diff --git a/SPECS/rubygem-fluentd/CVE-2022-39379.patch b/SPECS/rubygem-fluentd/CVE-2022-39379.patch new file mode 100644 index 0000000000..a0051395c6 --- /dev/null +++ b/SPECS/rubygem-fluentd/CVE-2022-39379.patch @@ -0,0 +1,25 @@ +From b09b800a1a0e3270997bd0dc29c9d0afb9f462cf Mon Sep 17 00:00:00 2001 +From: Ahmed Badawi +Date: Wed, 9 Nov 2022 15:16:40 -0800 +Subject: [PATCH] create-patchfor-rubygem-flunetd + +--- + oj_options.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/oj_options.rb b/oj_options.rb +index f1c274c..a76e1f8 100644 +--- a/lib/fluent/oj_options.rb ++++ b/lib/fluent/oj_options.rb +@@ -11,7 +11,7 @@ module Fluent + + ALLOWED_VALUES = { + 'bigdecimal_load': %i[bigdecimal float auto], +- 'mode': %i[strict null compat json rails object custom] ++ 'mode': %i[strict null compat json rails custom] + } + + DEFAULTS = { +-- +2.37.0.windows.1 + diff --git a/SPECS/rubygem-fluentd/rubygem-fluentd.spec b/SPECS/rubygem-fluentd/rubygem-fluentd.spec index f0719c2a1b..d16cc05d00 100644 --- a/SPECS/rubygem-fluentd/rubygem-fluentd.spec +++ b/SPECS/rubygem-fluentd/rubygem-fluentd.spec @@ -3,7 +3,7 @@ Summary: Fluentd event collector Name: rubygem-%{gem_name} Version: 1.14.6 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -11,6 +11,7 @@ Group: Development/Ruby URL: https://www.fluentd.org/ Source0: https://github.com/fluent/fluentd/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz Patch0: file-list.patch +Patch1: CVE-2022-39379.patch BuildRequires: git BuildRequires: ruby Requires: rubygem-async-http @@ -58,6 +59,9 @@ gem install -V --local --force --install-dir %{buildroot}%{gemdir} --bindir %{bu %{gemdir}/specifications/fluentd-%{version}.gemspec %changelog +* Wed Nov 9 2022 Ahmed Badawi - 1.14.6-2 +- Add patch to fix CVE-2022-39379 + * Fri Apr 01 2022 Neha Agarwal - 1.14.6-1 - Update to v1.14.6. - Build from .tar.gz source.