[
https://issues.apache.org/jira/browse/HADOOP-18837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17756210#comment-17756210
]
ASF GitHub Bot commented on HADOOP-18837:
-----------------------------------------
hadoop-yetus commented on PR #5961:
URL: https://github.com/apache/hadoop/pull/5961#issuecomment-1684643231
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Logfile | Comment |
|:----:|----------:|--------:|:--------:|:-------:|
| +0 :ok: | reexec | 5m 31s | | Docker mode activated. |
|||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | | No case conflicting files
found. |
| +0 :ok: | codespell | 0m 0s | | codespell was not available. |
| +0 :ok: | detsecrets | 0m 0s | | detect-secrets was not available.
|
| +0 :ok: | xmllint | 0m 0s | | xmllint was not available. |
| +0 :ok: | shelldocs | 0m 0s | | Shelldocs was not available. |
| +1 :green_heart: | @author | 0m 0s | | The patch does not contain
any @author tags. |
| -1 :x: | test4tests | 0m 0s | | The patch doesn't appear to include
any new or modified tests. Please justify why no new tests are needed for this
patch. Also please list what manual steps were performed to verify this patch.
|
|||| _ branch-3.3 Compile Tests _ |
| +0 :ok: | mvndep | 13m 46s | | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 23m 4s | | branch-3.3 passed |
| +1 :green_heart: | compile | 12m 36s | | branch-3.3 passed |
| +1 :green_heart: | mvnsite | 19m 16s | | branch-3.3 passed |
| +1 :green_heart: | javadoc | 5m 0s | | branch-3.3 passed |
| +1 :green_heart: | shadedclient | 27m 56s | | branch has no errors
when building and testing our client artifacts. |
|||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 35s | | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 27m 43s | | the patch passed |
| +1 :green_heart: | compile | 11m 58s | | the patch passed |
| +1 :green_heart: | javac | 11m 58s | | the patch passed |
| +1 :green_heart: | blanks | 0m 0s | | The patch has no blanks
issues. |
| +1 :green_heart: | mvnsite | 15m 26s | | the patch passed |
| +1 :green_heart: | shellcheck | 0m 0s | | No new issues. |
| +1 :green_heart: | javadoc | 5m 4s | | the patch passed |
| +1 :green_heart: | shadedclient | 29m 6s | | patch has no errors
when building and testing our client artifacts. |
|||| _ Other Tests _ |
| -1 :x: | unit | 625m 8s |
[/patch-unit-root.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5961/1/artifact/out/patch-unit-root.txt)
| root in the patch passed. |
| +1 :green_heart: | asflicense | 1m 24s | | The patch does not
generate ASF License warnings. |
| | | 817m 2s | | |
| Reason | Tests |
|-------:|:------|
| Failed junit tests | hadoop.yarn.client.api.impl.TestAMRMClient |
| | hadoop.hdfs.server.balancer.TestBalancerWithHANameNodes |
| | hadoop.hdfs.TestReconstructStripedFileWithRandomECPolicy |
| |
hadoop.hdfs.server.datanode.fsdataset.impl.TestLazyPersistReplicaRecovery |
| | hadoop.hdfs.server.datanode.TestDirectoryScanner |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.43 ServerAPI=1.43 base:
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5961/1/artifact/out/Dockerfile
|
| GITHUB PR | https://github.com/apache/hadoop/pull/5961 |
| Optional Tests | dupname asflicense compile javac javadoc mvninstall
mvnsite unit shadedclient codespell detsecrets xmllint shellcheck shelldocs |
| uname | Linux 8b60ced2de27 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19
13:30:12 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/bin/hadoop.sh |
| git revision | branch-3.3 / d8712ff28f72f29fa9e9d506d7afc3521e0c6f9d |
| Default Java | Private Build-1.8.0_362-8u372-ga~us1-0ubuntu1~18.04-b09 |
| Test Results |
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5961/1/testReport/ |
| Max. process+thread count | 3137 (vs. ulimit of 5500) |
| modules | C: hadoop-project hadoop-common-project/hadoop-common
hadoop-hdfs-project/hadoop-hdfs-client
hadoop-client-modules/hadoop-client-runtime . U: . |
| Console output |
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5961/1/console |
| versions | git=2.17.1 maven=3.6.0 shellcheck=0.4.6 |
| Powered by | Apache Yetus 0.14.0 https://yetus.apache.org |
This message was automatically generated.
> Upgrade Okio to 3.4.0 due to CVE-2023-3635
> ------------------------------------------
>
> Key: HADOOP-18837
> URL: https://issues.apache.org/jira/browse/HADOOP-18837
> Project: Hadoop Common
> Issue Type: Task
> Reporter: Rohit Kumar
> Assignee: Rohit Kumar
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0, 3.3.9
>
>
> Upgrade Okio to 3.4.0 due to CVE-2023-3635
> GzipSource does not handle an exception that might be raised when parsing a
> malformed gzip buffer. This may lead to denial of service of the Okio client
> when handling a crafted GZIP archive, by using the GzipSource class.
> CVSSv3 Score:- 7.5(High)
> [https://nvd.nist.gov/vuln/detail/CVE-2023-3635]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
