From 0c73512c06cc6421e15df6d382f37265e344851d Mon Sep 17 00:00:00 2001
From: Steve Loughran <stevel@cloudera.com>
Date: Wed, 8 Jun 2022 17:22:25 +0100
Subject: [PATCH] HADOOP-18197. Upgrade protobuf to 3.20.1

This patch bumps up the protobuf version so that Hadoop
is not a vulnerable to CVE-2021-22569.

I'm not renaming the module hadoop-shaded-protobuf_3_7
because that significantly complicates imports/upgrading.
That said, I don't see why the version number needed to be
included there. We will have to live with that.

This also fixes up the parent POM references in the child modules
as IntelliJ requires a full path.

Testing: needs to go through hadoop built with the updated jar and
with its own protobuf version marker updated.
Verified hadoop compiles on a macbook m1.
---
 LICENSE-binary                     | 2 +-
 hadoop-shaded-guava/pom.xml        | 2 +-
 hadoop-shaded-protobuf_3_7/pom.xml | 6 +++---
 pom.xml                            | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index 978d1d7..7a58725 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -217,7 +217,7 @@ See licenses-binary/ for text of these licenses.
 
 BSD 3-Clause
 ------------
-com.google.protobuf:protobuf-java:3.7.1
+com.google.protobuf:protobuf-java:3.20.1
 
 
 MIT License
diff --git a/hadoop-shaded-guava/pom.xml b/hadoop-shaded-guava/pom.xml
index 6b143dd..0ed5a45 100644
--- a/hadoop-shaded-guava/pom.xml
+++ b/hadoop-shaded-guava/pom.xml
@@ -24,7 +24,7 @@
         <artifactId>hadoop-thirdparty</artifactId>
         <groupId>org.apache.hadoop.thirdparty</groupId>
         <version>1.2.0-SNAPSHOT</version>
-        <relativePath>..</relativePath>
+        <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>hadoop-shaded-guava</artifactId>
diff --git a/hadoop-shaded-protobuf_3_7/pom.xml b/hadoop-shaded-protobuf_3_7/pom.xml
index ae288fb..78cebc4 100644
--- a/hadoop-shaded-protobuf_3_7/pom.xml
+++ b/hadoop-shaded-protobuf_3_7/pom.xml
@@ -24,11 +24,11 @@
     <artifactId>hadoop-thirdparty</artifactId>
     <groupId>org.apache.hadoop.thirdparty</groupId>
     <version>1.2.0-SNAPSHOT</version>
-    <relativePath>..</relativePath>
+    <relativePath>../pom.xml</relativePath>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <artifactId>hadoop-shaded-protobuf_3_7</artifactId>
-  <name>Apache Hadoop shaded Protobuf 3.7</name>
+  <name>Apache Hadoop shaded Protobuf</name>
   <packaging>jar</packaging>
 
   <properties>
@@ -38,7 +38,7 @@
     <dependency>
       <groupId>com.google.protobuf</groupId>
       <artifactId>protobuf-java</artifactId>
-      <version>${protobuf_3_7.version}</version>
+      <version>${protobuf_3.version}</version>
     </dependency>
   </dependencies>
 
diff --git a/pom.xml b/pom.xml
index bdb2e7d..79f1282 100644
--- a/pom.xml
+++ b/pom.xml
@@ -94,7 +94,7 @@
     <!--thirdparty dependency versions-->
     <shaded.prefix>org.apache.hadoop.thirdparty</shaded.prefix>
     <protobuf.shade.prefix>${shaded.prefix}.protobuf</protobuf.shade.prefix>
-    <protobuf_3_7.version>3.7.1</protobuf_3_7.version>
+    <protobuf_3.version>3.20.1</protobuf_3.version>
     <guava.version>30.1.1-jre</guava.version>
 
     <!-- maven plugin versions -->