packages/kafka
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!43 [sec] Resolve CVE-2023-34455

Browse Source 
From: @sundapeng001 
Reviewed-by: @hu-zongtang 
Signed-off-by: @hu-zongtang
This commit is contained in:
openeuler-ci-bot 2023-09-20 08:00:32 +00:00 committed by Gitee
commit 403569084b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
0003-CVE-2023-34455.patch Normal file
View File

@ -0,0 +1,33 @@
diff --git a/LICENSE-binary b/LICENSE-binary
index 7d885849c6..8f4b455502 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -252,7 +252,7 @@ scala-library-2.13.5
scala-logging_2.13-3.9.2
scala-reflect-2.13.5
scala-java8-compat_2.13-0.9.1
-snappy-java-1.1.8.1
+snappy-java-1.1.10.1
zookeeper-3.5.9
zookeeper-jute-3.5.9
@@ -318,4 +318,4 @@ paranamer-2.8, see: licenses/paranamer-BSD-3-clause
Do What The F*ck You Want To Public License
see: licenses/DWTFYWTPL
-reflections-0.9.12
\ No newline at end of file
+reflections-0.9.12
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 8dcf7af2f2..4565ef664b 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -113,7 +113,7 @@ versions += [
scoveragePlugin: "5.0.0",
shadowPlugin: "6.1.0",
slf4j: "1.7.30",
- snappy: "1.1.8.1",
+ snappy: "1.1.10.1",
spotbugs: "4.1.4",
spotbugsPlugin: "4.6.0",
spotlessPlugin: "5.8.2",

6
kafka.spec
View File

@ -4,7 +4,7 @@
Name: kafka
Version: 2.8.2
Release: 2
Release: 3
Summary: A Distributed Streaming Platform.
License: Apache-2.0
@ -14,6 +14,7 @@ Source2: kafka.service
Source3: gradle-wrapper.jar
Patch0: 0001-adopt-huaweimaven.patch
Patch1: 0002-CVE-2022-41881.patch
Patch2: 0003-CVE-2023-34455.patch
BuildRequires: systemd java-1.8.0-openjdk-devel
Provides: kafka = %{version}
@ -65,6 +66,9 @@ cp -pr licenses/* $RPM_BUILD_ROOT%{kafka_home}/licenses
rm -rf %{buildroot}
%changelog
* Fri Sep 1 2023 sundapeng <sundapeng_yewu@cmss.chinamobile.com> - 2.8.2-3
- fix CVE-2023-34455.patch
* Wed Aug 30 2023 sundapeng <sundapeng_yewu@cmss.chinamobile.com> - 2.8.2-2
- fix CVE-2022-41881