Update rsyslog to v8.2204.1 to address CVE-2022-24903 (#3054)

* Update rsyslog to v8.2204.1 to address CVE-2022-24903 * fix cgmanifest version * Update cgmanifest.json http --> https Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com> * Update SPECS/rsyslog/rsyslog.spec http --> https Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com> * https source0 Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2022-05-25 10:29:15 -07:00 · 2022-05-25 10:29:15 -07:00 · b068621b12
parent db82532d89
commit b068621b12
3 changed files with 15 additions and 8 deletions
--- a/SPECS/rsyslog/rsyslog.signatures.json
+++ b/SPECS/rsyslog/rsyslog.signatures.json
@ -1,8 +1,8 @@
 {
 "Signatures": {
  "50-rsyslog-journald.conf": "c4c875396276951b491e799e9cdb5a090b2ca82a754967c7f310888373e51c40",
-  "rsyslog-8.2108.0.tar.gz": "4826c2b6d081a9c95f469fb0115be3f9512065297d3de00ec513758cdb30b1d9",
-  "rsyslog-doc-8.2108.0.tar.gz": "a0a994e8f6f470ba5c5b8e4e74261655543992f8a979edc0531f5535e7d89c52",
+  "rsyslog-8.2204.1.tar.gz": "a6d731e46ad3d64f6ad4b19bbf1bf56ca4760a44a24bb96823189dc2e71f7028",
+  "rsyslog-doc-8.2204.0.tar.gz": "e838ccdd74c146e5d3cd33e4602974f081b93a86b524c19a34f3eb8cbb5c2bfe",
  "rsyslog.conf": "d5fc0ae1f725ec2f09f02ea755f875782bd3466b729372222450277aa05a3c1d",
  "rsyslog.service": "df62c9fa758079016e3b73f39d3b5952dce1e0c14a063c7a776b86eeba405153"
 }
--- a/SPECS/rsyslog/rsyslog.spec
+++ b/SPECS/rsyslog/rsyslog.spec
@ -1,17 +1,20 @@
+%define base_version %(echo %{version} | rev | cut -d'.' -f2- | rev)
+
 Summary:        Rocket-fast system for log processing
 Name:           rsyslog
-Version:        8.2108.0
-Release:        2%{?dist}
+Version:        8.2204.1
+Release:        1%{?dist}
 License:        GPLv3+ AND ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Base
 URL:            https://www.rsyslog.com/
-Source0:        http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
+Source0:        https://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
 Source1:        rsyslog.service
 Source2:        50-rsyslog-journald.conf
 Source3:        rsyslog.conf
-Source4:        http://www.rsyslog.com/files/download/rsyslog/%{name}-doc-%{version}.tar.gz
+# Upstream only publishes built docs for base_version.0
+Source4:        https://www.rsyslog.com/files/download/rsyslog/%{name}-doc-%{base_version}.0.tar.gz
 BuildRequires:  autogen
 BuildRequires:  curl-devel
 BuildRequires:  gnutls-devel
@ -153,6 +156,10 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %doc %{_docdir}/%{name}/html

 %changelog
+* Tue May 24 2022 Cameron Baird <cameronbaird@microsoft.com> - 8.2204.1-1
+- Update to v8.2204.1 to address CVE-2022-24903
+- Add more robust macro for Source4 url (prebuilt docs tar)
+
 * Thu Apr 07 2022 Daniel McIlvaney <damcilva@microsoft.com> - 8.2108.0-2
 - Bring rsyslog.conf in line with other distros
 - add /var/log/messages for normal logs
--- a/cgmanifest.json
+++ b/cgmanifest.json
@ -22875,8 +22875,8 @@
        "type": "other",
        "other": {
          "name": "rsyslog",
-          "version": "8.2108.0",
-          "downloadUrl": "http://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2108.0.tar.gz"
+          "version": "8.2204.1",
+          "downloadUrl": "https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2204.1.tar.gz"
        }
      }
    },