[
https://issues.apache.org/jira/browse/HADOOP-18069?focusedWorklogId=771993&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-771993
]
ASF GitHub Bot logged work on HADOOP-18069:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 18/May/22 15:57
Start Date: 18/May/22 15:57
Worklog Time Spent: 10m
Work Description: hadoop-yetus commented on PR #4229:
URL: https://github.com/apache/hadoop/pull/4229#issuecomment-1130200771
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Logfile | Comment |
|:----:|----------:|--------:|:--------:|:-------:|
| +0 :ok: | reexec | 46m 20s | | Docker mode activated. |
|||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 1s | | No case conflicting files
found. |
| +0 :ok: | codespell | 0m 1s | | codespell was not available. |
| +0 :ok: | shellcheck | 0m 1s | | Shellcheck was not available. |
| +0 :ok: | shelldocs | 0m 1s | | Shelldocs was not available. |
| +1 :green_heart: | @author | 0m 0s | | The patch does not contain
any @author tags. |
| -1 :x: | test4tests | 0m 0s | | The patch doesn't appear to include
any new or modified tests. Please justify why no new tests are needed for this
patch. Also please list what manual steps were performed to verify this patch.
|
|||| _ trunk Compile Tests _ |
| +0 :ok: | mvndep | 15m 59s | | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 28m 25s | | trunk passed |
| +1 :green_heart: | compile | 21m 47s | | trunk passed |
| +1 :green_heart: | checkstyle | 4m 30s | | trunk passed |
| +1 :green_heart: | mvnsite | 20m 22s | | trunk passed |
| +1 :green_heart: | javadoc | 8m 49s | | trunk passed |
| +0 :ok: | spotbugs | 0m 27s | | branch/hadoop-project no spotbugs
output file (spotbugsXml.xml) |
| +0 :ok: | spotbugs | 0m 27s | |
branch/hadoop-client-modules/hadoop-client no spotbugs output file
(spotbugsXml.xml) |
| +1 :green_heart: | shadedclient | 58m 15s | | branch has no errors
when building and testing our client artifacts. |
|||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 40s | | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 26m 51s | | the patch passed |
| +1 :green_heart: | compile | 21m 6s | | the patch passed |
| +1 :green_heart: | javac | 21m 6s | | the patch passed |
| +1 :green_heart: | blanks | 0m 0s | | The patch has no blanks
issues. |
| +1 :green_heart: | checkstyle | 4m 26s | | the patch passed |
| +1 :green_heart: | mvnsite | 20m 0s | | the patch passed |
| +1 :green_heart: | xml | 0m 7s | | The patch has no ill-formed XML
file. |
| +1 :green_heart: | javadoc | 8m 30s | | the patch passed |
| +0 :ok: | spotbugs | 0m 26s | | hadoop-project has no data from
spotbugs |
| +0 :ok: | spotbugs | 0m 27s | | hadoop-client-modules/hadoop-client
has no data from spotbugs |
| +1 :green_heart: | shadedclient | 58m 29s | | patch has no errors
when building and testing our client artifacts. |
|||| _ Other Tests _ |
| -1 :x: | unit | 1030m 58s |
[/patch-unit-root.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4229/14/artifact/out/patch-unit-root.txt)
| root in the patch passed. |
| +1 :green_heart: | asflicense | 2m 19s | | The patch does not
generate ASF License warnings. |
| | | 1391m 35s | | |
| Reason | Tests |
|-------:|:------|
| Failed junit tests | hadoop.mapred.TestLocalDistributedCacheManager |
| | hadoop.service.launcher.TestServiceInterruptHandling |
| | hadoop.crypto.TestCryptoCodec |
| | hadoop.crypto.TestCryptoStreamsWithOpensslSm4CtrCryptoCodec |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base:
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4229/14/artifact/out/Dockerfile
|
| GITHUB PR | https://github.com/apache/hadoop/pull/4229 |
| Optional Tests | dupname asflicense codespell shellcheck shelldocs compile
javac javadoc mvninstall mvnsite unit shadedclient xml spotbugs checkstyle |
| uname | Linux a5b4eac27144 4.15.0-175-generic #184-Ubuntu SMP Thu Mar 24
17:48:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/bin/hadoop.sh |
| git revision | trunk / 3de6058af30a394576572d19198ed47522834d52 |
| Default Java | Red Hat, Inc.-1.8.0_332-b09 |
| Test Results |
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4229/14/testReport/ |
| Max. process+thread count | 2272 (vs. ulimit of 5500) |
| modules | C: hadoop-project hadoop-hdfs-project/hadoop-hdfs-client
hadoop-client-modules/hadoop-client hadoop-tools/hadoop-azure-datalake . U: . |
| Console output |
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4229/14/console |
| versions | git=2.9.5 maven=3.6.3 spotbugs=4.2.2 |
| Powered by | Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org |
This message was automatically generated.
Issue Time Tracking
-------------------
Worklog Id: (was: 771993)
Time Spent: 6h 10m (was: 6h)
> CVE-2021-0341 in [email protected] detected in hdfs-client
> -------------------------------------------------------
>
> Key: HADOOP-18069
> URL: https://issues.apache.org/jira/browse/HADOOP-18069
> Project: Hadoop Common
> Issue Type: Bug
> Components: hdfs-client
> Affects Versions: 3.3.1
> Reporter: Eugene Shinn (Truveta)
> Assignee: Ashutosh Gupta
> Priority: Major
> Labels: pull-request-available
> Time Spent: 6h 10m
> Remaining Estimate: 0h
>
> Our static vulnerability scanner (Fortify On Demand) detected [NVD -
> CVE-2021-0341
> (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2021-0341#VulnChangeHistorySection]
> in our application. We traced the vulnerability to a transitive dependency
> coming from hadoop-hdfs-client, which depends on [email protected]
> ([hadoop/pom.xml at trunk · apache/hadoop
> (github.com)|https://github.com/apache/hadoop/blob/trunk/hadoop-project/pom.xml#L137]).
> To resolve this issue, okhttp should be upgraded to 4.9.2+ (ref:
> [CVE-2021-0341 · Issue #6724 · square/okhttp
> (github.com)|https://github.com/square/okhttp/issues/6724]).
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
