Skip to content

HADOOP-18484. Upgrade hsqldb to v2.7.1 to mitigate CVE-2022-41853 #5102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 4, 2022
Merged

HADOOP-18484. Upgrade hsqldb to v2.7.1 to mitigate CVE-2022-41853 #5102

merged 2 commits into from
Nov 4, 2022

Conversation

@hotcodemacha
Copy link
Contributor

Description of PR

Upgrade hsqldb to v2.7.1 to mitigate CVE-2022-41853

Cherry-picked e62ba16 for branch-3.2

How was this patch tested?

For code changes:

  • Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
  • Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
  • If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

@hotcodemacha
Copy link
Contributor Author

@adoroszlai please help in reviewing the follow-up PR for branch-3.2

@hadoop-yetus
Copy link

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 9m 48s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 1s codespell was not available.
+0 🆗 detsecrets 0m 1s detect-secrets was not available.
+0 🆗 xmllint 0m 1s xmllint was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
-1 ❌ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ branch-3.2 Compile Tests _
+0 🆗 mvndep 5m 5s Maven dependency ordering for branch
+1 💚 mvninstall 28m 19s branch-3.2 passed
+1 💚 compile 17m 5s branch-3.2 passed
+1 💚 mvnsite 6m 33s branch-3.2 passed
+1 💚 javadoc 5m 15s branch-3.2 passed
+1 💚 shadedclient 76m 59s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+0 🆗 mvndep 0m 34s Maven dependency ordering for patch
+1 💚 mvninstall 4m 45s the patch passed
+1 💚 compile 15m 52s the patch passed
+1 💚 javac 15m 52s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 mvnsite 5m 57s the patch passed
+1 💚 javadoc 5m 23s the patch passed
+1 💚 shadedclient 27m 31s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 unit 0m 51s hadoop-project in the patch passed.
+1 💚 unit 3m 6s hadoop-yarn-server-common in the patch passed.
+1 💚 unit 125m 14s hadoop-mapreduce-client-jobclient in the patch passed.
+1 💚 unit 1m 24s hadoop-mapreduce-examples in the patch passed.
-1 ❌ unit 155m 38s /patch-unit-hadoop-mapreduce-project.txt hadoop-mapreduce-project in the patch passed.
-1 ❌ asflicense 1m 23s /results-asflicense.txt The patch generated 1 ASF License warnings.
425m 22s
Reason Tests
Failed junit tests hadoop.mapred.uploader.TestFrameworkUploader
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5102/1/artifact/out/Dockerfile
GITHUB PR #5102
Optional Tests dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname Linux 30103e6b47d5 4.15.0-191-generic #202-Ubuntu SMP Thu Aug 4 01:49:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision branch-3.2 / 318bccf
Default Java Private Build-1.8.0_342-8u342-b07-0ubuntu1~18.04-b07
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5102/1/testReport/
Max. process+thread count 1557 (vs. ulimit of 5500)
modules C: hadoop-project hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-jobclient hadoop-mapreduce-project/hadoop-mapreduce-examples hadoop-mapreduce-project U: .
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5102/1/console
versions git=2.17.1 maven=3.6.0
Powered by Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

@slfan1989
Copy link
Contributor

LGTM

@hadoop-yetus
Copy link

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 8m 27s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+0 🆗 xmllint 0m 0s xmllint was not available.
+1 💚 @author 0m 1s The patch does not contain any @author tags.
-1 ❌ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ branch-3.2 Compile Tests _
+0 🆗 mvndep 5m 9s Maven dependency ordering for branch
+1 💚 mvninstall 26m 37s branch-3.2 passed
+1 💚 compile 16m 4s branch-3.2 passed
+1 💚 mvnsite 6m 37s branch-3.2 passed
+1 💚 javadoc 5m 41s branch-3.2 passed
+1 💚 shadedclient 74m 43s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+0 🆗 mvndep 0m 33s Maven dependency ordering for patch
+1 💚 mvninstall 4m 28s the patch passed
+1 💚 compile 15m 7s the patch passed
+1 💚 javac 15m 7s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 mvnsite 5m 54s the patch passed
+1 💚 javadoc 5m 20s the patch passed
+1 💚 shadedclient 27m 33s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 unit 0m 48s hadoop-project in the patch passed.
+1 💚 unit 3m 13s hadoop-yarn-server-common in the patch passed.
+1 💚 unit 125m 1s hadoop-mapreduce-client-jobclient in the patch passed.
+1 💚 unit 1m 23s hadoop-mapreduce-examples in the patch passed.
-1 ❌ unit 151m 19s /patch-unit-hadoop-mapreduce-project.txt hadoop-mapreduce-project in the patch passed.
-1 ❌ asflicense 1m 39s /results-asflicense.txt The patch generated 1 ASF License warnings.
416m 12s
Reason Tests
Failed junit tests hadoop.mapred.uploader.TestFrameworkUploader
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5102/2/artifact/out/Dockerfile
GITHUB PR #5102
Optional Tests dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname Linux af673652587f 4.15.0-191-generic #202-Ubuntu SMP Thu Aug 4 01:49:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision branch-3.2 / 382d4cc
Default Java Private Build-1.8.0_342-8u342-b07-0ubuntu1~18.04-b07
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5102/2/testReport/
Max. process+thread count 1613 (vs. ulimit of 5500)
modules C: hadoop-project hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-jobclient hadoop-mapreduce-project/hadoop-mapreduce-examples hadoop-mapreduce-project U: .
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5102/2/console
versions git=2.17.1 maven=3.6.0
Powered by Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

@adoroszlai
Copy link
Contributor

adoroszlai commented Nov 4, 2022
edited
Loading

asflicense warning about jobTokenPassword seems wrong, it's an artifact of test runs. Exclusion was added as part of HADOOP-17125 (#2297 (comment)), but not for this branch.

The only test failure seems unrelated. Cannot delete file during post-test cleanup because the file does not exists:

[INFO] Running org.apache.hadoop.mapred.uploader.TestFrameworkUploader
[ERROR] Tests run: 14, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 7.223 s <<< FAILURE! - in org.apache.hadoop.mapred.uploader.TestFrameworkUploader
[ERROR] testNativeIO(org.apache.hadoop.mapred.uploader.TestFrameworkUploader)  Time elapsed: 0.025 s  <<< ERROR!
org.apache.commons.io.IOExceptionList: 1 exceptions: [java.io.IOException: Unable to delete file: /home/jenkins/jenkins-agent/workspace/hadoop-multibranch_PR-5102/src/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-uploader/target/test-dir/-4315256932731632160/symlinkToTarget.txt]
	at org.apache.commons.io.FileUtils.cleanDirectory(FileUtils.java:345)
	at org.apache.commons.io.FileUtils.deleteDirectory(FileUtils.java:1206)
	at org.apache.hadoop.mapred.uploader.TestFrameworkUploader.testNativeIO(TestFrameworkUploader.java:476)
...
Caused by: java.nio.file.NoSuchFileException: /home/jenkins/jenkins-agent/workspace/hadoop-multibranch_PR-5102/src/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-uploader/target/test-dir/-4315256932731632160/symlinkToTarget.txt

@hotcodemacha
Copy link
Contributor Author

Thanks @adoroszlai for validating

@adoroszlai adoroszlai merged commit f20e043 into apache:branch-3.2 Nov 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adoroszlai adoroszlai adoroszlai approved these changes

@slfan1989 slfan1989 slfan1989 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hotcodemacha @hadoop-yetus @slfan1989 @adoroszlai