Merge pull request #13385 from wolfi-dev/wolfictl-999ebf2b-0180-4269-…

…bce1-988e422048de opensearch-2/2.12.0 package update
wolfi-dev · Mar 11, 2024 · e45feca · e45feca
2 parents ce23ea9 + 7e6d508
commit e45feca
Show file tree

Hide file tree

Showing 8 changed files with 13 additions and 250 deletions.
diff --git a/opensearch-2.yaml b/opensearch-2.yaml
@@ -4,8 +4,8 @@
 # same version they are installed into.
 package:
   name: opensearch-2
-  version: 2.11.1
-  epoch: 8 # Remove CVE-2022-45146 patch when bumping to 2.12 or later
+  version: 2.12.0
+  epoch: 0 # Remove CVE-2022-45146 patch when bumping to 2.12 or later
   description: Open source distributed and RESTful search engine.
   copyright:
     - license: Apache-2.0
@@ -73,35 +73,22 @@ data:
       index-management: ""
       job-scheduler: ""
       k-nn: ""
-      ml-commons: "ml-commons.patch" # Handles both CVE-2023-51074, CVE-2023-42503
-      neural-search: "CVE-2023-5072.patch"
+      ml-commons: ""
+      neural-search: ""
       notifications: ""
       observability: ""
       performance-analyzer: ""
       reporting: ""
-      security: "CVE-2023-44483.patch"
+      security: ""
       security-analytics: ""
-      sql: "CVE-2023-5072-sql.patch"
+      sql: ""
 
 pipeline:
   - uses: git-checkout
     with:
       repository: https://github.com/opensearch-project/OpenSearch
       tag: ${{package.version}}
-      expected-commit: 6b1986e964d440be9137eba1413015c31c5a7752
-
-  - uses: patch
-    with:
-      # Patch from: https://patch-diff.githubusercontent.com/raw/opensearch-project/OpenSearch/pull/10297.patch
-      patches: CVE-2022-45146.patch
-
-  - uses: patch
-    with:
-      patches: CVE-2023-46749.patch
-
-  - uses: patch
-    with:
-      patches: CVE-2023-34054.patch
+      expected-commit: 2c355ce1a427e4a528778d4054436b5c4b756221
 
   - runs: |
       echo "org.gradle.daemon=false" >> gradle.properties
@@ -189,6 +176,12 @@ subpackages:
             sed -i '/startParameter.excludedTaskNames=\[/ s/]/, "check"]/g' settings.gradle
           fi
 
+          # The OpenSearch version is misconfigured in the performance-analyzer plugin.
+          if [ "${{range.key}}" = "performance-analyzer" ]; then
+            sed -i 's/2.13.0-SNAPSHOT/${{package.version}}/g' build.gradle
+          fi
+
+
           echo "org.gradle.daemon=false" >> gradle.properties
           ./gradlew clean assemble -Dbuild.snapshot="false" -Dbuild.version_qualifier="" -x check -x integTest -x javadoc -PfailOnJavadocWarning=false --stacktrace
 

diff --git a/opensearch-2/CVE-2022-45146.patch b/opensearch-2/CVE-2022-45146.patch
diff --git a/opensearch-2/CVE-2023-34054.patch b/opensearch-2/CVE-2023-34054.patch
diff --git a/opensearch-2/CVE-2023-44483.patch b/opensearch-2/CVE-2023-44483.patch
diff --git a/opensearch-2/CVE-2023-46749.patch b/opensearch-2/CVE-2023-46749.patch
diff --git a/opensearch-2/CVE-2023-5072-sql.patch b/opensearch-2/CVE-2023-5072-sql.patch
diff --git a/opensearch-2/CVE-2023-5072.patch b/opensearch-2/CVE-2023-5072.patch
diff --git a/opensearch-2/ml-commons.patch b/opensearch-2/ml-commons.patch