From ec3cf3b8b07d98a7d16daf3ece75d4908881c9eb Mon Sep 17 00:00:00 2001 From: richardyu-ms Date: Tue, 12 Apr 2022 03:30:44 -0700 Subject: [PATCH 1/6] [CG-Fix-CVE-2021-44906] Patching on thrift.0.14.1 for package minimist Signed-off-by: richardyu-ms --- .../0003-Remove-minimist-packages.patch | 175 ++++++++++++++++++ src/thrift_0_14_1/thrift.patch/series | 1 + 2 files changed, 176 insertions(+) create mode 100644 src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch diff --git a/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch b/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch new file mode 100644 index 000000000000..c8bb0800f92e --- /dev/null +++ b/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch @@ -0,0 +1,175 @@ +diff --git diff --git a/lib/js/package-lock.json b/lib/js/package-lock.json +index ea1c04620..b68217af3 100644 +--- a/lib/js/package-lock.json ++++ b/lib/js/package-lock.json +@@ -1037,16 +1037,7 @@ + "dev": true, + "requires": { + "acorn-node": "^1.6.1", +- "defined": "^1.0.0", +- "minimist": "^1.1.1" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } ++ "defined": "^1.0.0" + } + }, + "diffie-hellman": { +@@ -2616,20 +2607,11 @@ + "decamelize": "^1.1.2", + "loud-rejection": "^1.0.0", + "map-obj": "^1.0.1", +- "minimist": "^1.1.3", + "normalize-package-data": "^2.3.4", + "object-assign": "^4.0.1", + "read-pkg-up": "^1.0.1", + "redent": "^1.0.0", + "trim-newlines": "^1.0.0" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } + } + }, + "micromatch": { +@@ -2690,12 +2672,6 @@ + "brace-expansion": "^1.1.7" + } + }, +- "minimist": { +- "version": "0.0.8", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz", +- "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=", +- "dev": true +- }, + "mixin-deep": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz", +@@ -2721,10 +2697,7 @@ + "version": "0.5.1", + "resolved": "http://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz", + "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=", +- "dev": true, +- "requires": { +- "minimist": "0.0.8" +- } ++ "dev": true + }, + "module-deps": { + "version": "6.2.2", +@@ -3971,18 +3944,7 @@ + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/subarg/-/subarg-1.0.0.tgz", + "integrity": "sha1-9izxdYHplrSPyWVpn1TAauJouNI=", +- "dev": true, +- "requires": { +- "minimist": "^1.1.0" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } +- } ++ "dev": true + }, + "supports-color": { + "version": "5.5.0", +diff --git diff --git a/lib/ts/package-lock.json b/lib/ts/package-lock.json +index fddef4426..e7f4d46fd 100644 +--- a/lib/ts/package-lock.json ++++ b/lib/ts/package-lock.json +@@ -1139,16 +1139,7 @@ + "dev": true, + "requires": { + "acorn-node": "^1.3.0", +- "defined": "^1.0.0", +- "minimist": "^1.1.1" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } ++ "defined": "^1.0.0" + } + }, + "diagnostics": { +@@ -3032,20 +3023,11 @@ + "decamelize": "^1.1.2", + "loud-rejection": "^1.0.0", + "map-obj": "^1.0.1", +- "minimist": "^1.1.3", + "normalize-package-data": "^2.3.4", + "object-assign": "^4.0.1", + "read-pkg-up": "^1.0.1", + "redent": "^1.0.0", + "trim-newlines": "^1.0.0" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } + } + }, + "micromatch": { +@@ -3121,11 +3103,6 @@ + "brace-expansion": "^1.1.7" + } + }, +- "minimist": { +- "version": "0.0.8", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz", +- "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=" +- }, + "mixin-deep": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz", +@@ -3150,10 +3127,7 @@ + "mkdirp": { + "version": "0.5.1", + "resolved": "http://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz", +- "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=", +- "requires": { +- "minimist": "0.0.8" +- } ++ "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=" + }, + "module-deps": { + "version": "6.2.0", +@@ -4396,18 +4370,7 @@ + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/subarg/-/subarg-1.0.0.tgz", + "integrity": "sha1-9izxdYHplrSPyWVpn1TAauJouNI=", +- "dev": true, +- "requires": { +- "minimist": "^1.1.0" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } +- } ++ "dev": true + }, + "supports-color": { + "version": "5.5.0", diff --git a/src/thrift_0_14_1/thrift.patch/series b/src/thrift_0_14_1/thrift.patch/series index b95ae481e048..0193b04536d5 100644 --- a/src/thrift_0_14_1/thrift.patch/series +++ b/src/thrift_0_14_1/thrift.patch/series @@ -1,2 +1,3 @@ 0001-Remove-unneeded-packages.patch 0002-Fix-build-rules.patch +0003-Remove-minimist-packages.patch \ No newline at end of file From b96b249aa09421a836a92ff1c983d279c9e65048 Mon Sep 17 00:00:00 2001 From: richardyu-ms Date: Tue, 12 Apr 2022 03:50:56 -0700 Subject: [PATCH 2/6] add more information in patch Signed-off-by: richardyu-ms --- .../0003-Remove-minimist-packages.patch | 98 ++++++++++++++++++- 1 file changed, 96 insertions(+), 2 deletions(-) diff --git a/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch b/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch index c8bb0800f92e..9cb57be94980 100644 --- a/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch +++ b/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch @@ -1,4 +1,12 @@ -diff --git diff --git a/lib/js/package-lock.json b/lib/js/package-lock.json +From f6fa1794539e68ac294038ac388d6bde40a6c237 Mar 2, 2021 00:00:00 2001 +From: richardyu-ms +Date: Tue, 12 Apr 2022 15:46:16 +0000 +Subject: [PATCH] Fix security issue for package minimist + +--- +3 files changed, 9 insertions(+), 120 deletions(-) + +diff --git a/lib/js/package-lock.json b/lib/js/package-lock.json index ea1c04620..b68217af3 100644 --- a/lib/js/package-lock.json +++ b/lib/js/package-lock.json @@ -86,7 +94,7 @@ index ea1c04620..b68217af3 100644 }, "supports-color": { "version": "5.5.0", -diff --git diff --git a/lib/ts/package-lock.json b/lib/ts/package-lock.json +diff --git a/lib/ts/package-lock.json b/lib/ts/package-lock.json index fddef4426..e7f4d46fd 100644 --- a/lib/ts/package-lock.json +++ b/lib/ts/package-lock.json @@ -173,3 +181,89 @@ index fddef4426..e7f4d46fd 100644 }, "supports-color": { "version": "5.5.0", +diff --git a/package-lock.json b/package-lock.json +index 9c1e5f581..83793eaaf 100644 +--- a/package-lock.json ++++ b/package-lock.json +@@ -1427,16 +1427,7 @@ + "integrity": "sha512-4vGP107UDhhNHeWA5N8j/nUPlQbtB/W/K2x/P7aElbWMWrOkJA0MRSVFsMFrTPSAAjZWCG9uki2+1cQDzFtVcQ==", + "dev": true, + "requires": { +- "html-validator": "3.1.3", +- "minimist": "1.2.0" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } ++ "html-validator": "3.1.3" + } + }, + "http-signature": { +@@ -1920,18 +1911,7 @@ + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.1.1.tgz", + "integrity": "sha512-l+3HXD0GEI3huGq1njuqtzYK8OYJyXMkOLtQ53pjWh89tvWS2h6l+1zMkYWqlb57+SiQodKZyvMEFb2X+KrFhQ==", +- "dev": true, +- "requires": { +- "minimist": "^1.2.0" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } +- } ++ "dev": true + }, + "jsprim": { + "version": "1.4.1", +@@ -2072,20 +2052,11 @@ + "brace-expansion": "^1.1.7" + } + }, +- "minimist": { +- "version": "0.0.8", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz", +- "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=", +- "dev": true +- }, + "mkdirp": { + "version": "0.5.1", + "resolved": "http://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz", + "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=", +- "dev": true, +- "requires": { +- "minimist": "0.0.8" +- } ++ "dev": true + }, + "ms": { + "version": "2.0.0", +@@ -2790,7 +2761,6 @@ + "glob": "~7.1.2", + "has": "~1.0.3", + "inherits": "~2.0.3", +- "minimist": "~1.2.0", + "object-inspect": "~1.6.0", + "resolve": "~1.7.1", + "resumer": "~0.0.0", +@@ -2798,12 +2768,6 @@ + "through": "~2.3.8" + }, + "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- }, + "resolve": { + "version": "1.7.1", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.7.1.tgz", + From 4f94d1441b3bf6b86c0eb05f56fce2ea0dc056e2 Mon Sep 17 00:00:00 2001 From: "Richard.Yu" Date: Tue, 12 Apr 2022 03:56:04 -0700 Subject: [PATCH 3/6] Update 0003-Remove-minimist-packages.patch --- .../thrift.patch/0003-Remove-minimist-packages.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch b/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch index 9cb57be94980..34d1e2fad957 100644 --- a/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch +++ b/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch @@ -1,4 +1,4 @@ -From f6fa1794539e68ac294038ac388d6bde40a6c237 Mar 2, 2021 00:00:00 2001 +From f6fa1794539e68ac294038ac388d6bde40a6c237 Mar 2, 2021 00:00:00 From: richardyu-ms Date: Tue, 12 Apr 2022 15:46:16 +0000 Subject: [PATCH] Fix security issue for package minimist From eabe38d1bf45f96e6386155d7090e919cf9a8d26 Mon Sep 17 00:00:00 2001 From: richardyu-ms Date: Wed, 13 Apr 2022 05:17:19 -0700 Subject: [PATCH 4/6] change the thrift 0.14.1 to package download Signed-off-by: richardyu-ms --- .gitmodules | 3 -- rules/thrift_0_14_1.mk | 4 +-- src/thrift_0_14_1/Makefile | 31 +++++++++++++++++++ .../0001-Remove-unneeded-packages.patch | 0 .../0002-Fix-build-rules.patch | 0 .../0003-Remove-minimist-packages.patch | 0 src/thrift_0_14_1/thrift | 1 - src/thrift_0_14_1/thrift.patch/series | 3 -- 8 files changed, 33 insertions(+), 9 deletions(-) create mode 100644 src/thrift_0_14_1/Makefile rename src/thrift_0_14_1/{thrift.patch => patch}/0001-Remove-unneeded-packages.patch (100%) rename src/thrift_0_14_1/{thrift.patch => patch}/0002-Fix-build-rules.patch (100%) rename src/thrift_0_14_1/{thrift.patch => patch}/0003-Remove-minimist-packages.patch (100%) delete mode 160000 src/thrift_0_14_1/thrift delete mode 100644 src/thrift_0_14_1/thrift.patch/series diff --git a/.gitmodules b/.gitmodules index b2d76bd66b20..9194c8f4b7a2 100644 --- a/.gitmodules +++ b/.gitmodules @@ -103,6 +103,3 @@ [submodule "src/sonic-p4rt/sonic-pins"] path = src/sonic-p4rt/sonic-pins url = https://github.com/Azure/sonic-pins.git -[submodule "src/thrift_0_14_1/thrift"] - path = src/thrift_0_14_1/thrift - url = https://github.com/apache/thrift.git diff --git a/rules/thrift_0_14_1.mk b/rules/thrift_0_14_1.mk index b986e0a4dceb..6fc0d05c14bc 100644 --- a/rules/thrift_0_14_1.mk +++ b/rules/thrift_0_14_1.mk @@ -4,8 +4,8 @@ THRIFT_0_14_1_VERSION = 0.14.1 THRIFT_0_14_1_VERSION_FULL = $(THRIFT_0_14_1_VERSION) LIBTHRIFT_0_14_1 = libthrift0_$(THRIFT_0_14_1_VERSION)_$(CONFIGURED_ARCH).deb -$(LIBTHRIFT_0_14_1)_SRC_PATH = $(SRC_PATH)/thrift_0_14_1/thrift -SONIC_DPKG_DEBS += $(LIBTHRIFT_0_14_1) +$(LIBTHRIFT_0_14_1)_SRC_PATH = $(SRC_PATH)/thrift_0_14_1 +SONIC_MAKE_DEBS += $(LIBTHRIFT_0_14_1) LIBTHRIFT_0_14_1_DEV = libthrift-dev_$(THRIFT_0_14_1_VERSION)_$(CONFIGURED_ARCH).deb $(eval $(call add_derived_package,$(LIBTHRIFT_0_14_1),$(LIBTHRIFT_0_14_1_DEV))) diff --git a/src/thrift_0_14_1/Makefile b/src/thrift_0_14_1/Makefile new file mode 100644 index 000000000000..e5cbcb44c3c4 --- /dev/null +++ b/src/thrift_0_14_1/Makefile @@ -0,0 +1,31 @@ +SHELL = /bin/bash +.ONESHELL: +.SHELLFLAGS += -e -x + +THRIFT_VERSION = 0.14.1 + +MAIN_TARGET = libthrift0_$(THRIFT_VERSION)_$(CONFIGURED_ARCH).deb +DERIVED_TARGETS = libthrift-dev_$(THRIFT_VERSION)_$(CONFIGURED_ARCH).deb \ + python3-thrift_$(THRIFT_VERSION)_$(CONFIGURED_ARCH).deb \ + thrift-compiler_$(THRIFT_VERSION)_$(CONFIGURED_ARCH).deb + +THRIFT_LINK_PRE = https://archive.apache.org/dist/thrift + +$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% : + rm -rf thrift-$(THRIFT_VERSION) + + wget -O "thrift_$(THRIFT_VERSION).tar.gz" "$(THRIFT_LINK_PRE)/$(THRIFT_VERSION)/thrift-$(THRIFT_VERSION).tar.gz" + + tar -xvzf ./thrift_$(THRIFT_VERSION).tar.gz + pushd thrift-$(THRIFT_VERSION) + + # Disable php perl and few other packages as they need additional packages to be installed + patch -p1 < ../patch/0001-Remove-unneeded-packages.patch + patch -p1 < ../patch/0002-Fix-build-rules.patch + patch -p1 < ../patch/0003-Remove-minimist-packages.patch + DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -d -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR) + popd + + mv $(DERIVED_TARGETS) $* $(DEST)/ + +$(addprefix $(DEST)/, $(DERIVED_TARGETS)): $(DEST)/% : $(DEST)/$(MAIN_TARGET) diff --git a/src/thrift_0_14_1/thrift.patch/0001-Remove-unneeded-packages.patch b/src/thrift_0_14_1/patch/0001-Remove-unneeded-packages.patch similarity index 100% rename from src/thrift_0_14_1/thrift.patch/0001-Remove-unneeded-packages.patch rename to src/thrift_0_14_1/patch/0001-Remove-unneeded-packages.patch diff --git a/src/thrift_0_14_1/thrift.patch/0002-Fix-build-rules.patch b/src/thrift_0_14_1/patch/0002-Fix-build-rules.patch similarity index 100% rename from src/thrift_0_14_1/thrift.patch/0002-Fix-build-rules.patch rename to src/thrift_0_14_1/patch/0002-Fix-build-rules.patch diff --git a/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch b/src/thrift_0_14_1/patch/0003-Remove-minimist-packages.patch similarity index 100% rename from src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch rename to src/thrift_0_14_1/patch/0003-Remove-minimist-packages.patch diff --git a/src/thrift_0_14_1/thrift b/src/thrift_0_14_1/thrift deleted file mode 160000 index f6fa1794539e..000000000000 --- a/src/thrift_0_14_1/thrift +++ /dev/null @@ -1 +0,0 @@ -Subproject commit f6fa1794539e68ac294038ac388d6bde40a6c237 diff --git a/src/thrift_0_14_1/thrift.patch/series b/src/thrift_0_14_1/thrift.patch/series deleted file mode 100644 index 0193b04536d5..000000000000 --- a/src/thrift_0_14_1/thrift.patch/series +++ /dev/null @@ -1,3 +0,0 @@ -0001-Remove-unneeded-packages.patch -0002-Fix-build-rules.patch -0003-Remove-minimist-packages.patch \ No newline at end of file From 7ea2d091e864b82a84194c54409209b868df6cd5 Mon Sep 17 00:00:00 2001 From: richardyu-ms Date: Tue, 19 Apr 2022 05:40:37 -0700 Subject: [PATCH 5/6] use the series file for patching --- src/thrift_0_14_1/Makefile | 1 + .../0001-Remove-unneeded-packages.patch | 0 .../0002-Fix-build-rules.patch | 0 .../0003-Remove-minimist-packages.patch | 25 +++++++++---------- src/thrift_0_14_1/thrift.patch/series | 3 +++ 5 files changed, 16 insertions(+), 13 deletions(-) rename src/thrift_0_14_1/{patch => thrift.patch}/0001-Remove-unneeded-packages.patch (100%) rename src/thrift_0_14_1/{patch => thrift.patch}/0002-Fix-build-rules.patch (100%) rename src/thrift_0_14_1/{patch => thrift.patch}/0003-Remove-minimist-packages.patch (92%) create mode 100644 src/thrift_0_14_1/thrift.patch/series diff --git a/src/thrift_0_14_1/Makefile b/src/thrift_0_14_1/Makefile index e5cbcb44c3c4..800313096a9c 100644 --- a/src/thrift_0_14_1/Makefile +++ b/src/thrift_0_14_1/Makefile @@ -17,6 +17,7 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% : wget -O "thrift_$(THRIFT_VERSION).tar.gz" "$(THRIFT_LINK_PRE)/$(THRIFT_VERSION)/thrift-$(THRIFT_VERSION).tar.gz" tar -xvzf ./thrift_$(THRIFT_VERSION).tar.gz + if [ -f thrift.patch/series ]; then pushd thrift-$(THRIFT_VERSION) && QUILT_PATCHES=../thrift.patch quilt push -a; [ -d .pc ] && rm -rf .pc; popd; fi pushd thrift-$(THRIFT_VERSION) # Disable php perl and few other packages as they need additional packages to be installed diff --git a/src/thrift_0_14_1/patch/0001-Remove-unneeded-packages.patch b/src/thrift_0_14_1/thrift.patch/0001-Remove-unneeded-packages.patch similarity index 100% rename from src/thrift_0_14_1/patch/0001-Remove-unneeded-packages.patch rename to src/thrift_0_14_1/thrift.patch/0001-Remove-unneeded-packages.patch diff --git a/src/thrift_0_14_1/patch/0002-Fix-build-rules.patch b/src/thrift_0_14_1/thrift.patch/0002-Fix-build-rules.patch similarity index 100% rename from src/thrift_0_14_1/patch/0002-Fix-build-rules.patch rename to src/thrift_0_14_1/thrift.patch/0002-Fix-build-rules.patch diff --git a/src/thrift_0_14_1/patch/0003-Remove-minimist-packages.patch b/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch similarity index 92% rename from src/thrift_0_14_1/patch/0003-Remove-minimist-packages.patch rename to src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch index 34d1e2fad957..e94b1dfdd38a 100644 --- a/src/thrift_0_14_1/patch/0003-Remove-minimist-packages.patch +++ b/src/thrift_0_14_1/thrift.patch/0003-Remove-minimist-packages.patch @@ -6,10 +6,10 @@ Subject: [PATCH] Fix security issue for package minimist --- 3 files changed, 9 insertions(+), 120 deletions(-) -diff --git a/lib/js/package-lock.json b/lib/js/package-lock.json -index ea1c04620..b68217af3 100644 ---- a/lib/js/package-lock.json -+++ b/lib/js/package-lock.json +Index: thrift-0.14.1/lib/js/package-lock.json +=================================================================== +--- thrift-0.14.1.orig/lib/js/package-lock.json ++++ thrift-0.14.1/lib/js/package-lock.json @@ -1037,16 +1037,7 @@ "dev": true, "requires": { @@ -94,10 +94,10 @@ index ea1c04620..b68217af3 100644 }, "supports-color": { "version": "5.5.0", -diff --git a/lib/ts/package-lock.json b/lib/ts/package-lock.json -index fddef4426..e7f4d46fd 100644 ---- a/lib/ts/package-lock.json -+++ b/lib/ts/package-lock.json +Index: thrift-0.14.1/lib/ts/package-lock.json +=================================================================== +--- thrift-0.14.1.orig/lib/ts/package-lock.json ++++ thrift-0.14.1/lib/ts/package-lock.json @@ -1139,16 +1139,7 @@ "dev": true, "requires": { @@ -181,10 +181,10 @@ index fddef4426..e7f4d46fd 100644 }, "supports-color": { "version": "5.5.0", -diff --git a/package-lock.json b/package-lock.json -index 9c1e5f581..83793eaaf 100644 ---- a/package-lock.json -+++ b/package-lock.json +Index: thrift-0.14.1/package-lock.json +=================================================================== +--- thrift-0.14.1.orig/package-lock.json ++++ thrift-0.14.1/package-lock.json @@ -1427,16 +1427,7 @@ "integrity": "sha512-4vGP107UDhhNHeWA5N8j/nUPlQbtB/W/K2x/P7aElbWMWrOkJA0MRSVFsMFrTPSAAjZWCG9uki2+1cQDzFtVcQ==", "dev": true, @@ -266,4 +266,3 @@ index 9c1e5f581..83793eaaf 100644 "resolve": { "version": "1.7.1", "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.7.1.tgz", - diff --git a/src/thrift_0_14_1/thrift.patch/series b/src/thrift_0_14_1/thrift.patch/series new file mode 100644 index 000000000000..9fe00d007f63 --- /dev/null +++ b/src/thrift_0_14_1/thrift.patch/series @@ -0,0 +1,3 @@ +0001-Remove-unneeded-packages.patch +0002-Fix-build-rules.patch +0003-Remove-minimist-packages.patch From e92f737cdd26db4ea7fb88fccce766fdeacaad06 Mon Sep 17 00:00:00 2001 From: richardyu-ms Date: Tue, 19 Apr 2022 19:08:18 -0700 Subject: [PATCH 6/6] fix a code defect --- src/thrift_0_14_1/Makefile | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/thrift_0_14_1/Makefile b/src/thrift_0_14_1/Makefile index 800313096a9c..081aff3f34bd 100644 --- a/src/thrift_0_14_1/Makefile +++ b/src/thrift_0_14_1/Makefile @@ -18,12 +18,8 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% : tar -xvzf ./thrift_$(THRIFT_VERSION).tar.gz if [ -f thrift.patch/series ]; then pushd thrift-$(THRIFT_VERSION) && QUILT_PATCHES=../thrift.patch quilt push -a; [ -d .pc ] && rm -rf .pc; popd; fi - pushd thrift-$(THRIFT_VERSION) - # Disable php perl and few other packages as they need additional packages to be installed - patch -p1 < ../patch/0001-Remove-unneeded-packages.patch - patch -p1 < ../patch/0002-Fix-build-rules.patch - patch -p1 < ../patch/0003-Remove-minimist-packages.patch + pushd thrift-$(THRIFT_VERSION) DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -d -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR) popd