You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@skywalking.apache.org by "Wangpeng(Forest,APM2.0)" <fo...@huawei.com.INVALID> on 2022/04/21 07:55:49 UTC
Qustion about libnetty_tcnative_linux_aarch_64.so and libnetty_tcnative_osx_x86_64.jnilib
Hi Community:
Some tool says there is a risk(CVE-2021-35940) in libnetty_tcnative_linux_aarch_64.so, libnetty_tcnative_osx_x86_64.jnilib and netty_tcnative_windows_x86_64.dll.
I found the following fragment in pom.xml in apm-agent-core module:
<configuration>
<target>
<echo message="unjar" />
<unzip src="${project.build.directory}/${project.artifactId}-${project.version}.jar" dest="${project.build.directory}/unpacked/" />
<echo message="rename service providers in META-INF/services" />
<move file="${project.build.directory}/unpacked/META-INF/native/libnetty_tcnative_osx_aarch_64.jnilib" tofile="${project.build.directory}/unpacked/META-INF/native/liborg_apache_skywalking_apm_dependencies_netty_tcnative_osx_x86_64.jnilib" />
<move file="${project.build.directory}/unpacked/META-INF/native/libnetty_tcnative_linux_x86_64.so" tofile="${project.build.directory}/unpacked/META-INF/native/liborg_apache_skywalking_apm_dependencies_netty_tcnative_linux_x86_64.so" />
<move file="${project.build.directory}/unpacked/META-INF/native/netty_tcnative_windows_x86_64.dll" tofile="${project.build.directory}/unpacked/META-INF/native/org_apache_skywalking_apm_dependencies_netty_tcnative_windows_x86_64.dll" />
<echo message="jar back" />
<jar destfile="${project.build.directory}/${project.artifactId}-${project.version}.jar" basedir="${project.build.directory}/unpacked" />
</target>
</configuration>
Can anybody tell me how these three files are created? And how can I update them?
Thank you very much!
Re: Qustion about libnetty_tcnative_linux_aarch_64.so and libnetty_tcnative_osx_x86_64.jnilib
Posted by Sheng Wu <wu...@gmail.com>.
These belong to netty, you could bump up Netty version to fix this.
Sheng Wu 吴晟
Twitter, wusheng1108
Wangpeng(Forest,APM2.0) <fo...@huawei.com.invalid> 于2022年4月21日周四 15:56写道:
>
> Hi Community:
> Some tool says there is a risk(CVE-2021-35940) in libnetty_tcnative_linux_aarch_64.so, libnetty_tcnative_osx_x86_64.jnilib and netty_tcnative_windows_x86_64.dll.
> I found the following fragment in pom.xml in apm-agent-core module:
> <configuration>
> <target>
> <echo message="unjar" />
> <unzip src="${project.build.directory}/${project.artifactId}-${project.version}.jar" dest="${project.build.directory}/unpacked/" />
> <echo message="rename service providers in META-INF/services" />
> <move file="${project.build.directory}/unpacked/META-INF/native/libnetty_tcnative_osx_aarch_64.jnilib" tofile="${project.build.directory}/unpacked/META-INF/native/liborg_apache_skywalking_apm_dependencies_netty_tcnative_osx_x86_64.jnilib" />
> <move file="${project.build.directory}/unpacked/META-INF/native/libnetty_tcnative_linux_x86_64.so" tofile="${project.build.directory}/unpacked/META-INF/native/liborg_apache_skywalking_apm_dependencies_netty_tcnative_linux_x86_64.so" />
> <move file="${project.build.directory}/unpacked/META-INF/native/netty_tcnative_windows_x86_64.dll" tofile="${project.build.directory}/unpacked/META-INF/native/org_apache_skywalking_apm_dependencies_netty_tcnative_windows_x86_64.dll" />
> <echo message="jar back" />
> <jar destfile="${project.build.directory}/${project.artifactId}-${project.version}.jar" basedir="${project.build.directory}/unpacked" />
> </target>
> </configuration>
> Can anybody tell me how these three files are created? And how can I update them?
> Thank you very much!