[
https://issues.apache.org/jira/browse/HADOOP-18198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17526542#comment-17526542
]
Steve Loughran commented on HADOOP-18198:
-----------------------------------------
my real, real, gpg key lives on a fido key and never gets downloaded to a
computer running arbitrary code.
anyway, ec2 docker build failed too, this time docker site after 70 minutes
[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-site-plugin:3.6:site (default-site) on project
hadoop-yarn-project: failed to get report for
com.github.spotbugs:spotbugs-maven-plugin: Plugin
com.github.spotbugs:spotbugs-maven-plugin:4.2.0 or one of its dependencies
could not be resolved: Failed to read artifact descriptor for
com.github.spotbugs:spotbugs-maven-plugin:jar:4.2.0: Could not transfer
artifact com.github.spotbugs:spotbugs-maven-plugin:pom:4.2.0 from/to central
(https://repo.maven.apache.org/maven2): Connection reset -> [Help 1]
[ERROR]
there's discussion about docker nat problems and handling of tcp reset packets,
along with maven keepalive issues.
pretty surprised/disappointed that the maven client isn't doing better
recovery. or it is trying but without aborting the http connection that fails,
it's just picking up the same broken tls channel it just hit problems on.
see how you get on with a docker run. i will be home next week and can do a run
there with the laptop plugged in to the lan for best network quality. and if
that isn't enough, we will have to make the docker build configurable to at
least optionally turn off http keepalives in maven builds. its because
everything is being downloaded that errors surface.
> Release Hadoop 3.3.3: hadoop-3.3.2 with some fixes
> --------------------------------------------------
>
> Key: HADOOP-18198
> URL: https://issues.apache.org/jira/browse/HADOOP-18198
> Project: Hadoop Common
> Issue Type: Task
> Components: build
> Affects Versions: 3.3.2
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> Hadoop 3.3.3 is a minor followup release to Hadoop 3.3.2 with all the
> incremental changes which went in to the 3.2.4 release
> * minor CVE fixes in Hadoop source
> * CVE fixes in dependencies we know of (protobuf unmarshalling leading to
> DoS, jackson stack overflow,...)
> * replacement of log4j 1.2.17 to reload4j
> * node.js update
> This is not a release off branch-3.3, it is a fork of 3.3.2 with the changes.
> The next release of branch-3.3 will be numbered hadoop-3.3.4; updating maven
> versions and JIRA fix versions is part of this release process.
> The changes here are already in branch 3.2.4; this completes the set
> CVEs fixed
> * CVE-2022-26612: Apache Hadoop: Arbitrary file write in
> FileUtil#unpackEntries on Windows (HADOOP-18155)
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
