From 80f91e31edd60a5e7abb5c719b9c10e67c1920b8 Mon Sep 17 00:00:00 2001
From: lixiaoyong <lixiaoyong@kylinos.cn>
Date: Wed, 26 Mar 2025 01:58:32 -0400
Subject: [PATCH 1/2] fix CVE-2024-29869

---
 backport-CVE-2024-29869.patch | 43 +++++++++++++++++++++++++++++++++++
 hive.spec                     |  7 +++++-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-29869.patch

diff --git a/backport-CVE-2024-29869.patch b/backport-CVE-2024-29869.patch
new file mode 100644
index 0000000..78e542a
--- /dev/null
+++ b/backport-CVE-2024-29869.patch
@@ -0,0 +1,43 @@
+From 20106e254527f7d71b2e34455c4322e14950c620 Mon Sep 17 00:00:00 2001
+From: Ayush Saxena <ayushsaxena@apache.org>
+Date: Thu, 21 Mar 2024 10:56:21 +0530
+Subject: [PATCH] HIVE-28134: Improve SecureCmdDoAs. (#5140). (Ayush Saxena,
+ reviewed by Sourabh Badhya)
+
+---
+ .../org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java  | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java
+index e9ede6abf6..a2e9dab885 100644
+--- a/ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java
++++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java
+@@ -23,8 +23,10 @@
+ import java.net.URISyntaxException;
+ import java.util.Map;
+ 
++import org.apache.hadoop.fs.FSDataOutputStream;
+ import org.apache.hadoop.fs.FileSystem;
+ import org.apache.hadoop.fs.Path;
++import org.apache.hadoop.fs.permission.FsPermission;
+ import org.apache.hadoop.hive.conf.HiveConf;
+ import org.apache.hadoop.hive.ql.metadata.HiveException;
+ import org.apache.hadoop.hive.shims.ShimLoader;
+@@ -68,7 +70,13 @@ public SecureCmdDoAs(HiveConf conf) throws HiveException, IOException{
+     tokenPath = new Path(tokenFile.toURI());
+ 
+     //write credential with token to file
+-    cred.writeTokenStorageFile(tokenPath, conf);
++    FsPermission umask = FsPermission.getUMask(conf);
++    FsPermission targetPerm = FsPermission.createImmutable((short) 0700);
++
++    try (FSDataOutputStream os = tokenPath.getFileSystem(conf).createFile(tokenPath)
++        .permission(targetPerm.applyUMask(umask)).build()) {
++      cred.writeTokenStorageToStream(os, Credentials.SerializedFormat.WRITABLE);
++    }
+   }
+ 
+   public void addEnv(Map<String, String> env){
+-- 
+2.27.0
+
diff --git a/hive.spec b/hive.spec
index ecaed7d..f206752 100644
--- a/hive.spec
+++ b/hive.spec
@@ -2,7 +2,7 @@
 
 Name:          hive
 Version:       3.1.3
-Release:       5
+Release:       6
 Summary:       The Apache Hadoop data warehouse
 
 License:       Apache-2.0 and Python-2.0 and MPL-2.0 and BSD and ICU
@@ -22,6 +22,7 @@ Requires: java-1.8.0-openjdk
 BuildArch:     noarch
 
 Patch1000: 1000-Add-protoc-java-support-for-riscv64.patch
+Patch1001: backport-CVE-2024-29869.patch
 
 %description
 The Apache Hive data warehouse software facilitates querying and 
@@ -36,6 +37,7 @@ mkdir -p ${HOME}/%{name}-prep_dir
 tar -mxf %{SOURCE5} -C ${HOME}/%{name}-prep_dir
 pushd ${HOME}/%{name}-prep_dir/protoc-jar-3.5.1.1
 %patch 1000 -p1
+%patch 1001 -p1
 mvn clean install -Dmaven.test.skip=true -Dmaven.javadoc.skip=true
 popd
 # protoc-jar-maven-plugin
@@ -143,6 +145,9 @@ ln -s %{_javadir}/%{name}/%{name}-shims.jar %{buildroot}%{_datadir}/hadoop/mapre
 
 
 %changelog
+* Wed Mar 26 2025 lixiaoyong <lixiaoyong@kylinos.cn> - 3.1.3-6
+- fix CVE-2024-29869
+
 * Mon Dec 16 2024 litian <dev11105@linx-info.com> - 3.1.3-5
 - fix %patchN is deprecated warning
 
-- 
Gitee


From b4ff678d829514d9e9613c9317aeebd2c2285564 Mon Sep 17 00:00:00 2001
From: lixiaoyong <lixiaoyong@kylinos.cn>
Date: Mon, 31 Mar 2025 22:20:47 -0400
Subject: [PATCH 2/2] fix CVE-2024-23953

---
 backport-CVE-2024-23953.patch | 38 +++++++++++++++++++++++++++++++++++
 hive.spec                     |  7 ++++++-
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-23953.patch

diff --git a/backport-CVE-2024-23953.patch b/backport-CVE-2024-23953.patch
new file mode 100644
index 0000000..a28d1d1
--- /dev/null
+++ b/backport-CVE-2024-23953.patch
@@ -0,0 +1,38 @@
+From b418e3c9f479ba8e7d31e6470306111002ffa809 Mon Sep 17 00:00:00 2001
+From: Denys Kuzmenko <deniskuzZ@gmail.com>
+Date: Thu, 25 Jan 2024 12:18:19 +0200
+Subject: [PATCH] HIVE-28030: LLAP util code refactor (Denys Kuzmenko, reviewed
+ by Ayush Saxena)
+
+Closes #5030
+---
+ .../apache/hadoop/hive/llap/security/LlapSignerImpl.java    | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/llap-common/src/java/org/apache/hadoop/hive/llap/security/LlapSignerImpl.java b/llap-common/src/java/org/apache/hadoop/hive/llap/security/LlapSignerImpl.java
+index a7fc398892..047e17686b 100644
+--- a/llap-common/src/java/org/apache/hadoop/hive/llap/security/LlapSignerImpl.java
++++ b/llap-common/src/java/org/apache/hadoop/hive/llap/security/LlapSignerImpl.java
+@@ -18,7 +18,7 @@
+ package org.apache.hadoop.hive.llap.security;
+ 
+ import java.io.IOException;
+-import java.util.Arrays;
++import java.security.MessageDigest;
+ 
+ import org.apache.hadoop.conf.Configuration;
+ import org.apache.hadoop.security.UserGroupInformation;
+@@ -58,7 +58,9 @@ public SignedMessage serializeAndSign(Signable message) throws IOException {
+   public void checkSignature(byte[] message, byte[] signature, int keyId)
+       throws SecurityException {
+     byte[] expectedSignature = secretManager.signWithKey(message, keyId);
+-    if (Arrays.equals(signature, expectedSignature)) return;
++    if (MessageDigest.isEqual(signature, expectedSignature)) {
++      return;
++    }
+     throw new SecurityException("Message signature does not match");
+   }
+ 
+-- 
+2.27.0
+
diff --git a/hive.spec b/hive.spec
index f206752..74a8720 100644
--- a/hive.spec
+++ b/hive.spec
@@ -2,7 +2,7 @@
 
 Name:          hive
 Version:       3.1.3
-Release:       6
+Release:       7
 Summary:       The Apache Hadoop data warehouse
 
 License:       Apache-2.0 and Python-2.0 and MPL-2.0 and BSD and ICU
@@ -23,6 +23,7 @@ BuildArch:     noarch
 
 Patch1000: 1000-Add-protoc-java-support-for-riscv64.patch
 Patch1001: backport-CVE-2024-29869.patch
+Patch1002: backport-CVE-2024-23953.patch
 
 %description
 The Apache Hive data warehouse software facilitates querying and 
@@ -38,6 +39,7 @@ tar -mxf %{SOURCE5} -C ${HOME}/%{name}-prep_dir
 pushd ${HOME}/%{name}-prep_dir/protoc-jar-3.5.1.1
 %patch 1000 -p1
 %patch 1001 -p1
+%patch 1002 -p1
 mvn clean install -Dmaven.test.skip=true -Dmaven.javadoc.skip=true
 popd
 # protoc-jar-maven-plugin
@@ -145,6 +147,9 @@ ln -s %{_javadir}/%{name}/%{name}-shims.jar %{buildroot}%{_datadir}/hadoop/mapre
 
 
 %changelog
+* Tue Apr 01 2025 lixiaoyong <lixiaoyong@kylinos.cn> - 3.1.3-7
+- fix CVE-2024-23953
+
 * Wed Mar 26 2025 lixiaoyong <lixiaoyong@kylinos.cn> - 3.1.3-6
 - fix CVE-2024-29869
 
-- 
Gitee