!19 Rebuild to fix CVE-2023-39326 CVE-2024-24789 CVE-2024-24791

From: @jxy_git 
Reviewed-by: @yangzhao_kl 
Signed-off-by: @yangzhao_kl

add-parameters-to-solve-the-strip.patch

@@ -0,0 +1,34 @@
+From b754346641b7875dc920c26dcf96a7541e5365ba Mon Sep 17 00:00:00 2001
+From: jxy_git <jiangxinyu@kylinos.cn>
+Date: Thu, 7 Sep 2023 16:02:54 +0800
+Subject: [PATCH] add parameters to solve the strip
+
+---
+ .promu.yml | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/.promu.yml b/.promu.yml
+index 45081b8..d586c86 100644
+--- a/.promu.yml
++++ b/.promu.yml
+@@ -10,12 +10,11 @@ build:
+       windows: [static_build]
+     flags: -a
+     ldflags: |
+-        -s
+-        -X github.com/prometheus/common/version.Version={{.Version}}
+-        -X github.com/prometheus/common/version.Revision={{.Revision}}
+-        -X github.com/prometheus/common/version.Branch={{.Branch}}
+-        -X github.com/prometheus/common/version.BuildUser={{user}}@{{host}}
+-        -X github.com/prometheus/common/version.BuildDate={{date "20060102-15:04:05"}}
++        -w -s -extldflags '-Wl,-z,relro -Wl,-z,now -pie' -X github.com/prometheus/common/version.Version={{.Version}}
++        -w -s -extldflags '-Wl,-z,relro -Wl,-z,now -pie' -X github.com/prometheus/common/version.Revision={{.Revision}}
++        -w -s -extldflags '-Wl,-z,relro -Wl,-z,now -pie' -X github.com/prometheus/common/version.Branch={{.Branch}}
++        -w -s -extldflags '-Wl,-z,relro -Wl,-z,now -pie' -X github.com/prometheus/common/version.BuildUser={{user}}@{{host}}
++        -w -s -extldflags '-Wl,-z,relro -Wl,-z,now -pie' -X github.com/prometheus/common/version.BuildDate={{date "20060102-15:04:05"}}
+ tarball:
+     files:
+         - LICENSE
+-- 
+2.41.0
+

promu.spec

@@ -1,35 +1,61 @@
 %define debug_package %{nil}
 
-Name:    promu
-Version: 0.7.0
-Release: 1
-Summary: Prometheus Utility Tool
-License: ASL 2.0
-URL:     https://github.com/prometheus/promu
+Name:           promu
+Version:        0.15.0
+Release:        2
+Summary:        Prometheus Utility Tool
+License:        Apache-2.0
+URL:            https://github.com/prometheus/promu
+Source0:        https://github.com/prometheus/promu/archive/refs/tags/v%{version}.tar.gz#/promu-0.15.0.tar.gz
+# tar -xvf Source0
+# run 'go mod vendor' in it
+# tar -czvf promu-vendor.tar.gz vendor
+Source1:        promu-vendor.tar.gz
+Patch0:         add-parameters-to-solve-the-strip.patch
 
-Source0: https://github.com/prometheus/promu/archive/v%{version}.tar.gz
+BuildRequires:  golang >= 1.14
+BuildRequires:  gcc
 
-BuildRequires: golang >= 1.13
-
-Conflicts: promu
-Provides:  %{name} = %{version}
+Conflicts:      promu
+Provides:       %{name} = %{version}-%{release}
 
 %description
 promu is the utility tool for building and releasing Prometheus projects
 
 %prep
 %setup -q -T -n %{name}-%{version} -b 0
+tar -xzvf %{SOURCE1}
+%patch0 -p1
 
 %build
-GOFLAGS=-mod=vendor make build
+export GOFLAGS="-mod=vendor -buildmode=pie"
+make build
 
 %install
-install -D -m 755 %{name}-%{version} %{buildroot}%{_bindir}/promu
+install -D -m 0755 %{name}-%{version} %{buildroot}%{_bindir}/promu
 
 %files
 %defattr(-,root,root,-)
 %{_bindir}/promu
 
 %changelog
+* Tue Jan 14 2025 jiangxinyu <jiangxinyu@kylinos.cn> - 0.15.0-2
+- Type: CVE
+- CVE: CVE-2023-39326 CVE-2024-24789 CVE-2024-24791
+- SUG: NA
+- DESC: Rebuild to fix CVE-2023-39326 CVE-2024-24789 CVE-2024-24791
+
+* Thu Sep 07 2023 jiangxinyu <jiangxinyu@kylinos.cn> - 0.15.0-1
+- Update package to version 0.15.0
+
+* Wed Jun 14 2023 EastDong <xudong23@iscas.ac.cn> - 0.7.0-4
+- backport to support riscv
+
+* Fri Mar 10 2023 caodongxia <caodongxia@h-partners.com> - 0.7.0-3
+- remove linkmode external
+
+* Fri Mar 03 2023 wangjunqi <wangjunqi@kylinos.cn> - 0.7.0-2
+- add strip and pie
+
 * Wed Dec 16 2020 yangzhao <yangzhao1@kylinos.cn> - 0.7.0-1
 - Init project promu