.Sprintf(platformOpenSUSELeapFormat, ss[2]) } if strings.Contains(platformName, "SUSE Linux Enterprise") { // e.g. SUSE Linux Enterprise Storage 7, SUSE Linux Enterprise Micro 5.1 @@ -276,7 +286,9 @@ func (vs VulnSrc) Get(version string, pkgName string) ([]types.Advisory, error) case SUSEEnterpriseLinux: bucket = fmt.Sprintf(platformSUSELinuxFormat, version) case OpenSUSE: - bucket = fmt.Sprintf(platformOpenSUSEFormat, version) + bucket = fmt.Sprintf(platformOpenSUSELeapFormat, version) + case OpenSUSETumbleweed: + bucket = platformOpenSUSETumbleweedFormat default: return nil, xerrors.New("unknown distribution") } >From a6bad64919d94263c6e075f2f3676b6cdbfe811d Mon Sep 17 00:00:00 2001 From: Marcus Meissner <meiss...@suse.de> Date: Wed, 19 Jun 2024 16:07:49 +0200 Subject: [PATCH 2/2] Update pkg/vulnsrc/suse-cvrf/suse-cvrf.go Co-authored-by: Teppei Fukuda <knqyf...@gmail.com> --- pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go index 297b29eb..f616990e 100644 --- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go +++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go @@ -70,8 +70,7 @@ func (vs VulnSrc) Update(dir string) error { switch vs.dist { case SUSEEnterpriseLinux: rootDir = filepath.Join(rootDir, "suse") - case OpenSUSE: - case OpenSUSETumbleweed: + case OpenSUSE, OpenSUSETumbleweed: rootDir = filepath.Join(rootDir, "opensuse") default: return xerrors.New("unknown distribution") ++++++ add-opensuse-tumbleweed-support.patch ++++++ >From 3e9c8361a53b33bdd8bfe3009fae69a50fe5f261 Mon Sep 17 00:00:00 2001 From: Marcus Meissner <meiss...@suse.de> Date: Wed, 19 Jun 2024 10:32:34 +0200 Subject: [PATCH] feat: add openSUSE tumbleweed detection and scanning needs changes in trivy-db to go along from https://github.com/aquasecurity/trivy-db/pull/411 to go along https://github.com/aquasecurity/trivy-db/issues/410 --- docs/docs/coverage/os/index.md | 1 + docs/docs/coverage/os/suse.md | 5 +++-- pkg/detector/ospkg/detect.go | 1 + pkg/detector/ospkg/suse/suse.go | 9 +++++++++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/docs/coverage/os/index.md b/docs/docs/coverage/os/index.md index a8d2670d7d6..49982b1b2d6 100644 --- a/docs/docs/coverage/os/index.md +++ b/docs/docs/coverage/os/index.md @@ -22,6 +22,7 @@ Trivy supports operating systems for | [CBL-Mariner](cbl-mariner.md) | 1.0, 2.0 | dnf/yum/rpm | | [Amazon Linux](amazon.md) | 1, 2, 2023 | dnf/yum/rpm | | [openSUSE Leap](suse.md) | 42, 15 | zypper/rpm | +| [openSUSE Tumbleweed](suse.md) | (n/a) | zypper/rpm | | [SUSE Enterprise Linux](suse.md) | 11, 12, 15 | zypper/rpm | | [Photon OS](photon.md) | 1.0, 2.0, 3.0, 4.0 | tndf/yum/rpm | | [Debian GNU/Linux](debian.md) | 7, 8, 9, 10, 11, 12 | apt/dpkg | diff --git a/docs/docs/coverage/os/suse.md b/docs/docs/coverage/os/suse.md index 6ff52de31c8..15cfb1e9379 100644 --- a/docs/docs/coverage/os/suse.md +++ b/docs/docs/coverage/os/suse.md @@ -2,6 +2,7 @@ Trivy supports the following distributions: - openSUSE Leap +- openSUSE Tumbleweed - SUSE Enterprise Linux (SLE) Please see [here](index.md#supported-os) for supported versions. @@ -35,6 +36,6 @@ Trivy identifies licenses by examining the metadata of RPM packages. [dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies -[cvrf]: http://ftp.suse.com/pub/projects/security/cvrf/ +[cvrf]: https://ftp.suse.com/pub/projects/security/cvrf/ -[vulnerability statuses]: ../../configuration/filtering.md#by-status \ No newline at end of file +[vulnerability statuses]: ../../configuration/filtering.md#by-status diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go index bbeb8e8649d..56c4b76d147 100644 --- a/pkg/detector/ospkg/detect.go +++ b/pkg/detector/ospkg/detect.go @@ -40,6 +40,7 @@ var ( ftypes.CentOS: redhat.NewScanner(), ftypes.Rocky: rocky.NewScanner(), ftypes.Oracle: oracle.NewScanner(), + ftypes.OpenSUSETumbleweed: suse.NewScanner(suse.OpenSUSETumbleweed), ftypes.OpenSUSELeap: suse.NewScanner(suse.OpenSUSE), ftypes.SLES: suse.NewScanner(suse.SUSEEnterpriseLinux), ftypes.Photon: photon.NewScanner(), diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go index a5ccade5c81..439cad3ce28 100644 --- a/pkg/detector/ospkg/suse/suse.go +++ b/pkg/detector/ospkg/suse/suse.go @@ -66,6 +66,7 @@ const ( SUSEEnterpriseLinux Type = iota // OpenSUSE for open versions OpenSUSE + OpenSUSETumbleweed ) // Scanner implements the SUSE scanner @@ -84,6 +85,10 @@ func NewScanner(t Type) *Scanner { return &Scanner{ vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSE), } + case OpenSUSETumbleweed: + return &Scanner{ + vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSETumbleweed), + } } return nil } @@ -128,5 +133,9 @@ func (s *Scanner) IsSupportedVersion(ctx context.Context, osFamily ftypes.OSType if osFamily == ftypes.SLES { return osver.Supported(ctx, slesEolDates, osFamily, osVer) } + // tumbleweed is a rolling release, it has no version and no eol + if osFamily == ftypes.OpenSUSETumbleweed { + return true + } return osver.Supported(ctx, opensuseEolDates, osFamily, osVer) } ++++++ build.specials.obscpio ++++++ diff: old/*: No such file or directory diff: new/*: No such file or directory ++++++ trivy-0.52.1.tar.zst -> trivy-0.52.2.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/trivy-0.52.1.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.18349/trivy-0.52.2.tar.zst differ: char 7, line 1 ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/vendor.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.18349/vendor.tar.zst differ: char 7, line 1
