Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TEZ-4578: Upgrade roaringbit version to 1.2.1 to fix CVE's #370

Merged
merged 1 commit into from
Sep 23, 2024
Merged

TEZ-4578: Upgrade roaringbit version to 1.2.1 to fix CVE's #370

merged 1 commit into from
Sep 23, 2024

Conversation

Aggarwal-Raghav
Copy link
Contributor

@Aggarwal-Raghav Aggarwal-Raghav commented Sep 16, 2024
edited
Loading

There are CVE's in roaringbit 0.7.45:
https://mvnrepository.com/artifact/org.roaringbitmap/RoaringBitmap/0.7.45

As there is a plan in hive as well to upgrade roaringbit to 1.2.x hence better to keep them in sync.

@tez-yetus
Copy link

💔 -1 overall

Vote Subsystem Runtime Comment
+0 🆗 reexec 11m 3s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
-1 ❌ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ master Compile Tests _
+1 💚 mvninstall 15m 59s master passed
+1 💚 compile 1m 25s master passed with JDK Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu322.04
+1 💚 compile 1m 19s master passed with JDK Private Build-1.8.0_422-8u422-b05-1~22.04-b05
+1 💚 javadoc 1m 15s master passed with JDK Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu322.04
+1 💚 javadoc 0m 44s master passed with JDK Private Build-1.8.0_422-8u422-b05-1~22.04-b05
_ Patch Compile Tests _
+1 💚 mvninstall 2m 52s the patch passed
+1 💚 compile 1m 29s the patch passed with JDK Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu322.04
+1 💚 javac 1m 29s the patch passed
+1 💚 compile 1m 20s the patch passed with JDK Private Build-1.8.0_422-8u422-b05-1~22.04-b05
+1 💚 javac 1m 20s the patch passed
+1 💚 whitespace 0m 0s The patch has no whitespace issues.
+1 💚 xml 0m 0s The patch has no ill-formed XML file.
+1 💚 javadoc 0m 39s the patch passed with JDK Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu322.04
+1 💚 javadoc 0m 42s the patch passed with JDK Private Build-1.8.0_422-8u422-b05-1~22.04-b05
_ Other Tests _
-1 ❌ unit 63m 58s root in the patch failed.
+1 💚 asflicense 0m 32s The patch does not generate ASF License warnings.
104m 9s
Reason Tests
Failed junit tests tez.analyzer.TestAnalyzer
Subsystem Report/Notes
Docker ClientAPI=1.47 ServerAPI=1.47 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-370/2/artifact/out/Dockerfile
GITHUB PR #370
Optional Tests dupname asflicense javac javadoc unit xml compile
uname Linux 4a54722bc035 5.15.0-116-generic #126-Ubuntu SMP Mon Jul 1 10:14:24 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality personality/tez.sh
git revision master / 47997e9
Default Java Private Build-1.8.0_422-8u422-b05-1~22.04-b05
Multi-JDK versions /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu322.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_422-8u422-b05-1~22.04-b05
unit https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-370/2/artifact/out/patch-unit-root.txt
Test Results https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-370/2/testReport/
Max. process+thread count 2100 (vs. ulimit of 5500)
modules C: . U: .
Console output https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-370/2/console
versions git=2.34.1 maven=3.6.3
Powered by Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

@tez-yetus
Copy link

💔 -1 overall

Vote Subsystem Runtime Comment
+0 🆗 reexec 12m 57s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
-1 ❌ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ master Compile Tests _
+1 💚 mvninstall 15m 59s master passed
+1 💚 compile 1m 26s master passed with JDK Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu322.04
+1 💚 compile 1m 22s master passed with JDK Private Build-1.8.0_422-8u422-b05-1~22.04-b05
+1 💚 javadoc 1m 12s master passed with JDK Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu322.04
+1 💚 javadoc 0m 45s master passed with JDK Private Build-1.8.0_422-8u422-b05-1~22.04-b05
_ Patch Compile Tests _
+1 💚 mvninstall 2m 47s the patch passed
+1 💚 compile 1m 26s the patch passed with JDK Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu322.04
+1 💚 javac 1m 26s the patch passed
+1 💚 compile 1m 22s the patch passed with JDK Private Build-1.8.0_422-8u422-b05-1~22.04-b05
+1 💚 javac 1m 22s the patch passed
+1 💚 whitespace 0m 0s The patch has no whitespace issues.
+1 💚 xml 0m 1s The patch has no ill-formed XML file.
+1 💚 javadoc 0m 41s the patch passed with JDK Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu322.04
+1 💚 javadoc 0m 41s the patch passed with JDK Private Build-1.8.0_422-8u422-b05-1~22.04-b05
_ Other Tests _
-1 ❌ unit 66m 9s root in the patch failed.
+1 💚 asflicense 0m 29s The patch does not generate ASF License warnings.
108m 3s
Reason Tests
Failed junit tests tez.analyzer.TestAnalyzer
Subsystem Report/Notes
Docker ClientAPI=1.47 ServerAPI=1.47 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-370/1/artifact/out/Dockerfile
GITHUB PR #370
Optional Tests dupname asflicense javac javadoc unit xml compile
uname Linux 00dcfee4d1f6 5.15.0-116-generic #126-Ubuntu SMP Mon Jul 1 10:14:24 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality personality/tez.sh
git revision master / 47997e9
Default Java Private Build-1.8.0_422-8u422-b05-1~22.04-b05
Multi-JDK versions /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu322.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_422-8u422-b05-1~22.04-b05
unit https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-370/1/artifact/out/patch-unit-root.txt
Test Results https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-370/1/testReport/
Max. process+thread count 2101 (vs. ulimit of 5500)
modules C: . U: .
Console output https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-370/1/console
versions git=2.34.1 maven=3.6.3
Powered by Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

ayushtkn
ayushtkn approved these changes Sep 21, 2024
View reviewed changes
Copy link
Member

@ayushtkn ayushtkn left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to create a Jira for this as well & maybe link the hive one as well

@Aggarwal-Raghav Aggarwal-Raghav changed the title Upgrade roaringbit version to 1.2.1 to fix CVE's TEZ-4578: Upgrade roaringbit version to 1.2.1 to fix CVE's Sep 21, 2024
@Aggarwal-Raghav
Copy link
Contributor Author

You need to create a Jira for this as well & maybe link the hive one as well

Done

@ayushtkn ayushtkn merged commit 6924e22 into apache:master Sep 23, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ayushtkn ayushtkn ayushtkn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Aggarwal-Raghav @tez-yetus @ayushtkn