This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new ab2f15d0d KUDU-3493 upgrade Guava to 32.1.1-jre
ab2f15d0d is described below
commit ab2f15d0dc168245d9e5adc631784f0f1be1c803
Author: Alexey Serbin <[email protected]>
AuthorDate: Thu Jul 20 14:33:50 2023 -0700
KUDU-3493 upgrade Guava to 32.1.1-jre
This is to address CVE-2023-2976 in 30.1-jre [1].
An update on java/build.gradle is a workaround as suggested by the
Guava release notes [2] to allow for building with gradle 6.x.
An update on build-support/verify_jars.pl allows for ProGuard [3]
rule files to be in the result JARs: those appeared in the compiled
JAR files with the new Guava version.
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-2976
[2] https://github.com/google/guava/releases/tag/v32.1.0
[3] https://www.guardsquare.com/en/products/proguard
Change-Id: I4acf448085e2279be3ed8c77ccf3306494c6639c
Reviewed-on: http://gerrit.cloudera.org:8080/20235
Reviewed-by: Abhishek Chennaka <[email protected]>
Tested-by: Abhishek Chennaka <[email protected]>
Tested-by: Alexey Serbin <[email protected]>
---
build-support/verify_jars.pl | 2 +-
java/build.gradle | 8 ++++++++
java/gradle/dependencies.gradle | 2 +-
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/build-support/verify_jars.pl b/build-support/verify_jars.pl
index 64186d223..eb6e3477d 100755
--- a/build-support/verify_jars.pl
+++ b/build-support/verify_jars.pl
@@ -28,7 +28,7 @@ my $pat_kudu_shaded_prefix = qr{^org/apache/kudu/shaded/};
# Allowed filenames of non-Java files in JARs.
my $pat_allow_non_java =
- qr{(?:\.(?:txt|xml|properties|json|proto|MF|jnilib|so|swp)|
+ qr{(?:\.(?:txt|xml|properties|json|proto|MF|jnilib|pro|so|swp)|
LICENSE|NOTICE|DEPENDENCIES|
# The kudu-spark DataSourceRegister file.
DataSourceRegister|
diff --git a/java/build.gradle b/java/build.gradle
index 686a5d5ef..4fa917e7d 100755
--- a/java/build.gradle
+++ b/java/build.gradle
@@ -65,6 +65,14 @@ subprojects {
exclude group: "org.checkerframework", module: "checker-compat-qual"
exclude group: "org.codehaus.mojo", module: "animal-sniffer-annotations"
}
+
+ sourceSets {
+ all {
+ configurations.all { conf ->
+ attributes.attribute(Attribute.of("org.gradle.jvm.environment",
String), "standard-jvm")
+ }
+ }
+ }
}
// A task that does nothing, but is useful to ensure the Gradle build and
tasks are initialized.
diff --git a/java/gradle/dependencies.gradle b/java/gradle/dependencies.gradle
index 2b4f7f3eb..2a9724a13 100755
--- a/java/gradle/dependencies.gradle
+++ b/java/gradle/dependencies.gradle
@@ -33,7 +33,7 @@ versions += [
errorProne : "2.3.3",
errorProneJavac: "9+181-r4173-1",
gradle : "6.9.2",
- guava : "30.1-jre",
+ guava : "32.1.1-jre",
hadoop : "3.3.1",
hamcrest : "2.2",
hdrhistogram : "2.1.12",
