[AUTO-CHERRYPICK] Patched `telegraf` CVE-2023-46129. - branch main (#6743)
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
This commit is contained in:
CBL-Mariner-Bot
GitHub
Родитель
1a5f33330a
Коммит
b7cac8052e
|
|
@ -0,0 +1,91 @@
|
|||
diff --git a/go.mod b/go.mod
|
||||
index 7b45578..e05c8f1 100644
|
||||
--- a/go.mod
|
||||
+++ b/go.mod
|
||||
@@ -184,14 +184,14 @@ require (
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.39.0
|
||||
go.opentelemetry.io/otel/sdk/metric v0.39.0
|
||||
go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd
|
||||
- golang.org/x/crypto v0.12.0
|
||||
+ golang.org/x/crypto v0.14.0
|
||||
golang.org/x/mod v0.11.0
|
||||
golang.org/x/net v0.14.0
|
||||
golang.org/x/oauth2 v0.11.0
|
||||
golang.org/x/sync v0.3.0
|
||||
- golang.org/x/sys v0.11.0
|
||||
- golang.org/x/term v0.11.0
|
||||
- golang.org/x/text v0.12.0
|
||||
+ golang.org/x/sys v0.13.0
|
||||
+ golang.org/x/term v0.13.0
|
||||
+ golang.org/x/text v0.13.0
|
||||
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20211230205640-daad0b7ba671
|
||||
gonum.org/v1/gonum v0.13.0
|
||||
google.golang.org/api v0.134.0
|
||||
@@ -383,7 +383,7 @@ require (
|
||||
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
|
||||
github.com/naoina/go-stringutil v0.1.0 // indirect
|
||||
github.com/nats-io/jwt/v2 v2.3.0 // indirect
|
||||
- github.com/nats-io/nkeys v0.4.4 // indirect
|
||||
+ github.com/nats-io/nkeys v0.4.6 // indirect
|
||||
github.com/nats-io/nuid v1.0.1 // indirect
|
||||
github.com/open-telemetry/opentelemetry-collector-contrib/pkg/pdatautil v0.79.0 // indirect
|
||||
github.com/opencontainers/go-digest v1.0.0 // indirect
|
||||
diff --git a/go.sum b/go.sum
|
||||
index 8bcea7f..edf3819 100644
|
||||
--- a/go.sum
|
||||
+++ b/go.sum
|
||||
@@ -1161,8 +1161,8 @@ github.com/nats-io/nats-server/v2 v2.9.9/go.mod h1:AB6hAnGZDlYfqb7CTAm66ZKMZy9Dp
|
||||
github.com/nats-io/nats.go v1.27.0 h1:3o9fsPhmoKm+yK7rekH2GtWoE+D9jFbw8N3/ayI1C00=
|
||||
github.com/nats-io/nats.go v1.27.0/go.mod h1:XpbWUlOElGwTYbMR7imivs7jJj9GtK7ypv321Wp6pjc=
|
||||
github.com/nats-io/nkeys v0.3.0/go.mod h1:gvUNGjVcM2IPr5rCsRsC6Wb3Hr2CQAm08dsxtV6A5y4=
|
||||
-github.com/nats-io/nkeys v0.4.4 h1:xvBJ8d69TznjcQl9t6//Q5xXuVhyYiSos6RPtvQNTwA=
|
||||
-github.com/nats-io/nkeys v0.4.4/go.mod h1:XUkxdLPTufzlihbamfzQ7mw/VGx6ObUs+0bN5sNvt64=
|
||||
+github.com/nats-io/nkeys v0.4.6 h1:IzVe95ru2CT6ta874rt9saQRkWfe2nFj1NtvYSLqMzY=
|
||||
+github.com/nats-io/nkeys v0.4.6/go.mod h1:4DxZNzenSVd1cYQoAa8948QY3QDjrHfcfVADymtkpts=
|
||||
github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
|
||||
github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
|
||||
github.com/netsampler/goflow2 v1.3.3 h1:uheCMgWwbaHnVdsvc2bqbdQe93E73pVF77WGu/kPE7U=
|
||||
@@ -1620,8 +1620,8 @@ golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58
|
||||
golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
|
||||
golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
|
||||
golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
|
||||
-golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
|
||||
-golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
|
||||
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
|
||||
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
|
||||
@@ -1869,8 +1869,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
-golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
|
||||
-golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
|
||||
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
@@ -1881,8 +1881,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
|
||||
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
|
||||
golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
|
||||
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
|
||||
-golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
|
||||
-golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
|
||||
+golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
|
||||
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
|
||||
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
@@ -1898,8 +1898,8 @@ golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
|
||||
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
|
||||
-golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
|
||||
-golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
|
||||
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
|
||||
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
|
||||
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
diff -ruN telegraf-1.21.2-a/plugins/inputs/procstat/process.go telegraf-1.21.2-b/plugins/inputs/procstat/process.go
|
||||
--- telegraf-1.21.2-a/plugins/inputs/procstat/process.go 2022-01-31 16:47:42.447035252 -0800
|
||||
+++ telegraf-1.21.2-b/plugins/inputs/procstat/process.go 2022-01-31 16:49:30.036424290 -0800
|
||||
@@ -26,6 +26,7 @@
|
||||
RlimitUsage(bool) ([]process.RlimitStat, error)
|
||||
Username() (string, error)
|
||||
CreateTime() (int64, error)
|
||||
+ MemoryMaps(bool) (*[]process.MemoryMapsStat, error)
|
||||
Ppid() (int32, error)
|
||||
}
|
||||
|
||||
diff -ruN telegraf-1.21.2-a/plugins/inputs/procstat/procstat.go telegraf-1.21.2-b/plugins/inputs/procstat/procstat.go
|
||||
--- telegraf-1.21.2-a/plugins/inputs/procstat/procstat.go 2022-01-31 16:47:42.447035252 -0800
|
||||
+++ telegraf-1.21.2-b/plugins/inputs/procstat/procstat.go 2022-01-31 16:54:10.684079205 -0800
|
||||
@@ -289,6 +289,14 @@
|
||||
fields[prefix+"memory_locked"] = mem.Locked
|
||||
}
|
||||
|
||||
+ memMaps, err := proc.MemoryMaps(true)
|
||||
+ if err == nil {
|
||||
+ fields[prefix+"memory_maps_shared_dirty"] = (*memMaps)[0].SharedDirty
|
||||
+ fields[prefix+"memory_maps_shared_clean"] = (*memMaps)[0].SharedClean
|
||||
+ fields[prefix+"memory_maps_private_dirty"] = (*memMaps)[0].PrivateDirty
|
||||
+ fields[prefix+"memory_maps_private_clean"] = (*memMaps)[0].PrivateClean
|
||||
+ }
|
||||
+
|
||||
memPerc, err := proc.MemoryPercent()
|
||||
if err == nil {
|
||||
fields[prefix+"memory_usage"] = memPerc
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"telegraf-1.27.3.tar.gz": "da4bc911483ff90f8c2c6ab230fcf329eea094baba423b55c9196b3214f3847a",
|
||||
"telegraf-1.27.3-vendor.tar.gz": "8896d41bc462d529503c4d0af9e56b4bf042cc13631120e1422f4c95a5438249"
|
||||
"telegraf-1.27.4.tar.gz": "bae1e7e9399e3dd3d10de8dea6ba4112f884d3192f6ca9eda79bb3cb5702118a",
|
||||
"telegraf-1.27.4-vendor.tar.gz": "beb0dd120e65d019ce0912ebddb7c3ba9154a863c2336b9b265cb172a16db69d"
|
||||
}
|
||||
}
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
Summary: agent for collecting, processing, aggregating, and writing metrics.
|
||||
Name: telegraf
|
||||
Version: 1.27.3
|
||||
Release: 4%{?dist}
|
||||
Version: 1.27.4
|
||||
Release: 1%{?dist}
|
||||
License: MIT
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
|
@ -10,9 +10,11 @@ URL: https://github.com/influxdata/telegraf
|
|||
Source0: %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
||||
# Use the generate_source_tarbbal.sh script to get the vendored sources.
|
||||
Source1: %{name}-%{version}-vendor.tar.gz
|
||||
Patch0: add-extra-metrics.patch
|
||||
Patch0: CVE-2023-46129.patch
|
||||
|
||||
BuildRequires: golang
|
||||
BuildRequires: systemd-devel
|
||||
|
||||
Requires: logrotate
|
||||
Requires: procps-ng
|
||||
Requires: shadow-utils
|
||||
|
|
@ -75,6 +77,11 @@ fi
|
|||
%dir %{_sysconfdir}/%{name}/telegraf.d
|
||||
|
||||
%changelog
|
||||
* Thu Nov 09 2023 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.27.4-1
|
||||
- Backporting patch for CVE-2023-46129.
|
||||
- Updating to version 1.27.4.
|
||||
- Removed invalid, outdated patch.
|
||||
|
||||
* Mon Oct 16 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.27.3-4
|
||||
- Bump release to rebuild with go 1.20.10
|
||||
|
||||
|
|
|
|||
|
|
@ -28577,8 +28577,8 @@
|
|||
"type": "other",
|
||||
"other": {
|
||||
"name": "telegraf",
|
||||
"version": "1.27.3",
|
||||
"downloadUrl": "https://github.com/influxdata/telegraf/archive/v1.27.3.tar.gz"
|
||||
"version": "1.27.4",
|
||||
"downloadUrl": "https://github.com/influxdata/telegraf/archive/v1.27.4.tar.gz"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче