Upgrade azcopy to 10.24.0 to fix multiple security issues (#9185)

realsdx · web-flow · commit c5f4ef7e9b41 · 2024-05-22T17:21:05.000+05:30
diff --git a/SPECS/azcopy/CVE-2023-44487.patch b/SPECS/azcopy/CVE-2023-44487.patch
diff --git a/SPECS/azcopy/azcopy.signatures.json b/SPECS/azcopy/azcopy.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "azure-storage-azcopy-10.15.0.tar.gz": "f850ee5f3d45d3769d9929a98abc3d2b997e90ad4fd6dc49a487b248e6e8d78c",
-  "azure-storage-azcopy-10.15.0-vendor.tar.gz": "bf1719f4db07dc4b5102ecde72a85fa646fe85730a506d635cb3c4e49e8b162b"
+  "azure-storage-azcopy-10.24.0-vendor.tar.gz": "b0b0436e8e8aa280007d2daf5cb1ea06346d54e070062042c792a9fbd110e690",
+  "azure-storage-azcopy-10.24.0.tar.gz": "bbb09bee00207eb6e6e80a3ecf58ac39beb956c94f500b62888ed3404580430d"
  }
 }
diff --git a/SPECS/azcopy/azcopy.spec b/SPECS/azcopy/azcopy.spec
@@ -1,7 +1,7 @@
 Summary:        The new Azure Storage data transfer utility - AzCopy v10
 Name:           azcopy
-Version:        10.15.0
-Release:        15%{?dist}
+Version:        10.24.0
+Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -27,9 +27,8 @@ Source0:        https://github.com/Azure/azure-storage-azcopy/archive/refs/tags/
 #         See: https://reproducible-builds.org/docs/archives/
 #       - For the value of "--mtime" use the date "2021-04-26 00:00Z" to simplify future updates.
 Source1:        azure-storage-%{name}-%{version}-vendor.tar.gz
-Patch0:         CVE-2023-44487.patch
 
-BuildRequires:  golang >= 1.17.9
+BuildRequires:  golang >= 1.19
 BuildRequires:  git
 %global debug_package %{nil}
 %define our_gopath %{_topdir}/.gopath
@@ -64,6 +63,9 @@ go test -mod=vendor
 %{_bindir}/azcopy
 
 %changelog
+* Thu May 20 2024 Sudipta Pandit <sudpandit@microsoft.com> - 10.24.0-1
+- Bump version to address multiple security issues.
+
 * Thu Feb 01 2024 Daniel McIlvaney <damcilva@microsoft.com> - 10.15.0-15
 - Address CVE-2023-44487 by patching vendored golang.org/x/net
 
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -855,8 +855,8 @@
         "type": "other",
         "other": {
           "name": "azcopy",
-          "version": "10.15.0",
-          "downloadUrl": "https://github.com/Azure/azure-storage-azcopy/archive/refs/tags/v10.15.0.tar.gz"
+          "version": "10.24.0",
+          "downloadUrl": "https://github.com/Azure/azure-storage-azcopy/archive/refs/tags/v10.24.0.tar.gz"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"Signatures": {`
`3`		`- "azure-storage-azcopy-10.15.0.tar.gz": "f850ee5f3d45d3769d9929a98abc3d2b997e90ad4fd6dc49a487b248e6e8d78c",`
`4`		`- "azure-storage-azcopy-10.15.0-vendor.tar.gz": "bf1719f4db07dc4b5102ecde72a85fa646fe85730a506d635cb3c4e49e8b162b"`
	`3`	`+ "azure-storage-azcopy-10.24.0-vendor.tar.gz": "b0b0436e8e8aa280007d2daf5cb1ea06346d54e070062042c792a9fbd110e690",`
	`4`	`+ "azure-storage-azcopy-10.24.0.tar.gz": "bbb09bee00207eb6e6e80a3ecf58ac39beb956c94f500b62888ed3404580430d"`
`5`	`5`	`}`
`6`	`6`	`}`
Original file line number	Diff line number	Diff line change
`@@ -855,8 +855,8 @@`
`855`	`855`	`"type": "other",`
`856`	`856`	`"other": {`
`857`	`857`	`"name": "azcopy",`
`858`		`- "version": "10.15.0",`
`859`		`- "downloadUrl": "https://github.com/Azure/azure-storage-azcopy/archive/refs/tags/v10.15.0.tar.gz"`
	`858`	`+ "version": "10.24.0",`
	`859`	`+ "downloadUrl": "https://github.com/Azure/azure-storage-azcopy/archive/refs/tags/v10.24.0.tar.gz"`
`860`	`860`	`}`
`861`	`861`	`}`
`862`	`862`	`},`