[jira] [Commented] (ZOOKEEPER-2693) DOS attack on wchp/wchc four letter words (4lw)

2017-03-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15893820#comment-15893820
 ] 

ASF GitHub Bot commented on ZOOKEEPER-2693:
---

Github user hanm commented on a diff in the pull request:

https://github.com/apache/zookeeper/pull/179#discussion_r104096586
  
--- Diff: src/java/test/org/apache/zookeeper/ZKTestCase.java ---
@@ -51,6 +51,12 @@ public void starting(FrameworkMethod method) {
 // accidentally attempting to start multiple admin servers on 
the
 // same port.
 System.setProperty("zookeeper.admin.enableServer", "false");
+// ZOOKEEPER-2693 disables all 4lw by default.
+// Here we enable the 4lw which ZooKeeper tests depends.
+System.setProperty("zookeeper.4lw.commands.whitelist",
+"ruok, envi, conf, stat, srvr, cons, dump," +
--- End diff --

Yeah I thought about this but I ended up keeping the current form to get 
more test coverage. 


> DOS attack on wchp/wchc four letter words (4lw)
> ---
>
> Key: ZOOKEEPER-2693
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
> Project: ZooKeeper
>  Issue Type: Bug
>  Components: security, server
>Affects Versions: 3.4.0, 3.5.1, 3.5.2
>Reporter: Patrick Hunt
>Assignee: Michael Han
>Priority: Blocker
> Fix For: 3.4.10, 3.5.3
>
> Attachments: ZOOKEEPER-2693-01.patch
>
>
> The wchp/wchc four letter words can be exploited in a DOS attack on the ZK 
> client port - typically 2181. The following POC attack was recently published 
> on the web:
> https://webcache.googleusercontent.com/search?q=cache:_CNGIz10PRYJ:https://www.exploit-db.com/exploits/41277/+=14=en=clnk=us
> The most straightforward way to block this attack is to not allow access to 
> the client port to non-trusted clients - i.e. firewall the ZooKeeper service 
> and only allow access to trusted applications using it for coordination.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[GitHub] zookeeper pull request #179: ZOOKEEPER-2693: DOS attack on wchp/wchc four le...

2017-03-02 Thread hanm 
Github user hanm commented on a diff in the pull request:

https://github.com/apache/zookeeper/pull/179#discussion_r104096586
  
--- Diff: src/java/test/org/apache/zookeeper/ZKTestCase.java ---
@@ -51,6 +51,12 @@ public void starting(FrameworkMethod method) {
 // accidentally attempting to start multiple admin servers on 
the
 // same port.
 System.setProperty("zookeeper.admin.enableServer", "false");
+// ZOOKEEPER-2693 disables all 4lw by default.
+// Here we enable the 4lw which ZooKeeper tests depends.
+System.setProperty("zookeeper.4lw.commands.whitelist",
+"ruok, envi, conf, stat, srvr, cons, dump," +
--- End diff --

Yeah I thought about this but I ended up keeping the current form to get 
more test coverage. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[jira] [Commented] (ZOOKEEPER-2693) DOS attack on wchp/wchc four letter words (4lw)

2017-03-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15893777#comment-15893777
 ] 

ASF GitHub Bot commented on ZOOKEEPER-2693:
---

Github user arshadmohammad commented on a diff in the pull request:

https://github.com/apache/zookeeper/pull/179#discussion_r104092982
  
--- Diff: 
src/java/test/org/apache/zookeeper/test/FourLetterWordsWhiteListTest.java ---
@@ -0,0 +1,151 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.zookeeper.test;
+
+import java.io.IOException;
+
+import org.apache.zookeeper.TestableZooKeeper;
+import org.apache.zookeeper.common.X509Exception.SSLContextException;
+
+import static 
org.apache.zookeeper.client.FourLetterWordMain.send4LetterWord;
+
+import org.apache.zookeeper.server.command.FourLetterCommands;
+import org.junit.Assert;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class FourLetterWordsWhiteListTest extends ClientBase {
--- End diff --

Now non-whitelist commands are processed in the same flow as the whitelist 
commands which are already tested and closing the connection.  it is ok to skip 
connection test


> DOS attack on wchp/wchc four letter words (4lw)
> ---
>
> Key: ZOOKEEPER-2693
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
> Project: ZooKeeper
>  Issue Type: Bug
>  Components: security, server
>Affects Versions: 3.4.0, 3.5.1, 3.5.2
>Reporter: Patrick Hunt
>Assignee: Michael Han
>Priority: Blocker
> Fix For: 3.4.10, 3.5.3
>
> Attachments: ZOOKEEPER-2693-01.patch
>
>
> The wchp/wchc four letter words can be exploited in a DOS attack on the ZK 
> client port - typically 2181. The following POC attack was recently published 
> on the web:
> https://webcache.googleusercontent.com/search?q=cache:_CNGIz10PRYJ:https://www.exploit-db.com/exploits/41277/+=14=en=clnk=us
> The most straightforward way to block this attack is to not allow access to 
> the client port to non-trusted clients - i.e. firewall the ZooKeeper service 
> and only allow access to trusted applications using it for coordination.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[GitHub] zookeeper pull request #179: ZOOKEEPER-2693: DOS attack on wchp/wchc four le...

2017-03-02 Thread arshadmohammad 
Github user arshadmohammad commented on a diff in the pull request:

https://github.com/apache/zookeeper/pull/179#discussion_r104092982
  
--- Diff: 
src/java/test/org/apache/zookeeper/test/FourLetterWordsWhiteListTest.java ---
@@ -0,0 +1,151 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.zookeeper.test;
+
+import java.io.IOException;
+
+import org.apache.zookeeper.TestableZooKeeper;
+import org.apache.zookeeper.common.X509Exception.SSLContextException;
+
+import static 
org.apache.zookeeper.client.FourLetterWordMain.send4LetterWord;
+
+import org.apache.zookeeper.server.command.FourLetterCommands;
+import org.junit.Assert;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class FourLetterWordsWhiteListTest extends ClientBase {
--- End diff --

Now non-whitelist commands are processed in the same flow as the whitelist 
commands which are already tested and closing the connection.  it is ok to skip 
connection test


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zookeeper pull request #179: ZOOKEEPER-2693: DOS attack on wchp/wchc four le...

2017-03-02 Thread arshadmohammad 
Github user arshadmohammad commented on a diff in the pull request:

https://github.com/apache/zookeeper/pull/179#discussion_r104092091
  
--- Diff: src/java/test/org/apache/zookeeper/ZKTestCase.java ---
@@ -51,6 +51,12 @@ public void starting(FrameworkMethod method) {
 // accidentally attempting to start multiple admin servers on 
the
 // same port.
 System.setProperty("zookeeper.admin.enableServer", "false");
+// ZOOKEEPER-2693 disables all 4lw by default.
+// Here we enable the 4lw which ZooKeeper tests depends.
+System.setProperty("zookeeper.4lw.commands.whitelist",
+"ruok, envi, conf, stat, srvr, cons, dump," +
--- End diff --

In test cases it is fine to enable all the commands, use 
zookeeper.4lw.commands.whitelist=* instead of list of commands


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[jira] [Commented] (ZOOKEEPER-2693) DOS attack on wchp/wchc four letter words (4lw)

2017-03-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15893770#comment-15893770
 ] 

ASF GitHub Bot commented on ZOOKEEPER-2693:
---

Github user arshadmohammad commented on a diff in the pull request:

https://github.com/apache/zookeeper/pull/179#discussion_r104092091
  
--- Diff: src/java/test/org/apache/zookeeper/ZKTestCase.java ---
@@ -51,6 +51,12 @@ public void starting(FrameworkMethod method) {
 // accidentally attempting to start multiple admin servers on 
the
 // same port.
 System.setProperty("zookeeper.admin.enableServer", "false");
+// ZOOKEEPER-2693 disables all 4lw by default.
+// Here we enable the 4lw which ZooKeeper tests depends.
+System.setProperty("zookeeper.4lw.commands.whitelist",
+"ruok, envi, conf, stat, srvr, cons, dump," +
--- End diff --

In test cases it is fine to enable all the commands, use 
zookeeper.4lw.commands.whitelist=* instead of list of commands


> DOS attack on wchp/wchc four letter words (4lw)
> ---
>
> Key: ZOOKEEPER-2693
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
> Project: ZooKeeper
>  Issue Type: Bug
>  Components: security, server
>Affects Versions: 3.4.0, 3.5.1, 3.5.2
>Reporter: Patrick Hunt
>Assignee: Michael Han
>Priority: Blocker
> Fix For: 3.4.10, 3.5.3
>
> Attachments: ZOOKEEPER-2693-01.patch
>
>
> The wchp/wchc four letter words can be exploited in a DOS attack on the ZK 
> client port - typically 2181. The following POC attack was recently published 
> on the web:
> https://webcache.googleusercontent.com/search?q=cache:_CNGIz10PRYJ:https://www.exploit-db.com/exploits/41277/+=14=en=clnk=us
> The most straightforward way to block this attack is to not allow access to 
> the client port to non-trusted clients - i.e. firewall the ZooKeeper service 
> and only allow access to trusted applications using it for coordination.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

ZooKeeper_branch34_jdk7 - Build # 1425 - Still Failing

2017-03-02 Thread Apache Jenkins Server 
See https://builds.apache.org/job/ZooKeeper_branch34_jdk7/1425/

###
## LAST 60 LINES OF THE CONSOLE 
###
[...truncated 30.68 MB...]
[junit] 2017-03-03 02:41:57,691 [myid:] - INFO  
[main:SessionTrackerImpl@225] - Shutting down
[junit] 2017-03-03 02:41:57,692 [myid:] - INFO  
[main:PrepRequestProcessor@764] - Shutting down
[junit] 2017-03-03 02:41:57,692 [myid:] - INFO  
[main:SyncRequestProcessor@208] - Shutting down
[junit] 2017-03-03 02:41:57,692 [myid:] - INFO  [ProcessThread(sid:0 
cport:11221)::PrepRequestProcessor@143] - PrepRequestProcessor exited loop!
[junit] 2017-03-03 02:41:57,693 [myid:] - INFO  
[SyncThread:0:SyncRequestProcessor@186] - SyncRequestProcessor exited!
[junit] 2017-03-03 02:41:57,693 [myid:] - INFO  
[main:FinalRequestProcessor@402] - shutdown of request processor complete
[junit] 2017-03-03 02:41:57,694 [myid:] - INFO  
[main:FourLetterWordMain@62] - connecting to 127.0.0.1 11221
[junit] 2017-03-03 02:41:57,694 [myid:] - INFO  [main:JMXEnv@147] - 
ensureOnly:[]
[junit] 2017-03-03 02:41:57,696 [myid:] - INFO  [main:ClientBase@445] - 
STARTING server
[junit] 2017-03-03 02:41:57,696 [myid:] - INFO  [main:ClientBase@366] - 
CREATING server instance 127.0.0.1:11221
[junit] 2017-03-03 02:41:57,697 [myid:] - INFO  
[main:NIOServerCnxnFactory@89] - binding to port 0.0.0.0/0.0.0.0:11221
[junit] 2017-03-03 02:41:57,697 [myid:] - INFO  [main:ClientBase@341] - 
STARTING server instance 127.0.0.1:11221
[junit] 2017-03-03 02:41:57,697 [myid:] - INFO  [main:ZooKeeperServer@173] 
- Created server with tickTime 3000 minSessionTimeout 6000 maxSessionTimeout 
6 datadir 
/home/jenkins/jenkins-slave/workspace/ZooKeeper_branch34_jdk7/build/test/tmp/test278028415663777518.junit.dir/version-2
 snapdir 
/home/jenkins/jenkins-slave/workspace/ZooKeeper_branch34_jdk7/build/test/tmp/test278028415663777518.junit.dir/version-2
[junit] 2017-03-03 02:41:57,702 [myid:] - ERROR [main:ZooKeeperServer@472] 
- ZKShutdownHandler is not registered, so ZooKeeper server won't take any 
action on ERROR or SHUTDOWN server state changes
[junit] 2017-03-03 02:41:57,702 [myid:] - INFO  
[main:FourLetterWordMain@62] - connecting to 127.0.0.1 11221
[junit] 2017-03-03 02:41:57,703 [myid:] - INFO  
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:11221:NIOServerCnxnFactory@192] - 
Accepted socket connection from /127.0.0.1:48934
[junit] 2017-03-03 02:41:57,703 [myid:] - INFO  
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:11221:NIOServerCnxn@838] - Processing 
stat command from /127.0.0.1:48934
[junit] 2017-03-03 02:41:57,704 [myid:] - INFO  
[Thread-4:NIOServerCnxn$StatCommand@674] - Stat command output
[junit] 2017-03-03 02:41:57,704 [myid:] - INFO  
[Thread-4:NIOServerCnxn@1019] - Closed socket connection for client 
/127.0.0.1:48934 (no session established for client)
[junit] 2017-03-03 02:41:57,705 [myid:] - INFO  [main:JMXEnv@230] - 
ensureParent:[InMemoryDataTree, StandaloneServer_port]
[junit] 2017-03-03 02:41:57,707 [myid:] - INFO  [main:JMXEnv@247] - 
expect:InMemoryDataTree
[junit] 2017-03-03 02:41:57,707 [myid:] - INFO  [main:JMXEnv@251] - 
found:InMemoryDataTree 
org.apache.ZooKeeperService:name0=StandaloneServer_port11221,name1=InMemoryDataTree
[junit] 2017-03-03 02:41:57,707 [myid:] - INFO  [main:JMXEnv@247] - 
expect:StandaloneServer_port
[junit] 2017-03-03 02:41:57,708 [myid:] - INFO  [main:JMXEnv@251] - 
found:StandaloneServer_port 
org.apache.ZooKeeperService:name0=StandaloneServer_port11221
[junit] 2017-03-03 02:41:57,708 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@58] - Memory used 35675
[junit] 2017-03-03 02:41:57,708 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@63] - Number of threads 20
[junit] 2017-03-03 02:41:57,709 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@78] - FINISHED TEST METHOD testQuota
[junit] 2017-03-03 02:41:57,709 [myid:] - INFO  [main:ClientBase@522] - 
tearDown starting
[junit] 2017-03-03 02:41:57,772 [myid:] - INFO  [main:ZooKeeper@684] - 
Session: 0x15a920b9718 closed
[junit] 2017-03-03 02:41:57,772 [myid:] - INFO  [main:ClientBase@492] - 
STOPPING server
[junit] 2017-03-03 02:41:57,772 [myid:] - INFO  
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:11221:NIOServerCnxnFactory@219] - 
NIOServerCnxn factory exited run method
[junit] 2017-03-03 02:41:57,772 [myid:] - INFO  
[main-EventThread:ClientCnxn$EventThread@519] - EventThread shut down for 
session: 0x15a920b9718
[junit] 2017-03-03 02:41:57,772 [myid:] - INFO  [main:ZooKeeperServer@505] 
- shutting down
[junit] 2017-03-03 02:41:57,773 [myid:] - ERROR [main:ZooKeeperServer@472] 
- ZKShutdownHandler is not registered, so ZooKeeper server won't take any 
action on ERROR or SHUTDOWN server state changes
[junit] 2017-03-03 02:41:57,773

ZooKeeper_branch34 - Build # 1854 - Still Failing

2017-03-02 Thread Apache Jenkins Server 
See https://builds.apache.org/job/ZooKeeper_branch34/1854/

###
## LAST 60 LINES OF THE CONSOLE 
###
[...truncated 3.62 KB...]
  collisions:0 txqueuelen:0 
  RX bytes:23056 (23.0 KB)  TX bytes:378616 (378.6 KB)

core file size  (blocks, -c) 0
data seg size   (kbytes, -d) unlimited
scheduling priority (-e) 0
file size   (blocks, -f) unlimited
pending signals (-i) 386178
max locked memory   (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files  (-n) 6
pipe size(512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority  (-r) 0
stack size  (kbytes, -s) 8192
cpu time   (seconds, -t) unlimited
max user processes  (-u) 10240
virtual memory  (kbytes, -v) unlimited
file locks  (-x) unlimited
6
/home/jenkins/tools/ant/latest/bin/ant clean
Exception in thread "main" java.lang.UnsupportedClassVersionError: 
org/apache/tools/ant/launch/Launcher : Unsupported major.minor version 52.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:800)
at 
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:482)
Exception in thread "main" java.lang.UnsupportedClassVersionError: 
org/apache/tools/ant/launch/Launcher : Unsupported major.minor version 52.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:800)
at 
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:482)
mv: cannot stat 'build/*.tar.gz': No such file or directory
mv: cannot stat 'build/*.jar': No such file or directory
mv: cannot stat 'build/test/findbugs': No such file or directory
mv: cannot stat 'build/docs/api': No such file or directory
Build Failed
Build step 'Execute shell' marked build as failure
Recording test results
ERROR: Step ?Publish JUnit test result report? failed: No test report files 
were found. Configuration error?
Email was triggered for: Failure - Any
Sending email for trigger: Failure - Any



###
## FAILED TESTS (if any) 
##
No tests ran.

[GitHub] zookeeper issue #179: ZOOKEEPER-2693: DOS attack on wchp/wchc four letter wo...

2017-03-02 Thread hanm 
Github user hanm commented on the issue:

https://github.com/apache/zookeeper/pull/179
  
Another stab to address comments from @arshadmohammad 
* Introduced 4lw.commands.whitelist=* as a convient configuration option to 
enable all 4lw, with new test.
* Remove dead code.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[jira] [Commented] (ZOOKEEPER-2693) DOS attack on wchp/wchc four letter words (4lw)

2017-03-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15893266#comment-15893266
 ] 

ASF GitHub Bot commented on ZOOKEEPER-2693:
---

Github user hanm commented on the issue:

https://github.com/apache/zookeeper/pull/179
  
Another stab to address comments from @arshadmohammad 
* Introduced 4lw.commands.whitelist=* as a convient configuration option to 
enable all 4lw, with new test.
* Remove dead code.


> DOS attack on wchp/wchc four letter words (4lw)
> ---
>
> Key: ZOOKEEPER-2693
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
> Project: ZooKeeper
>  Issue Type: Bug
>  Components: security, server
>Affects Versions: 3.4.0, 3.5.1, 3.5.2
>Reporter: Patrick Hunt
>Assignee: Michael Han
>Priority: Blocker
> Fix For: 3.4.10, 3.5.3
>
> Attachments: ZOOKEEPER-2693-01.patch
>
>
> The wchp/wchc four letter words can be exploited in a DOS attack on the ZK 
> client port - typically 2181. The following POC attack was recently published 
> on the web:
> https://webcache.googleusercontent.com/search?q=cache:_CNGIz10PRYJ:https://www.exploit-db.com/exploits/41277/+=14=en=clnk=us
> The most straightforward way to block this attack is to not allow access to 
> the client port to non-trusted clients - i.e. firewall the ZooKeeper service 
> and only allow access to trusted applications using it for coordination.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (ZOOKEEPER-2693) DOS attack on wchp/wchc four letter words (4lw)

2017-03-02 Thread Hadoop QA (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15893259#comment-15893259
 ] 

Hadoop QA commented on ZOOKEEPER-2693:
--

+1 overall.  GitHub Pull Request  Build
  

+1 @author.  The patch does not contain any @author tags.

+1 tests included.  The patch appears to include 5 new or modified tests.

+1 javadoc.  The javadoc tool did not generate any warning messages.

+1 javac.  The applied patch does not increase the total number of javac 
compiler warnings.

+1 findbugs.  The patch does not introduce any new Findbugs (version 3.0.1) 
warnings.

+1 release audit.  The applied patch does not increase the total number of 
release audit warnings.

+1 core tests.  The patch passed core unit tests.

+1 contrib tests.  The patch passed contrib unit tests.

Test results: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/373//testReport/
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/373//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/373//console

This message is automatically generated.

> DOS attack on wchp/wchc four letter words (4lw)
> ---
>
> Key: ZOOKEEPER-2693
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
> Project: ZooKeeper
>  Issue Type: Bug
>  Components: security, server
>Affects Versions: 3.4.0, 3.5.1, 3.5.2
>Reporter: Patrick Hunt
>Assignee: Michael Han
>Priority: Blocker
> Fix For: 3.4.10, 3.5.3
>
> Attachments: ZOOKEEPER-2693-01.patch
>
>
> The wchp/wchc four letter words can be exploited in a DOS attack on the ZK 
> client port - typically 2181. The following POC attack was recently published 
> on the web:
> https://webcache.googleusercontent.com/search?q=cache:_CNGIz10PRYJ:https://www.exploit-db.com/exploits/41277/+=14=en=clnk=us
> The most straightforward way to block this attack is to not allow access to 
> the client port to non-trusted clients - i.e. firewall the ZooKeeper service 
> and only allow access to trusted applications using it for coordination.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Success: ZOOKEEPER- PreCommit Build #373

2017-03-02 Thread Apache Jenkins Server 
Build: https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/373/

###
## LAST 60 LINES OF THE CONSOLE 
###
[...truncated 67.87 MB...]
 [exec] 
 [exec] +1 @author.  The patch does not contain any @author tags.
 [exec] 
 [exec] +1 tests included.  The patch appears to include 5 new or 
modified tests.
 [exec] 
 [exec] +1 javadoc.  The javadoc tool did not generate any warning 
messages.
 [exec] 
 [exec] +1 javac.  The applied patch does not increase the total number 
of javac compiler warnings.
 [exec] 
 [exec] +1 findbugs.  The patch does not introduce any new Findbugs 
(version 3.0.1) warnings.
 [exec] 
 [exec] +1 release audit.  The applied patch does not increase the 
total number of release audit warnings.
 [exec] 
 [exec] +1 core tests.  The patch passed core unit tests.
 [exec] 
 [exec] +1 contrib tests.  The patch passed contrib unit tests.
 [exec] 
 [exec] Test results: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/373//testReport/
 [exec] Findbugs warnings: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/373//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
 [exec] Console output: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/373//console
 [exec] 
 [exec] This message is automatically generated.
 [exec] 
 [exec] 
 [exec] 
==
 [exec] 
==
 [exec] Adding comment to Jira.
 [exec] 
==
 [exec] 
==
 [exec] 
 [exec] 
 [exec] Comment added.
 [exec] 41c772fc94b6bce4ffc6cac7fc59dc639a9f9af8 logged out
 [exec] 
 [exec] 
 [exec] 
==
 [exec] 
==
 [exec] Finished build.
 [exec] 
==
 [exec] 
==
 [exec] 
 [exec] 
 [exec] mv: 
'/home/jenkins/jenkins-slave/workspace/PreCommit-ZOOKEEPER-github-pr-build/patchprocess'
 and 
'/home/jenkins/jenkins-slave/workspace/PreCommit-ZOOKEEPER-github-pr-build/patchprocess'
 are the same file

BUILD SUCCESSFUL
Total time: 18 minutes 44 seconds
Archiving artifacts
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Recording test results
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
[description-setter] Description set: ZOOKEEPER-2693
Putting comment on the pull request
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Email was triggered for: Success
Sending email for trigger: Success
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7



###
## FAILED TESTS (if any) 
##
All tests passed

[jira] [Commented] (ZOOKEEPER-235) SSL Support for clients

2017-03-02 Thread Michael Han (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-235?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15893241#comment-15893241
 ] 

Michael Han commented on ZOOKEEPER-235:
---

bq. Is this still an issue, now that client-server ssl is now supported (over 
netty) in 3.5.1-alpha?

The work in ZOOKEEPER-2125 only covers Java client. The reason this JIRA still 
opens is because SSL support on C client is missing still, which is tracked by 
ZOOKEEPER-2122.

> SSL Support for clients
> ---
>
> Key: ZOOKEEPER-235
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-235
> Project: ZooKeeper
>  Issue Type: New Feature
>  Components: c client, java client, server
>Reporter: Benjamin Reed
>Priority: Minor
>
> ZooKeeper should be able to support SSL for ZooKeeper clients. As part of the 
> implementation we should also add an X509AuthenticationProvider so that 
> client side certifications can be used for authentication.
> The tricky part of the implementation will be integrating with the 
> non-blocking NIO calls that we use. There are various web pages that describe 
> how to do it.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

ZooKeeper-trunk - Build # 3297 - Still Failing

2017-03-02 Thread Apache Jenkins Server 
See https://builds.apache.org/job/ZooKeeper-trunk/3297/

###
## LAST 60 LINES OF THE CONSOLE 
###
[...truncated 3.72 KB...]
POSIX message queues (bytes, -q) 819200
real-time priority  (-r) 0
stack size  (kbytes, -s) 8192
cpu time   (seconds, -t) unlimited
max user processes  (-u) 10240
virtual memory  (kbytes, -v) unlimited
file locks  (-x) unlimited
6
/home/jenkins/tools/ant/latest/bin/ant clean
Exception in thread "main" java.lang.UnsupportedClassVersionError: 
org/apache/tools/ant/launch/Launcher : Unsupported major.minor version 52.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:800)
at 
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:482)
Exception in thread "main" java.lang.UnsupportedClassVersionError: 
org/apache/tools/ant/launch/Launcher : Unsupported major.minor version 52.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:800)
at 
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:482)
mv: cannot stat 'build/*.tar.gz': No such file or directory
mv: cannot stat 'build/*.jar': No such file or directory
mv: cannot stat 'build/test/findbugs': No such file or directory
mv: cannot stat 'build/docs/api': No such file or directory
Build Failed
Build step 'Execute shell' marked build as failure
[FINDBUGS] Skipping publisher since build result is FAILURE
[WARNINGS] Skipping publisher since build result is FAILURE
Archiving artifacts
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Recording fingerprints
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Recording test results
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
ERROR: Step ?Publish JUnit test result report? failed: No test report files 
were found. Configuration error?
Publishing Javadoc
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Email was triggered for: Failure - Any
Sending email for trigger: Failure - Any
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7



###
## FAILED TESTS (if any) 
##
No tests ran.

ZooKeeper_branch34_jdk8 - Build # 902 - Still Failing

2017-03-02 Thread Apache Jenkins Server 
See https://builds.apache.org/job/ZooKeeper_branch34_jdk8/902/

###
## LAST 60 LINES OF THE CONSOLE 
###
[...truncated 30.44 MB...]
[junit] 2017-03-02 22:57:44,502 [myid:] - INFO  
[main:SessionTrackerImpl@225] - Shutting down
[junit] 2017-03-02 22:57:44,502 [myid:] - INFO  
[main:PrepRequestProcessor@764] - Shutting down
[junit] 2017-03-02 22:57:44,502 [myid:] - INFO  
[main:SyncRequestProcessor@208] - Shutting down
[junit] 2017-03-02 22:57:44,503 [myid:] - INFO  [ProcessThread(sid:0 
cport:11221)::PrepRequestProcessor@143] - PrepRequestProcessor exited loop!
[junit] 2017-03-02 22:57:44,503 [myid:] - INFO  
[SyncThread:0:SyncRequestProcessor@186] - SyncRequestProcessor exited!
[junit] 2017-03-02 22:57:44,503 [myid:] - INFO  
[main:FinalRequestProcessor@402] - shutdown of request processor complete
[junit] 2017-03-02 22:57:44,504 [myid:] - INFO  
[main:FourLetterWordMain@62] - connecting to 127.0.0.1 11221
[junit] 2017-03-02 22:57:44,504 [myid:] - INFO  [main:JMXEnv@147] - 
ensureOnly:[]
[junit] 2017-03-02 22:57:44,506 [myid:] - INFO  [main:ClientBase@445] - 
STARTING server
[junit] 2017-03-02 22:57:44,506 [myid:] - INFO  [main:ClientBase@366] - 
CREATING server instance 127.0.0.1:11221
[junit] 2017-03-02 22:57:44,506 [myid:] - INFO  
[main:NIOServerCnxnFactory@89] - binding to port 0.0.0.0/0.0.0.0:11221
[junit] 2017-03-02 22:57:44,506 [myid:] - INFO  [main:ClientBase@341] - 
STARTING server instance 127.0.0.1:11221
[junit] 2017-03-02 22:57:44,507 [myid:] - INFO  [main:ZooKeeperServer@173] 
- Created server with tickTime 3000 minSessionTimeout 6000 maxSessionTimeout 
6 datadir 
/home/jenkins/jenkins-slave/workspace/ZooKeeper_branch34_jdk8/build/test/tmp/test3644001268917197807.junit.dir/version-2
 snapdir 
/home/jenkins/jenkins-slave/workspace/ZooKeeper_branch34_jdk8/build/test/tmp/test3644001268917197807.junit.dir/version-2
[junit] 2017-03-02 22:57:44,510 [myid:] - ERROR [main:ZooKeeperServer@472] 
- ZKShutdownHandler is not registered, so ZooKeeper server won't take any 
action on ERROR or SHUTDOWN server state changes
[junit] 2017-03-02 22:57:44,511 [myid:] - INFO  
[main:FourLetterWordMain@62] - connecting to 127.0.0.1 11221
[junit] 2017-03-02 22:57:44,511 [myid:] - INFO  
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:11221:NIOServerCnxnFactory@192] - 
Accepted socket connection from /127.0.0.1:49392
[junit] 2017-03-02 22:57:44,512 [myid:] - INFO  
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:11221:NIOServerCnxn@838] - Processing 
stat command from /127.0.0.1:49392
[junit] 2017-03-02 22:57:44,512 [myid:] - INFO  
[Thread-4:NIOServerCnxn$StatCommand@674] - Stat command output
[junit] 2017-03-02 22:57:44,512 [myid:] - INFO  
[Thread-4:NIOServerCnxn@1019] - Closed socket connection for client 
/127.0.0.1:49392 (no session established for client)
[junit] 2017-03-02 22:57:44,513 [myid:] - INFO  [main:JMXEnv@230] - 
ensureParent:[InMemoryDataTree, StandaloneServer_port]
[junit] 2017-03-02 22:57:44,514 [myid:] - INFO  [main:JMXEnv@247] - 
expect:InMemoryDataTree
[junit] 2017-03-02 22:57:44,515 [myid:] - INFO  [main:JMXEnv@251] - 
found:InMemoryDataTree 
org.apache.ZooKeeperService:name0=StandaloneServer_port11221,name1=InMemoryDataTree
[junit] 2017-03-02 22:57:44,515 [myid:] - INFO  [main:JMXEnv@247] - 
expect:StandaloneServer_port
[junit] 2017-03-02 22:57:44,515 [myid:] - INFO  [main:JMXEnv@251] - 
found:StandaloneServer_port 
org.apache.ZooKeeperService:name0=StandaloneServer_port11221
[junit] 2017-03-02 22:57:44,515 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@58] - Memory used 35519
[junit] 2017-03-02 22:57:44,515 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@63] - Number of threads 20
[junit] 2017-03-02 22:57:44,516 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@78] - FINISHED TEST METHOD testQuota
[junit] 2017-03-02 22:57:44,516 [myid:] - INFO  [main:ClientBase@522] - 
tearDown starting
[junit] 2017-03-02 22:57:44,587 [myid:] - INFO  [main:ZooKeeper@684] - 
Session: 0x15a913e4f8e closed
[junit] 2017-03-02 22:57:44,587 [myid:] - INFO  
[main-EventThread:ClientCnxn$EventThread@519] - EventThread shut down for 
session: 0x15a913e4f8e
[junit] 2017-03-02 22:57:44,587 [myid:] - INFO  [main:ClientBase@492] - 
STOPPING server
[junit] 2017-03-02 22:57:44,588 [myid:] - INFO  
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:11221:NIOServerCnxnFactory@219] - 
NIOServerCnxn factory exited run method
[junit] 2017-03-02 22:57:44,588 [myid:] - INFO  [main:ZooKeeperServer@505] 
- shutting down
[junit] 2017-03-02 22:57:44,588 [myid:] - ERROR [main:ZooKeeperServer@472] 
- ZKShutdownHandler is not registered, so ZooKeeper server won't take any 
action on ERROR or SHUTDOWN server state changes
[junit] 2017-03-02 22:57:44,588

[jira] [Commented] (ZOOKEEPER-2693) DOS attack on wchp/wchc four letter words (4lw)

2017-03-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15893100#comment-15893100
 ] 

ASF GitHub Bot commented on ZOOKEEPER-2693:
---

Github user hanm commented on the issue:

https://github.com/apache/zookeeper/pull/179
  
>>  Can we introduce some keyword to include all the commands?
Sounds reasonable. Will add 4lw.commands.whitelist=* as an option.


> DOS attack on wchp/wchc four letter words (4lw)
> ---
>
> Key: ZOOKEEPER-2693
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
> Project: ZooKeeper
>  Issue Type: Bug
>  Components: security, server
>Affects Versions: 3.4.0, 3.5.1, 3.5.2
>Reporter: Patrick Hunt
>Assignee: Michael Han
>Priority: Blocker
> Fix For: 3.4.10, 3.5.3
>
> Attachments: ZOOKEEPER-2693-01.patch
>
>
> The wchp/wchc four letter words can be exploited in a DOS attack on the ZK 
> client port - typically 2181. The following POC attack was recently published 
> on the web:
> https://webcache.googleusercontent.com/search?q=cache:_CNGIz10PRYJ:https://www.exploit-db.com/exploits/41277/+=14=en=clnk=us
> The most straightforward way to block this attack is to not allow access to 
> the client port to non-trusted clients - i.e. firewall the ZooKeeper service 
> and only allow access to trusted applications using it for coordination.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[GitHub] zookeeper issue #179: ZOOKEEPER-2693: DOS attack on wchp/wchc four letter wo...

2017-03-02 Thread hanm 
Github user hanm commented on the issue:

https://github.com/apache/zookeeper/pull/179
  
>>  Can we introduce some keyword to include all the commands?
Sounds reasonable. Will add 4lw.commands.whitelist=* as an option.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: Partial crash bug described in Redundancy Does Not Imply Fault Tolerance: Analysis of Distributed Storage Reactions to Single Errors and Corruptions (FAST17)

2017-03-02 Thread Andrew Purtell 
Excellent. I really appreciate you checking on this, Rakesh and Michael.
ZooKeeper did well in this evaluation and I wanted to make sure you were
aware of this finding, in case an improvement was needed.

On Thu, Mar 2, 2017 at 11:25 AM, Michael Han  wrote:

> The partial crash bug described in the paper looks the same case as what's
> fixed by ZOOKEEPER-2247. The root cause is the same for both cases (quorum
> threads were not shutdown).
>
> On Thu, Mar 2, 2017 at 7:45 AM, Rakesh Radhakrishnan 
> wrote:
>
> > Thanks a lot Andrew Purtell for pointing out this.
> >
> > I could see, https://issues.apache.org/jira/browse/ZOOKEEPER-2247 jira
> is
> > talking about similar case. Could you please go through this jira and let
> > me know your comments.
> >
> > It seems they have used ZooKeeper (v3.4.8) for preparing the report. This
> > bug is fixed and available only in the latest stable version 3.4.9.
> >
> > Thanks,
> > Rakesh
> >
> > On Thu, Mar 2, 2017 at 11:07 AM, Andrew Purtell  >
> > wrote:
> >
> > > Is there a JIRA open for the partial crash bug described in "Redundancy
> > > Does Not Imply Fault Tolerance: Analysis of Distributed Storage
> Reactions
> > > to Single Errors and Corruptions" Aishwarya Ganesan, Ramnatthan
> > Alagappan,
> > > Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau, University of
> > > Wisconsin—Madison. 15th USENIX Conference on File and Storage
> > Technologies
> > > (FAST ’17)?
> > >
> > > From
> > > https://www.usenix.org/system/files/conference/fast17/
> fast17-ganesan.pdf
> > >
> > >
> > > "Unfortunately, ZooKeeper does not recover from write errors to the
> > > transaction head and log tail. On write errors during log
> initialization,
> > > the error handling code tries to gracefully shutdown the node but kills
> > > only the transaction processing threads; the quorum thread remains
> alive
> > > (partial crash). Consequently, other nodes believe that the leader is
> > > healthy and do not elect a new leader. However, since the leader has
> > > partially crashed, it cannot propose any transactions, leading to an
> > > indefinite write unavailability."
> > >
> > >
> > >
> > >
> > > --
> > > Best regards,
> > > Andrew Purtell
> > > apurt...@salesforce.com
> > > apurt...@apache.org
> > >
> >
>
>
>
> --
> Cheers
> Michael.
>



-- 
Best regards,

   - Andy

If you are given a choice, you believe you have acted freely. - Raymond
Teller (via Peter Watts)

[jira] [Commented] (ZOOKEEPER-2693) DOS attack on wchp/wchc four letter words (4lw)

2017-03-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15892882#comment-15892882
 ] 

ASF GitHub Bot commented on ZOOKEEPER-2693:
---

Github user arshadmohammad commented on a diff in the pull request:

https://github.com/apache/zookeeper/pull/179#discussion_r104016184
  
--- Diff: 
src/java/main/org/apache/zookeeper/server/command/FourLetterCommands.java ---
@@ -18,10 +18,16 @@
 
 package org.apache.zookeeper.server.command;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.nio.ByteBuffer;
 import java.util.Collections;
--- End diff --

The import java.util.Collections is never used


> DOS attack on wchp/wchc four letter words (4lw)
> ---
>
> Key: ZOOKEEPER-2693
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
> Project: ZooKeeper
>  Issue Type: Bug
>  Components: security, server
>Affects Versions: 3.4.0, 3.5.1, 3.5.2
>Reporter: Patrick Hunt
>Assignee: Michael Han
>Priority: Blocker
> Fix For: 3.4.10, 3.5.3
>
> Attachments: ZOOKEEPER-2693-01.patch
>
>
> The wchp/wchc four letter words can be exploited in a DOS attack on the ZK 
> client port - typically 2181. The following POC attack was recently published 
> on the web:
> https://webcache.googleusercontent.com/search?q=cache:_CNGIz10PRYJ:https://www.exploit-db.com/exploits/41277/+=14=en=clnk=us
> The most straightforward way to block this attack is to not allow access to 
> the client port to non-trusted clients - i.e. firewall the ZooKeeper service 
> and only allow access to trusted applications using it for coordination.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[GitHub] zookeeper pull request #179: ZOOKEEPER-2693: DOS attack on wchp/wchc four le...

2017-03-02 Thread arshadmohammad 
Github user arshadmohammad commented on a diff in the pull request:

https://github.com/apache/zookeeper/pull/179#discussion_r104016184
  
--- Diff: 
src/java/main/org/apache/zookeeper/server/command/FourLetterCommands.java ---
@@ -18,10 +18,16 @@
 
 package org.apache.zookeeper.server.command;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.nio.ByteBuffer;
 import java.util.Collections;
--- End diff --

The import java.util.Collections is never used


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[jira] [Commented] (ZOOKEEPER-2693) DOS attack on wchp/wchc four letter words (4lw)

2017-03-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15892881#comment-15892881
 ] 

ASF GitHub Bot commented on ZOOKEEPER-2693:
---

Github user arshadmohammad commented on a diff in the pull request:

https://github.com/apache/zookeeper/pull/179#discussion_r104015988
  
--- Diff: 
src/java/test/org/apache/zookeeper/test/FourLetterWordsWhiteListTest.java ---
@@ -0,0 +1,163 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.zookeeper.test;
+
+import java.io.IOException;
+
+import org.apache.zookeeper.TestableZooKeeper;
+import org.apache.zookeeper.common.X509Exception.SSLContextException;
+
+import static 
org.apache.zookeeper.client.FourLetterWordMain.send4LetterWord;
+
+import org.apache.zookeeper.server.command.FourLetterCommands;
+import org.junit.Assert;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class FourLetterWordsWhiteListTest extends ClientBase {
+protected static final Logger LOG =
+LoggerFactory.getLogger(FourLetterWordsWhiteListTest.class);
+
+/*
+ * ZOOKEEPER-2693: test white list of four letter words.
+ * For 3.5.x default white list is empty. Verify that is
+ * the case (except 'stat' command which is enabled in ClientBase
+ * which other tests depend on.).
+ */
+@Test(timeout=3)
+public void testFourLetterWordsAllDisabledByDefault() throws Exception 
{
+stopServer();
+FourLetterCommands.resetWhiteList();
+System.setProperty("zookeeper.4lw.commands.whitelist", "stat");
+startServer();
+
+// Default white list for 3.5.x is empty, so all command should 
fail.
+verifyAllCommandsFail();
+
+TestableZooKeeper zk = createClient();
+String sid = getHexSessionId(zk.getSessionId());
--- End diff --

sid is not used


> DOS attack on wchp/wchc four letter words (4lw)
> ---
>
> Key: ZOOKEEPER-2693
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
> Project: ZooKeeper
>  Issue Type: Bug
>  Components: security, server
>Affects Versions: 3.4.0, 3.5.1, 3.5.2
>Reporter: Patrick Hunt
>Assignee: Michael Han
>Priority: Blocker
> Fix For: 3.4.10, 3.5.3
>
> Attachments: ZOOKEEPER-2693-01.patch
>
>
> The wchp/wchc four letter words can be exploited in a DOS attack on the ZK 
> client port - typically 2181. The following POC attack was recently published 
> on the web:
> https://webcache.googleusercontent.com/search?q=cache:_CNGIz10PRYJ:https://www.exploit-db.com/exploits/41277/+=14=en=clnk=us
> The most straightforward way to block this attack is to not allow access to 
> the client port to non-trusted clients - i.e. firewall the ZooKeeper service 
> and only allow access to trusted applications using it for coordination.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[GitHub] zookeeper pull request #179: ZOOKEEPER-2693: DOS attack on wchp/wchc four le...

2017-03-02 Thread arshadmohammad 
Github user arshadmohammad commented on a diff in the pull request:

https://github.com/apache/zookeeper/pull/179#discussion_r104015988
  
--- Diff: 
src/java/test/org/apache/zookeeper/test/FourLetterWordsWhiteListTest.java ---
@@ -0,0 +1,163 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.zookeeper.test;
+
+import java.io.IOException;
+
+import org.apache.zookeeper.TestableZooKeeper;
+import org.apache.zookeeper.common.X509Exception.SSLContextException;
+
+import static 
org.apache.zookeeper.client.FourLetterWordMain.send4LetterWord;
+
+import org.apache.zookeeper.server.command.FourLetterCommands;
+import org.junit.Assert;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class FourLetterWordsWhiteListTest extends ClientBase {
+protected static final Logger LOG =
+LoggerFactory.getLogger(FourLetterWordsWhiteListTest.class);
+
+/*
+ * ZOOKEEPER-2693: test white list of four letter words.
+ * For 3.5.x default white list is empty. Verify that is
+ * the case (except 'stat' command which is enabled in ClientBase
+ * which other tests depend on.).
+ */
+@Test(timeout=3)
+public void testFourLetterWordsAllDisabledByDefault() throws Exception 
{
+stopServer();
+FourLetterCommands.resetWhiteList();
+System.setProperty("zookeeper.4lw.commands.whitelist", "stat");
+startServer();
+
+// Default white list for 3.5.x is empty, so all command should 
fail.
+verifyAllCommandsFail();
+
+TestableZooKeeper zk = createClient();
+String sid = getHexSessionId(zk.getSessionId());
--- End diff --

sid is not used


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[jira] [Commented] (ZOOKEEPER-2693) DOS attack on wchp/wchc four letter words (4lw)

2017-03-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15892874#comment-15892874
 ] 

ASF GitHub Bot commented on ZOOKEEPER-2693:
---

Github user arshadmohammad commented on the issue:

https://github.com/apache/zookeeper/pull/179
  
Currently enabling all the 4lw commands is little inconvenient. We have to 
put all the commands one by one to enable all the commands. Given the fact that 
ZooKeeper is generally installed in private network within secure boundaries. 
Can we introduce some keyword to include all the commands? For example
4lw.commands.whitelist=all
or 
4lw.commands.whitelist=*



> DOS attack on wchp/wchc four letter words (4lw)
> ---
>
> Key: ZOOKEEPER-2693
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
> Project: ZooKeeper
>  Issue Type: Bug
>  Components: security, server
>Affects Versions: 3.4.0, 3.5.1, 3.5.2
>Reporter: Patrick Hunt
>Assignee: Michael Han
>Priority: Blocker
> Fix For: 3.4.10, 3.5.3
>
> Attachments: ZOOKEEPER-2693-01.patch
>
>
> The wchp/wchc four letter words can be exploited in a DOS attack on the ZK 
> client port - typically 2181. The following POC attack was recently published 
> on the web:
> https://webcache.googleusercontent.com/search?q=cache:_CNGIz10PRYJ:https://www.exploit-db.com/exploits/41277/+=14=en=clnk=us
> The most straightforward way to block this attack is to not allow access to 
> the client port to non-trusted clients - i.e. firewall the ZooKeeper service 
> and only allow access to trusted applications using it for coordination.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[GitHub] zookeeper issue #179: ZOOKEEPER-2693: DOS attack on wchp/wchc four letter wo...

2017-03-02 Thread arshadmohammad 
Github user arshadmohammad commented on the issue:

https://github.com/apache/zookeeper/pull/179
  
Currently enabling all the 4lw commands is little inconvenient. We have to 
put all the commands one by one to enable all the commands. Given the fact that 
ZooKeeper is generally installed in private network within secure boundaries. 
Can we introduce some keyword to include all the commands? For example
4lw.commands.whitelist=all
or 
4lw.commands.whitelist=*



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: Partial crash bug described in Redundancy Does Not Imply Fault Tolerance: Analysis of Distributed Storage Reactions to Single Errors and Corruptions (FAST17)

2017-03-02 Thread Michael Han 
The partial crash bug described in the paper looks the same case as what's
fixed by ZOOKEEPER-2247. The root cause is the same for both cases (quorum
threads were not shutdown).

On Thu, Mar 2, 2017 at 7:45 AM, Rakesh Radhakrishnan 
wrote:

> Thanks a lot Andrew Purtell for pointing out this.
>
> I could see, https://issues.apache.org/jira/browse/ZOOKEEPER-2247 jira is
> talking about similar case. Could you please go through this jira and let
> me know your comments.
>
> It seems they have used ZooKeeper (v3.4.8) for preparing the report. This
> bug is fixed and available only in the latest stable version 3.4.9.
>
> Thanks,
> Rakesh
>
> On Thu, Mar 2, 2017 at 11:07 AM, Andrew Purtell 
> wrote:
>
> > Is there a JIRA open for the partial crash bug described in "Redundancy
> > Does Not Imply Fault Tolerance: Analysis of Distributed Storage Reactions
> > to Single Errors and Corruptions" Aishwarya Ganesan, Ramnatthan
> Alagappan,
> > Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau, University of
> > Wisconsin—Madison. 15th USENIX Conference on File and Storage
> Technologies
> > (FAST ’17)?
> >
> > From
> > https://www.usenix.org/system/files/conference/fast17/fast17-ganesan.pdf
> >
> >
> > "Unfortunately, ZooKeeper does not recover from write errors to the
> > transaction head and log tail. On write errors during log initialization,
> > the error handling code tries to gracefully shutdown the node but kills
> > only the transaction processing threads; the quorum thread remains alive
> > (partial crash). Consequently, other nodes believe that the leader is
> > healthy and do not elect a new leader. However, since the leader has
> > partially crashed, it cannot propose any transactions, leading to an
> > indefinite write unavailability."
> >
> >
> >
> >
> > --
> > Best regards,
> > Andrew Purtell
> > apurt...@salesforce.com
> > apurt...@apache.org
> >
>



-- 
Cheers
Michael.

[jira] [Resolved] (ZOOKEEPER-2698) SSL support for server to server communication

2017-03-02 Thread Abraham Fine (JIRA) 

 [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abraham Fine resolved ZOOKEEPER-2698.
-
Resolution: Duplicate

> SSL support for server to server communication
> --
>
> Key: ZOOKEEPER-2698
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2698
> Project: ZooKeeper
>  Issue Type: New Feature
>Reporter: Abraham Fine
>Assignee: Abraham Fine
>




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (ZOOKEEPER-2703) [MASTER ISSUE] Create benchmark/stability tests

2017-03-02 Thread Jordan Zimmerman (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15892466#comment-15892466
 ] 

Jordan Zimmerman commented on ZOOKEEPER-2703:
-

Ideally - the benchmarks would be done against something that looks like a 
Production ensemble. Can Apache give us resources for this? Does anyone know 
other sources for 3 (or 5?) machines to run periodically as a test ensemble?

> [MASTER ISSUE] Create benchmark/stability tests
> ---
>
> Key: ZOOKEEPER-2703
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2703
> Project: ZooKeeper
>  Issue Type: Test
>  Components: java client, recipes, tests
>Reporter: Jordan Zimmerman
>
> It would be useful to have objective tests/benchmarks. These tests/benchmarks 
> can be used to validate future changes to ZooKeeper, compare against other 
> similar products (etcd/consul, etc.) or to help promote ZooKeeper. Possible 
> candidates include:
> * leader election tests/benchmarks
> * service discovery tests/benchmarks
> * distributed locks tests/benchmarks
> * ...
> Note: each test/benchmark should be a sub-task under this master task



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

ZOOKEEPER-1416

2017-03-02 Thread Jordan Zimmerman 
Hey Folks,

I'd like to see movement on ZOOKEEPER-1416. Michael Han has some issues (most 
of them I've addressed). This is a really great feature for ZooKeeper and will 
help the community. Also, there is a lot of support for it on 
https://issues.apache.org/jira/browse/ZOOKEEPER-1416 
. Can some other ZK 
committers chime in? Do we need to call a vote for it?

-Jordan

Re: Partial crash bug described in Redundancy Does Not Imply Fault Tolerance: Analysis of Distributed Storage Reactions to Single Errors and Corruptions (FAST17)

2017-03-02 Thread Rakesh Radhakrishnan 
Thanks a lot Andrew Purtell for pointing out this.

I could see, https://issues.apache.org/jira/browse/ZOOKEEPER-2247 jira is
talking about similar case. Could you please go through this jira and let
me know your comments.

It seems they have used ZooKeeper (v3.4.8) for preparing the report. This
bug is fixed and available only in the latest stable version 3.4.9.

Thanks,
Rakesh

On Thu, Mar 2, 2017 at 11:07 AM, Andrew Purtell 
wrote:

> Is there a JIRA open for the partial crash bug described in "Redundancy
> Does Not Imply Fault Tolerance: Analysis of Distributed Storage Reactions
> to Single Errors and Corruptions" Aishwarya Ganesan, Ramnatthan Alagappan,
> Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau, University of
> Wisconsin—Madison. 15th USENIX Conference on File and Storage Technologies
> (FAST ’17)?
>
> From
> https://www.usenix.org/system/files/conference/fast17/fast17-ganesan.pdf
>
>
> "Unfortunately, ZooKeeper does not recover from write errors to the
> transaction head and log tail. On write errors during log initialization,
> the error handling code tries to gracefully shutdown the node but kills
> only the transaction processing threads; the quorum thread remains alive
> (partial crash). Consequently, other nodes believe that the leader is
> healthy and do not elect a new leader. However, since the leader has
> partially crashed, it cannot propose any transactions, leading to an
> indefinite write unavailability."
>
>
>
>
> --
> Best regards,
> Andrew Purtell
> apurt...@salesforce.com
> apurt...@apache.org
>

Partial crash bug described in Redundancy Does Not Imply Fault Tolerance: Analysis of Distributed Storage Reactions to Single Errors and Corruptions (FAST17)

2017-03-02 Thread Andrew Purtell 
Is there a JIRA open for the partial crash bug described in "Redundancy
Does Not Imply Fault Tolerance: Analysis of Distributed Storage Reactions
to Single Errors and Corruptions" Aishwarya Ganesan, Ramnatthan Alagappan,
Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau, University of
Wisconsin—Madison. 15th USENIX Conference on File and Storage Technologies
(FAST ’17)?

From
https://www.usenix.org/system/files/conference/fast17/fast17-ganesan.pdf


"Unfortunately, ZooKeeper does not recover from write errors to the
transaction head and log tail. On write errors during log initialization,
the error handling code tries to gracefully shutdown the node but kills
only the transaction processing threads; the quorum thread remains alive
(partial crash). Consequently, other nodes believe that the leader is
healthy and do not elect a new leader. However, since the leader has
partially crashed, it cannot propose any transactions, leading to an
indefinite write unavailability."




-- 
Best regards,
Andrew Purtell
apurt...@salesforce.com
apurt...@apache.org

ZooKeeper_branch34_openjdk7 - Build # 1410 - Still Failing

2017-03-02 Thread Apache Jenkins Server 
See https://builds.apache.org/job/ZooKeeper_branch34_openjdk7/1410/

###
## LAST 60 LINES OF THE CONSOLE 
###
Started by timer
[EnvInject] - Loading node environment variables.
Building remotely on H22 (ubuntu) in workspace 
/home/jenkins/jenkins-slave/workspace/ZooKeeper_branch34_openjdk7
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url git://git.apache.org/zookeeper.git # timeout=10
Cleaning workspace
 > git rev-parse --verify HEAD # timeout=10
Resetting working tree
 > git reset --hard # timeout=10
 > git clean -fdx # timeout=10
Fetching upstream changes from git://git.apache.org/zookeeper.git
 > git --version # timeout=10
 > git fetch --tags --progress git://git.apache.org/zookeeper.git 
 > +refs/heads/*:refs/remotes/origin/*
 > git rev-parse refs/remotes/origin/branch-3.4^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/branch-3.4^{commit} # timeout=10
Checking out Revision b26eaf3492a43821f648d8a8f87d8ac3488f1cef 
(refs/remotes/origin/branch-3.4)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f b26eaf3492a43821f648d8a8f87d8ac3488f1cef
 > git rev-list b26eaf3492a43821f648d8a8f87d8ac3488f1cef # timeout=10
No emails were triggered.
[ZooKeeper_branch34_openjdk7] $ /home/jenkins/tools/ant/latest/bin/ant 
-Dtest.output=yes -Dtest.junit.threads=8 -Dtest.junit.output.format=xml 
-Djavac.target=1.7 clean test-core-java
Error: JAVA_HOME is not defined correctly.
  We cannot execute /usr/lib/jvm/java-7-openjdk-amd64//bin/java
Build step 'Invoke Ant' marked build as failure
Recording test results
ERROR: Step ?Publish JUnit test result report? failed: No test report files 
were found. Configuration error?
Email was triggered for: Failure - Any
Sending email for trigger: Failure - Any



###
## FAILED TESTS (if any) 
##
No tests ran.

ZooKeeper-trunk-jdk8 - Build # 960 - Still Failing

2017-03-02 Thread Apache Jenkins Server 
See https://builds.apache.org/job/ZooKeeper-trunk-jdk8/960/

###
## LAST 60 LINES OF THE CONSOLE 
###
[...truncated 63.78 MB...]
[junit] java.net.ConnectException: Connection refused
[junit] at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
[junit] at 
sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:717)
[junit] at 
org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:357)
[junit] at 
org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1214)
[junit] 2017-03-02 11:54:44,788 [myid:127.0.0.1:24810] - INFO  
[main-SendThread(127.0.0.1:24810):ClientCnxn$SendThread@1113] - Opening socket 
connection to server 127.0.0.1/127.0.0.1:24810. Will not attempt to 
authenticate using SASL (unknown error)
[junit] 2017-03-02 11:54:44,788 [myid:127.0.0.1:24810] - WARN  
[main-SendThread(127.0.0.1:24810):ClientCnxn$SendThread@1235] - Session 
0x102ba0e89c0 for server 127.0.0.1/127.0.0.1:24810, unexpected error, 
closing socket connection and attempting reconnect
[junit] java.net.ConnectException: Connection refused
[junit] at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
[junit] at 
sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:717)
[junit] at 
org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:357)
[junit] at 
org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1214)
[junit] 2017-03-02 11:54:44,861 [myid:] - INFO  
[SessionTracker:SessionTrackerImpl@158] - SessionTrackerImpl exited loop!
[junit] 2017-03-02 11:54:44,949 [myid:] - INFO  [ProcessThread(sid:0 
cport:24933)::PrepRequestProcessor@617] - Processed session termination for 
sessionid: 0x102ba11d43c
[junit] 2017-03-02 11:54:44,960 [myid:] - INFO  [main:ZooKeeper@1324] - 
Session: 0x102ba11d43c closed
[junit] 2017-03-02 11:54:44,960 [myid:] - INFO  
[SyncThread:0:MBeanRegistry@128] - Unregister MBean 
[org.apache.ZooKeeperService:name0=StandaloneServer_port24933,name1=Connections,name2=127.0.0.1,name3=0x102ba11d43c]
[junit] 2017-03-02 11:54:44,960 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@82] - Memory used 221726
[junit] 2017-03-02 11:54:44,961 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@87] - Number of threads 2428
[junit] 2017-03-02 11:54:44,961 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@102] - FINISHED TEST METHOD 
testWatcherAutoResetWithLocal
[junit] 2017-03-02 11:54:44,961 [myid:] - INFO  [main:ClientBase@558] - 
tearDown starting
[junit] 2017-03-02 11:54:44,961 [myid:] - INFO  [main:ClientBase@528] - 
STOPPING server
[junit] 2017-03-02 11:54:44,961 [myid:] - INFO  
[main:NettyServerCnxnFactory@464] - shutdown called 0.0.0.0/0.0.0.0:24933
[junit] 2017-03-02 11:54:44,960 [myid:] - INFO  
[main-EventThread:ClientCnxn$EventThread@513] - EventThread shut down for 
session: 0x102ba11d43c
[junit] 2017-03-02 11:54:44,969 [myid:] - INFO  [main:ZooKeeperServer@542] 
- shutting down
[junit] 2017-03-02 11:54:44,969 [myid:] - ERROR [main:ZooKeeperServer@506] 
- ZKShutdownHandler is not registered, so ZooKeeper server won't take any 
action on ERROR or SHUTDOWN server state changes
[junit] 2017-03-02 11:54:44,970 [myid:] - INFO  
[main:SessionTrackerImpl@232] - Shutting down
[junit] 2017-03-02 11:54:44,970 [myid:] - INFO  
[main:PrepRequestProcessor@1008] - Shutting down
[junit] 2017-03-02 11:54:44,970 [myid:] - INFO  
[main:SyncRequestProcessor@191] - Shutting down
[junit] 2017-03-02 11:54:44,970 [myid:] - INFO  
[SyncThread:0:SyncRequestProcessor@169] - SyncRequestProcessor exited!
[junit] 2017-03-02 11:54:44,970 [myid:] - INFO  [ProcessThread(sid:0 
cport:24933)::PrepRequestProcessor@157] - PrepRequestProcessor exited loop!
[junit] 2017-03-02 11:54:44,971 [myid:] - INFO  
[main:FinalRequestProcessor@481] - shutdown of request processor complete
[junit] 2017-03-02 11:54:44,977 [myid:] - INFO  [main:MBeanRegistry@128] - 
Unregister MBean 
[org.apache.ZooKeeperService:name0=StandaloneServer_port24933,name1=InMemoryDataTree]
[junit] 2017-03-02 11:54:44,977 [myid:] - INFO  [main:MBeanRegistry@128] - 
Unregister MBean [org.apache.ZooKeeperService:name0=StandaloneServer_port24933]
[junit] 2017-03-02 11:54:44,994 [myid:] - INFO  
[main:FourLetterWordMain@85] - connecting to 127.0.0.1 24933
[junit] 2017-03-02 11:54:44,994 [myid:] - INFO  [main:JMXEnv@146] - 
ensureOnly:[]
[junit] 2017-03-02 11:54:45,048 [myid:] - INFO  [main:ClientBase@583] - 
fdcount after test is: 7142 at start it was 7142
[junit] 2017-03-02 11:54:45,048 [myid:] - INFO  [main:ZKTestCase$1@65] - 
SUCCEEDED testWatcherAutoResetWithLocal
[junit] 2017-03-02 11:54:45,049 [myid:] - INFO

ZooKeeper_branch35_openjdk7 - Build # 435 - Still Failing

2017-03-02 Thread Apache Jenkins Server 
See https://builds.apache.org/job/ZooKeeper_branch35_openjdk7/435/

###
## LAST 60 LINES OF THE CONSOLE 
###
[...truncated 61.40 MB...]
[junit] at 
org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:315)
[junit] at 
org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
[junit] at 
org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
[junit] at 
org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
[junit] at 
org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
[junit] at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[junit] at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[junit] at java.lang.Thread.run(Thread.java:745)
[junit] 2017-03-02 10:07:42,291 [myid:] - INFO  
[SyncThread:0:MBeanRegistry@128] - Unregister MBean 
[org.apache.ZooKeeperService:name0=StandaloneServer_port24933,name1=Connections,name2=127.0.0.1,name3=0x102b98f70cd]
[junit] 2017-03-02 10:07:42,319 [myid:127.0.0.1:24816] - INFO  
[main-SendThread(127.0.0.1:24816):ClientCnxn$SendThread@1113] - Opening socket 
connection to server 127.0.0.1/127.0.0.1:24816. Will not attempt to 
authenticate using SASL (unknown error)
[junit] 2017-03-02 10:07:42,320 [myid:127.0.0.1:24816] - WARN  
[main-SendThread(127.0.0.1:24816):ClientCnxn$SendThread@1235] - Session 
0x302b98c1c36 for server 127.0.0.1/127.0.0.1:24816, unexpected error, 
closing socket connection and attempting reconnect
[junit] java.net.ConnectException: Connection refused
[junit] at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
[junit] at 
sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:739)
[junit] at 
org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:357)
[junit] at 
org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1214)
[junit] 2017-03-02 10:07:42,391 [myid:] - INFO  [main:ZooKeeper@1324] - 
Session: 0x102b98f70cd closed
[junit] 2017-03-02 10:07:42,392 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@82] - Memory used 213721
[junit] 2017-03-02 10:07:42,392 [myid:] - INFO  
[main-EventThread:ClientCnxn$EventThread@513] - EventThread shut down for 
session: 0x102b98f70cd
[junit] 2017-03-02 10:07:42,392 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@87] - Number of threads 2427
[junit] 2017-03-02 10:07:42,392 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@102] - FINISHED TEST METHOD 
testWatcherAutoResetWithLocal
[junit] 2017-03-02 10:07:42,393 [myid:] - INFO  [main:ClientBase@543] - 
tearDown starting
[junit] 2017-03-02 10:07:42,393 [myid:] - INFO  [main:ClientBase@513] - 
STOPPING server
[junit] 2017-03-02 10:07:42,393 [myid:] - INFO  
[main:NettyServerCnxnFactory@464] - shutdown called 0.0.0.0/0.0.0.0:24933
[junit] 2017-03-02 10:07:42,402 [myid:] - INFO  [main:ZooKeeperServer@541] 
- shutting down
[junit] 2017-03-02 10:07:42,402 [myid:] - ERROR [main:ZooKeeperServer@505] 
- ZKShutdownHandler is not registered, so ZooKeeper server won't take any 
action on ERROR or SHUTDOWN server state changes
[junit] 2017-03-02 10:07:42,402 [myid:] - INFO  
[main:SessionTrackerImpl@232] - Shutting down
[junit] 2017-03-02 10:07:42,402 [myid:] - INFO  
[main:PrepRequestProcessor@973] - Shutting down
[junit] 2017-03-02 10:07:42,403 [myid:] - INFO  
[main:SyncRequestProcessor@191] - Shutting down
[junit] 2017-03-02 10:07:42,403 [myid:] - INFO  [ProcessThread(sid:0 
cport:24933)::PrepRequestProcessor@154] - PrepRequestProcessor exited loop!
[junit] 2017-03-02 10:07:42,403 [myid:] - INFO  
[SyncThread:0:SyncRequestProcessor@169] - SyncRequestProcessor exited!
[junit] 2017-03-02 10:07:42,403 [myid:] - INFO  
[main:FinalRequestProcessor@479] - shutdown of request processor complete
[junit] 2017-03-02 10:07:42,404 [myid:] - INFO  [main:MBeanRegistry@128] - 
Unregister MBean 
[org.apache.ZooKeeperService:name0=StandaloneServer_port24933,name1=InMemoryDataTree]
[junit] 2017-03-02 10:07:42,404 [myid:] - INFO  [main:MBeanRegistry@128] - 
Unregister MBean [org.apache.ZooKeeperService:name0=StandaloneServer_port24933]
[junit] 2017-03-02 10:07:42,404 [myid:] - INFO  
[main:FourLetterWordMain@85] - connecting to 127.0.0.1 24933
[junit] 2017-03-02 10:07:42,405 [myid:] - INFO  [main:JMXEnv@146] - 
ensureOnly:[]
[junit] 2017-03-02 10:07:42,415 [myid:] - INFO  [main:ClientBase@568] - 
fdcount after test is: 7135 at start it was 7135
[junit] 2017-03-02 10:07:42,416 [myid:] - INFO  [main:ZKTestCase$1@65] - 
SUCCEEDED testWatcherAutoResetWithLocal
[junit] 2017-03-02

ZooKeeper_branch35_jdk7 - Build # 868 - Still Failing

2017-03-02 Thread Apache Jenkins Server 
See https://builds.apache.org/job/ZooKeeper_branch35_jdk7/868/

###
## LAST 60 LINES OF THE CONSOLE 
###
Started by timer
[EnvInject] - Loading node environment variables.
Building remotely on H15 (ubuntu) in workspace 
/home/jenkins/jenkins-slave/workspace/ZooKeeper_branch35_jdk7
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url git://git.apache.org/zookeeper.git # timeout=10
Cleaning workspace
 > git rev-parse --verify HEAD # timeout=10
Resetting working tree
 > git reset --hard # timeout=10
 > git clean -fdx # timeout=10
Fetching upstream changes from git://git.apache.org/zookeeper.git
 > git --version # timeout=10
 > git fetch --tags --progress git://git.apache.org/zookeeper.git 
 > +refs/heads/*:refs/remotes/origin/*
 > git rev-parse refs/remotes/origin/branch-3.5^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/branch-3.5^{commit} # timeout=10
Checking out Revision 1912fa8d63e6bbfdb5bb96bec85efa7c94e131e9 
(refs/remotes/origin/branch-3.5)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 1912fa8d63e6bbfdb5bb96bec85efa7c94e131e9
 > git rev-list 1912fa8d63e6bbfdb5bb96bec85efa7c94e131e9 # timeout=10
No emails were triggered.
[ZooKeeper_branch35_jdk7] $ /home/jenkins/tools/ant/latest/bin/ant 
-Dtest.output=yes -Dtest.junit.threads=8 -Dtest.junit.output.format=xml 
-Djavac.target=1.7 clean test-core-java
Exception in thread "main" java.lang.UnsupportedClassVersionError: 
org/apache/tools/ant/launch/Launcher : Unsupported major.minor version 52.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:800)
at 
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:482)
Build step 'Invoke Ant' marked build as failure
Recording test results
ERROR: Step ?Publish JUnit test result report? failed: No test report files 
were found. Configuration error?
Email was triggered for: Failure - Any
Sending email for trigger: Failure - Any



###
## FAILED TESTS (if any) 
##
No tests ran.