From ade42d175da2fe2dcafa90bf3620487bcd609d99 Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Tue, 11 Mar 2025 16:56:08 +0200
Subject: [PATCH 1/5] update spark versions

---
 spark-k8s/versions.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spark-k8s/versions.py b/spark-k8s/versions.py
index f50be6745..cb3787551 100644
--- a/spark-k8s/versions.py
+++ b/spark-k8s/versions.py
@@ -1,6 +1,6 @@
 versions = [
     {
-        "product": "3.5.1",
+        "product": "3.5.2",
         "java-base": "17",
         "java-devel": "17",
         "python": "3.11",
@@ -18,7 +18,7 @@
         "hbase_connector": "1.0.1",
     },
     {
-        "product": "3.5.2",
+        "product": "3.5.5",
         "java-base": "17",
         "java-devel": "17",
         "python": "3.11",

From 63b9a9b163b7c50bce005385e63b7de5bff42876 Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Tue, 11 Mar 2025 16:59:31 +0200
Subject: [PATCH 2/5] update changelog

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9ddcbbd5d..9ea82b884 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,6 +31,7 @@ All notable changes to this project will be documented in this file.
 - superset: Add version `4.1.1` ([#991]).
 - Add Patchable patch management tool ([#1003], [#1005], [#1007]).
 - nifi: Add 1.28.1, 2.2.0 ([#1006]).
+- spark: Add 3.5.5 ([#1022])
 
 ### Changed
 
@@ -50,6 +51,7 @@ All notable changes to this project will be documented in this file.
 - trino-storage-connector: Remove version 469 ([#999]).
 - nifi: Remove 2.0.0 ([#1006]).
 - druid: Remove 26.0.0 ([#984])
+- spark: Remove 3.5.1 ([#1022])
 
 ### Fixed
 
@@ -88,6 +90,7 @@ All notable changes to this project will be documented in this file.
 [#1006]: https://github.com/stackabletech/docker-images/pull/1006
 [#1007]: https://github.com/stackabletech/docker-images/pull/1007
 [#1013]: https://github.com/stackabletech/docker-images/pull/1013
+[#1022]: https://github.com/stackabletech/docker-images/pull/1022
 
 ## [24.11.1] - 2025-01-14
 

From 59ffa465b3a0c886539c94d802c2379f53abb809 Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Tue, 11 Mar 2025 17:31:50 +0200
Subject: [PATCH 3/5] update spark patches

---
 .../3.5.1/0002-Fix-CVE-2024-36114.patch       | 40 -------------------
 .../stackable/patches/3.5.1/patchable.toml    |  2 -
 .../0001-Update-CycloneDX-plugin.patch        | 10 ++---
 .../stackable/patches/3.5.5/patchable.toml    |  2 +
 4 files changed, 7 insertions(+), 47 deletions(-)
 delete mode 100644 spark-k8s/stackable/patches/3.5.1/0002-Fix-CVE-2024-36114.patch
 delete mode 100644 spark-k8s/stackable/patches/3.5.1/patchable.toml
 rename spark-k8s/stackable/patches/{3.5.1 => 3.5.5}/0001-Update-CycloneDX-plugin.patch (82%)
 create mode 100644 spark-k8s/stackable/patches/3.5.5/patchable.toml

diff --git a/spark-k8s/stackable/patches/3.5.1/0002-Fix-CVE-2024-36114.patch b/spark-k8s/stackable/patches/3.5.1/0002-Fix-CVE-2024-36114.patch
deleted file mode 100644
index e38fd4825..000000000
--- a/spark-k8s/stackable/patches/3.5.1/0002-Fix-CVE-2024-36114.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 3892892d934387d20c6d8fd45f126e054bef55b8 Mon Sep 17 00:00:00 2001
-From: Siegfried Weber <mail@siegfriedweber.net>
-Date: Mon, 11 Nov 2024 10:00:15 +0100
-Subject: Fix CVE-2024-36114
-
-see https://github.com/stackabletech/vulnerabilities/issues/834
-
-Aircompressor is a library with ports of the Snappy, LZO, LZ4, and
-Zstandard compression algorithms to Java. All decompressor
-implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash
-the JVM for certain input, and in some cases also leak the content of
-other memory of the Java process (which could contain sensitive
-information). When decompressing certain data, the decompressors try to
-access memory outside the bounds of the given byte arrays or byte
-buffers. Because Aircompressor uses the JDK class sun.misc.Unsafe to
-speed up memory access, no additional bounds checks are performed and
-this has similar security consequences as out-of-bounds access in C or
-C++, namely it can lead to non-deterministic behavior or crash the JVM.
-Users should update to Aircompressor 0.27 or newer where these issues
-have been fixed. When decompressing data from untrusted users, this can
-be exploited for a denial-of-service attack by crashing the JVM, or to
-leak other sensitive information from the Java process. There are no
-known workarounds for this issue.
----
- pom.xml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/pom.xml b/pom.xml
-index 6cca7db7bf..fb9254e0cd 100644
---- a/pom.xml
-+++ b/pom.xml
-@@ -2558,7 +2558,7 @@
-       <dependency>
-         <groupId>io.airlift</groupId>
-         <artifactId>aircompressor</artifactId>
--        <version>0.26</version>
-+        <version>0.27</version>
-       </dependency>
-       <dependency>
-         <groupId>org.apache.orc</groupId>
diff --git a/spark-k8s/stackable/patches/3.5.1/patchable.toml b/spark-k8s/stackable/patches/3.5.1/patchable.toml
deleted file mode 100644
index feaeca0cb..000000000
--- a/spark-k8s/stackable/patches/3.5.1/patchable.toml
+++ /dev/null
@@ -1,2 +0,0 @@
-upstream = "https://github.com/apache/spark.git"
-base = "fd86f85e181fc2dc0f50a096855acf83a6cc5d9c"
diff --git a/spark-k8s/stackable/patches/3.5.1/0001-Update-CycloneDX-plugin.patch b/spark-k8s/stackable/patches/3.5.5/0001-Update-CycloneDX-plugin.patch
similarity index 82%
rename from spark-k8s/stackable/patches/3.5.1/0001-Update-CycloneDX-plugin.patch
rename to spark-k8s/stackable/patches/3.5.5/0001-Update-CycloneDX-plugin.patch
index b0cbf6b65..f1cf7df81 100644
--- a/spark-k8s/stackable/patches/3.5.1/0001-Update-CycloneDX-plugin.patch
+++ b/spark-k8s/stackable/patches/3.5.5/0001-Update-CycloneDX-plugin.patch
@@ -1,6 +1,6 @@
-From 08b7c02a497b8b3b70616281f810a898b1719a78 Mon Sep 17 00:00:00 2001
-From: Lukas Voetmand <lukas.voetmand@stackable.tech>
-Date: Fri, 6 Sep 2024 17:53:52 +0200
+From 37ad7dcbb2a77267bbddafc4f3b3d99fddda0b28 Mon Sep 17 00:00:00 2001
+From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
+Date: Tue, 11 Mar 2025 17:29:39 +0200
 Subject: Update CycloneDX plugin
 
 ---
@@ -21,10 +21,10 @@ index ef7c010e93..0f4c1c74e4 100755
  
  # Actually build the jar
 diff --git a/pom.xml b/pom.xml
-index 0f504dbee8..6cca7db7bf 100644
+index 9b009c3a42..483dceb8ea 100644
 --- a/pom.xml
 +++ b/pom.xml
-@@ -3482,7 +3482,12 @@
+@@ -3534,7 +3534,12 @@
        <plugin>
          <groupId>org.cyclonedx</groupId>
          <artifactId>cyclonedx-maven-plugin</artifactId>
diff --git a/spark-k8s/stackable/patches/3.5.5/patchable.toml b/spark-k8s/stackable/patches/3.5.5/patchable.toml
new file mode 100644
index 000000000..1e901f3f3
--- /dev/null
+++ b/spark-k8s/stackable/patches/3.5.5/patchable.toml
@@ -0,0 +1,2 @@
+upstream = "https://github.com/apache/spark.git"
+base = "7c29c664cdc9321205a98a14858aaf8daaa19db2"

From 8d65149e9385884b8955c259f77db736c745120b Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Tue, 11 Mar 2025 18:04:07 +0200
Subject: [PATCH 4/5] typo

---
 rust/patchable/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rust/patchable/README.md b/rust/patchable/README.md
index 8bb56a04d..a22fc5e97 100644
--- a/rust/patchable/README.md
+++ b/rust/patchable/README.md
@@ -25,7 +25,7 @@ For more details, run `cargo patchable --help`.
 ## Notes
 
 - patchable only supports linear patch series (no merges beyond the base commit)
-- patchable doesn't support support merging "materialized" trees, merge the .patch files instead, and `checkout`/`export` to update the hashes
+- patchable doesn't support merging "materialized" trees, merge the .patch files instead, and `checkout`/`export` to update the hashes
 - `patchable checkout` doesn't support resolving patch conflicts, use `git am` instead (and then `patchable export` the resolved patches)
 - Always run patchable via `cargo patchable` (rather than `cargo install`ing it), to ensure that you use the correct version for a given checkout of docker-images
 

From e52bd58d8612a65db0c5ebadb5bfbc8e4a26033f Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Tue, 11 Mar 2025 21:21:35 +0200
Subject: [PATCH 5/5] bump jmx-exporter version

---
 spark-k8s/versions.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spark-k8s/versions.py b/spark-k8s/versions.py
index cb3787551..d00619a16 100644
--- a/spark-k8s/versions.py
+++ b/spark-k8s/versions.py
@@ -13,7 +13,7 @@
         "stax2_api": "4.2.1",  # https://mvnrepository.com/artifact/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.15.2
         "woodstox_core": "6.5.1",  # https://mvnrepository.com/artifact/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.15.2
         "vector": "0.43.1",
-        "jmx_exporter": "1.0.1-stackable",
+        "jmx_exporter": "1.1.0",
         "tini": "0.19.0",
         "hbase_connector": "1.0.1",
     },
@@ -31,7 +31,7 @@
         "stax2_api": "4.2.1",  # https://mvnrepository.com/artifact/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.15.2
         "woodstox_core": "6.5.1",  # https://mvnrepository.com/artifact/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.15.2
         "vector": "0.43.1",
-        "jmx_exporter": "1.0.1-stackable",
+        "jmx_exporter": "1.1.0",
         "tini": "0.19.0",
         "hbase_connector": "1.0.1",
     },