From 3612f6490c3f7352a5cfe2724a10e6e45725d0b1 Mon Sep 17 00:00:00 2001
From: Christoph Kuhnke <christoph.kuhnke@exasol.com>
Date: Fri, 20 Dec 2024 12:48:52 +0100
Subject: [PATCH] Security/1038 update packages (#486)

* Updated scripts update_apt_package_in_package_list.sh and update_apt_packages_in_package_list.sh
* Updated curl from 7.81.0-1ubuntu1.19 to .20
* Updated java rules in base.MODULE.bazel
* included cstdint in string_ops.cc
* Update version number
* Updated libcurl4-openssl-dev|7.81.0-1ubuntu1.19|7.81.0-1ubuntu1.20
---
 exaudfclient/base/base.MODULE.bazel           |  2 +-
 .../script_options/string_ops.cc              |  1 +
 .../apt/with_versions/all_versions_specified  |  2 +-
 .../apt/with_versions/some_missing_versions   |  2 +-
 .../conda_deps/packages/apt_get_packages      |  2 +-
 .../build_deps/packages/apt_get_packages      |  2 +-
 .../language_deps/packages/apt_get_packages   |  2 +-
 .../conda_deps/packages/apt_get_packages      |  2 +-
 .../build_deps/packages/apt_get_packages      |  2 +-
 .../packages/apt_get_packages                 |  2 +-
 .../language_deps/packages/apt_get_packages   |  2 +-
 .../conda_deps/packages/apt_get_packages      |  2 +-
 pyproject.toml                                |  2 +-
 scripts/update_apt_package_in_package_list.sh | 51 ++++++++++---------
 .../update_apt_packages_in_package_list.sh    | 12 ++---
 15 files changed, 45 insertions(+), 43 deletions(-)

diff --git a/exaudfclient/base/base.MODULE.bazel b/exaudfclient/base/base.MODULE.bazel
index 0dc34e5df..4c4bfa390 100644
--- a/exaudfclient/base/base.MODULE.bazel
+++ b/exaudfclient/base/base.MODULE.bazel
@@ -1,6 +1,6 @@
 bazel_dep(name = "bazel_skylib", version = "1.7.1")
 bazel_dep(name = "googletest", version = "1.15.0")
-bazel_dep(name = "rules_java", version = "6.1.1")
+bazel_dep(name = "rules_java", version = "7.6.1")
 bazel_dep(name = "rules_jvm_external", version = "6.2")
 
 python_local_repository = use_repo_rule("//base:python_repository.bzl", "python_local_repository")
diff --git a/exaudfclient/base/javacontainer/script_options/string_ops.cc b/exaudfclient/base/javacontainer/script_options/string_ops.cc
index 4f37fb978..4f7f7f301 100644
--- a/exaudfclient/base/javacontainer/script_options/string_ops.cc
+++ b/exaudfclient/base/javacontainer/script_options/string_ops.cc
@@ -1,6 +1,7 @@
 #include "base/javacontainer/script_options/string_ops.h"
 #include <regex>
 #include <iostream>
+#include <cstdint>
 
 namespace SWIGVMContainers {
 
diff --git a/ext/scripts/tests/install_scripts/test_files/apt/with_versions/all_versions_specified b/ext/scripts/tests/install_scripts/test_files/apt/with_versions/all_versions_specified
index 52a2d1eac..5d0fd27d3 100644
--- a/ext/scripts/tests/install_scripts/test_files/apt/with_versions/all_versions_specified
+++ b/ext/scripts/tests/install_scripts/test_files/apt/with_versions/all_versions_specified
@@ -1,2 +1,2 @@
-curl|7.81.0-1ubuntu1.19 # t1
+curl|7.81.0-1ubuntu1.20 # t1
 wget|1.21.2-2ubuntu1.1 # t2
diff --git a/ext/scripts/tests/install_scripts/test_files/apt/with_versions/some_missing_versions b/ext/scripts/tests/install_scripts/test_files/apt/with_versions/some_missing_versions
index 0e1c4960b..7eb3db113 100644
--- a/ext/scripts/tests/install_scripts/test_files/apt/with_versions/some_missing_versions
+++ b/ext/scripts/tests/install_scripts/test_files/apt/with_versions/some_missing_versions
@@ -1,3 +1,3 @@
-curl|7.81.0-1ubuntu1.19 # t1
+curl|7.81.0-1ubuntu1.20 # t1
 wget| # t2
 git|
diff --git a/flavors/template-Exasol-8-python-3.10-cuda-conda/flavor_base/conda_deps/packages/apt_get_packages b/flavors/template-Exasol-8-python-3.10-cuda-conda/flavor_base/conda_deps/packages/apt_get_packages
index f2c20f198..ebb154384 100644
--- a/flavors/template-Exasol-8-python-3.10-cuda-conda/flavor_base/conda_deps/packages/apt_get_packages
+++ b/flavors/template-Exasol-8-python-3.10-cuda-conda/flavor_base/conda_deps/packages/apt_get_packages
@@ -1,5 +1,5 @@
 coreutils|8.32-4.1ubuntu1.2
 locales|2.35-0ubuntu3.8
-curl|7.81.0-1ubuntu1.19
+curl|7.81.0-1ubuntu1.20
 ca-certificates|20240203~22.04.1
 bzip2|1.0.8-5build1
diff --git a/flavors/template-Exasol-all-java-17/flavor_base/build_deps/packages/apt_get_packages b/flavors/template-Exasol-all-java-17/flavor_base/build_deps/packages/apt_get_packages
index 2abb6fa00..85031757d 100644
--- a/flavors/template-Exasol-all-java-17/flavor_base/build_deps/packages/apt_get_packages
+++ b/flavors/template-Exasol-all-java-17/flavor_base/build_deps/packages/apt_get_packages
@@ -1,7 +1,7 @@
 coreutils|8.32-4.1ubuntu1.2
 locales|2.35-0ubuntu3.8
 tar|1.34+dfsg-1ubuntu0.1.22.04.2
-curl|7.81.0-1ubuntu1.19
+curl|7.81.0-1ubuntu1.20
 openjdk-17-jdk-headless|17.0.13+11-2ubuntu1~22.04
 build-essential|12.9ubuntu3
 libpcre3-dev|2:8.39-13ubuntu0.22.04.1
diff --git a/flavors/template-Exasol-all-java-17/flavor_base/language_deps/packages/apt_get_packages b/flavors/template-Exasol-all-java-17/flavor_base/language_deps/packages/apt_get_packages
index 894d32467..174a666de 100644
--- a/flavors/template-Exasol-all-java-17/flavor_base/language_deps/packages/apt_get_packages
+++ b/flavors/template-Exasol-all-java-17/flavor_base/language_deps/packages/apt_get_packages
@@ -1,3 +1,3 @@
 ca-certificates|20240203~22.04.1
-curl|7.81.0-1ubuntu1.19
+curl|7.81.0-1ubuntu1.20
 openjdk-17-jdk-headless|17.0.13+11-2ubuntu1~22.04
diff --git a/flavors/template-Exasol-all-python-3.10-conda/flavor_base/conda_deps/packages/apt_get_packages b/flavors/template-Exasol-all-python-3.10-conda/flavor_base/conda_deps/packages/apt_get_packages
index f2c20f198..ebb154384 100644
--- a/flavors/template-Exasol-all-python-3.10-conda/flavor_base/conda_deps/packages/apt_get_packages
+++ b/flavors/template-Exasol-all-python-3.10-conda/flavor_base/conda_deps/packages/apt_get_packages
@@ -1,5 +1,5 @@
 coreutils|8.32-4.1ubuntu1.2
 locales|2.35-0ubuntu3.8
-curl|7.81.0-1ubuntu1.19
+curl|7.81.0-1ubuntu1.20
 ca-certificates|20240203~22.04.1
 bzip2|1.0.8-5build1
diff --git a/flavors/template-Exasol-all-python-3.10/flavor_base/build_deps/packages/apt_get_packages b/flavors/template-Exasol-all-python-3.10/flavor_base/build_deps/packages/apt_get_packages
index a99d228f6..29d7f5de4 100644
--- a/flavors/template-Exasol-all-python-3.10/flavor_base/build_deps/packages/apt_get_packages
+++ b/flavors/template-Exasol-all-python-3.10/flavor_base/build_deps/packages/apt_get_packages
@@ -1,7 +1,7 @@
 coreutils|8.32-4.1ubuntu1.2
 locales|2.35-0ubuntu3.8
 tar|1.34+dfsg-1ubuntu0.1.22.04.2
-curl|7.81.0-1ubuntu1.19
+curl|7.81.0-1ubuntu1.20
 openjdk-11-jdk|11.0.25+9-1ubuntu1~22.04
 build-essential|12.9ubuntu3
 libpcre3-dev|2:8.39-13ubuntu0.22.04.1
diff --git a/flavors/template-Exasol-all-python-3.10/flavor_base/flavor_base_deps/packages/apt_get_packages b/flavors/template-Exasol-all-python-3.10/flavor_base/flavor_base_deps/packages/apt_get_packages
index f245ce3c6..68916f4be 100644
--- a/flavors/template-Exasol-all-python-3.10/flavor_base/flavor_base_deps/packages/apt_get_packages
+++ b/flavors/template-Exasol-all-python-3.10/flavor_base/flavor_base_deps/packages/apt_get_packages
@@ -1,4 +1,4 @@
 unzip|6.0-26ubuntu3.2
 git|1:2.34.1-1ubuntu1.11
-libcurl4-openssl-dev|7.81.0-1ubuntu1.19
+libcurl4-openssl-dev|7.81.0-1ubuntu1.20
 build-essential|12.9ubuntu3
diff --git a/flavors/template-Exasol-all-python-3.10/flavor_base/language_deps/packages/apt_get_packages b/flavors/template-Exasol-all-python-3.10/flavor_base/language_deps/packages/apt_get_packages
index 988edf9b6..cc4b85603 100644
--- a/flavors/template-Exasol-all-python-3.10/flavor_base/language_deps/packages/apt_get_packages
+++ b/flavors/template-Exasol-all-python-3.10/flavor_base/language_deps/packages/apt_get_packages
@@ -1,4 +1,4 @@
 ca-certificates|20240203~22.04.1
 python3.10-dev|3.10.12-1~22.04.7
 python3-distutils|3.10.8-1~22.04
-curl|7.81.0-1ubuntu1.19
+curl|7.81.0-1ubuntu1.20
diff --git a/flavors/test-Exasol-8-cuda-ml/flavor_base/conda_deps/packages/apt_get_packages b/flavors/test-Exasol-8-cuda-ml/flavor_base/conda_deps/packages/apt_get_packages
index f2c20f198..ebb154384 100644
--- a/flavors/test-Exasol-8-cuda-ml/flavor_base/conda_deps/packages/apt_get_packages
+++ b/flavors/test-Exasol-8-cuda-ml/flavor_base/conda_deps/packages/apt_get_packages
@@ -1,5 +1,5 @@
 coreutils|8.32-4.1ubuntu1.2
 locales|2.35-0ubuntu3.8
-curl|7.81.0-1ubuntu1.19
+curl|7.81.0-1ubuntu1.20
 ca-certificates|20240203~22.04.1
 bzip2|1.0.8-5build1
diff --git a/pyproject.toml b/pyproject.toml
index d2aecfba7..ca4a431f2 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,7 +1,7 @@
 [tool.poetry]
 package-mode = false
 name = "exasol-script-languages"
-version = "8.1.0"
+version = "9.1.0"
 description = "Script Languages"
 
 license = "MIT"
diff --git a/scripts/update_apt_package_in_package_list.sh b/scripts/update_apt_package_in_package_list.sh
index e92f11a71..5f068a018 100644
--- a/scripts/update_apt_package_in_package_list.sh
+++ b/scripts/update_apt_package_in_package_list.sh
@@ -3,34 +3,35 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
-if [ $# -eq 0 ];
-then
-  echo '"Package|Installed|Candidate" SEARCH_DIRECTORY REPLACE'
-  exit 1
+if [ $# == 0 ]; then
+    echo '"Package|Installed|Candidate" [SEARCH_DIRECTORY] [REPLACE]'
+    echo '- SEARCH_DIRECTORY: default .'
+    echo '- REPLACE: either yes or no, default: no'
+    exit 1
 fi
 
-LIST_NEWEST_VERSION_OUTPUT=$1 # Package|Installed|Candidate
-SEARCH_DIRECTORY=$2
-REPLACE=$3
+# Format of $1: Package|Installed|Candidate
+# Set array variable SPEC.
+IFS='|' read -ra SPEC <<< "$1"
+SEARCH_DIRECTORY=${2:-flavors}
+REPLACE=${3:-no}
 
-PACKAGE=$(echo "$LIST_NEWEST_VERSION_OUTPUT" | cut -f 1 -d "|")
-CANDIDATE_VERSION=$(echo "$LIST_NEWEST_VERSION_OUTPUT" | cut -f 3 -d "|")
-CURRENT_VERSION=$(echo "$LIST_NEWEST_VERSION_OUTPUT" | cut -f 2 -d "|")
+PACKAGE=${SPEC[0]}
+CURRENT_VERSION=${SPEC[1]}
+CANDIDATE_VERSION=${SPEC[2]}
 
 FILES=$(grep -R "^$PACKAGE|$CURRENT_VERSION" "$SEARCH_DIRECTORY" | cut -f 1 -d ":")
-for FILE in $FILES
-do
-  echo "Found package $PACKAGE|$CURRENT_VERSION in $FILE"
-  echo "Original lines:"
-  grep "^$PACKAGE|$CURRENT_VERSION" "$FILE"
-  echo "Updated lines:"
-  CURRENT_VERSION_ESCAPE=${CURRENT_VERSION//\~/\\~}
-  SEARCH_REPLACE_PATTERN="s/^($PACKAGE\|$CURRENT_VERSION_ESCAPE).*$/$PACKAGE|$CANDIDATE_VERSION/g"
-	sed -E "$SEARCH_REPLACE_PATTERN" "$FILE" | grep "^$PACKAGE|"
-  if [[ "$REPLACE" == "yes"  ]]
-  then
-    echo "Updating file $FILE:"
-	  sed -E -i "$SEARCH_REPLACE_PATTERN" "$FILE"
-  fi
-  echo
+for FILE in $FILES; do
+    echo "Found package $PACKAGE|$CURRENT_VERSION in $FILE"
+    echo "Original lines:"
+    grep "^$PACKAGE|$CURRENT_VERSION" "$FILE"
+    echo "Updated lines:"
+    CURRENT_VERSION_ESCAPE=${CURRENT_VERSION//\~/\\~}
+    SEARCH_REPLACE_PATTERN="s/^($PACKAGE\|$CURRENT_VERSION_ESCAPE).*$/$PACKAGE|$CANDIDATE_VERSION/g"
+    sed -E "$SEARCH_REPLACE_PATTERN" "$FILE" | grep "^$PACKAGE|"
+    if [ "$REPLACE" == "yes" ]; then
+        echo "Updating file $FILE:"
+        sed -E -i "$SEARCH_REPLACE_PATTERN" "$FILE"
+    fi
+    echo
 done
diff --git a/scripts/update_apt_packages_in_package_list.sh b/scripts/update_apt_packages_in_package_list.sh
index 6789a81c9..9305adf3c 100644
--- a/scripts/update_apt_packages_in_package_list.sh
+++ b/scripts/update_apt_packages_in_package_list.sh
@@ -6,15 +6,15 @@ set -o pipefail
 
 SCRIPT_DIR="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")"
 
-if [ $# -eq 0 ];
-then
-  echo 'SEARCH_DIRECTORY REPLACE'
-  exit 1
+if [ $# -eq 0 ]; then
+    echo 'SEARCH_DIRECTORY REPLACE'
+    exit 1
 fi
 
 SEARCH_DIRECTORY=$1
 REPLACE=$2
 
-while read -r LIST_NEWEST_VERSION_OUTPUT; do 
-    bash "$SCRIPT_DIR/update_apt_package_in_package_list.sh" "$LIST_NEWEST_VERSION_OUTPUT" "$SEARCH_DIRECTORY" "$REPLACE" || true
+while read -r LIST_NEWEST_VERSION_OUTPUT; do
+    bash "$SCRIPT_DIR/update_apt_package_in_package_list.sh" \
+         "$LIST_NEWEST_VERSION_OUTPUT" "$SEARCH_DIRECTORY" "$REPLACE" || true
 done