From 6d614184d8f5fe78d8d06adf6270b87b8759c27a Mon Sep 17 00:00:00 2001
From: sundapeng <sundapeng_yewu@cmss.chinamobile.com>
Date: Wed, 6 Dec 2023 01:40:36 +0000
Subject: [PATCH]  resolve cve-2023-25194

---
 0011-CVE-2023-25194.patch | 13 +++++++++++++
 pulsar.spec               |  6 +++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 0011-CVE-2023-25194.patch

diff --git a/0011-CVE-2023-25194.patch b/0011-CVE-2023-25194.patch
new file mode 100644
index 0000000..35fb076
--- /dev/null
+++ b/0011-CVE-2023-25194.patch
@@ -0,0 +1,13 @@
+diff --git a/pom.xml b/pom.xml
+index c6d4dcc9c7..0cbb930786 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -142,7 +142,7 @@ flexible messaging model and an intuitive client API.</description>
+     <hbc-core.version>2.2.0</hbc-core.version>
+     <cassandra-driver-core.version>3.6.0</cassandra-driver-core.version>
+     <aerospike-client.version>4.4.20</aerospike-client.version>
+-    <kafka-client.version>2.7.2</kafka-client.version>
++    <kafka-client.version>3.4.0</kafka-client.version>
+     <rabbitmq-client.version>5.1.1</rabbitmq-client.version>
+     <aws-sdk.version>1.12.262</aws-sdk.version>
+     <avro.version>1.10.2</avro.version>
diff --git a/pulsar.spec b/pulsar.spec
index 04b9787..ee3fbe2 100644
--- a/pulsar.spec
+++ b/pulsar.spec
@@ -1,6 +1,6 @@
 %define debug_package %{nil}
 %define pulsar_ver 2.10.4
-%define pkg_ver 10
+%define pkg_ver 11
 %define _prefix /opt/pulsar
 Summary: Cloud-Native, Distributed Messaging and Streaming
 Name: pulsar
@@ -20,6 +20,7 @@ Patch0007: 0007-CVE-2022-1471.patch
 Patch0008: 0008-CVE-2023-26048.patch
 Patch0009: 0009-CVE-2022-24329.patch
 Patch0010: 0010-CVE-2022-22970.patch
+Patch0011: 0011-CVE-2023-25194.patch
 BuildRoot: /root/rpmbuild/BUILDROOT/
 BuildRequires: java-1.8.0-openjdk-devel,maven,systemd
 Requires: java-1.8.0-openjdk,systemd
@@ -42,6 +43,7 @@ Pulsar is a distributed pub-sub messaging platform with a very flexible messagin
 %patch0008 -p1
 %patch0009 -p1
 %patch0010 -p1
+%patch0011 -p1
 
 %build
 mvn clean install -Pcore-modules,-main -DskipTests
@@ -67,6 +69,8 @@ getent passwd pulsar >/dev/null || useradd -r -g pulsar -d / -s /sbin/nologin pu
 exit 0
 
 %changelog
+* Wed Dec 6 2023 Dapeng Sun <sundapeng@cmss.chinamobile.com> - 2.10.4-11
+- resolve cve-2023-25194
 * Wed Dec 6 2023 Dapeng Sun <sundapeng@cmss.chinamobile.com> - 2.10.4-10
 - resolve cve-2022-22970
 * Mon Dec 5 2023 Dapeng Sun <sundapeng@cmss.chinamobile.com> - 2.10.4-9
-- 
Gitee