[camel] branch main updated: CAMEL-16880: camel-thrift - Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949 (#5976)

zhfeng Mon, 23 Aug 2021 06:33:46 -0700

This is an automated email from the ASF dual-hosted git repository.

zhfeng pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git



The following commit(s) were added to refs/heads/main by this push:
     new 7682ee7  CAMEL-16880: camel-thrift - Upgrade thrift to 0.14.1 include 
the fix of CVE-2020-13949 (#5976)
7682ee7 is described below

commit 7682ee7407bfee53254fedb9b7a1322ca8361477
Author: Amos Feng <zh.f...@gmail.com>
AuthorDate: Mon Aug 23 21:32:30 2021 +0800

    CAMEL-16880: camel-thrift - Upgrade thrift to 0.14.1 include the fix of 
CVE-2020-13949 (#5976)
---
 camel-dependencies/pom.xml                                       | 2 +-
 .../java/org/apache/camel/component/thrift/ThriftProducer.java   | 2 +-
 .../main/java/org/apache/camel/component/thrift/ThriftUtils.java | 9 ++++++---
 .../org/apache/camel/dataformat/thrift/ThriftDataFormat.java     | 4 ++--
 .../camel/component/thrift/ThriftConsumerConcurrentTest.java     | 2 +-
 .../apache/camel/component/thrift/ThriftConsumerSyncTest.java    | 2 +-
 .../component/thrift/ThriftConsumerZlibCompressionTest.java      | 3 ++-
 parent/pom.xml                                                   | 2 +-
 8 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/camel-dependencies/pom.xml b/camel-dependencies/pom.xml
index eb35974..b690235 100644
--- a/camel-dependencies/pom.xml
+++ b/camel-dependencies/pom.xml
@@ -371,7 +371,7 @@
     <leveldb-version>0.12</leveldb-version>
     <leveldbjni-version>1.8</leveldbjni-version>
     <libphonenumber-version>8.12.28</libphonenumber-version>
-    <libthrift-version>0.12.0</libthrift-version>
+    <libthrift-version>0.14.1</libthrift-version>
     <lifecycle-mapping-version>1.0.0</lifecycle-mapping-version>
     <lightcouch-version>0.2.0</lightcouch-version>
     <log4j2-version>2.13.3</log4j2-version>
diff --git 
a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftProducer.java
 
b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftProducer.java
index c5aaebe..617ee00 100644
--- 
a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftProducer.java
+++ 
b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftProducer.java
@@ -152,7 +152,7 @@ public class ThriftProducer extends DefaultAsyncProducer 
implements AsyncProduce
         syncTransport.open();
     }
 
-    protected void initializeAsyncTransport() throws IOException {
+    protected void initializeAsyncTransport() throws IOException, 
TTransportException {
         if (!ObjectHelper.isEmpty(configuration.getHost()) && 
!ObjectHelper.isEmpty(configuration.getPort())) {
             LOG.info("Creating transport to the remote Thrift server {}:{}", 
configuration.getHost(), configuration.getPort());
             asyncTransport = new TNonblockingSocket(configuration.getHost(), 
configuration.getPort());
diff --git 
a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftUtils.java
 
b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftUtils.java
index 2aeff8c..86a7530 100644
--- 
a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftUtils.java
+++ 
b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftUtils.java
@@ -38,10 +38,11 @@ import org.apache.thrift.protocol.TJSONProtocol;
 import org.apache.thrift.protocol.TProtocol;
 import org.apache.thrift.protocol.TProtocolFactory;
 import org.apache.thrift.protocol.TSimpleJSONProtocol;
-import org.apache.thrift.transport.TFramedTransport;
 import org.apache.thrift.transport.TNonblockingTransport;
 import org.apache.thrift.transport.TTransport;
+import org.apache.thrift.transport.TTransportException;
 import org.apache.thrift.transport.TZlibTransport;
+import org.apache.thrift.transport.layered.TFramedTransport;
 
 /**
  * ThriftUtils helpers are working with dynamic methods via Camel and Java 
reflection utilities
@@ -63,7 +64,8 @@ public final class ThriftUtils {
     public static Object constructClientInstance(
             String packageName, String serviceName, TTransport transport, 
ThriftExchangeProtocol exchangeProtocol,
             final ThriftNegotiationType negotiationType, final 
ThriftCompressionType compressionType,
-            final CamelContext context) {
+            final CamelContext context)
+            throws TTransportException {
         Object clientInstance = null;
         Class[] constructorParamTypes = { TProtocol.class };
         Object[] constructorParamValues
@@ -204,7 +206,8 @@ public final class ThriftUtils {
 
     private static TProtocol constructSyncProtocol(
             TTransport transport, ThriftExchangeProtocol exchangeProtocol,
-            final ThriftNegotiationType negotiationType, final 
ThriftCompressionType compressionType) {
+            final ThriftNegotiationType negotiationType, final 
ThriftCompressionType compressionType)
+            throws TTransportException {
         if (negotiationType == ThriftNegotiationType.SSL) {
             // If negotiation passed over SSL/TLS the only binary transport is 
supported
             return new TBinaryProtocol(transport);
diff --git 
a/components/camel-thrift/src/main/java/org/apache/camel/dataformat/thrift/ThriftDataFormat.java
 
b/components/camel-thrift/src/main/java/org/apache/camel/dataformat/thrift/ThriftDataFormat.java
index 052e600..a246c89 100644
--- 
a/components/camel-thrift/src/main/java/org/apache/camel/dataformat/thrift/ThriftDataFormat.java
+++ 
b/components/camel-thrift/src/main/java/org/apache/camel/dataformat/thrift/ThriftDataFormat.java
@@ -136,11 +136,11 @@ public class ThriftDataFormat extends ServiceSupport
 
         if (contentTypeFormat.equals(CONTENT_TYPE_FORMAT_JSON)) {
             serializer = new TSerializer(new TJSONProtocol.Factory());
-            IOUtils.write(serializer.toString((TBase) graph, "UTF-8"), 
outputStream, "UTF-8");
+            IOUtils.write(serializer.toString((TBase) graph), outputStream, 
"UTF-8");
             contentTypeHeader = CONTENT_TYPE_HEADER_JSON;
         } else if (contentTypeFormat.equals(CONTENT_TYPE_FORMAT_SIMPLE_JSON)) {
             serializer = new TSerializer(new TSimpleJSONProtocol.Factory());
-            IOUtils.write(serializer.toString((TBase) graph, "UTF-8"), 
outputStream, "UTF-8");
+            IOUtils.write(serializer.toString((TBase) graph), outputStream, 
"UTF-8");
             contentTypeHeader = CONTENT_TYPE_HEADER_JSON;
         } else if (contentTypeFormat.equals(CONTENT_TYPE_FORMAT_BINARY)) {
             serializer = new TSerializer(new TBinaryProtocol.Factory());
diff --git 
a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerConcurrentTest.java
 
b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerConcurrentTest.java
index b0fe106..dc53fd5 100644
--- 
a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerConcurrentTest.java
+++ 
b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerConcurrentTest.java
@@ -34,12 +34,12 @@ import org.apache.thrift.async.AsyncMethodCallback;
 import org.apache.thrift.async.TAsyncClientManager;
 import org.apache.thrift.protocol.TBinaryProtocol;
 import org.apache.thrift.protocol.TProtocol;
-import org.apache.thrift.transport.TFramedTransport;
 import org.apache.thrift.transport.TNonblockingSocket;
 import org.apache.thrift.transport.TNonblockingTransport;
 import org.apache.thrift.transport.TSocket;
 import org.apache.thrift.transport.TTransport;
 import org.apache.thrift.transport.TTransportException;
+import org.apache.thrift.transport.layered.TFramedTransport;
 import org.junit.jupiter.api.Test;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git 
a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerSyncTest.java
 
b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerSyncTest.java
index d04ef1e..c95bfb6 100644
--- 
a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerSyncTest.java
+++ 
b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerSyncTest.java
@@ -27,10 +27,10 @@ import org.apache.camel.test.AvailablePortFinder;
 import org.apache.camel.test.junit5.CamelTestSupport;
 import org.apache.thrift.protocol.TBinaryProtocol;
 import org.apache.thrift.protocol.TProtocol;
-import org.apache.thrift.transport.TFramedTransport;
 import org.apache.thrift.transport.TSocket;
 import org.apache.thrift.transport.TTransport;
 import org.apache.thrift.transport.TTransportException;
+import org.apache.thrift.transport.layered.TFramedTransport;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git 
a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerZlibCompressionTest.java
 
b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerZlibCompressionTest.java
index efd28f5..00b2365 100644
--- 
a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerZlibCompressionTest.java
+++ 
b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerZlibCompressionTest.java
@@ -25,6 +25,7 @@ import org.apache.camel.component.thrift.generated.Operation;
 import org.apache.camel.component.thrift.generated.Work;
 import org.apache.camel.test.AvailablePortFinder;
 import org.apache.camel.test.junit5.CamelTestSupport;
+import org.apache.thrift.TConfiguration;
 import org.apache.thrift.protocol.TBinaryProtocol;
 import org.apache.thrift.protocol.TProtocol;
 import org.apache.thrift.transport.TSocket;
@@ -58,7 +59,7 @@ public class ThriftConsumerZlibCompressionTest extends 
CamelTestSupport {
         if (transport == null) {
             LOG.info("Connecting to the Thrift server with zlib compression on 
port: {}", THRIFT_TEST_PORT);
 
-            transport = new TSocket("localhost", THRIFT_TEST_PORT, 
THRIFT_CLIENT_TIMEOUT);
+            transport = new TSocket(new TConfiguration(), "localhost", 
THRIFT_TEST_PORT, THRIFT_CLIENT_TIMEOUT);
             protocol = new TBinaryProtocol(new TZlibTransport(transport));
             thriftClient = new Calculator.Client(protocol);
             transport.open();
diff --git a/parent/pom.xml b/parent/pom.xml
index 85177f3..c9a14f6 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -312,7 +312,7 @@
         <jgroups-raft-mapdb-version>1.0.8</jgroups-raft-mapdb-version>
         <jira-guava-version>26.0-jre</jira-guava-version>
         <jira-rest-client-api-version>5.2.2</jira-rest-client-api-version>
-        <libthrift-version>0.12.0</libthrift-version>
+        <libthrift-version>0.14.1</libthrift-version>
         <jing-version>20030619</jing-version>
         <jodatime2-version>2.10.10</jodatime2-version>
         <jota-version>1.0.0-beta9</jota-version>

[camel] branch main updated: CAMEL-16880: camel-thrift - Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949 (#5976)

Reply via email to