resolve CVE-2022-1471
This commit is contained in:
sundapeng
parent
e54f6a5531
commit
6b14131efa
43
0007-CVE-2022-1471.patch
Normal file
43
0007-CVE-2022-1471.patch
Normal file
@ -0,0 +1,43 @@
|
||||
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
|
||||
index a413803445..996cb16751 100644
|
||||
--- a/distribution/server/src/assemble/LICENSE.bin.txt
|
||||
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
|
||||
@@ -334,9 +334,9 @@ The Apache Software License, Version 2.0
|
||||
* J2ObjC Annotations -- com.google.j2objc-j2objc-annotations-1.3.jar
|
||||
* Netty Reactive Streams -- com.typesafe.netty-netty-reactive-streams-2.0.6.jar
|
||||
* Swagger
|
||||
- - io.swagger-swagger-annotations-1.6.2.jar
|
||||
- - io.swagger-swagger-core-1.6.2.jar
|
||||
- - io.swagger-swagger-models-1.6.2.jar
|
||||
+ - io.swagger-swagger-annotations-1.6.10.jar
|
||||
+ - io.swagger-swagger-core-1.6.10.jar
|
||||
+ - io.swagger-swagger-models-1.6.10.jar
|
||||
* DataSketches
|
||||
- com.yahoo.datasketches-memory-0.8.3.jar
|
||||
- com.yahoo.datasketches-sketches-core-0.8.3.jar
|
||||
diff --git a/pom.xml b/pom.xml
|
||||
index 0e841b4ab5..81cf8b6b7c 100644
|
||||
--- a/pom.xml
|
||||
+++ b/pom.xml
|
||||
@@ -126,7 +126,7 @@ flexible messaging model and an intuitive client API.</description>
|
||||
<bouncycastlefips.version>1.0.2</bouncycastlefips.version>
|
||||
<jackson.version>2.13.4.20221013</jackson.version>
|
||||
<reflections.version>0.9.11</reflections.version>
|
||||
- <swagger.version>1.6.2</swagger.version>
|
||||
+ <swagger.version>1.6.10</swagger.version>
|
||||
<puppycrawl.checkstyle.version>8.37</puppycrawl.checkstyle.version>
|
||||
<dockerfile-maven.version>1.4.13</dockerfile-maven.version>
|
||||
<typetools.version>0.5.0</typetools.version>
|
||||
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
|
||||
index dae80a80ec..8716eec69c 100644
|
||||
--- a/pulsar-sql/presto-distribution/LICENSE
|
||||
+++ b/pulsar-sql/presto-distribution/LICENSE
|
||||
@@ -475,7 +475,7 @@ The Apache Software License, Version 2.0
|
||||
* Apache Yetus Audience Annotations
|
||||
- audience-annotations-0.5.0.jar
|
||||
* Swagger
|
||||
- - swagger-annotations-1.6.2.jar
|
||||
+ - swagger-annotations-1.6.10.jar
|
||||
* Perfmark
|
||||
- perfmark-api-0.19.0.jar
|
||||
* Annotations
|
||||
@ -1,6 +1,6 @@
|
||||
%define debug_package %{nil}
|
||||
%define pulsar_ver 2.10.4
|
||||
%define pkg_ver 6
|
||||
%define pkg_ver 7
|
||||
%define _prefix /opt/pulsar
|
||||
Summary: Cloud-Native, Distributed Messaging and Streaming
|
||||
Name: pulsar
|
||||
@ -16,6 +16,7 @@ Patch0003: 0003-CVE-2023-2976.patch
|
||||
Patch0004: 0004-netty-to-4.1.89.patch
|
||||
Patch0005: 0005-cve-2023-34455.patch
|
||||
Patch0006: 0006-fix-memory-leak.patch
|
||||
Patch0007: 0007-CVE-2022-1471.patch
|
||||
BuildRoot: /root/rpmbuild/BUILDROOT/
|
||||
BuildRequires: java-1.8.0-openjdk-devel,maven,systemd
|
||||
Requires: java-1.8.0-openjdk,systemd
|
||||
@ -59,6 +60,8 @@ getent passwd pulsar >/dev/null || useradd -r -g pulsar -d / -s /sbin/nologin pu
|
||||
exit 0
|
||||
|
||||
%changelog
|
||||
* Mon Dec 4 2023 Dapeng Sun <sundapeng@cmss.chinamobile.com> - 2.10.4-7
|
||||
- resolve cve-2022-1471
|
||||
* Fri Dec 1 2023 Dapeng Sun <sundapeng@cmss.chinamobile.com> - 2.10.4-6
|
||||
- fix memory leak
|
||||
* Fri Dec 1 2023 Dapeng Sun <sundapeng@cmss.chinamobile.com> - 2.10.4-5
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user