diff --git a/CVE-2019-17195.patch b/CVE-2019-17195.patch deleted file mode 100644 index cc0f8ba97f97ceb4b10265bc477af3f62e8cb700..0000000000000000000000000000000000000000 --- a/CVE-2019-17195.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 26367b6cc7300e96963faff53a68552d13942804 Mon Sep 17 00:00:00 2001 -From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> -Date: Mon, 9 Dec 2019 10:14:44 +0900 -Subject: [PATCH] Bump nimbus-jose-jwt from 4.41.1 to 7.9 (#1682) - -Bumps [nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt) from 4.41.1 to 7.9. -- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt) -- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/7.9..4.41.1) - -Signed-off-by: dependabot[bot] -(cherry picked from commit c1d393a1567cac1bcf71e2e5f252cddffa0f97cc) ---- - hadoop-project/pom.xml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml -index ad9c2138fb6c7..f83b74c2469b0 100644 ---- a/hadoop-project/pom.xml -+++ b/hadoop-project/pom.xml -@@ -1329,7 +1329,7 @@ - - com.nimbusds - nimbus-jose-jwt -- 4.41.1 -+ 7.9 - compile - - diff --git a/CVE-2020-9492.patch b/CVE-2020-9492.patch deleted file mode 100644 index 43cb4e4f3ece602d373d35663904f350daac12d2..0000000000000000000000000000000000000000 --- a/CVE-2020-9492.patch +++ /dev/null @@ -1,53 +0,0 @@ -From c5ed4ec13dcc2e3bf6e7033ebfe9f5c9508e9236 Mon Sep 17 00:00:00 2001 -From: Eric Yang -Date: Mon, 15 Jun 2020 10:55:26 +0900 -Subject: [PATCH] SPNEGO TLS verification - -Signed-off-by: Akira Ajisaka ---- - .../org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java b/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java -index b316bf1..b34ce82 100644 ---- a/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java -+++ b/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java -@@ -144,6 +144,7 @@ public class WebHdfsFileSystem extends FileSystem - + "/v" + VERSION; - public static final String EZ_HEADER = "X-Hadoop-Accept-EZ"; - public static final String FEFINFO_HEADER = "X-Hadoop-feInfo"; -+ public static final String DFS_HTTP_POLICY_KEY = "dfs.http.policy"; - - /** - * Default connection factory may be overridden in tests to use smaller -@@ -172,6 +173,7 @@ public class WebHdfsFileSystem extends FileSystem - - private DFSOpsCountStatistics storageStatistics; - private KeyProvider testProvider; -+ private boolean isTLSKrb; - - /** - * Return the protocol scheme for the FileSystem. -@@ -233,6 +235,7 @@ public class WebHdfsFileSystem extends FileSystem - .newDefaultURLConnectionFactory(connectTimeout, readTimeout, conf); - } - -+ this.isTLSKrb = "HTTPS_ONLY".equals(conf.get(DFS_HTTP_POLICY_KEY)); - - ugi = UserGroupInformation.getCurrentUser(); - this.uri = URI.create(uri.getScheme() + "://" + uri.getAuthority()); -@@ -683,6 +686,11 @@ public class WebHdfsFileSystem extends FileSystem - //redirect hostname and port - redirectHost = null; - -+ if (url.getProtocol().equals("http") && -+ UserGroupInformation.isSecurityEnabled() && -+ isTLSKrb) { -+ throw new IOException("Access denied: dfs.http.policy is HTTPS_ONLY."); -+ } - - // resolve redirects for a DN operation unless already resolved - if (op.getRedirect() && !redirected) { --- -2.23.0 - diff --git a/hadoop-3.2.1-src.tar.gz b/hadoop-3.3.3-src.tar.gz similarity index 70% rename from hadoop-3.2.1-src.tar.gz rename to hadoop-3.3.3-src.tar.gz index 697c17d921fd03f9d9e3c7f48c05536365ff0cd7..fe1a6bf1b007581590d9375d219a28116a18c732 100644 Binary files a/hadoop-3.2.1-src.tar.gz and b/hadoop-3.3.3-src.tar.gz differ diff --git a/hadoop.spec b/hadoop.spec index b370df4abfc11c1c827ffac6a4d338a0a9eee8e5..84aef22b45a11270711db57177325d6b8d8dc9c3 100644 --- a/hadoop.spec +++ b/hadoop.spec @@ -10,8 +10,8 @@ %global __provides_exclude_from ^%{_libdir}/%{name}/.*$ %define _binaries_in_noarch_packages_terminate_build 0 Name: hadoop -Version: 3.2.1 -Release: 12 +Version: 3.3.3 +Release: 1 Summary: A software platform for processing vast amounts of data # The BSD license file is missing # https://issues.apache.org/jira/browse/HADOOP-9849 @@ -31,13 +31,15 @@ Source10: %{name}-core-site.xml Source11: %{name}-hdfs-site.xml Source12: %{name}-mapred-site.xml Source13: %{name}-yarn-site.xml -Patch0: CVE-2020-9492.patch -Patch1: CVE-2019-17195.patch +Source14: yarn-v1.22.5.tar.gz +Source15: node-12.22.1-linux-x64.tar.gz +Source16: node-v12.22.1-linux-arm64.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: java-1.8.0-openjdk-devel maven hostname maven-local tomcat cmake snappy openssl-devel BuildRequires: cyrus-sasl-devel chrpath systemd protobuf2-compiler protobuf2-devel protobuf2-java protobuf2 BuildRequires: leveldbjni leveldb-java hawtjni-runtime gcc-c++ +BuildRequires: npm chrpath Requires: java-1.8.0-openjdk protobuf2-java apache-zookeeper %description @@ -246,6 +248,18 @@ mvn install:install-file -DgroupId=org.iq80.leveldb -DartifactId=leveldb-benchma mvn install:install-file -DgroupId=org.iq80.leveldb -DartifactId=leveldb -Dversion=0.7 -Dpackaging=jar -Dfile=/usr/share/java/leveldb-java/leveldb.jar mvn install:install-file -DgroupId=orn.fusesource.hawtjni -DartifactId=hawtjni-runtime -Dversion=1.16 -Dpackaging=jar -Dfile=/usr/lib/java/hawtjni/hawtjni-runtime.jar +mkdir -p /home/abuild/.m2/repository/com/github/eirslett/node/12.22.1/ +cp %{SOURCE15} /home/abuild/.m2/repository/com/github/eirslett/node/12.22.1/ +cp %{SOURCE16} /home/abuild/.m2/repository/com/github/eirslett/node/12.22.1/ +mv /home/abuild/.m2/repository/com/github/eirslett/node/12.22.1/node-v12.22.1-linux-arm64.tar.gz /home/abuild/.m2/repository/com/github/eirslett/node/12.22.1/node-12.22.1-linux-arm64.tar.gz +mkdir -p /home/abuild/.m2/repository/com/github/eirslett/yarn/1.22.5/ +cp %{SOURCE14} /home/abuild/.m2/repository/com/github/eirslett/yarn/1.22.5/ +mv /home/abuild/.m2/repository/com/github/eirslett/yarn/1.22.5/yarn-v1.22.5.tar.gz /home/abuild/.m2/repository/com/github/eirslett/yarn/1.22.5/yarn-1.22.5.tar.gz +tar -xzvf /home/abuild/.m2/repository/com/github/eirslett/yarn/1.22.5/yarn-1.22.5.tar.gz -C /home/abuild/.m2/repository/com/github/eirslett/yarn/1.22.5/ +npm config set registry https://repo.huaweicloud.com/repository/npm/ +npm cache clean -f +/home/abuild/.m2/repository/com/github/eirslett/yarn/1.22.5/yarn-v1.22.5/bin/yarn config set registry https://repo.huaweicloud.com/repository/npm/ -g + %pom_add_dep org.iq80.leveldb:leveldb-api:0.7 hadoop-hdfs-project/hadoop-hdfs %pom_add_dep org.iq80.leveldb:leveldb-api:0.7 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy %pom_add_dep org.iq80.leveldb:leveldb-api:0.7 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice @@ -294,7 +308,7 @@ mvn install:install-file -DgroupId=orn.fusesource.hawtjni -DartifactId=hawtjni-r %mvn_file :%{name}-common::tests: %{name}/%{name}-common %build -mvn -Dsnappy.lib=/usr/lib64 -Dbundle.snappy -Dcontainer-executor.conf.dir=%{_sysconfdir}/%{name} -Pdist,native -DskipTests -DskipIT -Dmaven.javadoc.skip=true package +mvn clean -Dsnappy.lib=/usr/lib64 -Dbundle.snappy -Dcontainer-executor.conf.dir=%{_sysconfdir}/%{name} -Pdist,native -DskipTests -DskipIT -Dmaven.javadoc.skip=true package %install # Copy all jar files except those generated by the build @@ -312,7 +326,7 @@ link_hadoop_jars() { for f in `ls hadoop-* | grep -v tests | grep -v examples` do - n=`echo $f | sed "s/-%{version}//"` + n=`echo $f | sed -e "s/-%{version}//" -e "s/1.1.1//"` if [ -L $1/$n ] then continue @@ -559,8 +573,8 @@ install -m 0755 %{name}-tools/%{name}-tools-dist/target/hadoop-tools-dist-%{vers echo %{_datadir}/java/%{name}/hadoop-tools-dist-tests.jar >> .mfiles-hadoop-tests install -m 0755 %{name}-yarn-project/%{name}-yarn/%{name}-yarn-common/target/hadoop-yarn-common-%{version}-tests.jar %{buildroot}%{_datadir}/java/%{name}/hadoop-yarn-common-tests.jar echo %{_datadir}/java/%{name}/hadoop-yarn-common-tests.jar >> .mfiles-hadoop-tests -install -m 0755 %{name}-yarn-project/%{name}-yarn/%{name}-yarn-registry/target/hadoop-yarn-registry-%{version}-tests.jar %{buildroot}%{_datadir}/java/%{name}/hadoop-yarn-registry-tests.jar -echo %{_datadir}/java/%{name}/hadoop-yarn-registry-tests.jar >> .mfiles-hadoop-tests +#install -m 0755 %{name}-yarn-project/%{name}-yarn/%{name}-yarn-registry/target/hadoop-yarn-registry-%{version}-test-sources.jar %{buildroot}%{_datadir}/java/%{name}/hadoop-yarn-registry-test-sources.jar +#echo %{_datadir}/java/%{name}/hadoop-yarn-registry-test-sources.jar >> .mfiles-hadoop-test-sources install -m 0755 %{name}-yarn-project/%{name}-yarn/%{name}-yarn-server/%{name}-yarn-server-resourcemanager/target/hadoop-yarn-server-resourcemanager-%{version}-tests.jar %{buildroot}%{_datadir}/java/%{name}/hadoop-yarn-server-resourcemanager-tests.jar echo %{_datadir}/java/%{name}/hadoop-yarn-server-resourcemanager-tests.jar >> .mfiles-hadoop-tests install -m 0755 %{name}-yarn-project/%{name}-yarn/%{name}-yarn-server/%{name}-yarn-server-sharedcachemanager/target/hadoop-yarn-server-sharedcachemanager-%{version}-tests.jar %{buildroot}%{_datadir}/java/%{name}/hadoop-yarn-server-sharedcachemanager-tests.jar @@ -890,6 +904,9 @@ sed -i "s|{|%{_var}/log/hadoop-hdfs/*.audit\n{|" %{buildroot}%{_sysconfdir}/logr # hdfs init script install -m 755 %{SOURCE8} %{buildroot}%{_sbindir} +chrpath -d %{buildroot}%{_bindir}/container-executor +chrpath -d %{buildroot}%{_bindir}/test-container-executor + %pretrans -p hdfs path = "%{_datadir}/%{name}/hdfs/webapps" st = posix.stat(path) @@ -1047,7 +1064,6 @@ fi %config(noreplace) %{_sysconfdir}/sysconfig/tomcat@httpfs %config(noreplace) %{_sysconfdir}/%{name}/httpfs-env.sh %config(noreplace) %{_sysconfdir}/%{name}/httpfs-log4j.properties -%config(noreplace) %{_sysconfdir}/%{name}/httpfs-signature.secret %config(noreplace) %{_sysconfdir}/%{name}/httpfs-site.xml %attr(-,tomcat,tomcat) %config(noreplace) %{_sysconfdir}/%{name}/tomcat/*.* %attr(0775,root,tomcat) %dir %{_sysconfdir}/%{name}/tomcat @@ -1110,6 +1126,11 @@ fi %config(noreplace) %{_sysconfdir}/%{name}/container-executor.cfg %changelog +* Tue Sep 13 2022 xiexing - 3.3.3-1 +- update version to fix CVE-2021-37404 CVE-2022-26612 + CVE-2021-33036 CVE-2022-25168 + and add chrpath to solve check_rpath warning + * Fri Feb 25 2022 wangkai - 3.2.1-12 - Rebuild for fix log4j1.x cves diff --git a/node-12.22.1-linux-x64.tar.gz b/node-12.22.1-linux-x64.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..1a3d7153bb5d05942ba71087fd7a697952bcda3e Binary files /dev/null and b/node-12.22.1-linux-x64.tar.gz differ diff --git a/node-v12.22.1-linux-arm64.tar.gz b/node-v12.22.1-linux-arm64.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..f0ce401823c55753c08c1b47a63e1b10b6cde946 Binary files /dev/null and b/node-v12.22.1-linux-arm64.tar.gz differ diff --git a/yarn-v1.22.5.tar.gz b/yarn-v1.22.5.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..2ffdf471020c0266a0c89ca2c125833d251e5181 Binary files /dev/null and b/yarn-v1.22.5.tar.gz differ