From 6ccc458d2b50c553c3e83bfab562726f9ca8ede1 Mon Sep 17 00:00:00 2001 From: "Richard.Yu" Date: Thu, 14 Apr 2022 06:46:19 -0700 Subject: [PATCH] [CG-Fix-CVE-2021-44906] Patching on thrift.0.13.0 for package minimist (#10554) * [CG-Fix-CVE-2021-44906] Patching on thrift.0.13.0 for package minimist Signed-off-by: richardyu-ms * add more information in patch Signed-off-by: richardyu-ms --- src/thrift_0_13_0/Makefile | 1 + .../patch/0002-Remove-minimist-packages.patch | 182 ++++++++++++++++++ 2 files changed, 183 insertions(+) create mode 100644 src/thrift_0_13_0/patch/0002-Remove-minimist-packages.patch diff --git a/src/thrift_0_13_0/Makefile b/src/thrift_0_13_0/Makefile index 55cb4d9212ef..a44b3d9180a1 100644 --- a/src/thrift_0_13_0/Makefile +++ b/src/thrift_0_13_0/Makefile @@ -24,6 +24,7 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% : # Disable php perl and few other packages as they need additional packages to be installed patch -p1 < ../patch/0001-Remove-unneeded-packages.patch + patch -p1 < ../patch/0002-Remove-minimist-packages.patch DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -d -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR) popd diff --git a/src/thrift_0_13_0/patch/0002-Remove-minimist-packages.patch b/src/thrift_0_13_0/patch/0002-Remove-minimist-packages.patch new file mode 100644 index 000000000000..55d49f7bb340 --- /dev/null +++ b/src/thrift_0_13_0/patch/0002-Remove-minimist-packages.patch @@ -0,0 +1,182 @@ +From b75e88a33d67ae05ef9b5fa001d2a63a2effe377 Oct 17, 2019 +From: richardyu-ms +Date: Tue, 12 Apr 2022 15:46:16 +0000 +Subject: [PATCH] Fix security issue for package minimist + +--- +2 files changed, 6 insertions(+), 81 deletions(-) + +diff --git diff --git a/lib/js/package-lock.json b/lib/js/package-lock.json +index 00bf05c92..2d84fb05a 100644 +--- a/lib/js/package-lock.json ++++ b/lib/js/package-lock.json +@@ -1038,16 +1038,7 @@ + "dev": true, + "requires": { + "acorn-node": "^1.3.0", +- "defined": "^1.0.0", +- "minimist": "^1.1.1" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } ++ "defined": "^1.0.0" + } + }, + "diffie-hellman": { +@@ -2591,20 +2582,11 @@ + "decamelize": "^1.1.2", + "loud-rejection": "^1.0.0", + "map-obj": "^1.0.1", +- "minimist": "^1.1.3", + "normalize-package-data": "^2.3.4", + "object-assign": "^4.0.1", + "read-pkg-up": "^1.0.1", + "redent": "^1.0.0", + "trim-newlines": "^1.0.0" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } + } + }, + "micromatch": { +@@ -2665,11 +2647,6 @@ + "brace-expansion": "^1.1.7" + } + }, +- "minimist": { +- "version": "0.0.8", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz", +- "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=" +- }, + "mixin-deep": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz", +@@ -2694,10 +2671,7 @@ + "mkdirp": { + "version": "0.5.1", + "resolved": "http://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz", +- "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=", +- "requires": { +- "minimist": "0.0.8" +- } ++ "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=" + }, + "module-deps": { + "version": "6.2.0", +@@ -3920,18 +3894,7 @@ + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/subarg/-/subarg-1.0.0.tgz", + "integrity": "sha1-9izxdYHplrSPyWVpn1TAauJouNI=", +- "dev": true, +- "requires": { +- "minimist": "^1.1.0" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } +- } ++ "dev": true + }, + "supports-color": { + "version": "5.5.0", +diff --git a/lib/ts/package-lock.json b/lib/ts/package-lock.json +index 8d0a7ff2f..e79c55d97 100644 +--- a/lib/ts/package-lock.json ++++ b/lib/ts/package-lock.json +@@ -1139,16 +1139,7 @@ + "dev": true, + "requires": { + "acorn-node": "^1.3.0", +- "defined": "^1.0.0", +- "minimist": "^1.1.1" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } ++ "defined": "^1.0.0" + } + }, + "diagnostics": { +@@ -3032,20 +3023,11 @@ + "decamelize": "^1.1.2", + "loud-rejection": "^1.0.0", + "map-obj": "^1.0.1", +- "minimist": "^1.1.3", + "normalize-package-data": "^2.3.4", + "object-assign": "^4.0.1", + "read-pkg-up": "^1.0.1", + "redent": "^1.0.0", + "trim-newlines": "^1.0.0" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } + } + }, + "micromatch": { +@@ -3121,11 +3103,6 @@ + "brace-expansion": "^1.1.7" + } + }, +- "minimist": { +- "version": "0.0.8", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz", +- "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=" +- }, + "mixin-deep": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz", +@@ -3150,10 +3127,7 @@ + "mkdirp": { + "version": "0.5.1", + "resolved": "http://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz", +- "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=", +- "requires": { +- "minimist": "0.0.8" +- } ++ "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=" + }, + "module-deps": { + "version": "6.2.0", +@@ -4396,18 +4370,7 @@ + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/subarg/-/subarg-1.0.0.tgz", + "integrity": "sha1-9izxdYHplrSPyWVpn1TAauJouNI=", +- "dev": true, +- "requires": { +- "minimist": "^1.1.0" +- }, +- "dependencies": { +- "minimist": { +- "version": "1.2.0", +- "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", +- "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", +- "dev": true +- } +- } ++ "dev": true + }, + "supports-color": { + "version": "5.5.0",