packages/avro
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-39410

Browse Source 
(cherry picked from commit 55447a7f1c0f3e5c91724df9a581222e52c15739)
This commit is contained in:
wk333 2024-07-02 16:34:40 +08:00 committed by openeuler-sync-bot
parent 435d5119f3
commit 1d1456bffb
2 changed files with 1629 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1623
CVE-2023-39410.patch Normal file
View File

File diff suppressed because it is too large Load Diff

8
avro.spec
View File

@ -3,7 +3,7 @@
Name: avro
Version: 1.10.2
Release: 4
Release: 5
Summary: Data serialization system
License: Apache-2.0
URL: http://avro.apache.org
@ -11,7 +11,8 @@ URL: http://avro.apache.org
Source0: https://github.com/apache/avro/archive/refs/tags/release-1.10.2.tar.gz
# file xmvn-reactor required by mvn_install to specify which jar package should be put in rpm
Source1: xmvn-reactor
Patch0: CVE-2021-43045.patch
Patch3000: CVE-2021-43045.patch
Patch3001: CVE-2023-39410.patch
ExclusiveArch: aarch64 x86_64
@ -110,6 +111,9 @@ install -m 0755 lang/java/tools/target/avro-tools-1.10.2-nodeps.jar %{buildroot}
%{_datadir}/java/avro/avro-tools-nodeps.jar
%changelog
* Tue Jul 02 2024 wangkai <13474090681@163.com> - 1.10.2-5
- Fix CVE-2023-39410
* Tue Dec 19 2023 wangkai <13474090681@163.com> - 1.10.2-4
- Fix CVE-2021-43045