You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@bigtop.apache.org by GitBox <gi...@apache.org> on 2021/12/14 12:19:58 UTC
[GitHub] [bigtop] iwasakims opened a new pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.15.0.
iwasakims opened a new pull request #841:
URL: https://github.com/apache/bigtop/pull/841
https://issues.apache.org/jira/browse/BIGTOP-3615
HIVE-25795 upgraded log4j2 to 2.15.0 for CVE-2021-44228. We need the patch of HIVE-22278 too for Hive 3.1.2.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bigtop] iwasakims commented on pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.15.0.
Posted by GitBox <gi...@apache.org>.
iwasakims commented on pull request #841:
URL: https://github.com/apache/bigtop/pull/841#issuecomment-993620138
I will update the JIRA issue title and commit message on merging if we go with 2.16.0.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bigtop] iwasakims commented on pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.15.0.
Posted by GitBox <gi...@apache.org>.
iwasakims commented on pull request #841:
URL: https://github.com/apache/bigtop/pull/841#issuecomment-993610667
> Worth noting that log4j 2.16.0 is out - https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4
I added the patch9-log4j2-2.16.0.diff since I got no compilation issue on upgrading to 2.16.0 too.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bigtop] elukey commented on pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.15.0.
Posted by GitBox <gi...@apache.org>.
elukey commented on pull request #841:
URL: https://github.com/apache/bigtop/pull/841#issuecomment-993596031
Worth noting that log4j 2.16.0 is out - https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bigtop] elukey commented on pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.15.0.
Posted by GitBox <gi...@apache.org>.
elukey commented on pull request #841:
URL: https://github.com/apache/bigtop/pull/841#issuecomment-994577364
@iwasakims after https://lists.apache.org/thread/83y7dx5xvn3h5290q1twn16tltolv88f I think that 2.16.0 seems the best way forward, what do you think?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bigtop] iwasakims commented on pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.16.0.
Posted by GitBox <gi...@apache.org>.
iwasakims commented on pull request #841:
URL: https://github.com/apache/bigtop/pull/841#issuecomment-995359082
I merged this to master and branch-3.0. Thanks, @elukey.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bigtop] iwasakims commented on pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.15.0.
Posted by GitBox <gi...@apache.org>.
iwasakims commented on pull request #841:
URL: https://github.com/apache/bigtop/pull/841#issuecomment-993606831
> Not sure what is the process, but should we bump the version->release number for hive in bigtop.bom?
Sure. I incremented the release number. I got hive-3.1.2-2.el8.noarch.rpm instead of hive-3.1.2-1.el8.noarch.rpm for RPM.
```
$ ls -l output/hive/noarch/
total 279064
-rw-rw-r--. 1 centos centos 214940040 Dec 14 14:36 hive-3.1.2-2.el8.noarch.rpm
-rw-rw-r--. 1 centos centos 122288 Dec 14 14:36 hive-hbase-3.1.2-2.el8.noarch.rpm
-rw-rw-r--. 1 centos centos 509844 Dec 14 14:36 hive-hcatalog-3.1.2-2.el8.noarch.rpm
-rw-rw-r--. 1 centos centos 9440 Dec 14 14:36 hive-hcatalog-server-3.1.2-2.el8.noarch.rpm
-rw-rw-r--. 1 centos centos 67143160 Dec 14 14:36 hive-jdbc-3.1.2-2.el8.noarch.rpm
-rw-rw-r--. 1 centos centos 9504 Dec 14 14:36 hive-metastore-3.1.2-2.el8.noarch.rpm
-rw-rw-r--. 1 centos centos 9536 Dec 14 14:36 hive-server2-3.1.2-2.el8.noarch.rpm
-rw-rw-r--. 1 centos centos 2987088 Dec 14 14:36 hive-webhcat-3.1.2-2.el8.noarch.rpm
-rw-rw-r--. 1 centos centos 9388 Dec 14 14:36 hive-webhcat-server-3.1.2-2.el8.noarch.rpm
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bigtop] iwasakims commented on pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.15.0.
Posted by GitBox <gi...@apache.org>.
iwasakims commented on pull request #841:
URL: https://github.com/apache/bigtop/pull/841#issuecomment-993493676
```
$ rpm -q -l -p output/hive/noarch/hive-3.1.2-1.el8.noarch.rpm | grep 'log4j.*jar'
/usr/lib/hive/lib/log4j-1.2-api-2.15.0.jar
/usr/lib/hive/lib/log4j-api-2.15.0.jar
/usr/lib/hive/lib/log4j-core-2.15.0.jar
/usr/lib/hive/lib/log4j-slf4j-impl-2.15.0.jar
/usr/lib/hive/lib/log4j-web-2.15.0.jar
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bigtop] iwasakims edited a comment on pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.15.0.
Posted by GitBox <gi...@apache.org>.
iwasakims edited a comment on pull request #841:
URL: https://github.com/apache/bigtop/pull/841#issuecomment-993610667
> Worth noting that log4j 2.16.0 is out - https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4
I added the patch9-log4j2-2.16.0.diff since I got no compilation issue on upgrading to 2.16.0 too.
```
$ rpm -q -l -p output/hive/noarch/hive-3.1.2-2.el8.noarch.rpm | grep 'log4j.*jar'
/usr/lib/hive/lib/log4j-1.2-api-2.16.0.jar
/usr/lib/hive/lib/log4j-api-2.16.0.jar
/usr/lib/hive/lib/log4j-core-2.16.0.jar
/usr/lib/hive/lib/log4j-slf4j-impl-2.16.0.jar
/usr/lib/hive/lib/log4j-web-2.16.0.jar
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bigtop] elukey commented on pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.15.0.
Posted by GitBox <gi...@apache.org>.
elukey commented on pull request #841:
URL: https://github.com/apache/bigtop/pull/841#issuecomment-995006661
+1 tested on debian-11 x86 and verified:
```
$ dpkg -c output/hive/hive_3.1.2-2_all.deb | grep log4j-core
-rw-r--r-- root/root 1789526 2021-12-15 17:07 ./usr/lib/hive/lib/log4j-core-2.16.0.jar
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bigtop] iwasakims commented on pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.15.0.
Posted by GitBox <gi...@apache.org>.
iwasakims commented on pull request #841:
URL: https://github.com/apache/bigtop/pull/841#issuecomment-993491478
tested this on CentOS 8 container (x86_64):
```
$ cd provisioner/docker
$ ./docker-hadoop.sh \
--create 3 \
--image bigtop/puppet:trunk-centos-8 \
--memory 8g \
--repo file:///bigtop-home/output \
--disable-gpg-check \
--stack hdfs,yarn,mapreduce,hbase,hive \
--smoke-tests hive
...(snip)
:bigtop-tests:smoke-tests:hive:test (Thread[Execution worker for ':' Thread 4,5,main]) completed. Took 13.326 secs.
BUILD SUCCESSFUL in 48s
34 actionable tasks: 7 executed, 27 up-to-date
Stopped 1 worker daemon(s).
+ rm -rf buildSrc/build/test-results/binary
+ rm -rf /bigtop-home/.gradle
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bigtop] iwasakims merged pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.16.0.
Posted by GitBox <gi...@apache.org>.
iwasakims merged pull request #841:
URL: https://github.com/apache/bigtop/pull/841
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bigtop] iwasakims commented on pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.15.0.
Posted by GitBox <gi...@apache.org>.
iwasakims commented on pull request #841:
URL: https://github.com/apache/bigtop/pull/841#issuecomment-994604011
@elukey yeah. I got no issue on smoke-tests of hive even with log4j 2.16.0.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bigtop] elukey commented on pull request #841: BIGTOP-3615. Upgrade log4j2 of Hive 3.1.2 to 2.15.0.
Posted by GitBox <gi...@apache.org>.
elukey commented on pull request #841:
URL: https://github.com/apache/bigtop/pull/841#issuecomment-993589644
+1, built on debian-11 x86 and verified:
```
dpkg -c output/hive/hive_3.1.2-1_all.deb | grep log4j-core
-rw-r--r-- root/root 1789728 2021-12-14 14:04 ./usr/lib/hive/lib/log4j-core-2.15.0.jar
````
Not sure what is the process, but should we bump the version->release number for hive in bigtop.bom?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@bigtop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org