opendev/gerrit
Code Issues Proposed changes
Files
3efa1058b214469c3c612cd38909d453aa7e8af9
gerrit/lib/BUILD
David Pursehouse b0618f9b94 [CVE-2018-10237]: Upgrade guava to 24.1.1-jre 
This upgrade fixes CVE-2018-10237 [1]:

  Unbounded memory allocation in Google Guava 11.0 through 24.x before
  24.1.1 allows remote attackers to conduct denial of service attacks
  against servers that depend on this library and deserialize attacker-
  provided data, because the AtomicDoubleArray class (when serialized
  with Java serialization) and the CompoundOrdering class (when
  serialized with GWT serialization) perform eager allocation without
  appropriate checks on what a client has sent and whether the data size
  is reasonable.

[1] https://nvd.nist.gov/vuln/detail/CVE-2018-10237

This also adds dependency on j2objc-annotations to prevent the following
warning during the build:

  INFO: From Building java/com/google/gerrit/lucene/liblucene.jar (12 source files):
  warning: unknown enum constant ReflectionSupport$Level.FULL
  reason: class file for com.google.j2objc.annotations.ReflectionSupport$Level not found

Bug: Issue 9952
Change-Id: Iea79ee7d93c4b7c85479b5ec01ee07e19beed611
2018-11-05 10:00:40 +09:00

312 lines
6.8 KiB
Python
Raw Blame History

exports_files(glob([
"LICENSE-*",
]))
filegroup(
name = "all-licenses",
srcs = glob(
["LICENSE-*"],
exclude = ["LICENSE-DO_NOT_DISTRIBUTE"],
),
visibility = ["//visibility:public"],
)
java_library(
name = "servlet-api-3_1",
data = ["//lib:LICENSE-Apache2.0"],
neverlink = 1,
visibility = ["//visibility:public"],
exports = ["@servlet-api-3_1//jar"],
)
java_library(
name = "servlet-api-3_1-without-neverlink",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@servlet-api-3_1//jar"],
)
java_library(
name = "gwtjsonrpc",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@gwtjsonrpc//jar"],
)
java_library(
name = "gwtjsonrpc_src",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@gwtjsonrpc//jar:src"],
)
java_library(
name = "gson",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@gson//jar"],
)
java_library(
name = "gwtorm-client",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@gwtorm-client//jar"],
)
java_library(
name = "gwtorm-client_src",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@gwtorm-client//jar:src"],
)
java_library(
name = "protobuf",
data = ["//lib:LICENSE-protobuf"],
visibility = ["//visibility:public"],
exports = ["@protobuf//jar"],
)
java_library(
name = "gwtorm",
visibility = ["//visibility:public"],
exports = [":gwtorm-client"],
runtime_deps = [":protobuf"],
)
java_library(
name = "j2objc",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@j2objc//jar"],
)
java_library(
name = "guava",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = [
":j2objc",
"@guava//jar",
],
)
java_library(
name = "velocity",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@velocity//jar"],
runtime_deps = [
"//lib/commons:collections",
"//lib/commons:lang",
"//lib/commons:oro",
],
)
java_library(
name = "jsch",
data = ["//lib:LICENSE-jsch"],
visibility = ["//visibility:public"],
exports = ["@jsch//jar"],
)
java_library(
name = "juniversalchardet",
data = ["//lib:LICENSE-MPL1.1"],
visibility = ["//visibility:public"],
exports = ["@juniversalchardet//jar"],
)
java_library(
name = "args4j",
data = ["//lib:LICENSE-args4j"],
visibility = ["//visibility:public"],
exports = ["@args4j//jar"],
)
java_library(
name = "automaton",
data = ["//lib:LICENSE-automaton"],
visibility = ["//visibility:public"],
exports = ["@automaton//jar"],
)
java_library(
name = "pegdown",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@pegdown//jar"],
runtime_deps = [":grappa"],
)
java_library(
name = "grappa",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@grappa//jar"],
runtime_deps = [
":jitescript",
"//lib/ow2:ow2-asm",
"//lib/ow2:ow2-asm-analysis",
"//lib/ow2:ow2-asm-tree",
"//lib/ow2:ow2-asm-util",
],
)
java_library(
name = "jitescript",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@jitescript//jar"],
)
java_library(
name = "tukaani-xz",
data = ["//lib:LICENSE-xz"],
visibility = ["//visibility:public"],
exports = ["@tukaani-xz//jar"],
)
java_library(
name = "mime-util",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@mime-util//jar"],
)
java_library(
name = "guava-retrying",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@guava-retrying//jar"],
runtime_deps = [":jsr305"],
)
java_library(
name = "jsr305",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@jsr305//jar"],
)
java_library(
name = "blame-cache",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@blame-cache//jar"],
)
java_library(
name = "h2",
data = ["//lib:LICENSE-h2"],
visibility = ["//visibility:public"],
exports = ["@h2//jar"],
)
java_library(
name = "jimfs",
data = ["//lib:LICENSE-DO_NOT_DISTRIBUTE"],
visibility = ["//visibility:public"],
exports = ["@jimfs//jar"],
runtime_deps = [":guava"],
)
java_library(
name = "junit",
data = ["//lib:LICENSE-DO_NOT_DISTRIBUTE"],
visibility = ["//visibility:public"],
exports = [
":hamcrest-core",
"@junit//jar",
],
runtime_deps = [":hamcrest-core"],
)
java_library(
name = "hamcrest-core",
data = ["//lib:LICENSE-DO_NOT_DISTRIBUTE"],
visibility = ["//visibility:public"],
exports = ["@hamcrest-core//jar"],
)
java_library(
name = "truth",
data = ["//lib:LICENSE-DO_NOT_DISTRIBUTE"],
visibility = ["//visibility:public"],
exports = [
":guava",
":junit",
"@truth//jar",
],
)
java_library(
name = "truth-java8-extension",
data = ["//lib:LICENSE-DO_NOT_DISTRIBUTE"],
visibility = ["//visibility:public"],
exports = [
":guava",
":truth",
"@truth-java8-extension//jar",
],
)
java_library(
name = "javassist",
data = ["//lib:LICENSE-DO_NOT_DISTRIBUTE"],
visibility = ["//visibility:public"],
exports = ["@javassist//jar"],
)
java_library(
name = "derby",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@derby//jar"],
)
java_library(
name = "soy",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@soy//jar"],
runtime_deps = [
":args4j",
":gson",
":guava",
":html-types",
":icu4j",
":jsr305",
":protobuf",
"//lib/guice",
"//lib/guice:guice-assistedinject",
"//lib/guice:javax-inject",
"//lib/ow2:ow2-asm",
"//lib/ow2:ow2-asm-analysis",
"//lib/ow2:ow2-asm-commons",
"//lib/ow2:ow2-asm-util",
],
)
java_library(
name = "html-types",
data = ["//lib:LICENSE-Apache2.0"],
visibility = ["//visibility:public"],
exports = ["@html-types//jar"],
)
java_library(
name = "icu4j",
data = ["//lib:LICENSE-icu4j"],
visibility = ["//visibility:public"],
exports = ["@icu4j//jar"],
)
java_library(
name = "postgresql",
data = ["//lib:LICENSE-postgresql"],
visibility = ["//visibility:public"],
exports = ["@postgresql//jar"],
)
View Git Blame Copy Permalink