You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@tez.apache.org by GitBox <gi...@apache.org> on 2022/06/21 05:45:12 UTC
[GitHub] [tez] amanraj2520 opened a new pull request, #227: [TEZ-4426][CVE-2018-1000620] Upgrade cryptiles from 2.0.5 to 4.1.2
amanraj2520 opened a new pull request, #227:
URL: https://github.com/apache/tez/pull/227
[TEZ-4426][CVE-2018-1000620] Upgrade cryptiles from 2.0.5 to 4.1.2 to fix the vulnerability.
Link to JIRA : https://issues.apache.org/jira/browse/TEZ-4426
Link to parent JIRA : https://issues.apache.org/jira/browse/TEZ-4419
RFC documentation : https://github.com/yarnpkg/rfcs/blob/master/implemented/0000-selective-versions-resolutions.md
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] abstractdog commented on pull request #227: [TEZ-4426][CVE-2018-1000620] Upgrade cryptiles from 2.0.5 to 4.1.2
Posted by GitBox <gi...@apache.org>.
abstractdog commented on PR #227:
URL: https://github.com/apache/tez/pull/227#issuecomment-1161376818
with addendum patch nodejs was properly downloaded, module was successfully built, +1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] abstractdog merged pull request #227: [TEZ-4426][CVE-2018-1000620] Upgrade cryptiles from 2.0.5 to 4.1.2
Posted by GitBox <gi...@apache.org>.
abstractdog merged PR #227:
URL: https://github.com/apache/tez/pull/227
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] tez-yetus commented on pull request #227: [TEZ-4426][CVE-2018-1000620] Upgrade cryptiles from 2.0.5 to 4.1.2
Posted by GitBox <gi...@apache.org>.
tez-yetus commented on PR #227:
URL: https://github.com/apache/tez/pull/227#issuecomment-1161301272
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 14m 36s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
||| _ master Compile Tests _ |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
||| _ Other Tests _ |
| +1 :green_heart: | asflicense | 1m 0s | The patch does not generate ASF License warnings. |
| | | 16m 17s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-227/1/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/tez/pull/227 |
| Optional Tests | dupname asflicense |
| uname | Linux 83cda3c308ad 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/tez.sh |
| git revision | master / 5f181ea32 |
| Max. process+thread count | 51 (vs. ulimit of 5500) |
| modules | C: tez-ui U: tez-ui |
| Console output | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-227/1/console |
| versions | git=2.25.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] tez-yetus commented on pull request #227: [TEZ-4426][CVE-2018-1000620] Upgrade cryptiles from 2.0.5 to 4.1.2
Posted by GitBox <gi...@apache.org>.
tez-yetus commented on PR #227:
URL: https://github.com/apache/tez/pull/227#issuecomment-1161322164
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 35s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
| -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. |
||| _ master Compile Tests _ |
| +1 :green_heart: | mvninstall | 16m 48s | master passed |
| +1 :green_heart: | compile | 1m 13s | master passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | compile | 1m 6s | master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | javadoc | 0m 59s | master passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javadoc | 0m 35s | master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 1m 31s | the patch passed |
| +1 :green_heart: | compile | 1m 6s | the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javac | 1m 5s | the patch passed |
| +1 :green_heart: | compile | 1m 7s | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | javac | 1m 7s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | xml | 0m 1s | The patch has no ill-formed XML file. |
| +1 :green_heart: | javadoc | 0m 35s | the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javadoc | 0m 33s | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 2m 8s | tez-ui in the patch passed. |
| +1 :green_heart: | asflicense | 0m 45s | The patch does not generate ASF License warnings. |
| | | 30m 15s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-227/2/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/tez/pull/227 |
| Optional Tests | dupname asflicense javac javadoc unit xml compile |
| uname | Linux ac6de03894a2 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/tez.sh |
| git revision | master / 5f181ea32 |
| Default Java | Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Test Results | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-227/2/testReport/ |
| Max. process+thread count | 95 (vs. ulimit of 5500) |
| modules | C: tez-ui U: tez-ui |
| Console output | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-227/2/console |
| versions | git=2.25.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] amanraj2520 commented on pull request #227: [TEZ-4426][CVE-2018-1000620] Upgrade cryptiles from 2.0.5 to 4.1.2
Posted by GitBox <gi...@apache.org>.
amanraj2520 commented on PR #227:
URL: https://github.com/apache/tez/pull/227#issuecomment-1161315636
The version of node that cryptiles 4.1.2 needs is >= 8.9.0 but we cannot use the current LTS version of node since the build is throwing the following error:
(node:9989) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
$ TMPDIR=tmp node/node ./node_modules/ember-cli/bin/ember build -prod
ember[10004]: ../src/node_contextify.cc:627:static void node::contextify::ContextifyScript::New(const v8::FunctionCallbackInfo<v8::Value>&): Assertion `args[1]->IsString()' failed.
**If we want to fix this error, we need to fix all the occurences of new Buffer(string) with Buffer.alloc(), which can be a huge change.**
**### Also the max version of node in which the build works perfectly is 9.11.2**
**So to summarize if we want to upgrade to cryptiles to 4.1.2 without any code changes related to Buffer, we need to use nodeVersion >=8.9.0 and nodeVersion<=9.11.2. That's why I have used version 8.9.0 for now.**
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] amanraj2520 commented on pull request #227: [TEZ-4426][CVE-2018-1000620] Upgrade cryptiles from 2.0.5 to 4.1.2
Posted by GitBox <gi...@apache.org>.
amanraj2520 commented on PR #227:
URL: https://github.com/apache/tez/pull/227#issuecomment-1161316189
@guptanikhil007 Can you please approve this change.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org