[
https://issues.apache.org/jira/browse/OOZIE-2034?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14174680#comment-14174680
]
Hadoop QA commented on OOZIE-2034:
----------------------------------
Testing JIRA OOZIE-2034
Cleaning local git workspace
----------------------------
{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:red}-1 RAW_PATCH_ANALYSIS{color}
. {color:green}+1{color} the patch does not introduce any @author tags
. {color:green}+1{color} the patch does not introduce any tabs
. {color:green}+1{color} the patch does not introduce any trailing spaces
. {color:green}+1{color} the patch does not introduce any line longer than
132
. {color:red}-1{color} the patch does not add/modify any testcase
{color:green}+1 RAT{color}
. {color:green}+1{color} the patch does not seem to introduce new RAT
warnings
{color:green}+1 JAVADOC{color}
. {color:green}+1{color} the patch does not seem to introduce new Javadoc
warnings
{color:green}+1 COMPILE{color}
. {color:green}+1{color} HEAD compiles
. {color:green}+1{color} patch compiles
. {color:green}+1{color} the patch does not seem to introduce new javac
warnings
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
. {color:green}+1{color} the patch does not change any JPA
Entity/Colum/Basic/Lob/Transient annotations
. {color:green}+1{color} the patch does not modify JPA files
{color:red}-1 TESTS{color}
. Tests run: 1545
. Tests failed: 1
. Tests errors: 0
. The patch failed the following testcases:
. testCoordinatorActionEvent(org.apache.oozie.event.TestEventGeneration)
{color:green}+1 DISTRO{color}
. {color:green}+1{color} distro tarball builds with the patch
----------------------------
{color:red}*-1 Overall result, please check the reported -1(s)*{color}
The full output of the test-patch run is available at
. https://builds.apache.org/job/oozie-trunk-precommit-build/2053/
> Disable SSLv3 (POODLEbleed vulnerability)
> -----------------------------------------
>
> Key: OOZIE-2034
> URL: https://issues.apache.org/jira/browse/OOZIE-2034
> Project: Oozie
> Issue Type: Bug
> Components: security
> Affects Versions: 4.0.1
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Priority: Blocker
> Fix For: 4.1.0
>
> Attachments: OOZIE-2034.patch
>
>
> We should disable SSLv3 to protect against the POODLEbleed vulnerability.
> See
> [CVE-2014-3566|https://access.redhat.com/security/cve/CVE-2014-3566?sc_cid=70160000000eITIAA2&;]
> We have {{sslProtocol="TLS"}} set to only allow TLS in ssl-server.xml, but
> when I checked, I could still connect with SSLv3. From what I can tell,
> there's some ambiguity in the tomcat configs between {{sslProtocol}},
> {{sslProtocols}}, and {{sslEnabledProtocols}} so we probably have the wrong
> thing here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
