Migrate existing patch series to patchable

.patchable

@@ -0,0 +1 @@
+# Marker file for Patchable to know that this is the image repository

CHANGELOG.md

@@ -28,7 +28,7 @@ All notable changes to this project will be documented in this file.
 - trino-cli: Add version 470 ([#999]).
 - trino-storage-connector: Add version 470 ([#999]).
 - superset: Add version `4.1.1` ([#991]).
-- Add Patchable patch management tool ([#1003], [#1007]).
+- Add Patchable patch management tool ([#1003], [#1005], [#1007]).
 - nifi: Add 1.28.1, 2.2.0 ([#1006]).
 
 ### Changed
@@ -78,6 +78,7 @@ All notable changes to this project will be documented in this file.
 [#999]: https://github.com/stackabletech/docker-images/pull/999
 [#1000]: https://github.com/stackabletech/docker-images/pull/1000
 [#1003]: https://github.com/stackabletech/docker-images/pull/1003
+[#1005]: https://github.com/stackabletech/docker-images/pull/1005
 [#1006]: https://github.com/stackabletech/docker-images/pull/1006
 [#1007]: https://github.com/stackabletech/docker-images/pull/1007
 

druid/stackable/patches/26.0.0/0001-Removes-all-traces-of-the-druid-ranger-extension.patch

@@ -1,6 +1,6 @@
-From a8bec93ee6d0a4364676333168229aa0ec56657e Mon Sep 17 00:00:00 2001
+From 098e0333cb3977164c62ab0f29aafaf9b1ac6c7c Mon Sep 17 00:00:00 2001
 From: Lars Francke <[email protected]>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
+Date: Wed, 10 Jul 2024 17:07:13 +0200
 Subject: Removes all traces of the druid ranger extension
 
 ---

druid/stackable/patches/26.0.0/0002-Include-Prometheus-emitter-in-distribution.patch

@@ -1,6 +1,6 @@
-From c19288cd84492d76f924152f2d4f0d0fc0499ed6 Mon Sep 17 00:00:00 2001
+From cb547abec8bb002984bcb598c75f5031ea9513e1 Mon Sep 17 00:00:00 2001
 From: Lars Francke <[email protected]>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
+Date: Wed, 10 Jul 2024 17:07:13 +0200
 Subject: Include Prometheus emitter in distribution
 
 ---

druid/stackable/patches/26.0.0/0003-Stop-building-unused-extensions.patch

@@ -1,4 +1,4 @@
-From 85cacbcc47c88a56acd60d91fbf0412040523c8d Mon Sep 17 00:00:00 2001
+From 2722e90c01f02f804f1030f6aa91d07638e5e0a3 Mon Sep 17 00:00:00 2001
 From: Lars Francke <[email protected]>
 Date: Thu, 12 Dec 2024 17:59:17 +0100
 Subject: Stop building unused extensions.

druid/stackable/patches/26.0.0/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch

@@ -1,4 +1,4 @@
-From 4229d1c0d096e10dce72929224a7b4c2284fb417 Mon Sep 17 00:00:00 2001
+From 6a6cd8806bffe6b8f5da14d0d9f9b75fb79ac3cd Mon Sep 17 00:00:00 2001
 From: Lars Francke <[email protected]>
 Date: Thu, 12 Dec 2024 17:59:17 +0100
 Subject: Updates all dependencies that have a new patch release available.

druid/stackable/patches/26.0.0/0005-Include-jackson-dataformat-xml-dependency.patch

@@ -1,4 +1,4 @@
-From d55895a2525286a5198a3b327c3ce503bc852ead Mon Sep 17 00:00:00 2001
+From 1e4c0f607abfe1362941af5f53e04cd0b845f41f Mon Sep 17 00:00:00 2001
 From: Lars Francke <[email protected]>
 Date: Thu, 12 Dec 2024 17:59:17 +0100
 Subject: Include jackson-dataformat-xml dependency.

druid/stackable/patches/26.0.0/0006-Stop-building-the-tar.gz-distribution.patch

@@ -1,4 +1,4 @@
-From d1ae8732e2eee44abb5c831f5363c69e75e64a9a Mon Sep 17 00:00:00 2001
+From c7d74ad665618125e09f365bae0ecaa2876b6a87 Mon Sep 17 00:00:00 2001
 From: Lars Francke <[email protected]>
 Date: Thu, 12 Dec 2024 17:59:17 +0100
 Subject: Stop building the tar.gz distribution.

druid/stackable/patches/26.0.0/0007-Update-CycloneDX-plugin.patch

@@ -1,6 +1,6 @@
-From ff7d6a5ea07ea30653b47f6ef6844103a7ac3349 Mon Sep 17 00:00:00 2001
+From 56541040ce6a5c36d53fdda71316d2a7ab8245c0 Mon Sep 17 00:00:00 2001
 From: Lukas Voetmand <[email protected]>
-Date: Thu, 12 Dec 2024 17:59:17 +0100
+Date: Fri, 6 Sep 2024 17:53:52 +0200
 Subject: Update CycloneDX plugin
 
 ---

druid/stackable/patches/26.0.0/0008-Fix-CVE-2024-36114.patch

@@ -1,4 +1,4 @@
-From bdd52ae32874b686d6ddfa3179f6af787444662f Mon Sep 17 00:00:00 2001
+From a8442f203b70216cd7b3ec9cefe8f7627fa0d7e2 Mon Sep 17 00:00:00 2001
 From: Malte Sander <[email protected]>
 Date: Thu, 12 Dec 2024 17:59:17 +0100
 Subject: Fix CVE-2024-36114

druid/stackable/patches/26.0.0/0009-Update-FMPP-version.patch

@@ -1,4 +1,4 @@
-From 736165ab0fe73e0bef765f2cfd21cd800baddbc1 Mon Sep 17 00:00:00 2001
+From 2d634afe93690d295ddf69751b03e824cbd9f934 Mon Sep 17 00:00:00 2001
 From: Lars Francke <[email protected]>
 Date: Thu, 12 Dec 2024 06:35:21 +0100
 Subject: Update FMPP version

druid/stackable/patches/30.0.0/01-remove-ranger-security.patch → druid/stackable/patches/30.0.0/0001-Removes-all-traces-of-the-druid-ranger-extension.patch

@@ -1,13 +1,15 @@
-Removes all traces of the druid ranger extension
-
+From b6665733d54d730bafcd4c238b11bedd4e412667 Mon Sep 17 00:00:00 2001
 From: Lars Francke <[email protected]>
-
+Date: Wed, 10 Jul 2024 17:07:13 +0200
+Subject: Removes all traces of the druid ranger extension
 
 ---
- 0 files changed
+ distribution/pom.xml | 2 --
+ pom.xml              | 1 -
+ 2 files changed, 3 deletions(-)
 
 diff --git a/distribution/pom.xml b/distribution/pom.xml
-index 0f17a8c877..d7cd645767 100644
+index bdbbd8b4c0..e27329e96d 100644
 --- a/distribution/pom.xml
 +++ b/distribution/pom.xml
 @@ -252,8 +252,6 @@
@@ -20,10 +22,10 @@ index 0f17a8c877..d7cd645767 100644
                                          <argument>-c</argument>
                                          <argument>org.apache.druid.extensions:druid-catalog</argument>
 diff --git a/pom.xml b/pom.xml
-index cfca79dc6e..2acb812cbe 100644
+index 9051ed24c5..3ab467e468 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -199,7 +199,6 @@
+@@ -198,7 +198,6 @@
          <module>extensions-core/simple-client-sslcontext</module>
          <module>extensions-core/druid-basic-security</module>
          <module>extensions-core/google-extensions</module>

druid/stackable/patches/30.0.0/02-prometheus-emitter-from-source.patch → druid/stackable/patches/30.0.0/0002-Include-Prometheus-emitter-in-distribution.patch

@@ -1,13 +1,14 @@
-Include Prometheus emitter in distribution
-
+From 0cee640900bb8119ba6be12911578927aeb191ed Mon Sep 17 00:00:00 2001
 From: Lars Francke <[email protected]>
-
+Date: Mon, 17 Feb 2025 16:42:34 +0100
+Subject: Include Prometheus emitter in distribution
 
 ---
- 0 files changed
+ distribution/pom.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 46 insertions(+)
 
 diff --git a/distribution/pom.xml b/distribution/pom.xml
-index d7cd645767..eda1ddcfab 100644
+index e27329e96d..d5918710ef 100644
 --- a/distribution/pom.xml
 +++ b/distribution/pom.xml
 @@ -464,6 +464,52 @@

druid/stackable/patches/30.0.0/03-stop-building-unused-extensions.patch → druid/stackable/patches/30.0.0/0003-Stop-building-unused-extensions.patch

@@ -1,18 +1,20 @@
-Stop building unused extensions.
-
+From 62f340d66dae20da8d7566f992b56223d29d4174 Mon Sep 17 00:00:00 2001
 From: Lars Francke <[email protected]>
+Date: Mon, 17 Feb 2025 16:42:34 +0100
+Subject: Stop building unused extensions.
 
 By default Druid builds all community extensions and then discards them
 while assembling the final distribution. This patch removes unused
 extensions from the build.
 ---
- 0 files changed
+ pom.xml | 32 +-------------------------------
+ 1 file changed, 1 insertion(+), 31 deletions(-)
 
 diff --git a/pom.xml b/pom.xml
-index 2acb812cbe..38e0ddc61a 100644
+index 3ab467e468..171a98f803 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -201,39 +201,9 @@
+@@ -200,39 +200,9 @@
          <module>extensions-core/google-extensions</module>
          <module>extensions-core/druid-catalog</module>
          <module>extensions-core/testing-tools</module>

druid/stackable/patches/30.0.0/04-update-patch-dependencies.patch → druid/stackable/patches/30.0.0/0004-Updates-all-dependencies-that-have-a-new-patch-relea.patch

@@ -1,13 +1,19 @@
-Updates all dependencies that have a new patch release available.
-
+From 59ce2824b13ad95f728a5a5afc1e5b18ff547a38 Mon Sep 17 00:00:00 2001
 From: Lars Francke <[email protected]>
-
+Date: Mon, 17 Feb 2025 16:42:49 +0100
+Subject: Updates all dependencies that have a new patch release available.
 
 ---
- 0 files changed
+ extensions-core/druid-pac4j/pom.xml           |  5 +++-
+ extensions-core/kubernetes-extensions/pom.xml |  2 +-
+ extensions-core/orc-extensions/pom.xml        |  2 +-
+ extensions-core/parquet-extensions/pom.xml    |  2 +-
+ pom.xml                                       | 29 ++++++++++---------
+ processing/pom.xml                            |  2 +-
+ 6 files changed, 24 insertions(+), 18 deletions(-)
 
 diff --git a/extensions-core/druid-pac4j/pom.xml b/extensions-core/druid-pac4j/pom.xml
-index 282e0e5b15..523a2ca305 100644
+index 88a570fd72..d3714ca0e2 100644
 --- a/extensions-core/druid-pac4j/pom.xml
 +++ b/extensions-core/druid-pac4j/pom.xml
 @@ -38,7 +38,10 @@
@@ -23,10 +29,10 @@ index 282e0e5b15..523a2ca305 100644
    </properties>
 
 diff --git a/extensions-core/kubernetes-extensions/pom.xml b/extensions-core/kubernetes-extensions/pom.xml
-index e3e77a99af..1304740ff3 100644
+index 8bf105ea86..d445888da1 100644
 --- a/extensions-core/kubernetes-extensions/pom.xml
 +++ b/extensions-core/kubernetes-extensions/pom.xml
-@@ -35,7 +35,7 @@
+@@ -34,7 +34,7 @@
    </parent>
 
    <properties>
@@ -36,7 +42,7 @@ index e3e77a99af..1304740ff3 100644
 
 
 diff --git a/extensions-core/orc-extensions/pom.xml b/extensions-core/orc-extensions/pom.xml
-index b7eb007979..2c210c42c0 100644
+index ade9bd8f37..db0ad77894 100644
 --- a/extensions-core/orc-extensions/pom.xml
 +++ b/extensions-core/orc-extensions/pom.xml
 @@ -31,7 +31,7 @@
@@ -49,7 +55,7 @@ index b7eb007979..2c210c42c0 100644
      <dependencies>
          <dependency>
 diff --git a/extensions-core/parquet-extensions/pom.xml b/extensions-core/parquet-extensions/pom.xml
-index 371d2e7673..ad0b874db0 100644
+index d3404a62d2..9cbb6d51d5 100644
 --- a/extensions-core/parquet-extensions/pom.xml
 +++ b/extensions-core/parquet-extensions/pom.xml
 @@ -201,7 +201,7 @@
@@ -62,7 +68,7 @@ index 371d2e7673..ad0b874db0 100644
      </profile>
    </profiles>
 diff --git a/pom.xml b/pom.xml
-index 73fb14c1fc..26b24b8c14 100644
+index 171a98f803..38c6b8dbb5 100644
 --- a/pom.xml
 +++ b/pom.xml
 @@ -74,7 +74,7 @@
@@ -110,9 +116,9 @@ index 73fb14c1fc..26b24b8c14 100644
          <resilience4j.version>1.3.1</resilience4j.version>
          <slf4j.version>1.7.36</slf4j.version>
          <jna.version>5.13.0</jna.version>
-@@ -120,17 +120,17 @@
-              however it is required in some cases when running against mockito 4.x (mockito 4.x is required for Java <11.
-              We use the following property to pick the proper artifact based on Java version (see pre-java-11 profile) -->
+@@ -119,17 +122,17 @@
+         <!-- mockito-inline artifact was removed in mockito 5.3 (mockito 5.x is required for Java >17),
+              however it is required in some cases when running against mockito 4.x (mockito 4.x is required for Java <11. We use the following property to pick the proper artifact based on Java version (see pre-java-11 profile) -->
          <mockito.inline.artifact>core</mockito.inline.artifact>
 -        <aws.sdk.version>1.12.638</aws.sdk.version>
 -        <caffeine.version>2.8.0</caffeine.version>
@@ -134,10 +140,10 @@ index 73fb14c1fc..26b24b8c14 100644
          <jdk.strong.encapsulation.argLine><!-- empty placeholder --></jdk.strong.encapsulation.argLine>
          <jdk.security.manager.allow.argLine><!-- empty placeholder --></jdk.security.manager.allow.argLine>
 diff --git a/processing/pom.xml b/processing/pom.xml
-index affd900fe6..0daad4fa56 100644
+index 3a62790fb0..c3afa9fd27 100644
 --- a/processing/pom.xml
 +++ b/processing/pom.xml
-@@ -37,7 +37,7 @@
+@@ -36,7 +36,7 @@
      <sigar.base.version>1.6.5</sigar.base.version>
      <sigar.version>${sigar.base.version}.132</sigar.version>
      <ipaddress.version>5.3.4</ipaddress.version>

druid/stackable/patches/30.0.0/05-xmllayout-dependencies.patch → druid/stackable/patches/30.0.0/0005-Include-jackson-dataformat-xml-dependency.patch

@@ -1,16 +1,18 @@
-Include jackson-dataformat-xml dependency.
-
+From 062c9f9bf3b27752bb4546e468e3b48befc893fe Mon Sep 17 00:00:00 2001
 From: Lars Francke <[email protected]>
+Date: Mon, 17 Feb 2025 16:42:49 +0100
+Subject: Include jackson-dataformat-xml dependency.
 
 This allows us to use XmlLayout for Log4jV2.
 By including it here as a dependency we can make sure that we always have
 the matching version and we don't need to include it manually later in the
 build.
 ---
- 0 files changed
+ server/pom.xml | 5 +++++
+ 1 file changed, 5 insertions(+)
 
 diff --git a/server/pom.xml b/server/pom.xml
-index 410b51480e..b7dcf46111 100644
+index ec2f4dec4f..3861f18ed1 100644
 --- a/server/pom.xml
 +++ b/server/pom.xml
 @@ -205,6 +205,11 @@

druid/stackable/patches/30.0.0/06-dont-build-targz.patch → druid/stackable/patches/30.0.0/0006-Stop-building-the-tar.gz-distribution.patch

@@ -1,11 +1,12 @@
-Stop building the tar.gz distribution.
-
+From c2a67767f6e06dcf7ea2bad4f7616cf69717b3b6 Mon Sep 17 00:00:00 2001
 From: Lars Francke <[email protected]>
+Date: Mon, 17 Feb 2025 16:42:49 +0100
+Subject: Stop building the tar.gz distribution.
 
 All we do is build Druid tar and gzip it only to immediately uncompress it
 again. So, instead we just skip the compression step entirely.
 ---
- distribution/src/assembly/assembly.xml |    2 +-
+ distribution/src/assembly/assembly.xml | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/distribution/src/assembly/assembly.xml b/distribution/src/assembly/assembly.xml

druid/stackable/patches/30.0.0/07-cyclonedx-plugin.patch → druid/stackable/patches/30.0.0/0007-Update-CycloneDX-plugin.patch

@@ -1,8 +1,17 @@
+From eed0684b8097203e9d61c52093eb6dfe0960850d Mon Sep 17 00:00:00 2001
+From: Lukas Voetmand <[email protected]>
+Date: Fri, 6 Sep 2024 17:53:52 +0200
+Subject: Update CycloneDX plugin
+
+---
+ pom.xml | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
 diff --git a/pom.xml b/pom.xml
-index 9051ed2..10a2c85 100644
+index 38c6b8dbb5..de1a3bddc4 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -1728,7 +1728,11 @@
+@@ -1700,7 +1700,11 @@
              <plugin>
                  <groupId>org.cyclonedx</groupId>
                  <artifactId>cyclonedx-maven-plugin</artifactId>

druid/stackable/patches/30.0.0/08-CVE-2024-36114-bump-aircompressor-0-27.patch → druid/stackable/patches/30.0.0/0008-Fix-CVE-2024-36114.patch

@@ -1,4 +1,8 @@
-Fix CVE-2024-36114
+From 0d9d6f564c52234c1eba4762c465a95f52cf8f0a Mon Sep 17 00:00:00 2001
+From: Malte Sander <[email protected]>
+Date: Thu, 12 Dec 2024 17:59:17 +0100
+Subject: Fix CVE-2024-36114
+
 see https://github.com/stackabletech/vulnerabilities/issues/834
 
 Aircompressor is a library with ports of the Snappy, LZO, LZ4, and
@@ -17,12 +21,15 @@ have been fixed. When decompressing data from untrusted users, this can
 be exploited for a denial-of-service attack by crashing the JVM, or to
 leak other sensitive information from the Java process. There are no
 known workarounds for this issue.
+---
+ pom.xml | 6 ++++++
+ 1 file changed, 6 insertions(+)
 
 diff --git a/pom.xml b/pom.xml
-index 9051ed24c5..e839295b61 100644
+index de1a3bddc4..7beda6238f 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -283,6 +283,12 @@
+@@ -255,6 +255,12 @@
      </pluginRepositories>
      <dependencyManagement>
          <dependencies>

druid/stackable/patches/30.0.0/0009-Update-FMPP-version.patch

@@ -0,0 +1,31 @@
+From f6634ac02aa2fab11811915283e92c7b9ae1af5e Mon Sep 17 00:00:00 2001
+From: Lars Francke <[email protected]>
+Date: Thu, 12 Dec 2024 06:35:21 +0100
+Subject: Update FMPP version
+
+This is because FMPP Maven Plugin depends on FMPP in version 0.9.14
+which itself depends on a Freemarker version that has not been pinned.
+Instead it specifies a "range" which resolves to a SNAPSHOT version
+which we don't want.
+---
+ sql/pom.xml | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/sql/pom.xml b/sql/pom.xml
+index 6669d43e52..1d02e4ef58 100644
+--- a/sql/pom.xml
++++ b/sql/pom.xml
+@@ -384,6 +384,13 @@
+       <plugin>
+         <groupId>com.googlecode.fmpp-maven-plugin</groupId>
+         <artifactId>fmpp-maven-plugin</artifactId>
++        <dependencies>
++          <dependency>
++            <groupId>net.sourceforge.fmpp</groupId>
++            <artifactId>fmpp</artifactId>
++            <version>0.9.16</version>
++          </dependency>
++        </dependencies>
+         <executions>
+           <execution>
+             <id>generate-fmpp-sources</id>

druid/stackable/patches/30.0.0/10-cve-2023-34455-rm-snappy.patch → druid/stackable/patches/30.0.0/0010-Fix-CVE-2023-34455.patch

@@ -1,4 +1,8 @@
-Fix CVE-2023-34455
+From 4832e1270c2f541ad3724455034cbec394ba6263 Mon Sep 17 00:00:00 2001
+From: Razvan-Daniel Mihai <[email protected]>
+Date: Tue, 28 Jan 2025 17:29:59 +0100
+Subject: Fix CVE-2023-34455
+
 see https://github.com/stackabletech/vulnerabilities/issues/558
 
 At the end of build process, Druid downloads dependencies directly from a remote
@@ -8,6 +12,9 @@ The hadoop client depends on a vulnerable version of the snappy library which
 is then also downloaded even though a newer version is already on the system.
 
 This patch removes the vulnerable jars.
+---
+ distribution/pom.xml | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
 
 diff --git a/distribution/pom.xml b/distribution/pom.xml
 index d5918710ef..2d5bfc6ab4 100644