[
https://issues.apache.org/jira/browse/HADOOP-19154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17839943#comment-17839943
]
ASF GitHub Bot commented on HADOOP-19154:
-----------------------------------------
hadoop-yetus commented on PR #6755:
URL: https://github.com/apache/hadoop/pull/6755#issuecomment-2071444504
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Logfile | Comment |
|:----:|----------:|--------:|:--------:|:-------:|
|||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 00s | | No case conflicting files
found. |
| +0 :ok: | codespell | 0m 00s | | codespell was not available. |
| +0 :ok: | detsecrets | 0m 00s | | detect-secrets was not available.
|
| +0 :ok: | shellcheck | 0m 01s | | Shellcheck was not available. |
| +0 :ok: | shelldocs | 0m 01s | | Shelldocs was not available. |
| +0 :ok: | markdownlint | 0m 01s | | markdownlint was not available.
|
| +0 :ok: | xmllint | 0m 00s | | xmllint was not available. |
| +1 :green_heart: | @author | 0m 00s | | The patch does not contain
any @author tags. |
| -1 :x: | test4tests | 0m 00s | | The patch doesn't appear to include
any new or modified tests. Please justify why no new tests are needed for this
patch. Also please list what manual steps were performed to verify this patch.
|
|||| _ trunk Compile Tests _ |
| +0 :ok: | mvndep | 4m 01s | | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 88m 53s | | trunk passed |
| +1 :green_heart: | compile | 39m 12s | | trunk passed |
| -1 :x: | mvnsite | 23m 14s |
[/branch-mvnsite-root.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6755/1/artifact/out/branch-mvnsite-root.txt)
| root in trunk failed. |
| +1 :green_heart: | javadoc | 15m 06s | | trunk passed |
| +1 :green_heart: | shadedclient | 314m 57s | | branch has no errors
when building and testing our client artifacts. |
|||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 2m 38s | | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 92m 00s | | the patch passed |
| +1 :green_heart: | compile | 39m 05s | | the patch passed |
| +1 :green_heart: | javac | 39m 05s | | the patch passed |
| +1 :green_heart: | blanks | 0m 00s | | The patch has no blanks
issues. |
| -1 :x: | mvnsite | 22m 26s |
[/patch-mvnsite-root.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6755/1/artifact/out/patch-mvnsite-root.txt)
| root in the patch failed. |
| +1 :green_heart: | javadoc | 15m 39s | | the patch passed |
| +1 :green_heart: | shadedclient | 188m 34s | | patch has no errors
when building and testing our client artifacts. |
|||| _ Other Tests _ |
| +1 :green_heart: | asflicense | 6m 04s | | The patch does not
generate ASF License warnings. |
| | | 653m 34s | | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| GITHUB PR | https://github.com/apache/hadoop/pull/6755 |
| Optional Tests | dupname asflicense codespell detsecrets shellcheck
shelldocs mvnsite markdownlint compile javac javadoc mvninstall unit
shadedclient xmllint |
| uname | MINGW64_NT-10.0-17763 178c6f9cc74c 3.4.10-87d57229.x86_64
2024-02-14 20:17 UTC x86_64 Msys |
| Build tool | maven |
| Personality | /c/hadoop/dev-support/bin/hadoop.sh |
| git revision | trunk / c9f6b3d37891a0a31607e3a0ff1c035061d4f616 |
| Default Java | Azul Systems, Inc.-1.8.0_332-b09 |
| Test Results |
https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6755/1/testReport/
|
| modules | C: hadoop-project hadoop-cloud-storage-project/hadoop-cos . U: .
|
| Console output |
https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6755/1/console
|
| versions | git=2.44.0.windows.1 |
| Powered by | Apache Yetus 0.14.0 https://yetus.apache.org |
This message was automatically generated.
> upgrade bouncy castle to 1.78.1 due to CVEs
> -------------------------------------------
>
> Key: HADOOP-19154
> URL: https://issues.apache.org/jira/browse/HADOOP-19154
> Project: Hadoop Common
> Issue Type: Improvement
> Components: common
> Affects Versions: 3.4.0, 3.3.6
> Reporter: PJ Fanning
> Priority: Major
> Labels: pull-request-available
>
> [https://www.bouncycastle.org/releasenotes.html#r1rv78]
> There is a v1.78.1 release but no notes for it yet.
> For v1.78
> h3. 2.1.5 Security Advisories.
> Release 1.78 deals with the following CVEs:
> * CVE-2024-29857 - Importing an EC certificate with specially crafted F2m
> parameters can cause high CPU usage during parameter evaluation.
> * CVE-2024-30171 - Possible timing based leakage in RSA based handshakes due
> to exception processing eliminated.
> * CVE-2024-30172 - Crafted signature and public key can be used to trigger
> an infinite loop in the Ed25519 verification code.
> * CVE-2024-301XX - When endpoint identification is enabled and an SSL socket
> is not created with an explicit hostname (as happens with
> HttpsURLConnection), hostname verification could be performed against a
> DNS-resolved IP address. This has been fixed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
