This is an automated email from the ASF dual-hosted git repository.
zhfeng pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 7682ee7 CAMEL-16880: camel-thrift - Upgrade thrift to 0.14.1 include
the fix of CVE-2020-13949 (#5976)
7682ee7 is described below
commit 7682ee7407bfee53254fedb9b7a1322ca8361477
Author: Amos Feng <[email protected]>
AuthorDate: Mon Aug 23 21:32:30 2021 +0800
CAMEL-16880: camel-thrift - Upgrade thrift to 0.14.1 include the fix of
CVE-2020-13949 (#5976)
---
camel-dependencies/pom.xml | 2 +-
.../java/org/apache/camel/component/thrift/ThriftProducer.java | 2 +-
.../main/java/org/apache/camel/component/thrift/ThriftUtils.java | 9 ++++++---
.../org/apache/camel/dataformat/thrift/ThriftDataFormat.java | 4 ++--
.../camel/component/thrift/ThriftConsumerConcurrentTest.java | 2 +-
.../apache/camel/component/thrift/ThriftConsumerSyncTest.java | 2 +-
.../component/thrift/ThriftConsumerZlibCompressionTest.java | 3 ++-
parent/pom.xml | 2 +-
8 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/camel-dependencies/pom.xml b/camel-dependencies/pom.xml
index eb35974..b690235 100644
--- a/camel-dependencies/pom.xml
+++ b/camel-dependencies/pom.xml
@@ -371,7 +371,7 @@
<leveldb-version>0.12</leveldb-version>
<leveldbjni-version>1.8</leveldbjni-version>
<libphonenumber-version>8.12.28</libphonenumber-version>
- <libthrift-version>0.12.0</libthrift-version>
+ <libthrift-version>0.14.1</libthrift-version>
<lifecycle-mapping-version>1.0.0</lifecycle-mapping-version>
<lightcouch-version>0.2.0</lightcouch-version>
<log4j2-version>2.13.3</log4j2-version>
diff --git
a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftProducer.java
b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftProducer.java
index c5aaebe..617ee00 100644
---
a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftProducer.java
+++
b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftProducer.java
@@ -152,7 +152,7 @@ public class ThriftProducer extends DefaultAsyncProducer
implements AsyncProduce
syncTransport.open();
}
- protected void initializeAsyncTransport() throws IOException {
+ protected void initializeAsyncTransport() throws IOException,
TTransportException {
if (!ObjectHelper.isEmpty(configuration.getHost()) &&
!ObjectHelper.isEmpty(configuration.getPort())) {
LOG.info("Creating transport to the remote Thrift server {}:{}",
configuration.getHost(), configuration.getPort());
asyncTransport = new TNonblockingSocket(configuration.getHost(),
configuration.getPort());
diff --git
a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftUtils.java
b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftUtils.java
index 2aeff8c..86a7530 100644
---
a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftUtils.java
+++
b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftUtils.java
@@ -38,10 +38,11 @@ import org.apache.thrift.protocol.TJSONProtocol;
import org.apache.thrift.protocol.TProtocol;
import org.apache.thrift.protocol.TProtocolFactory;
import org.apache.thrift.protocol.TSimpleJSONProtocol;
-import org.apache.thrift.transport.TFramedTransport;
import org.apache.thrift.transport.TNonblockingTransport;
import org.apache.thrift.transport.TTransport;
+import org.apache.thrift.transport.TTransportException;
import org.apache.thrift.transport.TZlibTransport;
+import org.apache.thrift.transport.layered.TFramedTransport;
/**
* ThriftUtils helpers are working with dynamic methods via Camel and Java
reflection utilities
@@ -63,7 +64,8 @@ public final class ThriftUtils {
public static Object constructClientInstance(
String packageName, String serviceName, TTransport transport,
ThriftExchangeProtocol exchangeProtocol,
final ThriftNegotiationType negotiationType, final
ThriftCompressionType compressionType,
- final CamelContext context) {
+ final CamelContext context)
+ throws TTransportException {
Object clientInstance = null;
Class[] constructorParamTypes = { TProtocol.class };
Object[] constructorParamValues
@@ -204,7 +206,8 @@ public final class ThriftUtils {
private static TProtocol constructSyncProtocol(
TTransport transport, ThriftExchangeProtocol exchangeProtocol,
- final ThriftNegotiationType negotiationType, final
ThriftCompressionType compressionType) {
+ final ThriftNegotiationType negotiationType, final
ThriftCompressionType compressionType)
+ throws TTransportException {
if (negotiationType == ThriftNegotiationType.SSL) {
// If negotiation passed over SSL/TLS the only binary transport is
supported
return new TBinaryProtocol(transport);
diff --git
a/components/camel-thrift/src/main/java/org/apache/camel/dataformat/thrift/ThriftDataFormat.java
b/components/camel-thrift/src/main/java/org/apache/camel/dataformat/thrift/ThriftDataFormat.java
index 052e600..a246c89 100644
---
a/components/camel-thrift/src/main/java/org/apache/camel/dataformat/thrift/ThriftDataFormat.java
+++
b/components/camel-thrift/src/main/java/org/apache/camel/dataformat/thrift/ThriftDataFormat.java
@@ -136,11 +136,11 @@ public class ThriftDataFormat extends ServiceSupport
if (contentTypeFormat.equals(CONTENT_TYPE_FORMAT_JSON)) {
serializer = new TSerializer(new TJSONProtocol.Factory());
- IOUtils.write(serializer.toString((TBase) graph, "UTF-8"),
outputStream, "UTF-8");
+ IOUtils.write(serializer.toString((TBase) graph), outputStream,
"UTF-8");
contentTypeHeader = CONTENT_TYPE_HEADER_JSON;
} else if (contentTypeFormat.equals(CONTENT_TYPE_FORMAT_SIMPLE_JSON)) {
serializer = new TSerializer(new TSimpleJSONProtocol.Factory());
- IOUtils.write(serializer.toString((TBase) graph, "UTF-8"),
outputStream, "UTF-8");
+ IOUtils.write(serializer.toString((TBase) graph), outputStream,
"UTF-8");
contentTypeHeader = CONTENT_TYPE_HEADER_JSON;
} else if (contentTypeFormat.equals(CONTENT_TYPE_FORMAT_BINARY)) {
serializer = new TSerializer(new TBinaryProtocol.Factory());
diff --git
a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerConcurrentTest.java
b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerConcurrentTest.java
index b0fe106..dc53fd5 100644
---
a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerConcurrentTest.java
+++
b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerConcurrentTest.java
@@ -34,12 +34,12 @@ import org.apache.thrift.async.AsyncMethodCallback;
import org.apache.thrift.async.TAsyncClientManager;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.protocol.TProtocol;
-import org.apache.thrift.transport.TFramedTransport;
import org.apache.thrift.transport.TNonblockingSocket;
import org.apache.thrift.transport.TNonblockingTransport;
import org.apache.thrift.transport.TSocket;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;
+import org.apache.thrift.transport.layered.TFramedTransport;
import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git
a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerSyncTest.java
b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerSyncTest.java
index d04ef1e..c95bfb6 100644
---
a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerSyncTest.java
+++
b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerSyncTest.java
@@ -27,10 +27,10 @@ import org.apache.camel.test.AvailablePortFinder;
import org.apache.camel.test.junit5.CamelTestSupport;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.protocol.TProtocol;
-import org.apache.thrift.transport.TFramedTransport;
import org.apache.thrift.transport.TSocket;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;
+import org.apache.thrift.transport.layered.TFramedTransport;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
diff --git
a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerZlibCompressionTest.java
b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerZlibCompressionTest.java
index efd28f5..00b2365 100644
---
a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerZlibCompressionTest.java
+++
b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerZlibCompressionTest.java
@@ -25,6 +25,7 @@ import org.apache.camel.component.thrift.generated.Operation;
import org.apache.camel.component.thrift.generated.Work;
import org.apache.camel.test.AvailablePortFinder;
import org.apache.camel.test.junit5.CamelTestSupport;
+import org.apache.thrift.TConfiguration;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.protocol.TProtocol;
import org.apache.thrift.transport.TSocket;
@@ -58,7 +59,7 @@ public class ThriftConsumerZlibCompressionTest extends
CamelTestSupport {
if (transport == null) {
LOG.info("Connecting to the Thrift server with zlib compression on
port: {}", THRIFT_TEST_PORT);
- transport = new TSocket("localhost", THRIFT_TEST_PORT,
THRIFT_CLIENT_TIMEOUT);
+ transport = new TSocket(new TConfiguration(), "localhost",
THRIFT_TEST_PORT, THRIFT_CLIENT_TIMEOUT);
protocol = new TBinaryProtocol(new TZlibTransport(transport));
thriftClient = new Calculator.Client(protocol);
transport.open();
diff --git a/parent/pom.xml b/parent/pom.xml
index 85177f3..c9a14f6 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -312,7 +312,7 @@
<jgroups-raft-mapdb-version>1.0.8</jgroups-raft-mapdb-version>
<jira-guava-version>26.0-jre</jira-guava-version>
<jira-rest-client-api-version>5.2.2</jira-rest-client-api-version>
- <libthrift-version>0.12.0</libthrift-version>
+ <libthrift-version>0.14.1</libthrift-version>
<jing-version>20030619</jing-version>
<jodatime2-version>2.10.10</jodatime2-version>
<jota-version>1.0.0-beta9</jota-version>
