From 0cf0ec73ba05d6533dd4e25f10c26398d3d56d52 Mon Sep 17 00:00:00 2001
From: Joseph Dell'Aringa <jdellaringa@linkedin.com>
Date: Wed, 24 Apr 2024 12:52:19 -0700
Subject: [PATCH] =?UTF-8?q?HADOOP-18924.=20Upgrade=20to=20grpc=201.53.0=20?=
 =?UTF-8?q?due=20to=20CVEs=20(#6161).=20Contributed=E2=80=A6=20(#439)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* HADOOP-18924. Upgrade to grpc 1.53.0 due to CVEs (#6161). Contributed by PJ Fanning.

Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>

* fix conflicts

* exclude conflicting animal-sniffer-annotations version

* empty commit for ACLOVERRIDE

---------

Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
Co-authored-by: PJ Fanning <pjfanning@users.noreply.github.com>
Co-authored-by: Joseph DellAringa <jdellari@linkedin.com>
---
 LICENSE-binary                                | 55 ++++++++++++++-----
 .../hadoop-yarn/hadoop-yarn-csi/pom.xml       | 24 +++++++-
 2 files changed, 61 insertions(+), 18 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index b424e8b34bd44..a52cb3cae9547 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -255,19 +255,45 @@ commons-io:commons-io:2.8.0
 commons-logging:commons-logging:1.1.3
 commons-net:commons-net:3.6
 de.ruedigermoeller:fst:2.50
-io.dropwizard.metrics:metrics-core:3.2.4
-io.grpc:grpc-api:1.26.0
-io.grpc:grpc-context:1.26.0
-io.grpc:grpc-core:1.26.0
-io.grpc:grpc-netty:1.26.0
-io.grpc:grpc-protobuf:1.26.0
-io.grpc:grpc-protobuf-lite:1.26.0
-io.grpc:grpc-stub:1.26.0
-io.netty:netty:3.10.6.Final
-io.netty:netty-all:4.1.61.Final
-io.opencensus:opencensus-api:0.24.0
-io.opencensus:opencensus-contrib-grpc-metrics:0.24.0
-io.perfmark:perfmark-api:0.19.0
+io.grpc:grpc-api:1.53.0
+io.grpc:grpc-context:1.53.0
+io.grpc:grpc-core:1.53.0
+io.grpc:grpc-netty:1.53.0
+io.grpc:grpc-protobuf:1.53.0
+io.grpc:grpc-protobuf-lite:1.53.0
+io.grpc:grpc-stub:1.53.0
+io.netty:netty-all:4.1.100.Final
+io.netty:netty-buffer:4.1.100.Final
+io.netty:netty-codec:4.1.100.Final
+io.netty:netty-codec-dns:4.1.100.Final
+io.netty:netty-codec-haproxy:4.1.100.Final
+io.netty:netty-codec-http:4.1.100.Final
+io.netty:netty-codec-http2:4.1.100.Final
+io.netty:netty-codec-memcache:4.1.100.Final
+io.netty:netty-codec-mqtt:4.1.100.Final
+io.netty:netty-codec-redis:4.1.100.Final
+io.netty:netty-codec-smtp:4.1.100.Final
+io.netty:netty-codec-socks:4.1.100.Final
+io.netty:netty-codec-stomp:4.1.100.Final
+io.netty:netty-codec-xml:4.1.100.Final
+io.netty:netty-common:4.1.100.Final
+io.netty:netty-handler:4.1.100.Final
+io.netty:netty-handler-proxy:4.1.100.Final
+io.netty:netty-resolver:4.1.100.Final
+io.netty:netty-resolver-dns:4.1.100.Final
+io.netty:netty-transport:4.1.100.Final
+io.netty:netty-transport-rxtx:4.1.100.Final
+io.netty:netty-transport-sctp:4.1.100.Final
+io.netty:netty-transport-udt:4.1.100.Final
+io.netty:netty-transport-classes-epoll:4.1.100.Final
+io.netty:netty-transport-native-unix-common:4.1.100.Final
+io.netty:netty-transport-classes-kqueue:4.1.100.Final
+io.netty:netty-resolver-dns-classes-macos:4.1.100.Final
+io.netty:netty-transport-native-epoll:4.1.100.Final
+io.netty:netty-transport-native-kqueue:4.1.100.Final
+io.netty:netty-resolver-dns-native-macos:4.1.100.Final
+io.opencensus:opencensus-api:0.12.3
+io.opencensus:opencensus-contrib-grpc-metrics:0.12.3
 io.reactivex:rxjava:1.3.8
 io.reactivex:rxjava-string:1.1.1
 io.reactivex:rxnetty:0.4.20
@@ -429,9 +455,8 @@ com.microsoft.azure:azure-keyvault-core:1.0.0
 com.microsoft.sqlserver:mssql-jdbc:6.2.1.jre7
 org.bouncycastle:bcpkix-jdk15on:1.60
 org.bouncycastle:bcprov-jdk15on:1.60
-org.checkerframework:checker-qual:2.5.2
 org.checkerframework:checker-qual:3.8.0
-org.codehaus.mojo:animal-sniffer-annotations:1.17
+org.codehaus.mojo:animal-sniffer-annotations:1.21
 org.jruby.jcodings:jcodings:1.0.13
 org.jruby.joni:joni:2.1.2
 org.ojalgo:ojalgo:43.0
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-csi/pom.xml b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-csi/pom.xml
index 8564770aa5570..d6ab4af3152cc 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-csi/pom.xml
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-csi/pom.xml
@@ -27,8 +27,8 @@
 
     <properties>
         <protobuf.version>3.6.1</protobuf.version>
-        <grpc.version>1.26.0</grpc.version>
-        <os-maven-plugin.version>1.5.0.Final</os-maven-plugin.version>
+        <grpc.version>1.53.0</grpc.version>
+        <animal-sniffer.version>1.21</animal-sniffer.version>
     </properties>
 
     <dependencies>
@@ -49,6 +49,17 @@
             <groupId>io.grpc</groupId>
             <artifactId>grpc-core</artifactId>
             <version>${grpc.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>animal-sniffer-annotations</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.codehaus.mojo</groupId>
+            <artifactId>animal-sniffer-annotations</artifactId>
+            <version>${animal-sniffer.version}</version>
         </dependency>
         <dependency>
             <groupId>io.grpc</groupId>
@@ -59,6 +70,13 @@
             <groupId>io.grpc</groupId>
             <artifactId>grpc-stub</artifactId>
             <version>${grpc.version}</version>
+            <exclusions>
+                <!-- Exclude conflicting version of animal-sniffer-annotations -->
+                <exclusion>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>animal-sniffer-annotations</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>io.grpc</groupId>
@@ -160,7 +178,7 @@
                 <configuration>
                     <protocArtifact>com.google.protobuf:protoc:3.6.1:exe:${os.detected.classifier}</protocArtifact>
                     <pluginId>grpc-java</pluginId>
-                    <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.26.0:exe:${os.detected.classifier}</pluginArtifact>
+                    <pluginArtifact>io.grpc:protoc-gen-grpc-java:${grpc.version}:exe:${os.detected.classifier}</pluginArtifact>
                 </configuration>
                 <executions>
                     <execution>