summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlec Scott <hi@alecbcs.com>2023-02-20 07:54:45 -0800
committerGitHub <noreply@github.com>2023-02-20 07:54:45 -0800
commite8a19aa089cb3d0efc819774b178098cb8dbc188 (patch)
tree85ade753c48707d980b92f76aac9e8658a8ff49c
parent4a844a971af8d49ca848c8decd58c92bb7fb8d5c (diff)
downloadspack-e8a19aa089cb3d0efc819774b178098cb8dbc188.tar.gz
spack-e8a19aa089cb3d0efc819774b178098cb8dbc188.tar.bz2
spack-e8a19aa089cb3d0efc819774b178098cb8dbc188.tar.xz
spack-e8a19aa089cb3d0efc819774b178098cb8dbc188.zip
Add Alluxio v2.9.1 and deprecate previous versions due to CVE (#35574)
-rw-r--r--var/spack/repos/builtin/packages/alluxio/package.py21
1 files changed, 18 insertions, 3 deletions
diff --git a/var/spack/repos/builtin/packages/alluxio/package.py b/var/spack/repos/builtin/packages/alluxio/package.py
index c19cc37233..9af4703f22 100644
--- a/var/spack/repos/builtin/packages/alluxio/package.py
+++ b/var/spack/repos/builtin/packages/alluxio/package.py
@@ -17,9 +17,24 @@ class Alluxio(Package):
list_url = "https://downloads.alluxio.io/downloads/files"
list_depth = 1
- version("2.7.2", sha256="e428acfe0704cc68801ae2aa7b7ba920a0e35af9dded66b280649fc1d280a3d4")
- version("2.2.1", sha256="0c6b0afcc4013437afb8113e1dfda9777561512269ea349c7fbf353dc0efd28a")
- version("2.2.0", sha256="635847ea1a0f8ad04c99518620de035d4962fbfa9e5920bb0911ccf8e5ea82fc")
+ version("2.9.1", sha256="e9456db7a08488af22dee3a44e4135bc03a0444e31c7753bf00f72465f68ffb9")
+
+ # https://nvd.nist.gov/vuln/detail/CVE-2022-23848
+ version(
+ "2.7.2",
+ sha256="e428acfe0704cc68801ae2aa7b7ba920a0e35af9dded66b280649fc1d280a3d4",
+ deprecated=True,
+ )
+ version(
+ "2.2.1",
+ sha256="0c6b0afcc4013437afb8113e1dfda9777561512269ea349c7fbf353dc0efd28a",
+ deprecated=True,
+ )
+ version(
+ "2.2.0",
+ sha256="635847ea1a0f8ad04c99518620de035d4962fbfa9e5920bb0911ccf8e5ea82fc",
+ deprecated=True,
+ )
depends_on("java@8", type="run")