From 72666170bc4d13a34eac39ca2ed8be3e7810539e Mon Sep 17 00:00:00 2001
From: wangjialing <wangjialing_yewu@cmss.chinamobile.com>
Date: Wed, 23 Aug 2023 11:29:10 +0800
Subject: [PATCH 1/2] [sec] resolve CVE-2023-32697

---
 0002-resolve-cve-2023-32697.patch | 17 +++++++++++++++++
 pulsar.spec                       |  2 ++
 2 files changed, 19 insertions(+)
 create mode 100644 0002-resolve-cve-2023-32697.patch

diff --git a/0002-resolve-cve-2023-32697.patch b/0002-resolve-cve-2023-32697.patch
new file mode 100644
index 0000000..fc4ec68
--- /dev/null
+++ b/0002-resolve-cve-2023-32697.patch
@@ -0,0 +1,17 @@
+Index: pom.xml
+IDEA additional info:
+Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
+<+>UTF-8
+===================================================================
+diff --git a/pom.xml b/pom.xml
+--- a/pom.xml	(revision c7cbce922f07ac80a08f58eb04786e2e91fc52b2)
++++ b/pom.xml	(date 1692695814239)
+@@ -149,7 +149,7 @@
+     <joda.version>2.10.5</joda.version>
+     <jclouds.version>2.5.0</jclouds.version>
+     <guice.version>5.1.0</guice.version>
+-    <sqlite-jdbc.version>3.8.11.2</sqlite-jdbc.version>
++    <sqlite-jdbc.version>3.42.0.0</sqlite-jdbc.version>
+     <mysql-jdbc.version>8.0.11</mysql-jdbc.version>
+     <postgresql-jdbc.version>42.4.1</postgresql-jdbc.version>
+     <clickhouse-jdbc.version>0.3.2</clickhouse-jdbc.version>
diff --git a/pulsar.spec b/pulsar.spec
index b572970..f404325 100644
--- a/pulsar.spec
+++ b/pulsar.spec
@@ -11,6 +11,7 @@ Group: Applications/Message
 URL: https://pulsar.apache.org
 Source0: https://archive.apache.org/dist/pulsar/pulsar-2.10.4/apache-pulsar-2.10.4-src.tar.gz
 Patch0001: 0001-use-huawei-repository.patch
+Patch0002: 0002-resolve-cve-2023-32697.patch
 BuildRoot: /root/rpmbuild/BUILDROOT/
 BuildRequires: java-1.8.0-openjdk-devel,maven,systemd
 Requires: java-1.8.0-openjdk,systemd
@@ -24,6 +25,7 @@ Pulsar is a distributed pub-sub messaging platform with a very flexible messagin
 %setup -q -n apache-pulsar-%{version}-src
 
 %patch0001 -p1
+%patch0002 -p1
 
 %build
 mvn clean install -Pcore-modules,-main -DskipTests
-- 
Gitee


From e2a0e92910016ab70f224626328d6d6ea9236277 Mon Sep 17 00:00:00 2001
From: wangjialing <wangjialing_yewu@cmss.chinamobile.com>
Date: Thu, 24 Aug 2023 17:54:11 +0800
Subject: [PATCH 2/2] add change log

---
 pulsar.spec | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pulsar.spec b/pulsar.spec
index f404325..e4b21ab 100644
--- a/pulsar.spec
+++ b/pulsar.spec
@@ -52,4 +52,6 @@ exit 0
 
 %changelog
 * Fri Aug 11 2023 Jialing Wang <wangjialing@cmss.chinamobile.com> - 2.10.4-1
-- init puslar spec
\ No newline at end of file
+- init puslar spec
+* Fri Aug 24 2023 Jialing Wang <wangjialing@cmss.chinamobile.com> - 2.10.4-2
+- resovle Cve-2023-32697
\ No newline at end of file
-- 
Gitee