[
https://issues.apache.org/jira/browse/HADOOP-19154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17845800#comment-17845800
]
ASF GitHub Bot commented on HADOOP-19154:
-----------------------------------------
hadoop-yetus commented on PR #6755:
URL: https://github.com/apache/hadoop/pull/6755#issuecomment-2106808024
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Logfile | Comment |
|:----:|----------:|--------:|:--------:|:-------:|
|||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 00s | | No case conflicting files
found. |
| +0 :ok: | codespell | 0m 00s | | codespell was not available. |
| +0 :ok: | detsecrets | 0m 00s | | detect-secrets was not available.
|
| +0 :ok: | shellcheck | 0m 00s | | Shellcheck was not available. |
| +0 :ok: | shelldocs | 0m 00s | | Shelldocs was not available. |
| +0 :ok: | markdownlint | 0m 00s | | markdownlint was not available.
|
| +0 :ok: | xmllint | 0m 01s | | xmllint was not available. |
| +1 :green_heart: | @author | 0m 00s | | The patch does not contain
any @author tags. |
| -1 :x: | test4tests | 0m 00s | | The patch doesn't appear to include
any new or modified tests. Please justify why no new tests are needed for this
patch. Also please list what manual steps were performed to verify this patch.
|
|||| _ trunk Compile Tests _ |
| +0 :ok: | mvndep | 2m 28s | | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 89m 21s | | trunk passed |
| +1 :green_heart: | compile | 40m 04s | | trunk passed |
| -1 :x: | mvnsite | 23m 45s |
[/branch-mvnsite-root.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6755/6/artifact/out/branch-mvnsite-root.txt)
| root in trunk failed. |
| +1 :green_heart: | javadoc | 16m 32s | | trunk passed |
| +1 :green_heart: | shadedclient | 321m 37s | | branch has no errors
when building and testing our client artifacts. |
|||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 2m 49s | | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 94m 13s | | the patch passed |
| +1 :green_heart: | compile | 40m 25s | | the patch passed |
| +1 :green_heart: | javac | 40m 25s | | the patch passed |
| +1 :green_heart: | blanks | 0m 01s | | The patch has no blanks
issues. |
| -1 :x: | mvnsite | 23m 27s |
[/patch-mvnsite-root.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6755/6/artifact/out/patch-mvnsite-root.txt)
| root in the patch failed. |
| +1 :green_heart: | javadoc | 16m 53s | | the patch passed |
| +1 :green_heart: | shadedclient | 196m 54s | | patch has no errors
when building and testing our client artifacts. |
|||| _ Other Tests _ |
| +1 :green_heart: | asflicense | 6m 38s | | The patch does not
generate ASF License warnings. |
| | | 673m 23s | | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| GITHUB PR | https://github.com/apache/hadoop/pull/6755 |
| Optional Tests | dupname asflicense codespell detsecrets shellcheck
shelldocs mvnsite markdownlint compile javac javadoc mvninstall unit
shadedclient xmllint |
| uname | MINGW64_NT-10.0-17763 04fb407b0a67 3.4.10-87d57229.x86_64
2024-02-14 20:17 UTC x86_64 Msys |
| Build tool | maven |
| Personality | /c/hadoop/dev-support/bin/hadoop.sh |
| git revision | trunk / 95a722cb40bad201bce1892be76aad7fcf0bae75 |
| Default Java | Azul Systems, Inc.-1.8.0_332-b09 |
| Test Results |
https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6755/6/testReport/
|
| modules | C: hadoop-project hadoop-cloud-storage-project/hadoop-cos . U: .
|
| Console output |
https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6755/6/console
|
| versions | git=2.44.0.windows.1 |
| Powered by | Apache Yetus 0.14.0 https://yetus.apache.org |
This message was automatically generated.
> upgrade bouncy castle to 1.78.1 due to CVEs
> -------------------------------------------
>
> Key: HADOOP-19154
> URL: https://issues.apache.org/jira/browse/HADOOP-19154
> Project: Hadoop Common
> Issue Type: Improvement
> Components: common
> Affects Versions: 3.4.0, 3.3.6
> Reporter: PJ Fanning
> Priority: Major
> Labels: pull-request-available
>
> [https://www.bouncycastle.org/releasenotes.html#r1rv78]
> There is a v1.78.1 release but no notes for it yet.
> For v1.78
> h3. 2.1.5 Security Advisories.
> Release 1.78 deals with the following CVEs:
> * CVE-2024-29857 - Importing an EC certificate with specially crafted F2m
> parameters can cause high CPU usage during parameter evaluation.
> * CVE-2024-30171 - Possible timing based leakage in RSA based handshakes due
> to exception processing eliminated.
> * CVE-2024-30172 - Crafted signature and public key can be used to trigger
> an infinite loop in the Ed25519 verification code.
> * CVE-2024-301XX - When endpoint identification is enabled and an SSL socket
> is not created with an explicit hostname (as happens with
> HttpsURLConnection), hostname verification could be performed against a
> DNS-resolved IP address. This has been fixed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
