Add patch to fix CVE-2022-39379 (#4193)

* Add patch to fix CVE-2022-39379
* bumped release

SPECS/rubygem-fluentd/CVE-2022-39379.patch

@@ -0,0 +1,25 @@
+From b09b800a1a0e3270997bd0dc29c9d0afb9f462cf Mon Sep 17 00:00:00 2001
+From: Ahmed Badawi <ahmedbadawi@microsoft.com>
+Date: Wed, 9 Nov 2022 15:16:40 -0800
+Subject: [PATCH] create-patchfor-rubygem-flunetd
+
+---
+ oj_options.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/oj_options.rb b/oj_options.rb
+index f1c274c..a76e1f8 100644
+--- a/lib/fluent/oj_options.rb
++++ b/lib/fluent/oj_options.rb
+@@ -11,7 +11,7 @@ module Fluent
+ 
+     ALLOWED_VALUES = {
+       'bigdecimal_load': %i[bigdecimal float auto],
+-      'mode': %i[strict null compat json rails object custom]
++      'mode': %i[strict null compat json rails custom]
+     }
+ 
+     DEFAULTS = {
+-- 
+2.37.0.windows.1
+

SPECS/rubygem-fluentd/rubygem-fluentd.spec

@@ -3,7 +3,7 @@
 Summary:        Fluentd event collector
 Name:           rubygem-%{gem_name}
 Version:        1.14.6
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -11,6 +11,7 @@ Group:          Development/Ruby
 URL:            https://www.fluentd.org/
 Source0:        https://github.com/fluent/fluentd/archive/refs/tags/v%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
 Patch0:         file-list.patch
+Patch1:         CVE-2022-39379.patch
 BuildRequires:  git
 BuildRequires:  ruby
 Requires:       rubygem-async-http
@@ -58,6 +59,9 @@ gem install -V --local --force --install-dir %{buildroot}%{gemdir} --bindir %{bu
 %{gemdir}/specifications/fluentd-%{version}.gemspec
 
 %changelog
+* Wed Nov 9 2022 Ahmed Badawi <ahmedbadawi@microsoft.com> - 1.14.6-2
+- Add patch to fix CVE-2022-39379
+
 * Fri Apr 01 2022 Neha Agarwal <nehaagarwal@microsoft.com> - 1.14.6-1
 - Update to v1.14.6.
 - Build from .tar.gz source.