TEZ-4369: Upgrade netty to 4.1.69 due to CVE-2021-37136, CVE-2021-37137

[abstractdog]

No description provided.

[abstractdog]

failure is not related:

[ERROR] org.apache.tez.runtime.library.utils.TestCodecUtils.testConcurrentDecompressorCreationWithModifiedBuffersize  Time elapsed: 0.188 s  <<< ERROR!
java.lang.OutOfMemoryError: unable to create new native thread
	at org.apache.tez.runtime.library.utils.TestCodecUtils.testConcurrentDecompressorCreationWithModifiedBuffersizeOnCodec(TestCodecUtils.java:76)
	at org.apache.tez.runtime.library.utils.TestCodecUtils.testConcurrentDecompressorCreationWithModifiedBuffersize(TestCodecUtils.java:58)

[jteagles]

@abstractdog,
can you help understand why upgrade to this version versus later versions
https://netty.io/news/2021/10/11/4-1-70-Final.html
https://netty.io/news/2021/12/09/4-1-71-Final.html
https://netty.io/news/2021/12/13/4-1-72-Final.html

Also, I would try to track this jira https://issues.apache.org/jira/browse/HDFS-16384 which describes a possible hadoop upgrade with patch available for hadoop 3.4.0 target

[abstractdog]

you're right @jteagles, let's jump 4.1.72 (not to mention that 4.1.72 solves more CVE-s as far as I know)

[abstractdog]

@jteagles : can I commit this one?

[tez-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	16m 17s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ master Compile Tests _
+1 💚	mvninstall	13m 22s	master passed
+1 💚	compile	2m 17s	master passed with JDK Ubuntu-11.0.13+8-Ubuntu-0ubuntu1.20.04
+1 💚	compile	2m 4s	master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javadoc	2m 21s	master passed with JDK Ubuntu-11.0.13+8-Ubuntu-0ubuntu1.20.04
+1 💚	javadoc	1m 39s	master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
		_ Patch Compile Tests _
+1 💚	mvninstall	4m 45s	the patch passed
+1 💚	compile	2m 19s	the patch passed with JDK Ubuntu-11.0.13+8-Ubuntu-0ubuntu1.20.04
+1 💚	javac	2m 19s	the patch passed
+1 💚	compile	2m 9s	the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javac	2m 9s	the patch passed
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 1s	The patch has no ill-formed XML file.
+1 💚	javadoc	1m 59s	the patch passed with JDK Ubuntu-11.0.13+8-Ubuntu-0ubuntu1.20.04
+1 💚	javadoc	1m 36s	the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
		_ Other Tests _
+1 💚	unit	73m 12s	root in the patch passed.
+1 💚	asflicense	0m 31s	The patch does not generate ASF License warnings.
		125m 29s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-175/2/artifact/out/Dockerfile
GITHUB PR	#175
JIRA Issue	TEZ-4369
Optional Tests	dupname asflicense javac javadoc unit xml compile
uname	Linux 481409769d11 4.15.0-163-generic #171-Ubuntu SMP Fri Nov 5 11:55:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/tez.sh
git revision	master / 41cbc17
Default Java	Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.13+8-Ubuntu-0ubuntu1.20.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-175/2/testReport/
Max. process+thread count	2089 (vs. ulimit of 5500)
modules	C: . U: .
Console output	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-175/2/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[jteagles]

+1