folkslinux
/
CBL-Mariner
mirror of https://github.com/microsoft/CBL-Mariner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Upgrade telegraf to 1.25.2 to fix several vendored CVEs (#4921)

This commit is contained in:
Olivia Crain 2023-02-24 15:12:38 -06:00 committed by GitHub
parent 347359f9d6
commit 91229a11c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
SPECS/telegraf/telegraf.signatures.json
View File

@ -1,6 +1,6 @@
{
"Signatures": {
"telegraf-1.23.0.tar.gz": "097f0ae89332dd55c121dbb6b5f81b151a0f0418c11d26b430b33be31ca90d0b",
"telegraf-vendor-1.23.0.tar.gz": "f872b6b6c0ae1d6617ce3e1b4055afe07c5fa8a55a0bf3e55d6ba63a05837503"
"telegraf-1.25.2.tar.gz": "e7038dc5be123a7e8906100d48f145d806030dafbcdb4dbd52f0343b6d1837e0",
"telegraf-1.25.2-vendor.tar.gz": "1ed2944aa65471e7ce539bc30c23d4aaeef05e73ffb6eab6a266f788fe8444b8"
}
}

11
SPECS/telegraf/telegraf.spec
View File

@ -1,7 +1,7 @@
Summary: agent for collecting, processing, aggregating, and writing metrics.
Name: telegraf
Version: 1.23.0
Release: 6%{?dist}
Version: 1.25.2
Release: 1%{?dist}
License: MIT
Vendor: Microsoft Corporation
Distribution: Mariner
@ -9,7 +9,7 @@ Group: Development/Tools
URL: https://github.com/influxdata/telegraf
#Source0: %{url}/archive/v%{version}.tar.gz
Source0: %{name}-%{version}.tar.gz
Source1: %{name}-vendor-%{version}.tar.gz
Source1: %{name}-%{version}-vendor.tar.gz
# Below is a manually created tarball, no download link.
# We're using pre-populated Go modules from this tarball, since network is disabled during build time.
# How to re-build this file:
@ -90,6 +90,11 @@ fi
%dir %{_sysconfdir}/%{name}/telegraf.d
%changelog
* Fri Feb 24 2023 Olivia Crain <oliviacrain@microsoft.com> - 1.25.2-1
- Upgrade to latest upstream version to fix the following CVEs in vendored packages:
CVE-2019-3826, CVE-2022-1996, CVE-2022-29190, CVE-2022-29222, CVE-2022-29189,
CVE-2022-32149, CVE-2022-23471
* Fri Feb 03 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.23.0-6
- Bump release to rebuild with go 1.19.5

4
cgmanifest.json
View File

@ -27267,8 +27267,8 @@
"type": "other",
"other": {
"name": "telegraf",
"version": "1.23.0",
"downloadUrl": "https://github.com/influxdata/telegraf/archive/v1.23.0.tar.gz"
"version": "1.25.2",
"downloadUrl": "https://github.com/influxdata/telegraf/archive/v1.25.2.tar.gz"
}
}
},