From 0f8d42f860c110ac00eaa98202c89eb6c2b8c7a0 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Tue, 11 Jun 2024 14:20:28 -0400 Subject: [PATCH 1/6] [1.3] Bump bouncycastle to 1.78 and kafka to 3.6.2 Signed-off-by: Craig Perkins --- build.gradle | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build.gradle b/build.gradle index 3e5b470bc4..72cf007084 100644 --- a/build.gradle +++ b/build.gradle @@ -62,7 +62,7 @@ ext { buildVersionQualifier = System.getProperty("build.version_qualifier", "") version_tokens = opensearch_version.tokenize('-') opensearch_build = version_tokens[0] + '.0' - kafka_version = '3.5.1' + kafka_version = '3.6.2' if (buildVersionQualifier) { opensearch_build += "-${buildVersionQualifier}" @@ -170,7 +170,7 @@ dependencies { implementation 'com.google.guava:guava:32.1.1-jre' implementation 'org.greenrobot:eventbus:3.2.0' implementation 'commons-cli:commons-cli:1.3.1' - implementation 'org.bouncycastle:bcprov-jdk15to18:1.75' + implementation 'org.bouncycastle:bcprov-jdk15to18:1.78' implementation 'com.fasterxml.jackson.core:jackson-databind:2.14.2' implementation 'org.ldaptive:ldaptive:1.2.3' implementation 'org.apache.httpcomponents:httpclient-cache:4.5.13' @@ -245,8 +245,8 @@ dependencies { integrationTestImplementation "org.apache.logging.log4j:log4j-core:2.17.1" integrationTestImplementation "org.apache.logging.log4j:log4j-jul:2.17.1" integrationTestImplementation 'org.hamcrest:hamcrest:2.2' - integrationTestImplementation "org.bouncycastle:bcpkix-jdk15to18:1.75" - integrationTestImplementation "org.bouncycastle:bcutil-jdk15to18:1.75" + integrationTestImplementation "org.bouncycastle:bcpkix-jdk15to18:1.78" + integrationTestImplementation "org.bouncycastle:bcutil-jdk15to18:1.78" integrationTestImplementation('org.awaitility:awaitility:4.2.0') { exclude(group: 'org.hamcrest', module: 'hamcrest') } From f07750a77baddf4a05cfa3270a1804e4fe56b350 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Wed, 12 Jun 2024 16:32:50 -0400 Subject: [PATCH 2/6] Update bc permissions Signed-off-by: Craig Perkins --- plugin-security.policy | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/plugin-security.policy b/plugin-security.policy index a0b51c26a8..24f3c97637 100644 --- a/plugin-security.policy +++ b/plugin-security.policy @@ -64,7 +64,10 @@ grant { permission java.security.SecurityPermission "putProviderProperty.BC"; permission java.security.SecurityPermission "insertProvider.BC"; permission java.security.SecurityPermission "removeProviderProperty.BC"; - permission java.util.PropertyPermission "jdk.tls.rejectClientInitiatedRenegotiation", "write"; + permission java.security.SecurityPermission "getProperty.org.bouncycastle.ec.max_f2m_field_size"; + permission java.security.SecurityPermission "getProperty.org.bouncycastle.pkcs12.default"; + permission java.security.SecurityPermission "getProperty.org.bouncycastle.rsa.max_size"; + permission java.security.SecurityPermission "getProperty.org.bouncycastle.rsa.max_mr_tests"; permission java.lang.RuntimePermission "accessUserInformation"; From a0c4648cc757278586fe42fddd7153ecf20e6cae Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Wed, 12 Jun 2024 16:40:53 -0400 Subject: [PATCH 3/6] Bump BC to 1.78.1 Signed-off-by: Craig Perkins --- build.gradle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build.gradle b/build.gradle index 748373e99a..e59ea6cfcd 100644 --- a/build.gradle +++ b/build.gradle @@ -170,7 +170,7 @@ dependencies { implementation 'com.google.guava:guava:32.1.1-jre' implementation 'org.greenrobot:eventbus:3.2.0' implementation 'commons-cli:commons-cli:1.3.1' - implementation 'org.bouncycastle:bcprov-jdk15to18:1.78' + implementation 'org.bouncycastle:bcprov-jdk15to18:1.78.1' implementation 'com.fasterxml.jackson.core:jackson-databind:2.14.2' implementation 'org.ldaptive:ldaptive:1.2.3' implementation 'org.apache.httpcomponents:httpclient-cache:4.5.13' @@ -245,8 +245,8 @@ dependencies { integrationTestImplementation "org.apache.logging.log4j:log4j-core:2.17.1" integrationTestImplementation "org.apache.logging.log4j:log4j-jul:2.17.1" integrationTestImplementation 'org.hamcrest:hamcrest:2.2' - integrationTestImplementation "org.bouncycastle:bcpkix-jdk15to18:1.78" - integrationTestImplementation "org.bouncycastle:bcutil-jdk15to18:1.78" + integrationTestImplementation "org.bouncycastle:bcpkix-jdk15to18:1.78.1" + integrationTestImplementation "org.bouncycastle:bcutil-jdk15to18:1.78.1" integrationTestImplementation('org.awaitility:awaitility:4.2.0') { exclude(group: 'org.hamcrest', module: 'hamcrest') } From a2f681168e4f88dde8f28d129b32424ac172ed68 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Wed, 12 Jun 2024 17:10:08 -0400 Subject: [PATCH 4/6] Bump kafka to 3.7.0 Signed-off-by: Craig Perkins --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index e59ea6cfcd..925a2072a5 100644 --- a/build.gradle +++ b/build.gradle @@ -62,7 +62,7 @@ ext { buildVersionQualifier = System.getProperty("build.version_qualifier", "") version_tokens = opensearch_version.tokenize('-') opensearch_build = version_tokens[0] + '.0' - kafka_version = '3.6.2' + kafka_version = '3.7.0' if (buildVersionQualifier) { opensearch_build += "-${buildVersionQualifier}" From d5a7802ae7a332161c24673efdff4c4ddd1c12bc Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Wed, 12 Jun 2024 17:41:22 -0400 Subject: [PATCH 5/6] Add kafka-server Signed-off-by: Craig Perkins --- build.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/build.gradle b/build.gradle index 925a2072a5..17ab173be4 100644 --- a/build.gradle +++ b/build.gradle @@ -210,6 +210,7 @@ dependencies { testImplementation 'com.unboundid:unboundid-ldapsdk:4.0.9' testImplementation 'com.github.stephenc.jcip:jcip-annotations:1.0-1' testImplementation "org.apache.kafka:kafka_2.13:${kafka_version}" + testImplementation "org.apache.kafka:kafka-server:${kafka_version}" testImplementation "org.apache.kafka:kafka_2.13:${kafka_version}:test" testImplementation "org.apache.kafka:kafka-clients:${kafka_version}:test" compileOnly "org.opensearch:opensearch:${opensearch_version}" From 21002d9d7776b8380c4075f8638b73f33a72545d Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Wed, 12 Jun 2024 20:14:36 -0400 Subject: [PATCH 6/6] Add additional kafka dependencies Signed-off-by: Craig Perkins --- build.gradle | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build.gradle b/build.gradle index 17ab173be4..2ccdae5618 100644 --- a/build.gradle +++ b/build.gradle @@ -211,8 +211,11 @@ dependencies { testImplementation 'com.github.stephenc.jcip:jcip-annotations:1.0-1' testImplementation "org.apache.kafka:kafka_2.13:${kafka_version}" testImplementation "org.apache.kafka:kafka-server:${kafka_version}" + testImplementation "org.apache.kafka:kafka-server-common:${kafka_version}" + testImplementation "org.apache.kafka:kafka-server-common:${kafka_version}:test" testImplementation "org.apache.kafka:kafka_2.13:${kafka_version}:test" testImplementation "org.apache.kafka:kafka-clients:${kafka_version}:test" + testImplementation 'commons-validator:commons-validator:1.7' compileOnly "org.opensearch:opensearch:${opensearch_version}" integrationTestCompileOnly "org.opensearch:opensearch:${opensearch_version}"