[
https://issues.apache.org/jira/browse/OOZIE-2410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15035283#comment-15035283
]
Hadoop QA commented on OOZIE-2410:
----------------------------------
Testing JIRA OOZIE-2410
Cleaning local git workspace
----------------------------
{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:red}-1 RAW_PATCH_ANALYSIS{color}
. {color:red}-1{color} the patch seems to contain 696 line(s) with @author
tags
. {color:red}-1{color} the patch contains 20 line(s) with tabs
. {color:red}-1{color} the patch contains 412 line(s) with trailing spaces
. {color:red}-1{color} the patch contains 302 line(s) longer than 132
characters
. {color:green}+1{color} the patch does adds/modifies 177 testcase(s)
{color:green}+1 RAT{color}
. {color:green}+1{color} the patch does not seem to introduce new RAT
warnings
{color:green}+1 JAVADOC{color}
. {color:green}+1{color} the patch does not seem to introduce new Javadoc
warnings
{color:red}-1 COMPILE{color}
. {color:green}+1{color} HEAD compiles
. {color:green}+1{color} patch compiles
. {color:red}-1{color} the patch seems to introduce 4107 new javac warning(s)
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
. {color:green}+1{color} the patch does not change any JPA
Entity/Colum/Basic/Lob/Transient annotations
. {color:green}+1{color} the patch does not modify JPA files
{color:red}-1 TESTS{color}
. Tests run: 1702
. Tests failed: 2
. Tests errors: 0
. The patch failed the following testcases:
. testSamplers(org.apache.oozie.util.TestMetricsInstrumentation)
. testForNoDuplicates(org.apache.oozie.event.TestEventGeneration)
{color:green}+1 DISTRO{color}
. {color:green}+1{color} distro tarball builds with the patch
----------------------------
{color:red}*-1 Overall result, please check the reported -1(s)*{color}
The full output of the test-patch run is available at
. https://builds.apache.org/job/oozie-trunk-precommit-build/2611/
> Fork collections-generic
> ------------------------
>
> Key: OOZIE-2410
> URL: https://issues.apache.org/jira/browse/OOZIE-2410
> Project: Oozie
> Issue Type: Bug
> Affects Versions: trunk
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Priority: Critical
> Fix For: trunk
>
> Attachments: OOZIE-2410.001.patch, security-fixes.patch
>
>
> The Jung library used by the {{GraphGenerator}} code is using an old fork of
> Commons-Collections which added generics. There was recently a security bug
> in Commons-Collections (COLLECTIONS-580). The fork we're using hasn't been
> updated since 2010 and is dead, so it won't get the security fix
> (Commons-Collections 3.2.2 or 4.1). While Oozie isn't currently vulnerable
> to an attack due to this, it would be good to patch this just to be safe.
> Unfortunately, the best way to fix this is to fork the fork, which isn't
> super great. Anyway, we can make a new "oozie-collections-generic" module
> with the collections-generic code + the security fixes applied.
> In the long run, we should implement OOZIE-2406, which will completely
> rewrite the {{GraphGenerator}} (there's a number of other downsides with the
> current implementation listed there), at which time we can remove this new
> module.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
