[Bug 1509010] New: $ZOOCFGDIR needs to be added to classpath for log4j.properties
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1509010
Bug ID: 1509010
Summary: $ZOOCFGDIR needs to be added to classpath for
log4j.properties
Product: Fedora
Version: 26
Component: zookeeper
Assignee: tstclair(a)heptio.com
Reporter: shawn.bohrer(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: ctubbsii(a)fedoraproject.org, greg.hellings(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
mluscon(a)gmail.com, s(a)shk.io, tstclair(a)heptio.com
Description of problem:
When setting up zookeeper I found to problems with logging. The first was that
I needed to install:
slf4j-log4j12-1.7.22-4.fc26.noarch
I see that the zookeeper package depends on log4j12 and slf4j but not
slf4j-log4j12. Next, once I had that installed I received the following
warnings:
log4j:WARN No appenders could be found for logger
(org.apache.zookeeper.server.quorum.QuorumPeerConfig).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more
info.
This occurs because /etc/zookeeper needs to be added to the classpath, in order
to find /etc/zookeeper/log4j.properties. Interestingly in
/usr/libexec/zkEnv.sh there are the following lines:
ZOOCFGDIR="/etc/zookeeper"
...
#add the zoocfg dir to classpath
CLASSPATH="/usr/share/java/zookeeper/zookeeper.jar"
CLASSPATH="$CLASSPATH:/usr/share/java/zookeeper/zookeeper-ZooInspector.jar"
CLASSPATH="$CLASSPATH:/usr/share/java/zookeeper/zookeeper-tests.jar"
...
Despite that comment, it does not add $ZOOCFGDIR to the classpath which makes
me think that perhaps it was removed or maybe they wrote the comment and never
did it. There also does not appear to be any environment variables or similar
ways to add additional items to the classpath so you must edit
/usr/libexec/zkEnv.sh
Version-Release number of selected component (if applicable):
zookeeper-java-3.4.9-3.fc26.x86_64
zookeeper-3.4.9-3.fc26.x86_64
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years
[Bug 1298915] New: fop-2.1 is available
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1298915
Bug ID: 1298915
Summary: fop-2.1 is available
Product: Fedora
Version: rawhide
Component: fop
Keywords: FutureFeature, Triaged
Assignee: r.landmann(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: c.david86(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
msrb(a)redhat.com, rhbugs(a)n-dimensional.de,
r.landmann(a)redhat.com
Latest upstream release: 2.1
Current version/release in rawhide: 2.0-2.fc24
URL: http://archive.apache.org/dist/xmlgraphics/fop/source/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month
[Bug 1418731] New: CVE-2017-2613 jenkins: User creation CSRF using GET by admins (SECURITY-406)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1418731
Bug ID: 1418731
Summary: CVE-2017-2613 jenkins: User creation CSRF using GET by
admins (SECURITY-406)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com,
ccoleman(a)redhat.com, dedgar(a)redhat.com,
dmcphers(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jgoulding(a)redhat.com, jkeck(a)redhat.com,
joelsmith(a)redhat.com, kseifried(a)redhat.com,
mizdebsk(a)redhat.com, msrb(a)redhat.com,
tdawson(a)redhat.com, tiwillia(a)redhat.com
The following flaw was found in Jenkins:
When administrators accessed a URL like /user/example via HTTP GET, a user with
the ID example was created if it did not exist. While this user record was only
retained until restart in most cases, administrators' web browsers could be
manipulated to create a large number of user records.
Accessing these URLs now no longer results in a user record getting created,
Jenkins will respond with 404 Not Found if no such user exists. When using the
internal Jenkins user database, new users can be created via Manage Jenkins »
Manage Users. To restore the previous (unsafe) behavior, set the system
property hudson.model.User.allowUserCreationViaUrl to true as described on
Features controlled by system properties.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20...
Upstream patch:
https://github.com/jenkinsci/jenkins/commit/b88b20ec473200db35d0a0d29dcf1...
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month
[Bug 1418711] New: CVE-2017-2602 jenkins: Pipeline metadata files not blacklisted in agent-to-master security subsystem (SECURITY-358)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1418711
Bug ID: 1418711
Summary: CVE-2017-2602 jenkins: Pipeline metadata files not
blacklisted in agent-to-master security subsystem
(SECURITY-358)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com,
ccoleman(a)redhat.com, dedgar(a)redhat.com,
dmcphers(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jgoulding(a)redhat.com, jkeck(a)redhat.com,
joelsmith(a)redhat.com, kseifried(a)redhat.com,
mizdebsk(a)redhat.com, msrb(a)redhat.com,
tdawson(a)redhat.com, tiwillia(a)redhat.com
The following flaw was found in Jenkins:
The Pipeline suite of plugins stored build metadata in the file program.dat and
the directory workflow/. These were not blacklisted in the agent-to-master
security subsystem and could therefore be written to by malicious agents.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20...
Upstream patch:
https://github.com/jenkinsci/jenkins/commit/414ff7e30aba66bed18c4ee8a8660...
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month