You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Bharat Viswanadham (JIRA)" <ji...@apache.org> on 2018/10/24 19:27:00 UTC
[jira] [Comment Edited] (HADOOP-15815) Upgrade Eclipse Jetty
version due to security concerns
[ https://issues.apache.org/jira/browse/HADOOP-15815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16662718#comment-16662718 ]
Bharat Viswanadham edited comment on HADOOP-15815 at 10/24/18 7:26 PM:
-----------------------------------------------------------------------
I also see the same issue when applying patch.
But when I have upgraded maven shaded plugin version to 3.1.0 this resolved this issue
https://issues.apache.org/jira/browse/MSHADE-258
This will happen when a jar has with a module descriptor. The Jira also mentioned the same issue when using jar with module descriptor (same asm jar)
This is happening exactly after asm jar. When I have checked the jar it has moduleinfo.class.
So, upgrading maven-shaded-plugin will resolve this issue. And coming to why we are seeing this issue with this patch because jetty 9.3.24.v20180605 depends on osm 6.0 jar which has moduleinfo.class, Whereas from 9.3.19 we get asm jar 5.0.1 which does not have moduleinfo.class.
{code:java}
HW13865:Downloads bviswanadham$ jar -tf asm-commons-6.0.jar | grep "module"
module-info.class
{code}
{code:java}
HW13865:Downloads bviswanadham$ jar -tf asm-commons-5.0.jar | grep "module"
HW13865:Downloads bviswanadham$
{code}
{code:java}
[INFO] +- org.apache.hadoop:hadoop-yarn-server-nodemanager:jar:3.3.0-SNAPSHOT:compile (optional)
[INFO] | +- org.eclipse.jetty.websocket:javax-websocket-server-impl:jar:9.3.24.v20180605:compile
[INFO] | | +- org.eclipse.jetty:jetty-annotations:jar:9.3.24.v20180605:compile
[INFO] | | | +- org.eclipse.jetty:jetty-plus:jar:9.3.24.v20180605:compile
[INFO] | | | | \- org.eclipse.jetty:jetty-jndi:jar:9.3.24.v20180605:compile
[INFO] | | | +- javax.annotation:javax.annotation-api:jar:1.2:compile
[INFO] | | | \- org.ow2.asm:asm-commons:jar:6.0:compile
[INFO] | | | \- org.ow2.asm:asm-tree:jar:6.0:compile{code}
{code:java}
[INFO] +- org.apache.hadoop:hadoop-yarn-server-nodemanager:jar:3.3.0-SNAPSHOT:compile (optional)
[INFO] | +- org.eclipse.jetty.websocket:javax-websocket-server-impl:jar:9.3.19.v20170502:compile
[INFO] | | +- org.eclipse.jetty:jetty-annotations:jar:9.3.19.v20170502:compile
[INFO] | | | +- org.eclipse.jetty:jetty-plus:jar:9.3.19.v20170502:compile
[INFO] | | | | \- org.eclipse.jetty:jetty-jndi:jar:9.3.19.v20170502:compile
[INFO] | | | +- javax.annotation:javax.annotation-api:jar:1.2:compile
[INFO] | | | \- org.ow2.asm:asm-commons:jar:5.0.1:compile
[INFO] | | | \- org.ow2.asm:asm-tree:jar:5.0.1:compile{code}
So, I think to resolve this we upgrade to latest maven-shaded-plugin like 3.1.0 which can resolve this issue.
{code:java}
[DEBUG] Processing JAR /Users/bviswanadham/.m2/repository/org/ow2/asm/asm-commons/6.0/asm-commons-6.0.jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:27 min
[INFO] Finished at: 2018-10-24T12:10:58-07:00
[INFO] Final Memory: 51M/1642M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-shade-plugin:2.4.3:shade (default) on project hadoop-client-minicluster: Error creating shaded jar: null: IllegalArgumentException -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-shade-plugin:2.4.3:shade (default) on project hadoop-client-minicluster: Error creating shaded jar: null
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:213)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:154)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:146)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:309)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:194)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:107)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:993)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:345)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:191)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: org.apache.maven.plugin.MojoExecutionException: Error creating shaded jar: null
at org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:540)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208)
... 20 more
Caused by: java.lang.IllegalArgumentException
at org.objectweb.asm.ClassReader.<init>(Unknown Source)
at org.objectweb.asm.ClassReader.<init>(Unknown Source)
at org.objectweb.asm.ClassReader.<init>(Unknown Source)
at org.apache.maven.plugins.shade.DefaultShader.addRemappedClass(DefaultShader.java:415)
at org.apache.maven.plugins.shade.DefaultShader.shadeSingleJar(DefaultShader.java:219)
at org.apache.maven.plugins.shade.DefaultShader.shadeJars(DefaultShader.java:179)
at org.apache.maven.plugins.shade.DefaultShader.shade(DefaultShader.java:104)
at org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:454){code}
was (Author: bharatviswa):
I also see the same issue when applying patch.
But when I have upgraded maven shaded plugin version to 3.1.0 this resolved this issue
https://issues.apache.org/jira/browse/MSHADE-258
This will happen when a jar has with a module descriptor. The Jira
This is happening exactly after asm jar. When I have checked the jar it has moduleinfo.class
{code:java}
HW13865:Downloads bviswanadham$ jar -tf asm-commons-6.0.jar | grep "module"
module-info.class
{code}
So, upgrading maven-shaded-plugin will resolve this issue. And we are seeing this issue with this patch because jetty 9.3.24.v20180605 depends on osm 6.0 jar which has moduleinfo.class, Where as from 9.3.19 we get asm jar 5.0.1 which does not have moduleinfo.class.
{code:java}
[INFO] +- org.apache.hadoop:hadoop-yarn-server-nodemanager:jar:3.3.0-SNAPSHOT:compile (optional)
[INFO] | +- org.eclipse.jetty.websocket:javax-websocket-server-impl:jar:9.3.24.v20180605:compile
[INFO] | | +- org.eclipse.jetty:jetty-annotations:jar:9.3.24.v20180605:compile
[INFO] | | | +- org.eclipse.jetty:jetty-plus:jar:9.3.24.v20180605:compile
[INFO] | | | | \- org.eclipse.jetty:jetty-jndi:jar:9.3.24.v20180605:compile
[INFO] | | | +- javax.annotation:javax.annotation-api:jar:1.2:compile
[INFO] | | | \- org.ow2.asm:asm-commons:jar:6.0:compile
[INFO] | | | \- org.ow2.asm:asm-tree:jar:6.0:compile{code}
{code:java}
[INFO] +- org.apache.hadoop:hadoop-yarn-server-nodemanager:jar:3.3.0-SNAPSHOT:compile (optional)
[INFO] | +- org.eclipse.jetty.websocket:javax-websocket-server-impl:jar:9.3.19.v20170502:compile
[INFO] | | +- org.eclipse.jetty:jetty-annotations:jar:9.3.19.v20170502:compile
[INFO] | | | +- org.eclipse.jetty:jetty-plus:jar:9.3.19.v20170502:compile
[INFO] | | | | \- org.eclipse.jetty:jetty-jndi:jar:9.3.19.v20170502:compile
[INFO] | | | +- javax.annotation:javax.annotation-api:jar:1.2:compile
[INFO] | | | \- org.ow2.asm:asm-commons:jar:5.0.1:compile
[INFO] | | | \- org.ow2.asm:asm-tree:jar:5.0.1:compile{code}
So, I think to resolve this we upgrade to latest maven-shaded-plugin like 3.1.0 which can resolve this issue.
{code:java}
[DEBUG] Processing JAR /Users/bviswanadham/.m2/repository/org/ow2/asm/asm-commons/6.0/asm-commons-6.0.jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:27 min
[INFO] Finished at: 2018-10-24T12:10:58-07:00
[INFO] Final Memory: 51M/1642M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-shade-plugin:2.4.3:shade (default) on project hadoop-client-minicluster: Error creating shaded jar: null: IllegalArgumentException -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-shade-plugin:2.4.3:shade (default) on project hadoop-client-minicluster: Error creating shaded jar: null
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:213)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:154)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:146)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:309)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:194)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:107)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:993)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:345)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:191)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: org.apache.maven.plugin.MojoExecutionException: Error creating shaded jar: null
at org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:540)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208)
... 20 more
Caused by: java.lang.IllegalArgumentException
at org.objectweb.asm.ClassReader.<init>(Unknown Source)
at org.objectweb.asm.ClassReader.<init>(Unknown Source)
at org.objectweb.asm.ClassReader.<init>(Unknown Source)
at org.apache.maven.plugins.shade.DefaultShader.addRemappedClass(DefaultShader.java:415)
at org.apache.maven.plugins.shade.DefaultShader.shadeSingleJar(DefaultShader.java:219)
at org.apache.maven.plugins.shade.DefaultShader.shadeJars(DefaultShader.java:179)
at org.apache.maven.plugins.shade.DefaultShader.shade(DefaultShader.java:104)
at org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:454){code}
> Upgrade Eclipse Jetty version due to security concerns
> ------------------------------------------------------
>
> Key: HADOOP-15815
> URL: https://issues.apache.org/jira/browse/HADOOP-15815
> Project: Hadoop Common
> Issue Type: Task
> Affects Versions: 3.1.1, 3.0.3
> Reporter: Boris Vulikh
> Assignee: Boris Vulikh
> Priority: Major
> Attachments: HADOOP-15815.01-2.patch
>
>
> * [CVE-2017-7657|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7657]
> * [CVE-2017-7658|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7658]
> * [CVE-2017-7656|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7656]
> * [CVE-2018-12536|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12536]
> We should upgrade the dependency to version 9.3.24 or the latest, if possible.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org