Fix CVE-2023-46118 for rabbitmq-server (#10626)

bhagyapathak · web-flow · commit ec426a013731 · 2024-11-26T09:45:24.000+05:30
diff --git a/SPECS/rabbitmq-server/generate-rabbitmq-server-tarball.sh b/SPECS/rabbitmq-server/generate-rabbitmq-server-tarball.sh
@@ -12,7 +12,7 @@
 
 # baseline variables for filename and temporary directory to avoid filenme collisions
 TEMP_TARBALL_DIR="TempRabbitmqTarball"
-VENDOR_TARBALL_NAME="rabbitmq-server-hex-vendor-3.11.11"
+VENDOR_TARBALL_NAME="rabbitmq-server-hex-vendor-3.11.24"
 
 #Create Hex Packag arrays and link
 HEX_PM_LINK="https://repo.hex.pm/tarballs"
diff --git a/SPECS/rabbitmq-server/rabbitmq-server.signatures.json b/SPECS/rabbitmq-server/rabbitmq-server.signatures.json
@@ -1,8 +1,8 @@
 {
  "Signatures": {
-  "rabbitmq-server-3.11.11.tar.xz": "0ff32c1b4a5dd28cc8651af28e4a5e7e577bd58119180949d979492b32a90996",
-  "rabbitmq-server-hex-vendor-3.11.11.tar.gz": "f8176440e667f2cead0221ab139079650adcd916ef37396ff41243536b6b3f70",
   "mix_task_archive_deps-1.0.0.ez": "e6079c02cbbb41526ea18e8142a14093094c2f1942865f1cb64fbc4eb6212a48",
-  "rabbitmq-server-hex-cache-3.11.11.tar.gz": "d0e45732afb04dfd3941e8a304dc8b6ff9e5aa73f52c16af2a3f78a967f14708"
+  "rabbitmq-server-3.11.24.tar.xz": "11090580cb8ffedcf40d1c7c4e3dcccf17658237ca8549f51b057ba9e359ab9b",
+  "rabbitmq-server-hex-cache-3.11.24.tar.gz": "f3339bb5e3d1577af325799d16cb260dee8b09daf973665951676c6ab0ca0ec4",
+  "rabbitmq-server-hex-vendor-3.11.24.tar.gz": "f352bbcf85cf696cfda2833aceabdd485ac2e2900e8d4a0ea4d88255d8373252"
  }
-}
+}
diff --git a/SPECS/rabbitmq-server/rabbitmq-server.spec b/SPECS/rabbitmq-server/rabbitmq-server.spec
@@ -1,8 +1,8 @@
 %define  debug_package %{nil}
 Summary:        rabbitmq-server
 Name:           rabbitmq-server
-Version:        3.11.11
-Release:        2%{?dist}
+Version:        3.11.24
+Release:        1%{?dist}
 License:        Apache-2.0 and MPL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -115,6 +115,9 @@ done
 %{_libdir}/rabbitmq/lib/rabbitmq_server-%{version}/*
 
 %changelog
+* Tue Oct 4 2024 Bhagyashri Pathak <bhapathak@microsoft.com> - 3.11.24-1
+- Upgrade version to 3.11.24 to fix CVE-2023-46118
+
 * Wed Jan 17 2024 Harshit Gupta <guptaharshit@microsoft.com> - 3.11.11-2
 - Release bump with no changes to force a rebuild and consume new erlang build
 
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -25414,8 +25414,8 @@
         "type": "other",
         "other": {
           "name": "rabbitmq-server",
-          "version": "3.11.11",
-          "downloadUrl": "https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.11.11/rabbitmq-server-3.11.11.tar.xz"
+          "version": "3.11.24",
+          "downloadUrl": "https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.11.24/rabbitmq-server-3.11.24.tar.xz"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,8 @@`
`1`	`1`	`{`
`2`	`2`	`"Signatures": {`
`3`		`- "rabbitmq-server-3.11.11.tar.xz": "0ff32c1b4a5dd28cc8651af28e4a5e7e577bd58119180949d979492b32a90996",`
`4`		`- "rabbitmq-server-hex-vendor-3.11.11.tar.gz": "f8176440e667f2cead0221ab139079650adcd916ef37396ff41243536b6b3f70",`
`5`	`3`	`"mix_task_archive_deps-1.0.0.ez": "e6079c02cbbb41526ea18e8142a14093094c2f1942865f1cb64fbc4eb6212a48",`
`6`		`- "rabbitmq-server-hex-cache-3.11.11.tar.gz": "d0e45732afb04dfd3941e8a304dc8b6ff9e5aa73f52c16af2a3f78a967f14708"`
	`4`	`+ "rabbitmq-server-3.11.24.tar.xz": "11090580cb8ffedcf40d1c7c4e3dcccf17658237ca8549f51b057ba9e359ab9b",`
	`5`	`+ "rabbitmq-server-hex-cache-3.11.24.tar.gz": "f3339bb5e3d1577af325799d16cb260dee8b09daf973665951676c6ab0ca0ec4",`
	`6`	`+ "rabbitmq-server-hex-vendor-3.11.24.tar.gz": "f352bbcf85cf696cfda2833aceabdd485ac2e2900e8d4a0ea4d88255d8373252"`
`7`	`7`	`}`
`8`		`-}`
	`8`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -25414,8 +25414,8 @@`
`25414`	`25414`	`"type": "other",`
`25415`	`25415`	`"other": {`
`25416`	`25416`	`"name": "rabbitmq-server",`
`25417`		`- "version": "3.11.11",`
`25418`		`- "downloadUrl": "https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.11.11/rabbitmq-server-3.11.11.tar.xz"`
	`25417`	`+ "version": "3.11.24",`
	`25418`	`+ "downloadUrl": "https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.11.24/rabbitmq-server-3.11.24.tar.xz"`
`25419`	`25419`	`}`
`25420`	`25420`	`}`
`25421`	`25421`	`},`