Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-15610

patch:add command from 7.8.0.GA can't extract everything from hot fix patch for 7.8

    XMLWordPrintable

Details

    • Bug
    • Status: Done
    • Critical
    • Resolution: Done
    • fuse-7.8-GA
    • fuse-7.9-GA
    • Patching
    • None
    • ?

    Description

      When Fuse 7.8.0.GA is used to patch:find and patch:add a hotfix/cve patch, the descriptor is not fully read. After patch:update, the patch is already added and there are missing entries in extracted (by patch mechanism from 7.8.0.GA) patch descriptor:

      --- fuse-karaf-maintenance-patch-7.8.0.fuse-sb2-780040.patch	2021-01-19 11:55:48.473957906 +0100
      +++ /data/servers/fuse-karaf-7.8.0.fuse-780038/patches/fuse-karaf-maintenance-patch-7.8.0.fuse-sb2-780040.patch	2021-01-19 11:40:54.206928506 +0100
      @@ -13,8 +13,13 @@
       bundle.4.range = [1.50,2)
       bundle.5 = mvn:org.apache.aries.proxy/org.apache.aries.proxy/1.1.8
       bundle.count = 6
      +configPackage.0 = org.bouncycastle/1.68
      +configPackage.0.range = [1.66,1.68)
      +configPackage.count = 1
       file.0 = lib/ext/bcprov-jdk15on-1.68.jar
      +file.0.delete = lib/ext/bcprov-jdk15on-*.jar
       file.1 = lib/ext/bcpkix-jdk15on-1.68.jar
      +file.1.delete = lib/ext/bcpkix-jdk15on-*.jar
       file.count = 2
       cve.0 = CVE-2020-28052
       cve.0.description = bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible
      

      Attachments

        Activity

          People

            ggrzybek Grzegorz Grzybek
            ggrzybek Grzegorz Grzybek
            Emil Cervenan Emil Cervenan
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: