packages/pulsar
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

resolve cve-2023-25194

Browse Source
This commit is contained in:
sundapeng 2023-12-06 01:40:36 +00:00
parent fe8fedc181
commit 6d614184d8
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
0011-CVE-2023-25194.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/pom.xml b/pom.xml
index c6d4dcc9c7..0cbb930786 100644
--- a/pom.xml
+++ b/pom.xml
@@ -142,7 +142,7 @@ flexible messaging model and an intuitive client API.</description>
<hbc-core.version>2.2.0</hbc-core.version>
<cassandra-driver-core.version>3.6.0</cassandra-driver-core.version>
<aerospike-client.version>4.4.20</aerospike-client.version>
- <kafka-client.version>2.7.2</kafka-client.version>
+ <kafka-client.version>3.4.0</kafka-client.version>
<rabbitmq-client.version>5.1.1</rabbitmq-client.version>
<aws-sdk.version>1.12.262</aws-sdk.version>
<avro.version>1.10.2</avro.version>

6
pulsar.spec
View File

@ -1,6 +1,6 @@
%define debug_package %{nil}
%define pulsar_ver 2.10.4
%define pkg_ver 10
%define pkg_ver 11
%define _prefix /opt/pulsar
Summary: Cloud-Native, Distributed Messaging and Streaming
Name: pulsar
@ -20,6 +20,7 @@ Patch0007: 0007-CVE-2022-1471.patch
Patch0008: 0008-CVE-2023-26048.patch
Patch0009: 0009-CVE-2022-24329.patch
Patch0010: 0010-CVE-2022-22970.patch
Patch0011: 0011-CVE-2023-25194.patch
BuildRoot: /root/rpmbuild/BUILDROOT/
BuildRequires: java-1.8.0-openjdk-devel,maven,systemd
Requires: java-1.8.0-openjdk,systemd
@ -42,6 +43,7 @@ Pulsar is a distributed pub-sub messaging platform with a very flexible messagin
%patch0008 -p1
%patch0009 -p1
%patch0010 -p1
%patch0011 -p1
%build
mvn clean install -Pcore-modules,-main -DskipTests
@ -67,6 +69,8 @@ getent passwd pulsar >/dev/null || useradd -r -g pulsar -d / -s /sbin/nologin pu
exit 0
%changelog
* Wed Dec 6 2023 Dapeng Sun <sundapeng@cmss.chinamobile.com> - 2.10.4-11
- resolve cve-2023-25194
* Wed Dec 6 2023 Dapeng Sun <sundapeng@cmss.chinamobile.com> - 2.10.4-10
- resolve cve-2022-22970
* Mon Dec 5 2023 Dapeng Sun <sundapeng@cmss.chinamobile.com> - 2.10.4-9