KAFKA-15319: Upgrade rocksdb to fix CVE-2022-37434 (#14216)

Rocksdbjni<7.9.2 is vulnerable to CVE-2022-37434 due to zlib 1.2.12 Reviewers: Divij Vaidya <diviv@amazon.com>, Bruno Cadonna <cadonna@apache.org>
apache · Oct 24, 2023 · 9e10f89 · 9e10f89
1 parent ad925d2
commit 9e10f89
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 3 deletions.
diff --git a/LICENSE-binary b/LICENSE-binary
@@ -246,7 +246,7 @@ netty-transport-native-epoll-4.1.94.Final
 netty-transport-native-unix-common-4.1.94.Final
 plexus-utils-3.3.1
 reload4j-1.2.25
-rocksdbjni-7.1.2
+rocksdbjni-7.9.2
 scala-collection-compat_2.13-2.10.0
 scala-library-2.13.10
 scala-logging_2.13-3.9.4

diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
@@ -114,7 +114,7 @@ versions += [
   powermock: "2.0.9",
   reflections: "0.9.12",
   reload4j: "1.2.25",
-  rocksDB: "7.1.2",
+  rocksDB: "7.9.2",
   scalaCollectionCompat: "2.10.0",
   // When updating the scalafmt version please also update the version field in checkstyle/.scalafmt.conf. scalafmt now
   // has the version field as mandatory in its configuration, see

diff --git a/...a/streams/state/internals/RocksDBGenericOptionsToDbOptionsColumnFamilyOptionsAdapter.java b/...a/streams/state/internals/RocksDBGenericOptionsToDbOptionsColumnFamilyOptionsAdapter.java
@@ -40,6 +40,7 @@
 import org.rocksdb.MemTableConfig;
 import org.rocksdb.MergeOperator;
 import org.rocksdb.Options;
+import org.rocksdb.PrepopulateBlobCache;
 import org.rocksdb.RateLimiter;
 import org.rocksdb.SstFileManager;
 import org.rocksdb.SstPartitionerFactory;
@@ -1728,6 +1729,17 @@ public Options setMemtableWholeKeyFiltering(final boolean memtableWholeKeyFilter
     public boolean memtableWholeKeyFiltering() {
         return columnFamilyOptions.memtableWholeKeyFiltering();
     }
+
+    @Override
+    public Options setExperimentalMempurgeThreshold(final double experimentalMempurgeThreshold) {
+        columnFamilyOptions.setExperimentalMempurgeThreshold(experimentalMempurgeThreshold);
+        return this;
+    }
+
+    @Override
+    public double experimentalMempurgeThreshold() {
+        return columnFamilyOptions.experimentalMempurgeThreshold();
+    }
 
     //
     // BEGIN options for blobs (integrated BlobDB)
@@ -1810,6 +1822,29 @@ public double blobGarbageCollectionForceThreshold() {
         return columnFamilyOptions.blobGarbageCollectionForceThreshold();
     }
 
+
+    @Override
+    public Options setPrepopulateBlobCache(final PrepopulateBlobCache prepopulateBlobCache) {
+        columnFamilyOptions.setPrepopulateBlobCache(prepopulateBlobCache);
+        return this;
+    }
+
+    @Override
+    public PrepopulateBlobCache prepopulateBlobCache() {
+        return columnFamilyOptions.prepopulateBlobCache();
+    }
+
+    @Override
+    public Options setBlobFileStartingLevel(final int blobFileStartingLevel) {
+        columnFamilyOptions.setBlobFileStartingLevel(blobFileStartingLevel);
+        return this;
+    }
+
+    @Override
+    public int blobFileStartingLevel() {
+        return columnFamilyOptions.blobFileStartingLevel();
+    }
+
     //
     // END options for blobs (integrated BlobDB)
     //

diff --git a/tests/setup.py b/tests/setup.py
@@ -51,7 +51,7 @@ def run_tests(self):
       license="apache2.0",
       packages=find_packages(),
       include_package_data=True,
-      install_requires=["ducktape<0.9", "requests==2.31.0"],
+      install_requires=["ducktape==0.8.14", "requests==2.24.0"],
       tests_require=["pytest", "mock"],
       cmdclass={'test': PyTest},
       zip_safe=False