[arch-commits] Commit in solr/trunk (PKGBUILD solr-8.11.0-CVE-2021-44228.patch)

David Runge dvzrv at gemini.archlinux.org
Sun Dec 12 00:22:04 UTC 2021 

    Date: Sunday, December 12, 2021 @ 00:22:03
  Author: dvzrv
Revision: 1068437

upgpkg: solr 8.11.0-2: Rebuild to apply patch for CVE-2021-44228.

Apply patch to change default SOLR_OPTS for fixing CVE-2021-44228.
Simplify quoting in file.

Added:
  solr/trunk/solr-8.11.0-CVE-2021-44228.patch
Modified:
  solr/trunk/PKGBUILD

----------------------------------+
 PKGBUILD                         |   28 +++++++++++++++++-----------
 solr-8.11.0-CVE-2021-44228.patch |   14 ++++++++++++++
 2 files changed, 31 insertions(+), 11 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2021-12-12 00:00:56 UTC (rev 1068436)
+++ PKGBUILD	2021-12-12 00:22:03 UTC (rev 1068437)
@@ -2,13 +2,13 @@
 
 pkgname=solr
 pkgver=8.11.0
-pkgrel=1
+pkgrel=2
 pkgdesc="Open source enterprise search platform built on Apache Lucene"
-arch=('any')
+arch=(any)
 url="https://lucene.apache.org/solr/"
-license=('Apache')
-depends=('bash' 'java-runtime>=8')
-makedepends=('ant' 'ivy' 'java-environment>=8' 'strip-nondeterminism')
+license=(Apache)
+depends=(bash 'java-runtime>=8')
+makedepends=(ant ivy 'java-environment>=8' strip-nondeterminism)
 backup=("etc/${pkgname}/server/jetty-http.xml"
         "etc/${pkgname}/server/jetty-https.xml"
         "etc/${pkgname}/server/jetty-https8.xml"
@@ -18,20 +18,25 @@
         "etc/${pkgname}/${pkgname}.in.sh"
         "etc/${pkgname}/${pkgname}.xml"
         "etc/${pkgname}/zoo.cfg")
-source=("https://archive.apache.org/dist/lucene/${pkgname}/${pkgver}/${pkgname}-${pkgver}-src.tgz"{,.asc}
-        "${pkgname}.service"
-        "${pkgname}.sysusers"
-        "${pkgname}.tmpfiles")
+source=(
+  "https://archive.apache.org/dist/lucene/${pkgname}/${pkgver}/${pkgname}-${pkgver}-src.tgz"{,.asc}
+  "${pkgname}.service"
+  "${pkgname}.sysusers"
+  "${pkgname}.tmpfiles"
+  "${pkgname}-8.11.0-CVE-2021-44228.patch"
+)
 sha512sums=('cf40198276e5e282287bd7d96ba4f89df8d54b9542b960e82763ba06e63c070d33cc49a90efd4fd4f33177c1af5e656f7038d20bce64c1dd0bc71faf8309e7ad'
             'SKIP'
             'd9a5dcc7a30bf449abf9028bc4aa88e196c953d82b884661ec3191d4a06ec50b106c01ecdcd225e3526ab4f4ce5634d6dcd4a03f1e128fdd4c26febb1b742532'
             '06e5e40b96d2b6668790e4b166fc2867b9e694a2c72fd57eec702526e009b8b0495acbe16a5a27e259827477f4783ce87742f1f806254d8a2baec23b0b317058'
-            '97252d1ba1e4e211a6b5a038981cbc9d6663a0d7a980b23484f838eebb2f8194571a3f34ea6b92ed0efd4b7f862e020b5e3e8478ad1de1c6832e232d0b20ff6d')
+            '97252d1ba1e4e211a6b5a038981cbc9d6663a0d7a980b23484f838eebb2f8194571a3f34ea6b92ed0efd4b7f862e020b5e3e8478ad1de1c6832e232d0b20ff6d'
+            'da1efd3ea810a941ce1020f6b17f894c686b56370af2a839a6aa6c7b45fecf508212eb081f2f9c231a4910be9d4bb8db3abef080bd42e88b4383e1a27c4a8792')
 b2sums=('6b3741d78a1abbe78209801bf37789d0c2cb667cf0546021a198b05c38041d60530d57db30bbac79e52aa2ec75be126d9c30516efcbfde7337d02a8ab81bd5d5'
         'SKIP'
         'f970329fad0358cb19af9b9337047612d5949af8aea2dc7acd6c8424ba494644940d22f46b98a9cf1362ea2e5d966b863907de35e7c0edc2e48f7b0ed00473b7'
         '60ff37059a4ab8362551518d56ee105e7d19199727605d5ad6f3236bd31dde1cc5fa37ffa37009820ee3115da36ae64df4754454cef1db51d1c13cac039245cb'
-        '37ab5d9af1da1178fcc58ce39654fdecb842b24d4e2264a2eec95c10223e7d003f27a6b2957a267a17ce0fa72258d96642d5b909963576a5a7d13e4e05c47a51')
+        '37ab5d9af1da1178fcc58ce39654fdecb842b24d4e2264a2eec95c10223e7d003f27a6b2957a267a17ce0fa72258d96642d5b909963576a5a7d13e4e05c47a51'
+        '7f44bfff492d40bfcfc3f080dae98c00658794fd262f5d56425d70bb6c52c9d3e3fb9d9bbd0d6f9683bc461ad106826803e7d1fac8686b15d3e56aa8505d4a69')
 # list of trusted signing keys: https://downloads.apache.org/lucene/KEYS
 validpgpkeys=('2085660D9C1FCCACC4A479A3BF160FF14992A24C'  # Ishan Chattopadhyaya <ishan at apache.org>
               'E58A6F4D5B2B48AC66D5E53BD4F181881A42F9E6'  # Ignacio Vera (CODE SIGNING KEY) <ivera at apache.org>
@@ -49,6 +54,7 @@
 
 prepare() {
   cd "$pkgname-$pkgver"
+  patch -Np1 -i ../"${pkgname}-8.11.0-CVE-2021-44228.patch"
   ant ivy-bootstrap
   rm -rvf "${pkgname}/bin/init.d"
 }

Added: solr-8.11.0-CVE-2021-44228.patch
===================================================================
--- solr-8.11.0-CVE-2021-44228.patch	                        (rev 0)
+++ solr-8.11.0-CVE-2021-44228.patch	2021-12-12 00:22:03 UTC (rev 1068437)
@@ -0,0 +1,14 @@
+diff -ruN a/solr/bin/solr.in.sh b/solr/bin/solr.in.sh
+--- a/solr/bin/solr.in.sh	2021-11-09 14:07:56.000000000 +0100
++++ b/solr/bin/solr.in.sh	2021-12-12 01:08:21.406732722 +0100
+@@ -100,6 +100,10 @@
+ #SOLR_OPTS="$SOLR_OPTS -Dsolr.autoSoftCommit.maxTime=3000"
+ #SOLR_OPTS="$SOLR_OPTS -Dsolr.autoCommit.maxTime=60000"
+ 
++# fix log4j as solr 8.11.1 has not been released:
++# https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
++SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"
++
+ # Location where the bin/solr script will save PID files for running instances
+ # If not set, the script will create PID files in $SOLR_TIP/bin
+ #SOLR_PID_DIR=

More information about the arch-commits mailing list