Página inicial Explorar Ajuda
Registrar Entrar
apache
/
hadoop
mirror de https://github.com/apache/hadoop.git
2
0
Fork 1
Arquivos Issues 0 Wiki
Ver código fonte

HADOOP-19114. Upgrade to commons-compress 1.26.1 due to CVEs. (#6636)

This addresses two CVEs triggered by malformed archives

Important: Denial of Service CVE-2024-25710
Moderate: Denial of Service CVE-2024-26308

Contributed by PJ Fanning
PJ Fanning 11 meses atrás
pai
34ecfd0265
commit
935bc184fa
3 arquivos alterados com 4 adições e 4 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 1 1
      LICENSE-binary
  2. 2 2
      hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-uploader/src/main/java/org/apache/hadoop/mapred/uploader/FrameworkUploader.java
  3. 1 1
      hadoop-project/pom.xml

+ 1 - 1
LICENSE-binary
Ver arquivo 

@@ -298,7 +298,7 @@ net.java.dev.jna:jna:5.2.0
 
 net.minidev:accessors-smart:1.2
 
 org.apache.avro:avro:1.9.2
 
 org.apache.commons:commons-collections4:4.2
 
-org.apache.commons:commons-compress:1.24.0
 
+org.apache.commons:commons-compress:1.26.1
 
 org.apache.commons:commons-configuration2:2.10.1
 
 org.apache.commons:commons-csv:1.9.0
 
 org.apache.commons:commons-digester:1.8.1

+ 2 - 2
hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-uploader/src/main/java/org/apache/hadoop/mapred/uploader/FrameworkUploader.java
Ver arquivo 

@@ -22,7 +22,7 @@ import org.apache.hadoop.classification.VisibleForTesting;
 
 import org.apache.commons.cli.HelpFormatter;
 
 import org.apache.commons.cli.Option;
 
 import org.apache.commons.cli.Options;
 
-import org.apache.commons.compress.archivers.ArchiveEntry;
 
+import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
 
 import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
 
 import org.apache.hadoop.conf.Configuration;
 
 import org.apache.hadoop.fs.BlockLocation;
 
@@ -337,7 +337,7 @@ public class FrameworkUploader implements Runnable {
 
         LOG.info("Adding " + fullPath);
 
         File file = new File(fullPath);
 
         try (FileInputStream inputStream = new FileInputStream(file)) {
 
-          ArchiveEntry entry = out.createArchiveEntry(file, file.getName());
 
+          TarArchiveEntry entry = out.createArchiveEntry(file, file.getName());
 
           out.putArchiveEntry(entry);
 
           IOUtils.copyBytes(inputStream, out, 1024 * 1024);
 
           out.closeArchiveEntry();

+ 1 - 1
hadoop-project/pom.xml
Ver arquivo 

@@ -122,7 +122,7 @@
 
     <commons-cli.version>1.5.0</commons-cli.version>
 
     <commons-codec.version>1.15</commons-codec.version>
 
     <commons-collections.version>3.2.2</commons-collections.version>
 
-    <commons-compress.version>1.24.0</commons-compress.version>
 
+    <commons-compress.version>1.26.1</commons-compress.version>
 
     <commons-csv.version>1.9.0</commons-csv.version>
 
     <commons-io.version>2.14.0</commons-io.version>
 
     <commons-lang3.version>3.12.0</commons-lang3.version>