from:"Kevin Risden \(Jira\)"

[jira] [Commented] (HADOOP-18922) Race condition in ZKDelegationTokenSecretManager creating znode

2023-10-12 Thread Kevin Risden (Jira)



[ 
https://issues.apache.org/jira/browse/HADOOP-18922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17774594#comment-17774594
 ] 

Kevin Risden commented on HADOOP-18922:
---

branch-3.3 PR - https://github.com/apache/hadoop/pull/6179

> Race condition in ZKDelegationTokenSecretManager creating znode
> ---
>
> Key: HADOOP-18922
> URL: https://issues.apache.org/jira/browse/HADOOP-18922
> Project: Hadoop Common
>  Issue Type: Bug
>  Components: common
>Affects Versions: 3.4.0, 3.3.6
>Reporter: Kevin Risden
>Assignee: Kevin Risden
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.4.0
>
>
> When multiple nodes come up at the same time, there is a race condition in 
> ZKDelegationTokenSecretManager since the exists and create check do not mean 
> that the znode was created in the meantime. HADOOP-18452 tried to fix this 
> but the issue still exists.
> A better fix would be to catch the 
> https://zookeeper.apache.org/doc/r3.9.0/apidocs/zookeeper-server/org/apache/zookeeper/KeeperException.NodeExistsException.html
>  if the create fails when the znode already exists. This would eliminate the 
> race condition.
> {code:java}
> 236 ERROR (jetty-launcher-8-thread-1) [n:127.0.0.1:56203_solr] 
> o.a.s.s.CoreContainerProvider Could not start Solr. Check solr/home property 
> and the logs
>   => java.lang.RuntimeException: Could not start class 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager:
>  java.io.IOException: Could not create namespace
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.init(DelegationTokenManager.java:149)
> java.lang.RuntimeException: Could not start class 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager:
>  java.io.IOException: Could not create namespace
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.init(DelegationTokenManager.java:149)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.initTokenManager(DelegationTokenAuthenticationHandler.java:163)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.init(DelegationTokenAuthenticationHandler.java:131)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeAuthHandler(AuthenticationFilter.java:194)
>  ~[hadoop-auth-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.initializeAuthHandler(DelegationTokenAuthenticationFilter.java:215)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.solr.security.hadoop.HadoopAuthFilter.initializeAuthHandler(HadoopAuthFilter.java:124)
>  ~[main/:?]
>   at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:180)
>  ~[hadoop-auth-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.init(DelegationTokenAuthenticationFilter.java:181)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.solr.security.hadoop.HadoopAuthFilter.init(HadoopAuthFilter.java:75)
>  ~[main/:?]
>   at 
> org.apache.solr.security.hadoop.HadoopAuthPlugin.init(HadoopAuthPlugin.java:135)
>  ~[main/:?]
>   at 
> org.apache.solr.core.CoreContainer.initializeAuthenticationPlugin(CoreContainer.java:569)
>  ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at 
> org.apache.solr.core.CoreContainer.reloadSecurityProperties(CoreContainer.java:1185)
>  ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at 
> org.apache.solr.core.CoreContainer.loadInternal(CoreContainer.java:854) 
> ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at org.apache.solr.core.CoreContainer.load(CoreContainer.java:763) 
> ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at 
> org.apache.solr.servlet.CoreContainerProvider.createCoreContainer(CoreContainerProvider.java:427)
>  ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at 
> org.apache.solr.servlet.CoreContainerProvider.init(CoreContainerProvider.java:246)
>  [solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapsh

[jira] [Commented] (HADOOP-18922) Race condition in ZKDelegationTokenSecretManager creating znode

2023-10-12 Thread Kevin Risden (Jira)



[ 
https://issues.apache.org/jira/browse/HADOOP-18922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17774586#comment-17774586
 ] 

Kevin Risden commented on HADOOP-18922:
---

This was introduced in 3.3.6 so if there is going to be a 3.3.7/3.3.8 then 
branch-3.3 makes sense. I can open another PR if thats how to best handle it. 
It should cherry pick cleanly.

> Race condition in ZKDelegationTokenSecretManager creating znode
> ---
>
> Key: HADOOP-18922
> URL: https://issues.apache.org/jira/browse/HADOOP-18922
> Project: Hadoop Common
>  Issue Type: Bug
>  Components: common
>Affects Versions: 3.4.0, 3.3.6
>Reporter: Kevin Risden
>Assignee: Kevin Risden
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.4.0
>
>
> When multiple nodes come up at the same time, there is a race condition in 
> ZKDelegationTokenSecretManager since the exists and create check do not mean 
> that the znode was created in the meantime. HADOOP-18452 tried to fix this 
> but the issue still exists.
> A better fix would be to catch the 
> https://zookeeper.apache.org/doc/r3.9.0/apidocs/zookeeper-server/org/apache/zookeeper/KeeperException.NodeExistsException.html
>  if the create fails when the znode already exists. This would eliminate the 
> race condition.
> {code:java}
> 236 ERROR (jetty-launcher-8-thread-1) [n:127.0.0.1:56203_solr] 
> o.a.s.s.CoreContainerProvider Could not start Solr. Check solr/home property 
> and the logs
>   => java.lang.RuntimeException: Could not start class 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager:
>  java.io.IOException: Could not create namespace
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.init(DelegationTokenManager.java:149)
> java.lang.RuntimeException: Could not start class 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager:
>  java.io.IOException: Could not create namespace
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.init(DelegationTokenManager.java:149)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.initTokenManager(DelegationTokenAuthenticationHandler.java:163)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.init(DelegationTokenAuthenticationHandler.java:131)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeAuthHandler(AuthenticationFilter.java:194)
>  ~[hadoop-auth-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.initializeAuthHandler(DelegationTokenAuthenticationFilter.java:215)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.solr.security.hadoop.HadoopAuthFilter.initializeAuthHandler(HadoopAuthFilter.java:124)
>  ~[main/:?]
>   at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:180)
>  ~[hadoop-auth-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.init(DelegationTokenAuthenticationFilter.java:181)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.solr.security.hadoop.HadoopAuthFilter.init(HadoopAuthFilter.java:75)
>  ~[main/:?]
>   at 
> org.apache.solr.security.hadoop.HadoopAuthPlugin.init(HadoopAuthPlugin.java:135)
>  ~[main/:?]
>   at 
> org.apache.solr.core.CoreContainer.initializeAuthenticationPlugin(CoreContainer.java:569)
>  ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at 
> org.apache.solr.core.CoreContainer.reloadSecurityProperties(CoreContainer.java:1185)
>  ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at 
> org.apache.solr.core.CoreContainer.loadInternal(CoreContainer.java:854) 
> ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at org.apache.solr.core.CoreContainer.load(CoreContainer.java:763) 
> ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at 
> org.apache.solr.servlet.CoreContainerProvider.createCoreContainer(CoreContainerProvider.java:427)
>  ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at 
> org.apache.solr.servlet.CoreContainerProvider.init(CoreCo

[jira] [Updated] (HADOOP-18922) Race condition in ZKDelegationTokenSecretManager creating znode

2023-10-05 Thread Kevin Risden (Jira)



 [ 
https://issues.apache.org/jira/browse/HADOOP-18922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Risden updated HADOOP-18922:
--
Status: Patch Available  (was: Open)

PR https://github.com/apache/hadoop/pull/6150

> Race condition in ZKDelegationTokenSecretManager creating znode
> ---
>
> Key: HADOOP-18922
> URL: https://issues.apache.org/jira/browse/HADOOP-18922
> Project: Hadoop Common
>  Issue Type: Bug
>  Components: common
>Affects Versions: 3.3.6, 3.4.0
>Reporter: Kevin Risden
>Priority: Major
>  Labels: pull-request-available
>
> When multiple nodes come up at the same time, there is a race condition in 
> ZKDelegationTokenSecretManager since the exists and create check do not mean 
> that the znode was created in the meantime. HADOOP-18452 tried to fix this 
> but the issue still exists.
> A better fix would be to catch the 
> https://zookeeper.apache.org/doc/r3.9.0/apidocs/zookeeper-server/org/apache/zookeeper/KeeperException.NodeExistsException.html
>  if the create fails when the znode already exists. This would eliminate the 
> race condition.
> {code:java}
> 236 ERROR (jetty-launcher-8-thread-1) [n:127.0.0.1:56203_solr] 
> o.a.s.s.CoreContainerProvider Could not start Solr. Check solr/home property 
> and the logs
>   => java.lang.RuntimeException: Could not start class 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager:
>  java.io.IOException: Could not create namespace
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.init(DelegationTokenManager.java:149)
> java.lang.RuntimeException: Could not start class 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager:
>  java.io.IOException: Could not create namespace
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.init(DelegationTokenManager.java:149)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.initTokenManager(DelegationTokenAuthenticationHandler.java:163)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.init(DelegationTokenAuthenticationHandler.java:131)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeAuthHandler(AuthenticationFilter.java:194)
>  ~[hadoop-auth-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.initializeAuthHandler(DelegationTokenAuthenticationFilter.java:215)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.solr.security.hadoop.HadoopAuthFilter.initializeAuthHandler(HadoopAuthFilter.java:124)
>  ~[main/:?]
>   at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:180)
>  ~[hadoop-auth-3.3.6.jar:?]
>   at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.init(DelegationTokenAuthenticationFilter.java:181)
>  ~[hadoop-common-3.3.6.jar:?]
>   at 
> org.apache.solr.security.hadoop.HadoopAuthFilter.init(HadoopAuthFilter.java:75)
>  ~[main/:?]
>   at 
> org.apache.solr.security.hadoop.HadoopAuthPlugin.init(HadoopAuthPlugin.java:135)
>  ~[main/:?]
>   at 
> org.apache.solr.core.CoreContainer.initializeAuthenticationPlugin(CoreContainer.java:569)
>  ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at 
> org.apache.solr.core.CoreContainer.reloadSecurityProperties(CoreContainer.java:1185)
>  ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at 
> org.apache.solr.core.CoreContainer.loadInternal(CoreContainer.java:854) 
> ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at org.apache.solr.core.CoreContainer.load(CoreContainer.java:763) 
> ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at 
> org.apache.solr.servlet.CoreContainerProvider.createCoreContainer(CoreContainerProvider.java:427)
>  ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at 
> org.apache.solr.servlet.CoreContainerProvider.init(CoreContainerProvider.java:246)
>  [solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
> a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
>   at 
> org.apache.solr.embedded.JettySolrRunner$1.lifeCycleSt

[jira] [Created] (HADOOP-18922) Race condition in ZKDelegationTokenSecretManager creating znode

2023-10-05 Thread Kevin Risden (Jira)

Kevin Risden created HADOOP-18922:
-

 Summary: Race condition in ZKDelegationTokenSecretManager creating 
znode
 Key: HADOOP-18922
 URL: https://issues.apache.org/jira/browse/HADOOP-18922
 Project: Hadoop Common
  Issue Type: Bug
  Components: common
Affects Versions: 3.3.6, 3.4.0
Reporter: Kevin Risden


When multiple nodes come up at the same time, there is a race condition in 
ZKDelegationTokenSecretManager since the exists and create check do not mean 
that the znode was created in the meantime. HADOOP-18452 tried to fix this but 
the issue still exists.

A better fix would be to catch the 
https://zookeeper.apache.org/doc/r3.9.0/apidocs/zookeeper-server/org/apache/zookeeper/KeeperException.NodeExistsException.html
 if the create fails when the znode already exists. This would eliminate the 
race condition.

{code:java}
236 ERROR (jetty-launcher-8-thread-1) [n:127.0.0.1:56203_solr] 
o.a.s.s.CoreContainerProvider Could not start Solr. Check solr/home property 
and the logs
  => java.lang.RuntimeException: Could not start class 
org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager:
 java.io.IOException: Could not create namespace
at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.init(DelegationTokenManager.java:149)
java.lang.RuntimeException: Could not start class 
org.apache.hadoop.security.token.delegation.web.DelegationTokenManager$ZKSecretManager:
 java.io.IOException: Could not create namespace
at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenManager.init(DelegationTokenManager.java:149)
 ~[hadoop-common-3.3.6.jar:?]
at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.initTokenManager(DelegationTokenAuthenticationHandler.java:163)
 ~[hadoop-common-3.3.6.jar:?]
at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.init(DelegationTokenAuthenticationHandler.java:131)
 ~[hadoop-common-3.3.6.jar:?]
at 
org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeAuthHandler(AuthenticationFilter.java:194)
 ~[hadoop-auth-3.3.6.jar:?]
at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.initializeAuthHandler(DelegationTokenAuthenticationFilter.java:215)
 ~[hadoop-common-3.3.6.jar:?]
at 
org.apache.solr.security.hadoop.HadoopAuthFilter.initializeAuthHandler(HadoopAuthFilter.java:124)
 ~[main/:?]
at 
org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:180)
 ~[hadoop-auth-3.3.6.jar:?]
at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.init(DelegationTokenAuthenticationFilter.java:181)
 ~[hadoop-common-3.3.6.jar:?]
at 
org.apache.solr.security.hadoop.HadoopAuthFilter.init(HadoopAuthFilter.java:75) 
~[main/:?]
at 
org.apache.solr.security.hadoop.HadoopAuthPlugin.init(HadoopAuthPlugin.java:135)
 ~[main/:?]
at 
org.apache.solr.core.CoreContainer.initializeAuthenticationPlugin(CoreContainer.java:569)
 ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
at 
org.apache.solr.core.CoreContainer.reloadSecurityProperties(CoreContainer.java:1185)
 ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
at 
org.apache.solr.core.CoreContainer.loadInternal(CoreContainer.java:854) 
~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
at org.apache.solr.core.CoreContainer.load(CoreContainer.java:763) 
~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
at 
org.apache.solr.servlet.CoreContainerProvider.createCoreContainer(CoreContainerProvider.java:427)
 ~[solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
at 
org.apache.solr.servlet.CoreContainerProvider.init(CoreContainerProvider.java:246)
 [solr-core-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
at 
org.apache.solr.embedded.JettySolrRunner$1.lifeCycleStarted(JettySolrRunner.java:405)
 [solr-test-framework-10.0.0-SNAPSHOT.jar:10.0.0-SNAPSHOT 
a3945a2c3710b1a355abdea7a2e63b5353ad0723 [snapshot build, details omitted]]
at 
org.eclipse.jetty.util.component.AbstractLifeCycle.setStarted(AbstractLifeCycle.java:253)
 [jetty-util-10.0.16.jar:10.0.16]
at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:94)
 [jetty-util-10.0.16.jar:10.0.16]
at 
org.apache.s

[jira] [Comment Edited] (HADOOP-17563) Update Bouncy Castle to 1.68

2021-05-27 Thread Kevin Risden (Jira)



[ 
https://issues.apache.org/jira/browse/HADOOP-17563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17352744#comment-17352744
 ] 

Kevin Risden edited comment on HADOOP-17563 at 5/27/21, 8:45 PM:
-

I think the link to the vulnerability in the description is wrong? 
https://nvd.nist.gov/vuln/detail/CVE-2020-26939 and 
https://nvd.nist.gov/vuln/detail/CVE-2020-28052 and 
https://nvd.nist.gov/vuln/detail/CVE-2020-15522 could be correct?

At least CVE-2020-26939 applies to 1.60 and is fixed in 1.61 or later. 
CVE-2020-28052 applies to 1.65 and 1.66.

Based on https://snyk.io/vuln/maven:org.bouncycastle:bcprov-jdk15on 1.67 or 
later currently has no CVEs.


was (Author: risdenk):
I think the link to the vulnerability in the description is wrong? 
https://nvd.nist.gov/vuln/detail/CVE-2020-26939 and 
https://nvd.nist.gov/vuln/detail/CVE-2020-28052 could be correct?

At least CVE-2020-26939 applies to 1.60 and is fixed in 1.61 or later. 
CVE-2020-28052 applies to 1.65 and 1.66.

> Update Bouncy Castle to 1.68
> 
>
> Key: HADOOP-17563
> URL: https://issues.apache.org/jira/browse/HADOOP-17563
> Project: Hadoop Common
>  Issue Type: Improvement
>Reporter: Takanobu Asanuma
>Assignee: Takanobu Asanuma
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.3.1, 3.4.0, 3.2.3
>
>  Time Spent: 2h
>  Remaining Estimate: 0h
>
> Bouncy Castle 1.60 has Hash Collision Vulnerability. Let's update to 1.68.
> https://www.sourceclear.com/vulnerability-database/security/hash-collision/java/sid-6009



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Comment Edited] (HADOOP-17563) Update Bouncy Castle to 1.68

2021-05-27 Thread Kevin Risden (Jira)



[ 
https://issues.apache.org/jira/browse/HADOOP-17563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17352744#comment-17352744
 ] 

Kevin Risden edited comment on HADOOP-17563 at 5/27/21, 8:44 PM:
-

I think the link to the vulnerability in the description is wrong? 
https://nvd.nist.gov/vuln/detail/CVE-2020-26939 and 
https://nvd.nist.gov/vuln/detail/CVE-2020-28052 could be correct?

At least CVE-2020-26939 applies to 1.60 and is fixed in 1.61 or later. 
CVE-2020-28052 applies to 1.65 and 1.66.


was (Author: risdenk):
I think the link to the vulnerability in the description is wrong? 
https://nvd.nist.gov/vuln/detail/CVE-2020-26939

At least CVE-2020-26939 applies to 1.60 and is fixed in 1.61 or later. 

> Update Bouncy Castle to 1.68
> 
>
> Key: HADOOP-17563
> URL: https://issues.apache.org/jira/browse/HADOOP-17563
> Project: Hadoop Common
>  Issue Type: Improvement
>Reporter: Takanobu Asanuma
>Assignee: Takanobu Asanuma
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.3.1, 3.4.0, 3.2.3
>
>  Time Spent: 2h
>  Remaining Estimate: 0h
>
> Bouncy Castle 1.60 has Hash Collision Vulnerability. Let's update to 1.68.
> https://www.sourceclear.com/vulnerability-database/security/hash-collision/java/sid-6009



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-17563) Update Bouncy Castle to 1.68

2021-05-27 Thread Kevin Risden (Jira)



[ 
https://issues.apache.org/jira/browse/HADOOP-17563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17352744#comment-17352744
 ] 

Kevin Risden commented on HADOOP-17563:
---

I think the link to the vulnerability in the description is wrong? 
https://nvd.nist.gov/vuln/detail/CVE-2020-26939

At least CVE-2020-26939 applies to 1.60 and is fixed in 1.61 or later. 

> Update Bouncy Castle to 1.68
> 
>
> Key: HADOOP-17563
> URL: https://issues.apache.org/jira/browse/HADOOP-17563
> Project: Hadoop Common
>  Issue Type: Improvement
>Reporter: Takanobu Asanuma
>Assignee: Takanobu Asanuma
>Priority: Major
>  Labels: pull-request-available
> Fix For: 3.3.1, 3.4.0, 3.2.3
>
>  Time Spent: 2h
>  Remaining Estimate: 0h
>
> Bouncy Castle 1.60 has Hash Collision Vulnerability. Let's update to 1.68.
> https://www.sourceclear.com/vulnerability-database/security/hash-collision/java/sid-6009



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-14115) SimpleDateFormatter's are construted w/default Locale, causing malformed dates on some platforms

2020-12-01 Thread Kevin Risden (Jira)



[ 
https://issues.apache.org/jira/browse/HADOOP-14115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17241559#comment-17241559
 ] 

Kevin Risden commented on HADOOP-14115:
---

HADOOP-15681 might be the same as this ticket.

> SimpleDateFormatter's are construted w/default Locale, causing malformed 
> dates on some platforms
> 
>
> Key: HADOOP-14115
> URL: https://issues.apache.org/jira/browse/HADOOP-14115
> Project: Hadoop Common
>  Issue Type: Bug
>Reporter: Chris M. Hostetter
>Priority: Major
>
> In at least one place I know of in Hadoop, {{SimpleDateFormatter}} is used to 
> serialize {{Date}} object in a format intended for machine consumption -- and 
> should be following strict formatting rules -- but the 
> {{SimpleDateFormatter}}  instance is not constructed with an explicit 
> {{Locale}} so the platform default is used instead.  This causes things like 
> "Day name in week" ({{E}}) to generate unexpected results depending on the 
> Locale of the machine where the code is running, resulting in date-time 
> strings that violate the formatting rules.
> A specific example of this is {{AuthenticationFilter.createAuthCookie}} which 
> has code that looks like this...
> {code}
>   Date date = new Date(expires);
>   SimpleDateFormat df = new SimpleDateFormat("EEE, " +
>   "dd-MMM- HH:mm:ss zzz");
>   df.setTimeZone(TimeZone.getTimeZone("GMT"));
>   sb.append("; Expires=").append(df.format(date));
> {code}
> ...which can cause invalid expiration attributes in the {{Set-Cookies}} 
> header like this (as noted by http-commons's {{ResponseProcessCookies}} 
> class...
> {noformat}
> WARN: Invalid cookie header: "Set-Cookie: hadoop.auth=; Path=/; 
> Domain=127.0.0.1; Expires=Ara, 01-Sa-1970 00:00:00 GMT; HttpOnly". Invalid 
> 'expires' attribute: Ara, 01-Sa-1970 00:00:00 GMT
> {noformat}
> There are very likely many other places in the hadoop code base where the 
> default {{Locale}} is being unintentionally used when formatting 
> Dates/Numbers.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-15681) AuthenticationFilter should generate valid date format for Set-Cookie header regardless of default Locale

2020-12-01 Thread Kevin Risden (Jira)



[ 
https://issues.apache.org/jira/browse/HADOOP-15681?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17241558#comment-17241558
 ] 

Kevin Risden commented on HADOOP-15681:
---

HADOOP-14115 might be related/duplicate/resolved because of this ticket.

> AuthenticationFilter should generate valid date format for Set-Cookie header 
> regardless of default Locale
> -
>
> Key: HADOOP-15681
> URL: https://issues.apache.org/jira/browse/HADOOP-15681
> Project: Hadoop Common
>  Issue Type: Bug
>  Components: security
>Affects Versions: 3.2.0
>Reporter: Cao Manh Dat
>Assignee: Cao Manh Dat
>Priority: Minor
> Fix For: 3.3.0, 3.2.1, 3.1.3
>
> Attachments: HADOOP-15681.patch
>
>
> Hi guys,
> When I try to set up Hadoop Kerberos authentication for Solr (HTTP2), I met 
> this exception:
> {code}
> java.lang.IllegalArgumentException: null
>   at org.eclipse.jetty.http2.hpack.Huffman.octetsNeeded(Huffman.java:435) 
> ~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at org.eclipse.jetty.http2.hpack.Huffman.octetsNeeded(Huffman.java:409) 
> ~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.http2.hpack.HpackEncoder.encodeValue(HpackEncoder.java:368) 
> ~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:302) 
> ~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:179) 
> ~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.http2.generator.HeadersGenerator.generateHeaders(HeadersGenerator.java:72)
>  ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.http2.generator.HeadersGenerator.generate(HeadersGenerator.java:56)
>  ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.http2.generator.Generator.control(Generator.java:80) 
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.http2.HTTP2Session$ControlEntry.generate(HTTP2Session.java:1163)
>  ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:184) 
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
>  ~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:224) 
> ~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at org.eclipse.jetty.http2.HTTP2Session.frame(HTTP2Session.java:685) 
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at org.eclipse.jetty.http2.HTTP2Session.frames(HTTP2Session.java:657) 
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at org.eclipse.jetty.http2.HTTP2Stream.headers(HTTP2Stream.java:107) 
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.sendHeadersFrame(HttpTransportOverHTTP2.java:235)
>  ~[http2-server-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.send(HttpTransportOverHTTP2.java:134)
>  ~[http2-server-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:790) 
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at org.eclipse.jetty.server.HttpChannel.write(HttpChannel.java:846) 
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:240) 
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:216) 
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at org.eclipse.jetty.server.HttpOutput.close(HttpOutput.java:298) 
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at org.eclipse.jetty.server.HttpWriter.close(HttpWriter.java:49) 
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.server.ResponseWriter.close(ResponseWriter.java:163) 
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at org.eclipse.jetty.server.Response.closeOutput(Response.java:1038) 
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.server.handler.ErrorHandler.generateAcceptableResponse(ErrorHandler.java:178)
>  ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
>   at 
> org.eclipse.jetty.server.handler.ErrorHandler.doError(ErrorHandler.java:142) 
> ~[jetty-server-9.4.11.v2018

[jira] [Commented] (HADOOP-11219) Upgrade to netty 4

2020-08-07 Thread Kevin Risden (Jira)



[ 
https://issues.apache.org/jira/browse/HADOOP-11219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17173383#comment-17173383
 ] 

Kevin Risden commented on HADOOP-11219:
---

https://snyk.io/vuln/SNYK-JAVA-IONETTY-473694
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16869
https://github.com/netty/netty/issues/9571#issuecomment-552070089

There is at least one CVE affecting Netty <4 - Ironically this was published 
around the same week as [~weichiu]'s comment. 

> Upgrade to netty 4
> --
>
> Key: HADOOP-11219
> URL: https://issues.apache.org/jira/browse/HADOOP-11219
> Project: Hadoop Common
>  Issue Type: Improvement
>Reporter: Haohui Mai
>Assignee: Haohui Mai
>Priority: Major
>
> This is an umbrella jira to track the effort of upgrading to Netty 4.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Created] (HADOOP-16344) Make DurationInfo "public unstable"

2019-06-03 Thread Kevin Risden (JIRA)

Kevin Risden created HADOOP-16344:
-

 Summary: Make DurationInfo  "public unstable"
 Key: HADOOP-16344
 URL: https://issues.apache.org/jira/browse/HADOOP-16344
 Project: Hadoop Common
  Issue Type: Improvement
  Components: util
Reporter: Kevin Risden


HADOOP-16093 moved DurationInfo to hadoop-common org.apache.hadoop.util. It 
would be useful if DurationInfo was annotated as "public unstable".



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-18922) Race condition in ZKDelegationTokenSecretManager creating znode

[jira] [Commented] (HADOOP-18922) Race condition in ZKDelegationTokenSecretManager creating znode

[jira] [Updated] (HADOOP-18922) Race condition in ZKDelegationTokenSecretManager creating znode

[jira] [Created] (HADOOP-18922) Race condition in ZKDelegationTokenSecretManager creating znode

[jira] [Comment Edited] (HADOOP-17563) Update Bouncy Castle to 1.68

[jira] [Comment Edited] (HADOOP-17563) Update Bouncy Castle to 1.68

[jira] [Commented] (HADOOP-17563) Update Bouncy Castle to 1.68

[jira] [Commented] (HADOOP-14115) SimpleDateFormatter's are construted w/default Locale, causing malformed dates on some platforms

[jira] [Commented] (HADOOP-15681) AuthenticationFilter should generate valid date format for Set-Cookie header regardless of default Locale

[jira] [Commented] (HADOOP-11219) Upgrade to netty 4

[jira] [Created] (HADOOP-16344) Make DurationInfo "public unstable"

11 matches

Site Navigation

Mail list logo

Footer information