Upgrade vitess to v17.0.7 to fix CVE-2024-32886 (#9374)

Author: Sumynwa

SPECS/vitess/CVE-2023-44487.patch

@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "vitess-16.0.2-vendor.tar.gz": "86cb3d667cef20d65bd122d47f71271a3cb7163a1e474dd1feba17674435ce2e",
-  "vitess-16.0.2.tar.gz": "89328d683f2694de4ada21c7a815d396a853ad45d39607aca467996678b69e0c"
+  "vitess-17.0.7-vendor.tar.gz": "09f50053dfc4aa2b5caed55a5fabcb9f5b832fabead635797344f74216ae8b76",
+  "vitess-17.0.7.tar.gz": "1838b97ff30b182af576a7bc25bcd54532fcedccffd28778206c20774bb34c10"
  }
 }

SPECS/vitess/CVE-2023-45288.patch

@@ -2,8 +2,8 @@
 %bcond_without check
 
 Name:           vitess
-Version:        16.0.2
-Release:        9%{?dist}
+Version:        17.0.7
+Release:        1%{?dist}
 Summary:        Database clustering system for horizontal scaling of MySQL
 # Upstream license specification: MIT and Apache-2.0
 License:        MIT and ASL 2.0
@@ -26,8 +26,6 @@ Source0:        %{name}-%{version}.tar.gz
 #           -cf %%{name}-%%{version}-vendor.tar.gz vendor
 #
 Source1:        %{name}-%{version}-vendor.tar.gz
-Patch0:         CVE-2023-44487.patch
-Patch1:         CVE-2023-45288.patch
 BuildRequires: golang
 
 %description
@@ -105,6 +103,10 @@ go check -t go/cmd \
 %{_bindir}/*
 
 %changelog
+* Tue Jun 11 2024 Sumedh Sharma <sumsharma@microsoft.com> - 17.0.7-1
+- Bump version to 17.0.7 to address CVE-2024-32886
+- Remove patches already fixed in sources
+
 * Thu Jun 06 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 16.0.2-9
 - Bump release to rebuild with go 1.21.11
 

SPECS/vitess/vitess.signatures.json

@@ -29557,8 +29557,8 @@
         "type": "other",
         "other": {
           "name": "vitess",
-          "version": "16.0.2",
-          "downloadUrl": "https://github.com/vitessio/vitess/archive/refs/tags/v16.0.2.tar.gz"
+          "version": "17.0.7",
+          "downloadUrl": "https://github.com/vitessio/vitess/archive/refs/tags/v17.0.7.tar.gz"
         }
       }
     },