Hi Community:
Some tool says there is a risk(CVE-2021-35940) in
libnetty_tcnative_linux_aarch_64.so, libnetty_tcnative_osx_x86_64.jnilib and
netty_tcnative_windows_x86_64.dll.
I found the following fragment in pom.xml in apm-agent-core module:
<configuration>
<target>
<echo message="unjar" />
<unzip
src="${project.build.directory}/${project.artifactId}-${project.version}.jar"
dest="${project.build.directory}/unpacked/" />
<echo message="rename service providers in
META-INF/services" />
<move
file="${project.build.directory}/unpacked/META-INF/native/libnetty_tcnative_osx_aarch_64.jnilib"
tofile="${project.build.directory}/unpacked/META-INF/native/liborg_apache_skywalking_apm_dependencies_netty_tcnative_osx_x86_64.jnilib"
/>
<move
file="${project.build.directory}/unpacked/META-INF/native/libnetty_tcnative_linux_x86_64.so"
tofile="${project.build.directory}/unpacked/META-INF/native/liborg_apache_skywalking_apm_dependencies_netty_tcnative_linux_x86_64.so"
/>
<move
file="${project.build.directory}/unpacked/META-INF/native/netty_tcnative_windows_x86_64.dll"
tofile="${project.build.directory}/unpacked/META-INF/native/org_apache_skywalking_apm_dependencies_netty_tcnative_windows_x86_64.dll"
/>
<echo message="jar back" />
<jar
destfile="${project.build.directory}/${project.artifactId}-${project.version}.jar"
basedir="${project.build.directory}/unpacked" />
</target>
</configuration>
Can anybody tell me how these three files are created? And how can I
update them?
Thank you very much!
