velociraptor-0.7.0.4.git142.862ef23-bp156.3.3.1

- Reorganize llvm dependency version conditionals
- Use llvm17 for Leap 15.5

- Update to version 0.7.0.4.git142.862ef23:
  * github: fix deprecated upload artifact again
  * Update npm packages
    Includes fixes for the following vulnerabilities:
    CVE-2023-45133
    CVE-2023-46234
    CVE-2024-55565
    CVE-2024-45296
    CVE-2023-44270
    CVE-2024-47068
    CVE-2024-23331
    CVE-2024-31207
    CVE-2024-45812
    CVE-2024-45811
  * Update go dependencies
    Includes fixes for the following vulnerabilities:
    CVE-2024-45338
    CVE-2024-37298
    CVE-2024-24786
    CVE-2023-45683 (bsc#1216310)
    CVE-2023-1732
  * Update jwt to 4.5.1
    Fixes CVE-2024-51744 (bsc#1232944)
  * Update go-retryablehttp to 0.7.7
    Fixes CVE-2024-6104 (bsc#1227061)
  * Update go-oidc and go-jose
    Fixes CVE-2024-28180 (bsc#1235168)
  * Update dompurify to 3.1.3
    Fixes CVE-2024-47875 (bsc#1231574)
  * Update package-lock.json
  * Update micromatch to 4.0.8
    Partial fix for CVE-2024-4067 (bsc#1224367)
    Partial fix for CVE-2024-4068 (bsc#1224296)
  * Update axios to 1.7.9
    Fixes CVE-2024-39338 (bsc#1229424)
  * Update cross-spawn to 7.0.6
    Fixes CVE-2024-21538 (bsc#1233845)
  * Update elliptic to 6.6.1
    Update contains fixes for:
    CVE-2024-48949 (bsc#1231558)
    CVE-2024-48948 (bsc#1231685)
    CVE-2024-42459 (bsc#1232543)
    CVE-2024-42460 (bsc#1232543)
    CVE-2024-42461 (bsc#1232543)
  * Update follow-redirects to 1.15.6
    Fixes CVE-2024-28849 (bsc#1221456)
  * fix: gui/velociraptor/package.json to reduce vulnerabilities
    Fixes CVE-2022-25883 (bsc#1212572)
- Drop CVE-2022-25883-npm-watch-semver-deps.patch
  * Fix was included upstream

- Update to version 0.7.0.4.git126.27cfbe1:
  * bpf: fix plugins not stopping when context cancelled
  * tcpsnoop: move parsing to its own function
  * bpf plugins: remove depreciated libbpfgo calls
  * bpf plugins: add context to error logs
  * chattrsnoop: fix files not getting closed
  * chattrsnoop: move hashing from plugin to artifact
  * RPM artifact: start checks immediately on artifact load
  * rpm plugin: fix ndb magic error
  * audit s390x: fix arch filter rules errors
  * github: fix deprecated upload artifact
  * tcpsnoop: fix ipv6 local and remote addresses order
  * tcpsnoop: fix missing ipv6 outbound connections
  * Linux.Events.ProcessExecutions: remove parent cmdline
  * audit: reduce FileBufferLeaseSize to ease GC overhead
  * audit: fix auditBuf allocation and go vet warnings
  * audit: fix plugin shutdown race condition
  * audit: fix audit client data races
  * audit: fix race in subscriber
  * audit: prevent Windows loading audit package
  * sdjournal: fix package causing test failures
  * github: run linux unit tests

- Update node modules with security fixes.
  * Fixes CVE-2024-39338 (bsc#1229424)
  * Remove CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
    as the update is included.

- Move system-user-velociraptor to the client flavor build in order
  to build it on all architectures.

- Update to version 0.7.0.4.git97.675e45f9:
  * kafka-humio-gateway: update go version and dependency list
  * kafka-humio-gateway: specific mTLS cert paths in config.yml
  * docker-compose: set kafka replication factor and min ISRs
  * kafka-humio-gateway: add http post retry mechanism
  * kafka-humio-gateway: add pprof debugging option
  * kafka-humio-gateway: format with gofmt
  * kafka-humio-gateway: fix go-staticcheck issues
  * kafka-humio-gateway: fix sendEvents() never exiting
  * Kafka.Events.Client: Update to use new artifactset type
  * docker-compose: add optional Kafka cluser
  * kafka-humio-gateway: add mTLS support
  * contrib/kafka-humio-gateway: add new debug option for noisy events
  * contrib/kafka-humio-gateway: backoff and retry for metadata
  * kafka-humio-gateway: add sample config file
  * kafka-humio-gateway: update sarama and dependencies
  * Add Kafka-Humio Gateway [Depends on PR#10] (#8)
  * vql/server/kafka: connect sarama logging to velociraptor logging
  * vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
  * vql/server/kafka: set appropriate ClientID
  * Add a Kafka export plugin
- Use llvm17 when available

- Patches changes:
  * Change CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
    to update the follow-redirects package instead of patching directly.
  * Added CVE-2022-25883-npm-watch-semver-deps.patch (bsc#1212572)
- Add a package-lock.json to the package

- Fix group(velociraptor) dependency for SLE 15 SP3

- Change system-user-velociraptor to noarch

- Fix unresolveable Debian group-velociraptor dependency.

- Restore velociraptor group for client
- Add %{name}(project:%_project) Provides for SLE15 and newer
- Fixed SLE12-SP5 build

- Obsolete old velociraptor-kafka-humio-gateway package

- Update to version 0.7.0.4.git74.3426c0a:
  * Fix services artifact symbol pid not found error
  * chattrsnoop: correct read size for flags
  * chattrsnoop: fix wrong FS_IOC_SETFLAGS value for ppc
  * chattrsnoop: fix do_vfs_ioctl kprobe failure

- Remove nodejs sources from main spec file.

- Update to version 0.7.0.4.git68.ad1f4e5:
  * Fix undefined binary.NativeEndian build errors
- Add llvm16-libclang13 dependency for SLE 15 SP5 and above

- Disable eBPF for SLE 15 SP2

- Fix builds for SLE 15 SP3 and SLE 12
  * Revert to gzip compression instead of zstd for go modules

- Update to version 0.7.0.4.git66.eea7659:
  * dnssnoop: fix loading protocol from ip header on s390
  * dnssnoop: fix htons() so it works on s390 too
  * Fix systemd Services artifact missing events
  * chattrsnoop: replace global variables with locals
  * tcpsnoop: fix garbled results on s390
  * chattrsnoop: fix immutable attribute set on s390
  * chattrsnoop: fix bpf_probe_read for s390
  * tcpsnoop: remove unused filtering code
  * Add artifact to collect new files without owner
  * bpf plugins: set a logger callback
- Add CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch
  (bsc#1221456)

- Reintroduce system-user-velociraptor package due to client %pre
  and %postun scripts depending on velociraptor user and group.

- Obsolete old system-user-velociraptor package.
- Use zst compression for go modules.

- Update to version 0.6.7.4~git63.4a1ed09d:
  * utils/time.js: fix handling of nanosecond-resolution timestamps
- Added patches:
  * velociraptor-reproducible-timestamp.diff

- Use obsinfo mtime to produce stable build timestamp (bsc#1207369).

- Update to version 0.6.7.4~git60.8abed37a:
  * http_comms: create ring buffer temporary file in the same directory
  * cronsnoop: plumb in real scope logging
  * cronsnoop: don't treat routine errors as fatal
  * cronsnoop: fix typo

- Fixed release detection to include Tumblweed

- Increase required release to enable eBPF to SLE 15 SP2 and
  openSUSE Leap 15.2.  Earlier versions don't have a usable eBPF
  and can't easily build llvm13.

- Remove dependency on bpftool.  We use the vmlinux.h archive
  to provide vmlinux.h.

- Restored %defattr due to SLE12 using rpm-4.11.
- Fix builds in vendor code on SLE12
- Fix build in third_party/sdjournal due to older systemd on SLE12
- Added patches:
  - vendor-build-fixes-for-SLE12.patch
  - sdjournal-build-fix-for-SLE12.patch

- Restore requirement to build with clang13.  Newer versions
  cause libbpfgo to crash immediately.

- Added support for setting command line options via sysconfig

- Update to version 0.6.7.4~git53.0e85855:
  * sdjournal: work around missing _SYSTEMD_UNIT fields

- Clean up for Factory submission:
  - Make bpf-enabled builds conditional
  - Removed %defattr and combined service lines.
  - Change clang and llvm dependencies to use >= 13
  - Newer versions of clang hit a DWARF parsing bug in go < 1.19,
    so increase go version dependecy
  - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
    Neither the client or server builds on ix86.

- Update to version 0.6.7.4~git51.a588d6e4:
  * magefile.go: use current architecture for Linux builds
  * Update libbpfgo submodule to include non-AMD64 build fixes
  * bpf: bpf expects s390 instead of s390x

- Update to version 0.6.7.4~git46.5d88d80:
  * contrib/kafka-humio-gateway: add new debug option for noisy events
  * contrib/kafka-humio-gateway: backoff and retry for metadata
  * vql/server/kafka: connect sarama logging to velociraptor logging
  * vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
  * vql/server/kafka: set appropriate ClientID

- Update to version 0.6.7.4~git41.678ed56:
  * rpm: introduce rpm vql plugin
  * users: extend DeleteUser testcase to ensure org membership was dropped
  * users: ensure baseline user state is correct
  * github: run testcases on Linux builds in new workflow
  * gui/reporting: update bluemonday dependency to latest
  * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
  * SUSE: Add docker-compose environment
  * SUSE: add Docker files
  * clients/host-info.js: add MAC addresses to client dashboard
  * linux: Add ability to interrogate system and network configuration
  * Add Linux.Sys.Bash to Server.Monitor.Shell artifact
  * kafka-humio-gateway: add sample config file
  * Updating the NewFiles and ProcessStatuses Artifacts
  * cronsnoop: rework testcases to use t.TempDir
  * vql/linux/cronsnoop: Add cronsnoop() plugin
  * Extend audit artifacts to use new interface
  * audit: rearchitect plugin to scale better with multiple invocations
  * audit: use caller-allocated buffer
  * use github.com/jeffmahoney/go-libaudit/v2 for audit
  * Kafka.Events.Client: Update to use new artifactset type
  * Add artifact for chattrsnoop plugin
  * bpflib: ensure it's built only on linux and when requesting bpf
  * Add chattrsnoop plugin
  * Add artifact to monitor user group updates (#24)
  * vql/linux/dnssnoop: Add dnssnoop() plugin
  * Log Sudo/root command by auditd
  * Add custom artifacts for login and logout attempts recorded by auditd
  * Add tcpsnoop plugin
  * vql/linux/bpflib: add helper package for bpf plugins
  * libbpfgo: add submodule with forked repo for fully static builds
  * Add Kafka-Humio Gateway [Depends on PR#10] (#8)
  * Add a Kafka export plugin
  * SUSE: Add SSHLogin artifacts
  * SUSE: Do build tests on every pull request
  * Add systemd-dev as build dependency for github workflow
  * Update the Linux.Events.SSHLogin artifact to scan the systemd journal
  * Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
  * Add parser to read systemd journal on Linux
  * Linux.Detection.ImmutableFiles: Enumerate immutable files under a path
  * linux: add lsattr() function to enumerate file attributes
  * Github: Run build workflow on each pull request
  * More fixes for Windows.System.VAD (#2317) (#2318)
  * Bugfix: When org is not specified this JS code raised (#2315) (#2316)

- Update to version 0.6.7.3~git41.fa6afa7:
  * rpm: introduce rpm vql plugin
  * users: extend DeleteUser testcase to ensure org membership was dropped
  * users: ensure baseline user state is correct
  * github: run testcases on Linux builds
  * gui/reporting: update bluemonday dependency to latest
  * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
  * SUSE: Add docker-compose environment
  * SUSE: add Docker files
  * clients/host-info.js: add MAC addresses to client dashboard
  * linux: Add ability to interrogate system and network configuration
  * Add Linux.Sys.Bash to Server.Monitor.Shell artifact
  * kafka-humio-gateway: add sample config file
  * Updating the NewFiles and ProcessStatuses Artifacts
  * cronsnoop: rework testcases to use t.TempDir
  * vql/linux/cronsnoop: Add cronsnoop() plugin
  * Extend audit artifacts to use new interface
  * audit: rearchitect plugin to scale better with multiple invocations
  * audit: use caller-allocated buffer
  * use github.com/jeffmahoney/go-libaudit/v2 for audit
  * Kafka.Events.Client: Update to use new artifactset type
  * Add artifact for chattrsnoop plugin
  * bpflib: ensure it's built only on linux and when requesting bpf
  * Add chattrsnoop plugin
  * Add artifact to monitor user group updates (#24)
  * vql/linux/dnssnoop: Add dnssnoop() plugin
  * Log Sudo/root command by auditd
  * Add custom artifacts for login and logout attempts recorded by auditd
  * Add tcpsnoop plugin
  * vql/linux/bpflib: add helper package for bpf plugins
  * libbpfgo: add submodule with forked repo for fully static builds
  * Add Kafka-Humio Gateway [Depends on PR#10] (#8)
  * Add a Kafka export plugin
  * SUSE: Add SSHLogin artifacts
  * SUSE: Do build tests on every pull request
  * Add systemd-dev as build dependency for github workflow
  * Update the Linux.Events.SSHLogin artifact to scan the systemd journal
  * Update the Linux.Syslog.SSHLogin artifact to scan the systemd journal
  * Add parser to read systemd journal on Linux
  * Linux.Detection.ImmutableFiles: Enumerate immutable files under a path
  * linux: add lsattr() function to enumerate file attributes
  * Github: Run build workflow on each pull request
  * Bugfix: Do not materialize the VAD array in Windows.System.VAD (#2311)
  * Sync to master's bugfixes (#2309)
  * Prepare for 0.6.7-2 release (#2300)
  * 0.6.7 sync (#2261)
  * 0.6.7 sync3 (#2256)
  * 0.6.7 sync (#2239)
  * Prepare a 0.6.7-rc3 (#2217)
  * Bugfix: sparse files were not properly detected. (#2200) (#2201)
  * Propagate progress timeout for collections. (#2193)
  * Verify client's key with or without the org id. (#2192)
  * Add Windows.System.Shares (#2191)
  * Allow artifacts to have aliases (#2190)
  * Added a regex_array column type to allow multiple regex to be set. (#2188)
  * [Snyk] Upgrade react-router-dom from 5.3.3 to 5.3.4 (#2180)
  * Add 'UsedBy' column to results (#2186)
  * Update flow and hunt download exports to use the container (#2185)
  * Disable toolbar buttons when no options are available (#2183)
  * Allow hunts to be scheduled on multiple orgs (#2182)
  * Update WIndows PSList and VAD artifacts (#38) (#2181)
  * Add in amcache (#2176)
  * Added additional sources for UserAccessLogs (aka SUM) artifact (#2179)
  * Fixed tests (#2177)
  * [Snyk] Upgrade styled-components from 5.3.5 to 5.3.6 (#2174)
  * Page Cell logs in notebook (#2172)
  * Break client connection stats by org id (#2171)
  * Added a remapping export to Windows.Registry.NTUser (#2170)
  * Added tlsh hash (#2169)
  * Check sparse files for large size before padding them out. (#2167)
  * Linux and macOS Packet Capture Artifact Updates (#2168)
  * Update deps (#2166)
  * Add some suggested groks for parsing IIS logs (#2165)
  * Refactor collection container  (#2163)
  * Implement transparent decryption for collector accessor (#2162)
  * [Snyk] Upgrade ace-builds from 1.11.0 to 1.11.1 (#2161)
  * Automatically decrypt collections with collector accessor  (#2159)
  * Fix css colors. (#2158)
  * [Snyk] Upgrade ace-builds from 1.10.1 to 1.11.0 (#2156)
  * Retry reads on EOF in NTFS accessor (#2157)
  * Updated zip implementation to support crypto (#2155)
  * Target 'Cmdline' instead of 'CommandLine' (#2154)
  * Bugfix: Extra interpolation when client logs messages with % (#2152)
  * Add 'Active' column to show whether or not a firewall rule is enabled. (#2150)
  * Added test for encrypted offline collector. (#2149)
  * Update parsing for Dock plist details (#2148)
  * Implement filter for large artifact forms (#2147)
  * Add Public Key Encryption Support to Offline Collections (#2133)
  * Implemented a max memory grouper (#2146)
  * Check if setgid flag is set (#2145)
  * [Snyk] Upgrade react-overlays from 5.2.0 to 5.2.1 (#2144)
  * Add context to yara.NTFS (#36) (#2143)
  * Add `auth_redirect_template` config for handling unauthorized API calls (#2140)
  * Allow the user to specify a collection as urgent (#2139)
  * Fix typo, slightly improve translations (de,fr) (#2137)
  * Add 'CronScripts'  query/source and 'Length' option (#2138)
  * Check sanity of inventory service for all orgs (#2136)
  * Change 'filename' to 'file' for upload (#2135)
  * Sync with latest NTFS changes. (#2134)
  * [Snyk] Upgrade classnames from 2.3.1 to 2.3.2 (#2130)
  * Added URLRegex to FireFox history (#2129)
  * Link to collection in host shell (#2128)
  * additional references (#2126)
  * Sync to go-ntfs (#2125)
  * Provide the option to expand sparse files in export (#2124)
  * Bugfix: Process address space lockup under some conditions (#2123)
  * Added URLRegex to Firefox and Chrome history (#2122)
  * Add note about RecentApps key not being available after Windows 10, version 1803 (#2119)
  * Expose the communicator's crypto manager (#2118)
  * Further refactor of the download handler. (#2117)
  * [Snyk] Upgrade ace-builds from 1.10.0 to 1.10.1 (#2114)
  * Uploaded files are now shows with client paths (#2116)
  * [Snyk] Upgrade recharts from 2.1.13 to 2.1.14 (#2115)
  * Maintain row count per query. (#2113)
  * Update Trackaccount.yaml (#2112)
  * Clean up artifact references (#2111)
  * Prevent null error when choosing to calculate hash and when providing authenticode information (#2109)
  * Add Length option and re-arrange output (#2107)
  * Bugfix: Merge file option should work with config show (#2108)
  * Always write content to lock files (#2106)
  * [Snyk] Upgrade ace-builds from 1.9.6 to 1.10.0 (#2102)
  * Authentication configuration error reporting/validation (#2101)
  * auth: don't return a base path with two leading slashes (#2100)
  * Added org report in root org dashboard (#2098)
  * [Snyk] Upgrade react-bootstrap from 1.6.5 to 1.6.6 (#2094)
  * [Snyk] Upgrade humanize-duration from 3.27.2 to 3.27.3 (#2095)
  * authenticode is a function and not a plug (#2092)
  * Allow '+' in usernames (#2093)
  * Attempt to decompress client messages if errors occur. (#2088)
  * Pass org config to mutations in MemcacheFileDataStore (#2087)
  * Support oauth with a different base path. (#2082)
  * Allow client->server compression to be disabled (#2081)
  * Keep track of collected results using  collection status (#2075)
  * Enforce a hard timeout for incoming processing (#2074)
  * Expand API of user service to include context (#2071)
  * When creating a new org pass the new org id to the acl function (#2068)
  * Allow collect_client() etc to accept ArtifactSpec protobuf (#2067)
  * Only create initial orgs on first run. (#2066)
  * Bugfix: Do not start multiple communicators in windows service. (#2064)
  * Added initial_orgs to the config (#2063)
  * Bugfix- Server.Utils.DeleteClient over sanitized client id (#2061)
  * Fixed backwards compatible bug (#2057)
  * [Snyk] Upgrade ace-builds from 1.9.5 to 1.9.6 (#2055)
  * Fixed CSS for column selector ui (#2053)
  * Split server sanity checks into root org and other orgs (#2052)
  * collect each query's status separately (#2049)
  * Pass org ids in href parameters (#2047)
  * Org manager maintains services lifetime (#2045)
  * Added org_delete() function to remove orgs. (#2042)
  * Updated themes for context menu (#2041)
  * Made context menus settable in the config file (#2040)
  * Added Send to CyberChef context menu on table cells. (#2039)
  * [Snyk] Upgrade ace-builds from 1.9.3 to 1.9.5 (#2037)
  * [Snyk] Upgrade ace-builds from 1.8.1 to 1.9.3 (#2033)
  * Bugfix: watch_usn() was not flushing the mft LRU properly (#2032)
  * Bugfix: Maintain field order in sysmon based tracker (#2030)
  * Added regex protocols for int, float etc. (#2028)
  * Refactor client monitoring API to use service (#2027)
  * Bugfix: Switch GUI to first available org (#2025)
  * Update Linux pslist() to use CommandLine column (#2024)
  * Add embedded stager parse usecase (#34) (#2023)
  * update to clean up null fields (#2020)
  * Refactor code to propagate the context in more cases. (#2019)
  * Bugix: Raw file accessor had different behaviour on Windows (#2018)
  * Cater for unknown parents in process tracker. (#2015)
  * Fix sense of multiple regexp in all() function (#2014)
  * Added all() and any() VQL functions (#2013)
  * Capitalize 'i' in config generation output (#2012)
  * Fixed crash in api_client command (#2010)
  * Update UserAccessLogs.yaml (#2009)
  * Fixed bug in UserAccessLog artifact (#2008)
  * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2 (#2000)
  * Collect domain role info on interrogate (#1998)
  * Added new GUI column type for tree (#1997)
  * Fixed CSS to make column selector more visible (#1996)
  * Send a System.Upload.Completion event on server artifact upload (#1995)
  * Refactor of oauth code (#1993)
  * Added some helpful server artifacts (#1992)
  * Bugfix: "rpm server" command did not produce minion packages (#1991)
  * Add ability to delete monitoring events. (#1990)
  * Allow notebook GUI to set notebooks to public. (#1989)
  * Allow the user to change password in the GUI (#1988)
  * Added a delay() VQL function (#1987)
  * Fixed a crash when add_monitoring was called without parameters. (#1986)
  * Allow hunt() to limit by OS condition (#1985)
  * [Snyk] Upgrade ace-builds from 1.7.1 to 1.8.1 (#1984)
  * Fix "last_visit_time" timestamp (#1983)
  * Added Generic.System.ProcessSiblings (#1982)
  * [Snyk] Upgrade bootstrap from 4.6.1 to 4.6.2 (#1979)
  * General cleanup (#1977)
  * Update BinaryRename.yaml (#1976)
  * Support multi orgs in server-server communication (#1975)
  * Inventory service should upload tools to global public directory (#1973)
  * fixed path issue (#1972)
  * Support REG_MULTI_SZ in raw registry accessor (#1969)
  * fix: upgrade interactjs from 1.10.16 to 1.10.17 (#1968)
  * Update prefetch library to fix bug (#1965)
  * The "fs" accessor should also be org sensitive. (#1964)
  * Added user_grant() VQL function (#1963)
  * fix: upgrade interactjs from 1.10.14 to 1.10.16 (#1961)
  * fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1960)
  * Several security related bugfixes.  (#1962)
  * Fixed bug in watch_evtx() (#1955)
  * fix: upgrade ace-builds from 1.7.0 to 1.7.1 (#1952)
  * Fixed visted_url typo (#1953)
  * Added NewOrg artifact to make creating new orgs easier. (#1951)
  * Fix broken deps due to snyke merge (#1950)
  * build(deps): bump terser from 4.8.0 to 4.8.1 in /gui/velociraptor (#1946)
  * fix: upgrade recharts from 2.1.11 to 2.1.12 (#1945)
  * fix: upgrade @fortawesome/react-fontawesome from 0.1.18 to 0.2.0 (#1948)
  * Added orgs() plugin and user management (#1949)
  * fix: upgrade ace-builds from 1.6.1 to 1.7.0 (#1944)
  * Add new embedded pe in data section parse (#1943)
  * Refactor startup code (#1942)
  * fix: upgrade qs from 6.10.4 to 6.11.0 (#1941)
  * fix: upgrade recharts from 2.1.10 to 2.1.11 (#1939)
  * fix: upgrade ace-builds from 1.6.0 to 1.6.1 (#1938)
  * Added artifact Windows.Attack.IncorrectImagePath (#1927)
  * Account for pid reuse in process tracker. (#1936)
  * add precondition for only windows (#1935)
  * Make ddclient service parameters configurable (#1933)
  * fix: gui/velociraptor/package.json & gui/velociraptor/package-lock.json to reduce vulnerabilities (#1930)
  * fix: upgrade interactjs from 1.10.13 to 1.10.14 (#1918)
  * replace YaraUrl type (#1922)
  * Add other url yara fixes (#1921)
  * Update Glob.yaml (#1920)
  * Fixed bug in startup code. (#1919)
  * Initial commit of multitenant support (#1917)
  * Adds three Linux artifacts (#1916)
  * Fixed a crash when using artifact plugin with tools (#1915)
  * Added a collector accessor (#1912)
  * fix: upgrade interactjs from 1.10.11 to 1.10.13 (#1909)
  * fix: upgrade qs from 6.10.3 to 6.10.4 (#1910)
  * Japanese translation (#1906)
  * Fix spanish translations. (#1907)
  * fix: upgrade react-overlays from 5.1.2 to 5.2.0 (#1904)
  * Add Shimcache reformat (#1892)
  * A couple of performance tweaks. (#1903)
  * Fix Amcache artifact (#1902)
  * Retry axios requests  (#1901)
  * Revert "fix: upgrade ace-builds from 1.5.2 to 1.5.3 (#1899)" (#1900)
  * fix: upgrade ace-builds from 1.5.2 to 1.5.3 (#1899)
  * Use the auto accessor as first level of VFS  (#1898)
  * Theme fixes (#1895)
  * Added additional logging for windows client service (#1894)
  * Theme updates (#1893)
  * Prepare for release 0.6.5 (#1890)
  * Bugfix: CPU limit was not properly enforced on endpoint. (#1889)
  * fix: upgrade react-calendar-timeline from 0.27.0 to 0.28.0 (#1887)
  * fix: upgrade ace-builds from 1.5.1 to 1.5.2 (#1888)
  * Improve the Windows.Sys.StartupItems artifact (#1886)
  * Fixed the --remap flag (#1883)
  * Fixed bug in client_delete() (#1882)
  * Added a delete_flow VQL plugin (#1880)
  * Add fix for generic bin file payload (#1879)
  * Bugfix: Notebook calculation did not update cell (#1878)
  * fix: upgrade humanize-duration from 3.27.1 to 3.27.2 (#1877)
  * Revised Portuguese translation (#1876)
  * Update usn.go (#1873)
  * Added French language (#1874)
  * Updated german translation (#1875)
  * Refactor artifact plugin to be more efficient. (#1871)
  * Update de.js (#1870)
  * fix: upgrade ace-builds from 1.5.0 to 1.5.1 (#1867)
  * Refactor server artifacts service (#1868)
  * Refactored notebook into a service (#1863)
  * fix: upgrade react-router-dom from 5.3.2 to 5.3.3 (#1861)
  * fix: upgrade recharts from 2.1.9 to 2.1.10 (#1862)
  * Bugfix: raw registry accessor supports read_file() (#1859)
  * Add LogHunter - a generic grep over log capability (#1853)
  * Added a GUI element to easily filter log messages (#1858)
  * Added an oidc-cognito authenticator (#1854)
  * build(deps): bump tar from 6.0.5 to 6.1.11 in /gui/velociraptor (#1852)
  * fix: upgrade react-router-dom from 5.3.1 to 5.3.2 (#1850)
  * Fix ACE font handling (#1849)
  * Format timestamps opportunistically. (#1848)
  * Update cidr_contains() to return true if any of the ranges match. (#1847)
  * Sync KapeFiles and SQLECmd artifacts (#1845)
  * Prepare 0.6.5-rc1 release (#1844)
  * Added a default process tracker (#1843)
  * Implement log levels in VQL (#1839)
  * Theme development checkpoint (#1838)
  * fix: upgrade ace-builds from 1.4.14 to 1.5.0 (#1836)
  * fix: upgrade react-bootstrap from 1.6.4 to 1.6.5 (#1837)
  * Added an LRU VQL function (#1835)
  * Bugfix: VFS viewer was unable to access files with \ in name (#1832)
  * use group SID instead of name to get local admins (#1833)
  * Added Portuguese and Spanish languages (#1831)
  * fix: upgrade react-overlays from 5.1.1 to 5.1.2 (#1830)
  * Make display timezone user selectable (#1827)
  * Added Musl build target (#1826)
  * Fix deadlock in hunt dispatcher (#1825)
  * Theme tweaks (#1821)
  * add groupname parameter to LocalAdmins artifact (#1823)
  * Fix/activitescache glob expression - Timeline.yaml (#1824)
  * Update TemplateInjection.yaml (#1820)
  * Prevent text wrap on sidebar (#1819)
  * Added some missing translations (#1817)
  * Added Deutsch UI Language (#1816)
  * Support UNC paths in windows accessors. (#1815)
  * Add enrichment callback for process tracker (#1814)
  * Prevent null FailureActions error (#1811)
  * Make ACL manager pluggable. (#1813)
  * Allow custom override for GUI artifacts by default (#1810)
  * Refactored hunt related functions to use the hunt_dispatcher (#1807)
  * artifactset: add ability to select named sources (#1809)
  * UI enhancements (#1805)
  * Refactor: Create user manager service (#1804)
  * New themes and refactoring of existing CSS (#1801)
  * Bugfix: Server monitoring queries were not correctly cancelled. (#1803)
  * Add gunzip function (#1802)
  * GUI: Artifact selector (#1790)
  * Refactor and improve the way clients send query related information (#1800)
  * fix: upgrade axios from 0.26.1 to 0.27.2 (#1798)
  * Add Cobalt Strike carver sleep function capability (#1795)
  * Bugfix: Create new buffer to accumulate VQL results (#1794)
  * Make velociraptor_client executable in postint script (#1788)
  * Support addition on dicts (#1785)
  * fix: upgrade moment from 2.29.2 to 2.29.3 (#1782)
  * fix: upgrade react-router-dom from 5.3.0 to 5.3.1 (#1783)
  * Reset nanny when client connection failed. (#1780)
  * Fix artifacts that use yara parameters to specify yara type (#1779)
  * SysmonInstall artifact now skips install if not needed (#1777)
  * Suppress warning message for offline collector (#1776)
  * Bug fix (#1774)
  * Avoid bash process lingering around while server is running (#1775)
  * oidc: Fix typo: Genric -> Generic (#1773)
  * Make MaxWait for event table settable. (#1772)
  * Fixed bug in Windows.Detection.Yara.Process (#1771)
  * fix: upgrade react-scripts from 5.0.0 to 5.0.1 (#1770)
  * Initial implementation of client side process tracker. (#1768)
  * Bugfix: Client did not update list of query columns (#1767)
  * Fixed bug in ETWSessions artifact (#1766)
  * build(deps): bump async from 2.6.3 to 2.6.4 in /gui/velociraptor (#1761)
  * Add update to ADSHunter for better output on complete system hunts (#28) (#1765)
  * Add fix for dupliate entries from flattern bug (#1760)
  * build(deps): bump ejs from 3.1.6 to 3.1.7 in /gui/velociraptor (#1758)
  * build(deps): bump cross-fetch from 3.1.3 to 3.1.5 in /gui/velociraptor (#1759)
  * Fix undefined types in some artifact parameters (#1757)
  * Update Glob.yaml (#1754)
  * Bugfix: Unable to set cpu limits in hunt GUI (#1751)
  * Support case insensitive notebook cell types (#1747)
  * Fixed a bug in the Userassist artifact (#1746)
  * Bugfix: Hunt stats were not properly incremented (#1744)
  * Invalidate transformed cache when the base table changes. (#1742)
  * GUI Table widgets now can apply transformations on the table. (#1740)
  * Update FilenameSearch.yaml (#1741)

- Update to version 0.6.4.2~git86.b5931f7:
  * cleanup: go mod tidy
- Fix vendoring of replaced modules.
- Only require libtsan0 on x86_64
- Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist

- Update to version 0.6.4.2~git84.1b38fda:
  * Clean up libbpfgo mess
  * libbpfgo: use forked repo for fully static builds
  * libbpfgo: sync to v0.4.4-libbpf-1.0.1
  * contrib/kafka-humio-gateway: add new debug option for noisy events
  * contrib/kafka-humio-gateway: backoff and retry for metadata
  * vql/server/kafka: connect sarama logging to velociraptor logging
  * vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
  * vql/server/kafka: set appropriate ClientID
  * libbpfgo: add selftest to build so testcases work
  * cronsnoop: rework testcases to use t.TempDir
  * cronsnoop: move external dependencies to end of import list
  * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()

- Update to version 0.6.4.2~git67.85b608e:
  * clients/host-info.js: add MAC addresses to client dashboard
  * linux: Add ability to interrogate system and network configuration
  * SUSE: Add docker-compose environment
  * SUSE: add Docker files
  * Add Linux.Sys.Bash to Server.Monitor.Shell artifact
  * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
  * kafka-humio-gateway: add sample config file
  * Updating the NewFiles and ProcessStatuses Artifacts
  * cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37)
  * third_party/go-libaudit: don't directly use unix.*
  * Add Linux.Remediation.Quarantine artifact
  * Extend audit artifacts to use new interface
  * audit: rearchitect plugin to scale better with multiple invocations
  * third_party/go-libaudit: move handling of receive buffer to caller
  * third_party/go-libaudit: move buffer handling from netlink to audit
  * third_party/go-libaudit: allow audit fd to be pollable
  * third_party/go-libaudit: Add support for removing individual rules
  * third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls
  * third_party/go-libaudit: Report missing rules during deletion
  * import go-libaudit as a third-party module
  * quarantine: actually call the OS-specific artifact
  * artifactset: add ability to select named sources
  * GUI: Artifact selector (#1790)
  * host-info: make quarantine UI more robust with non-Windows client hosts
  * shell-viewer: default to Bash on non-Windows clients

- Update to version 0.6.4.2~git70.b7df8172:
  * file_store: handle watching artifacts with named sources

- Update to version 0.6.4.2~git68.5226b23b:
  * api/authenticators/basic: fix logoff endpoint
  * clients/host-info.js: add MAC addresses to client dashboard
  * linux: Add ability to interrogate system and network configuration
  * SUSE: Add docker-compose environment
  * SUSE: add Docker files
  * Add Linux.Sys.Bash to Server.Monitor.Shell artifact