Re: [PR] TEZ-4560. Upgrade bouncycastle to 1.77 due to CVE. [tez]
tez-yetus commented on PR #351: URL: https://github.com/apache/tez/pull/351#issuecomment-2094644056 :broken_heart: **-1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | +0 :ok: | reexec | 12m 23s | Docker mode activated. | ||| _ Prechecks _ | | +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. | | +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. | | -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. | ||| _ master Compile Tests _ | | +0 :ok: | mvndep | 6m 50s | Maven dependency ordering for branch | | +1 :green_heart: | mvninstall | 9m 20s | master passed | | +1 :green_heart: | compile | 1m 59s | master passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | compile | 1m 58s | master passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | +1 :green_heart: | javadoc | 1m 40s | master passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javadoc | 1m 25s | master passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | ||| _ Patch Compile Tests _ | | +0 :ok: | mvndep | 0m 16s | Maven dependency ordering for patch | | +1 :green_heart: | mvninstall | 2m 53s | the patch passed | | +1 :green_heart: | compile | 2m 3s | the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javac | 2m 3s | the patch passed | | +1 :green_heart: | compile | 1m 52s | the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | +1 :green_heart: | javac | 1m 52s | the patch passed | | +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. | | +1 :green_heart: | xml | 0m 3s | The patch has no ill-formed XML file. | | +1 :green_heart: | javadoc | 1m 26s | the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javadoc | 1m 25s | the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | ||| _ Other Tests _ | | +1 :green_heart: | unit | 2m 5s | tez-api in the patch passed. | | -1 :x: | unit | 27m 57s | tez-tests in the patch failed. | | -1 :x: | unit | 41m 24s | root in the patch failed. | | +1 :green_heart: | asflicense | 1m 3s | The patch does not generate ASF License warnings. | | | | 119m 3s | | | Reason | Tests | |---:|:--| | Failed junit tests | tez.test.TestAMRecovery | | | tez.test.TestRecovery | | | tez.test.TestDAGRecovery | | | tez.test.TestAMRecovery | | | tez.test.TestRecovery | | | tez.test.TestDAGRecovery | | Subsystem | Report/Notes | |--:|:-| | Docker | ClientAPI=1.45 ServerAPI=1.45 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-351/1/artifact/out/Dockerfile | | GITHUB PR | https://github.com/apache/tez/pull/351 | | Optional Tests | dupname asflicense javac javadoc unit xml compile | | uname | Linux f3b56d90114b 5.15.0-94-generic #104-Ubuntu SMP Tue Jan 9 15:25:40 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | personality/tez.sh | | git revision | master / 906059adb | | Default Java | Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | unit | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-351/1/artifact/out/patch-unit-tez-tests.txt | | unit | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-351/1/artifact/out/patch-unit-root.txt | | Test Results | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-351/1/testReport/ | | Max. process+thread count | 1527 (vs. ulimit of 5500) | | modules | C: tez-api tez-tests . U: . | | Console output | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-351/1/console | | versions | git=2.34.1 maven=3.6.3 | | Powered by | Apache Yetus 0.12.0 https://yetus.apache.org | This message was automatically generated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@tez.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] TEZ-4551. Upgrade commons-io to 2.16.0. [tez]
tez-yetus commented on PR #344: URL: https://github.com/apache/tez/pull/344#issuecomment-2094636658 :broken_heart: **-1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | +0 :ok: | reexec | 25m 16s | Docker mode activated. | ||| _ Prechecks _ | | +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. | | +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. | | -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. | ||| _ master Compile Tests _ | | +1 :green_heart: | mvninstall | 14m 58s | master passed | | +1 :green_heart: | compile | 2m 23s | master passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | compile | 2m 10s | master passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | +1 :green_heart: | javadoc | 1m 32s | master passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javadoc | 1m 8s | master passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | ||| _ Patch Compile Tests _ | | +1 :green_heart: | mvninstall | 4m 30s | the patch passed | | +1 :green_heart: | compile | 2m 26s | the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javac | 2m 26s | the patch passed | | +1 :green_heart: | compile | 2m 11s | the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | +1 :green_heart: | javac | 2m 11s | the patch passed | | +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. | | +1 :green_heart: | xml | 0m 1s | The patch has no ill-formed XML file. | | +1 :green_heart: | javadoc | 1m 12s | the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javadoc | 1m 8s | the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | ||| _ Other Tests _ | | -1 :x: | unit | 46m 43s | root in the patch failed. | | +1 :green_heart: | asflicense | 0m 34s | The patch does not generate ASF License warnings. | | | | 107m 24s | | | Reason | Tests | |---:|:--| | Failed junit tests | tez.test.TestDAGRecovery | | | tez.test.TestRecovery | | | tez.test.TestAMRecovery | | Subsystem | Report/Notes | |--:|:-| | Docker | ClientAPI=1.44 ServerAPI=1.44 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-344/2/artifact/out/Dockerfile | | GITHUB PR | https://github.com/apache/tez/pull/344 | | Optional Tests | dupname asflicense javac javadoc unit xml compile | | uname | Linux de33186feb09 5.15.0-94-generic #104-Ubuntu SMP Tue Jan 9 15:25:40 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | personality/tez.sh | | git revision | master / 906059adb | | Default Java | Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | unit | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-344/2/artifact/out/patch-unit-root.txt | | Test Results | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-344/2/testReport/ | | Max. process+thread count | 2090 (vs. ulimit of 5500) | | modules | C: . U: . | | Console output | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-344/2/console | | versions | git=2.34.1 maven=3.6.3 | | Powered by | Apache Yetus 0.12.0 https://yetus.apache.org | This message was automatically generated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@tez.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] TEZ-4550. Upgrade commons-cli to 1.6.0. [tez]
tez-yetus commented on PR #343: URL: https://github.com/apache/tez/pull/343#issuecomment-2094628701 :broken_heart: **-1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | +0 :ok: | reexec | 0m 13s | Docker mode activated. | ||| _ Prechecks _ | | +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. | | +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. | | -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. | ||| _ master Compile Tests _ | | +1 :green_heart: | mvninstall | 15m 59s | master passed | | +1 :green_heart: | compile | 2m 26s | master passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | compile | 2m 7s | master passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | +1 :green_heart: | javadoc | 1m 45s | master passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javadoc | 1m 13s | master passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | ||| _ Patch Compile Tests _ | | +1 :green_heart: | mvninstall | 4m 19s | the patch passed | | +1 :green_heart: | compile | 2m 17s | the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javac | 2m 17s | the patch passed | | +1 :green_heart: | compile | 2m 10s | the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | +1 :green_heart: | javac | 2m 10s | the patch passed | | +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. | | +1 :green_heart: | xml | 0m 2s | The patch has no ill-formed XML file. | | +1 :green_heart: | javadoc | 1m 12s | the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javadoc | 1m 12s | the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | ||| _ Other Tests _ | | -1 :x: | unit | 50m 28s | root in the patch failed. | | +1 :green_heart: | asflicense | 0m 41s | The patch does not generate ASF License warnings. | | | | 87m 22s | | | Reason | Tests | |---:|:--| | Failed junit tests | tez.test.TestAMRecovery | | | tez.test.TestRecovery | | | tez.test.TestDAGRecovery | | | tez.test.TestTezJobs | | Subsystem | Report/Notes | |--:|:-| | Docker | ClientAPI=1.45 ServerAPI=1.45 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-343/2/artifact/out/Dockerfile | | GITHUB PR | https://github.com/apache/tez/pull/343 | | Optional Tests | dupname asflicense javac javadoc unit xml compile | | uname | Linux a2777bec9310 5.15.0-101-generic #111-Ubuntu SMP Tue Mar 5 20:16:58 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | personality/tez.sh | | git revision | master / 906059adb | | Default Java | Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | unit | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-343/2/artifact/out/patch-unit-root.txt | | Test Results | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-343/2/testReport/ | | Max. process+thread count | 2100 (vs. ulimit of 5500) | | modules | C: . U: . | | Console output | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-343/2/console | | versions | git=2.34.1 maven=3.6.3 | | Powered by | Apache Yetus 0.12.0 https://yetus.apache.org | This message was automatically generated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@tez.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (TEZ-4560) Upgrade bouncycastle to 1.77 due to CVE.
[ https://issues.apache.org/jira/browse/TEZ-4560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4560: Description: There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. We can find more information at the following link: [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70] The link to the CVE is as follows: [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202] [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201] We can upgrade bcprov-jdk15on to bcprov-jdk18on to address the CVE issues. was: There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. We can find more information at the following link: [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70] [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202] [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201] > Upgrade bouncycastle to 1.77 due to CVE. > > > Key: TEZ-4560 > URL: https://issues.apache.org/jira/browse/TEZ-4560 > Project: Apache Tez > Issue Type: Improvement >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > > There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. > We can find more information at the following link: > [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70] > The link to the CVE is as follows: > [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202] > [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201] > We can upgrade bcprov-jdk15on to bcprov-jdk18on to address the CVE issues. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TEZ-4560) Upgrade bouncycastle to 1.77 due to CVE.
Shilun Fan created TEZ-4560: --- Summary: Upgrade bouncycastle to 1.77 due to CVE. Key: TEZ-4560 URL: https://issues.apache.org/jira/browse/TEZ-4560 Project: Apache Tez Issue Type: Improvement Reporter: Shilun Fan Assignee: Shilun Fan There are 2 CVE issues in bcprov-jdk15on, CVE-2023-33202 and CVE-2023-33201. We can find more information at the following link: [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70] [CVE-2023-33202|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202] [CVE-2023-33201|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201] -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] TEZ-4552. Upgrade protobuf to 3.24.4 due to CVE. [tez]
tez-yetus commented on PR #345: URL: https://github.com/apache/tez/pull/345#issuecomment-2094570613 :broken_heart: **-1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | +0 :ok: | reexec | 22m 11s | Docker mode activated. | ||| _ Prechecks _ | | +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. | | +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. | | -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. | ||| _ master Compile Tests _ | | +1 :green_heart: | mvninstall | 15m 11s | master passed | | +1 :green_heart: | compile | 2m 16s | master passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | compile | 2m 7s | master passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | +1 :green_heart: | javadoc | 1m 35s | master passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javadoc | 1m 12s | master passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | ||| _ Patch Compile Tests _ | | +1 :green_heart: | mvninstall | 4m 13s | the patch passed | | +1 :green_heart: | compile | 2m 18s | the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javac | 2m 18s | the patch passed | | +1 :green_heart: | compile | 2m 13s | the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | +1 :green_heart: | javac | 2m 14s | the patch passed | | +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. | | +1 :green_heart: | xml | 0m 1s | The patch has no ill-formed XML file. | | +1 :green_heart: | javadoc | 1m 15s | the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javadoc | 1m 12s | the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | ||| _ Other Tests _ | | -1 :x: | unit | 50m 53s | root in the patch failed. | | +1 :green_heart: | asflicense | 0m 38s | The patch does not generate ASF License warnings. | | | | 108m 32s | | | Reason | Tests | |---:|:--| | Failed junit tests | tez.test.TestAMRecovery | | | tez.test.TestRecovery | | | tez.test.TestDAGRecovery | | Subsystem | Report/Notes | |--:|:-| | Docker | ClientAPI=1.45 ServerAPI=1.45 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-345/3/artifact/out/Dockerfile | | GITHUB PR | https://github.com/apache/tez/pull/345 | | Optional Tests | dupname asflicense javac javadoc unit xml compile | | uname | Linux ad02bf218b98 5.15.0-101-generic #111-Ubuntu SMP Tue Mar 5 20:16:58 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | personality/tez.sh | | git revision | master / 906059adb | | Default Java | Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | unit | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-345/3/artifact/out/patch-unit-root.txt | | Test Results | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-345/3/testReport/ | | Max. process+thread count | 2100 (vs. ulimit of 5500) | | modules | C: . U: . | | Console output | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-345/3/console | | versions | git=2.34.1 maven=3.6.3 | | Powered by | Apache Yetus 0.12.0 https://yetus.apache.org | This message was automatically generated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@tez.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (TEZ-4552) Upgrade protobuf to 3.24.4 due to CVE.
[ https://issues.apache.org/jira/browse/TEZ-4552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4552: Summary: Upgrade protobuf to 3.24.4 due to CVE. (was: Upgrade protobuf to 3.23.4. ) > Upgrade protobuf to 3.24.4 due to CVE. > -- > > Key: TEZ-4552 > URL: https://issues.apache.org/jira/browse/TEZ-4552 > Project: Apache Tez > Issue Type: Improvement >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > Time Spent: 1h 50m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TEZ-4552) Upgrade protobuf to 3.24.4 due to CVE.
[ https://issues.apache.org/jira/browse/TEZ-4552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated TEZ-4552: Description: I found that there are 3 CVE issues that we need to deal with. These CVE issues are related to protobuf. Our protobuf uses 3.21.1, which is an old version. This PR will try to upgrade the protobuf version to solve the CVE issue. * [CVE-2022-3171|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171] * [CVE-2022-3509|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509] * [CVE-2022-3510|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510] > Upgrade protobuf to 3.24.4 due to CVE. > -- > > Key: TEZ-4552 > URL: https://issues.apache.org/jira/browse/TEZ-4552 > Project: Apache Tez > Issue Type: Improvement >Reporter: Shilun Fan >Assignee: Shilun Fan >Priority: Major > Time Spent: 1h 50m > Remaining Estimate: 0h > > I found that there are 3 CVE issues that we need to deal with. These CVE > issues are related to protobuf. Our protobuf uses 3.21.1, which is an old > version. This PR will try to upgrade the protobuf version to solve the CVE > issue. > * > [CVE-2022-3171|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171] > * > [CVE-2022-3509|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509] > * > [CVE-2022-3510|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510] -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] TEZ-4552. Upgrade protobuf to 3.24.4. [tez]
tez-yetus commented on PR #345: URL: https://github.com/apache/tez/pull/345#issuecomment-2094565263 :broken_heart: **-1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | +0 :ok: | reexec | 12m 34s | Docker mode activated. | ||| _ Prechecks _ | | +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. | | +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. | | -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. | ||| _ master Compile Tests _ | | +1 :green_heart: | mvninstall | 15m 21s | master passed | | +1 :green_heart: | compile | 1m 18s | master passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | compile | 1m 14s | master passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | +1 :green_heart: | javadoc | 1m 12s | master passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javadoc | 0m 45s | master passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | ||| _ Patch Compile Tests _ | | +1 :green_heart: | mvninstall | 2m 25s | the patch passed | | +1 :green_heart: | compile | 1m 19s | the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javac | 1m 19s | the patch passed | | +1 :green_heart: | compile | 1m 13s | the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | +1 :green_heart: | javac | 1m 13s | the patch passed | | +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. | | +1 :green_heart: | xml | 0m 1s | The patch has no ill-formed XML file. | | +1 :green_heart: | javadoc | 0m 43s | the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 | | +1 :green_heart: | javadoc | 0m 45s | the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | ||| _ Other Tests _ | | -1 :x: | unit | 41m 18s | root in the patch failed. | | +1 :green_heart: | asflicense | 0m 31s | The patch does not generate ASF License warnings. | | | | 81m 27s | | | Reason | Tests | |---:|:--| | Failed junit tests | tez.test.TestAMRecovery | | | tez.test.TestDAGRecovery | | | tez.test.TestRecovery | | Subsystem | Report/Notes | |--:|:-| | Docker | ClientAPI=1.45 ServerAPI=1.45 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-345/2/artifact/out/Dockerfile | | GITHUB PR | https://github.com/apache/tez/pull/345 | | Optional Tests | dupname asflicense javac javadoc unit xml compile | | uname | Linux 5bb8ca8334c2 5.15.0-94-generic #104-Ubuntu SMP Tue Jan 9 15:25:40 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | personality/tez.sh | | git revision | master / 906059adb | | Default Java | Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu222.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_402-8u402-ga-2ubuntu1~22.04-b06 | | unit | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-345/2/artifact/out/patch-unit-root.txt | | Test Results | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-345/2/testReport/ | | Max. process+thread count | 1309 (vs. ulimit of 5500) | | modules | C: . U: . | | Console output | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-345/2/console | | versions | git=2.34.1 maven=3.6.3 | | Powered by | Apache Yetus 0.12.0 https://yetus.apache.org | This message was automatically generated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@tez.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] TEZ-4552. Upgrade protobuf to 3.24.4. [tez]
slfan1989 commented on PR #345: URL: https://github.com/apache/tez/pull/345#issuecomment-2094555633 @abstractdog @Aggarwal-Raghav @BilwaST Thank you for paying attention to this pr! The reason I want to upgrade protobuf is because there are some CVE vulnerabilities in lower versions of protobuf, so I try to upgrade protobuf to a higher version to solve related issues. Some known protobuf vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@tez.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] TEZ-4552. Upgrade protobuf to 3.23.4. [tez]
BilwaST commented on PR #345: URL: https://github.com/apache/tez/pull/345#issuecomment-2094554985 Thanks for your patch @slfan1989. Looks good to me -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@tez.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org