[JENKINS-49574] [JEP-200] java.lang.SecurityException: Rejected: java.util.Calendar - Jenkins Jira

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Blocker
Resolution: Fixed
Component/s: cvs-plugin
Labels:
- JEP-200
Environment:
Jenkins 2.106
CVS Plugin 2.13

Similar Issues:

Show

Description

Since the introduction of JEP-200 a new whitelist has to be maintained.

CVS Plugin was not listed on https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+fix+for+JEP-200. I added it.

Hence, I experienced the following error on a matrix build:

java.lang.SecurityException: Rejected: java.util.Calendar; see https://jenkins.io/redirect/class-filter/
    at hudson.remoting.ClassFilter.check(ClassFilter.java:76)
    at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:129)
    at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
    at java.io.ObjectInputStream.readClassDesc(Unknown Source)
    at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
    at java.io.ObjectInputStream.readClassDesc(Unknown Source)
    at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
    at java.io.ObjectInputStream.readObject0(Unknown Source)
    at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
    at java.io.ObjectInputStream.readSerialData(Unknown Source)
    at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
    at java.io.ObjectInputStream.readObject0(Unknown Source)
    at java.io.ObjectInputStream.readObject(Unknown Source)
    at java.util.ArrayList.readObject(Unknown Source)
    at sun.reflect.GeneratedMethodAccessor86.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
    at java.io.ObjectInputStream.readSerialData(Unknown Source)
    at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
    at java.io.ObjectInputStream.readObject0(Unknown Source)
    at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
    at java.io.ObjectInputStream.readSerialData(Unknown Source)
    at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
    at java.io.ObjectInputStream.readObject0(Unknown Source)
    at java.io.ObjectInputStream.readObject(Unknown Source)
    at hudson.remoting.UserRequest.deserialize(UserRequest.java:277)
    at hudson.remoting.UserResponse.retrieve(UserRequest.java:310)
    at hudson.remoting.Channel.call(Channel.java:952)
Caused: java.io.IOException: Failed to deserialize response to UserRequest:hudson.scm.AbstractCvs$2@38a84e77
    at hudson.remoting.Channel.call(Channel.java:960)
    at hudson.FilePath.act(FilePath.java:998)
Caused: java.io.IOException: remote file operation failed: /home/compil/workspace/project/label/centos7 at hudson.remoting.Channel@f24469c:VM_CentOs7
    at hudson.FilePath.act(FilePath.java:1005)
    at hudson.FilePath.act(FilePath.java:987)
    at hudson.scm.AbstractCvs.getRemoteLogForModule(AbstractCvs.java:693)
    at hudson.scm.AbstractCvs.calculateChangeLog(AbstractCvs.java:818)
    at hudson.scm.AbstractCvs.postCheckout(AbstractCvs.java:836)
    at hudson.scm.CVSSCM.checkout(CVSSCM.java:395)
    at hudson.scm.CVSSCM.checkout(CVSSCM.java:365)
    at hudson.model.AbstractProject.checkout(AbstractProject.java:1203)
    at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574)
    at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499)
    at hudson.model.Run.execute(Run.java:1727)
    at hudson.matrix.MatrixRun.run(MatrixRun.java:146)
    at hudson.model.ResourceController.execute(ResourceController.java:97)
    at hudson.model.Executor.run(Executor.java:429)

Attachments

Issue Links

links to

https://github.com/jenkinsci/cvs-plugin/pull/45

PR 46

mentioned in: Page Loading...

Activity

Ascending order - Click to sort in descending order

Adrien CLERC added a comment - 2018-02-15 10:03 - edited

Workaround:
~~Downgrade to CVS 2.12 worked. It seems linked to some serialization introduced in 2.13~~

See my other comment

Adrien CLERC added a comment - 2018-02-15 10:03 - edited Workaround: Downgrade to CVS 2.12 worked. It seems linked to some serialization introduced in 2.13 See my other comment

Oleg Nenashev added a comment - 2018-02-15 10:11

Confirmed. Another workaround is to use a whitelist similar to https://github.com/jenkinsci/cppncss-plugin/pull/2

Oleg Nenashev added a comment - 2018-02-15 10:11 Confirmed. Another workaround is to use a whitelist similar to https://github.com/jenkinsci/cppncss-plugin/pull/2

Adrien CLERC added a comment - 2018-02-15 10:37

Downgrade did not work. In fact, the first build after Jenkins restart works because there is no serialization involved. Since down/upgrade involved a restart, it seems to work.

Adrien CLERC added a comment - 2018-02-15 10:37 Downgrade did not work. In fact, the first build after Jenkins restart works because there is no serialization involved. Since down/upgrade involved a restart, it seems to work.

Adrien CLERC added a comment - 2018-02-15 11:03

For another need I checked these two checkboxes (unchecked by default):

Do a clean checkout if update fails
Force clean copy for locally modified files

And now, I can do build without failures. Is there any link here?

Adrien CLERC added a comment - 2018-02-15 11:03 For another need I checked these two checkboxes (unchecked by default): Do a clean checkout if update fails Force clean copy for locally modified files And now, I can do build without failures. Is there any link here?

Oleg Nenashev added a comment - 2018-02-15 11:37

Not familiar with the code. Will check once I finish another affected plugin

Oleg Nenashev added a comment - 2018-02-15 11:37 Not familiar with the code. Will check once I finish another affected plugin

Oleg Nenashev added a comment - 2018-02-16 15:56

I have created https://github.com/jenkinsci/cvs-plugin/pull/45

adrien would it be possible to test it if the snapshot build passes?

Oleg Nenashev added a comment - 2018-02-16 15:56 I have created https://github.com/jenkinsci/cvs-plugin/pull/45 adrien would it be possible to test it if the snapshot build passes?

Adrien CLERC added a comment - 2018-02-16 15:59

Not before monday. But yes, I think I can manage to test it. Where would it be available for download?

Adrien CLERC added a comment - 2018-02-16 15:59 Not before monday. But yes, I think I can manage to test it. Where would it be available for download?

Jesse Glick added a comment - 2018-02-19 17:06

Rather try PR 46.

Jesse Glick added a comment - 2018-02-19 17:06 Rather try PR 46.

Jesse Glick added a comment - 2018-02-19 17:07

Snapshot builds would be available here if tests pass.

Jesse Glick added a comment - 2018-02-19 17:07 Snapshot builds would be available here if tests pass.

Adrien CLERC added a comment - 2018-02-20 10:01

I tested with PR46. Build work. However, the CVS radio button and section is not visible from the Configuration section. So this cannot be pushed and released, since I cannot modify (nor use for new project) CVS settings anymore.

Now for some details on this.

The issue was visible only on the first build after a commit. A second build is always successful.
If Do a clean checkout if update failed and Force clean copy for locally modified files are checked, then the build is always successful.

Adrien CLERC added a comment - 2018-02-20 10:01 I tested with PR46. Build work. However, the CVS radio button and section is not visible from the Configuration section. So this cannot be pushed and released, since I cannot modify (nor use for new project) CVS settings anymore. Now for some details on this. The issue was visible only on the first build after a commit. A second build is always successful. If Do a clean checkout if update failed and Force clean copy for locally modified files are checked, then the build is always successful.

SCM/JIRA link daemon added a comment - 2018-02-28 19:31

Code changed in jenkins
User: Oleg Nenashev
Path:
pom.xml
http://jenkins-ci.org/commit/cvs-plugin/ce3997ef34e722f595fa7c1582ea54f77cca149e
Log:
~~JENKINS-49574~~ - Update plugin POM, use 1.625.3 as a baseline

SCM/JIRA link daemon added a comment - 2018-02-28 19:31 Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/cvs-plugin/ce3997ef34e722f595fa7c1582ea54f77cca149e Log: JENKINS-49574 - Update plugin POM, use 1.625.3 as a baseline

SCM/JIRA link daemon added a comment - 2018-02-28 19:31

Code changed in jenkins
User: Oleg Nenashev
Path:
pom.xml
src/test/java/hudson/scm/JEP200Test.java
http://jenkins-ci.org/commit/cvs-plugin/88b6a084a3973e317e84fa7de3a96e47f0bb776b
Log:
~~JENKINS-49574~~ - Reproduce the issue in tests

SCM/JIRA link daemon added a comment - 2018-02-28 19:31 Code changed in jenkins User: Oleg Nenashev Path: pom.xml src/test/java/hudson/scm/JEP200Test.java http://jenkins-ci.org/commit/cvs-plugin/88b6a084a3973e317e84fa7de3a96e47f0bb776b Log: JENKINS-49574 - Reproduce the issue in tests

SCM/JIRA link daemon added a comment - 2018-02-28 19:31

Code changed in jenkins
User: Oleg Nenashev
Path:
Jenkinsfile
http://jenkins-ci.org/commit/cvs-plugin/566a831f03115849d49655158e220aaaf57ea3d1
Log:
~~JENKINS-49574~~ - Run build against 2.104 in CI to reproduce the issue

SCM/JIRA link daemon added a comment - 2018-02-28 19:31 Code changed in jenkins User: Oleg Nenashev Path: Jenkinsfile http://jenkins-ci.org/commit/cvs-plugin/566a831f03115849d49655158e220aaaf57ea3d1 Log: JENKINS-49574 - Run build against 2.104 in CI to reproduce the issue

SCM/JIRA link daemon added a comment - 2018-02-28 19:31

Code changed in jenkins
User: Oleg Nenashev
Path:
src/main/resources/META-INF/hudson.remoting.ClassFilter
src/test/java/hudson/scm/JEP200Test.java
http://jenkins-ci.org/commit/cvs-plugin/c9172d8d113a6ae092d62f6c06426975fb1f7fed
Log:
~~JENKINS-49574~~ - Whitelist calendar classes and improve the unit test

SCM/JIRA link daemon added a comment - 2018-02-28 19:31 Code changed in jenkins User: Oleg Nenashev Path: src/main/resources/META-INF/hudson.remoting.ClassFilter src/test/java/hudson/scm/JEP200Test.java http://jenkins-ci.org/commit/cvs-plugin/c9172d8d113a6ae092d62f6c06426975fb1f7fed Log: JENKINS-49574 - Whitelist calendar classes and improve the unit test

SCM/JIRA link daemon added a comment - 2018-02-28 19:31

Code changed in jenkins
User: Oleg Nenashev
Path:
src/test/java/hudson/scm/JEP200Test.java
http://jenkins-ci.org/commit/cvs-plugin/6f2103cc2ddbb9b90283668b9eed2d4a81c62ac8
Log:
~~JENKINS-49574~~ - Remove forgotten import in tests

SCM/JIRA link daemon added a comment - 2018-02-28 19:31 Code changed in jenkins User: Oleg Nenashev Path: src/test/java/hudson/scm/JEP200Test.java http://jenkins-ci.org/commit/cvs-plugin/6f2103cc2ddbb9b90283668b9eed2d4a81c62ac8 Log: JENKINS-49574 - Remove forgotten import in tests

SCM/JIRA link daemon added a comment - 2018-02-28 19:31

Code changed in jenkins
User: Jesse Glick
Path:
Jenkinsfile
pom.xml
src/main/java/hudson/scm/AbstractCvs.java
src/main/java/hudson/scm/CVSChangeLogSet.java
src/main/java/hudson/scm/CVSSCM.java
src/main/java/hudson/scm/CvsModuleLocation.java
src/main/java/hudson/scm/CvsProjectset.java
src/main/java/hudson/scm/CvsRepository.java
src/main/java/hudson/scm/CvsRepositoryItem.java
src/main/java/hudson/scm/CvsRepositoryLocation.java
src/main/java/hudson/scm/CvsTagsParamDefinition.java
src/main/java/hudson/scm/LegacyConvertor.java
src/main/java/hudson/scm/browsers/CvsFacadeRepositoryBrowser.java
src/main/java/hudson/scm/browsers/FishEyeCVS.java
src/main/java/hudson/scm/cvstagging/CvsTagAction.java
src/main/java/hudson/scm/cvstagging/LegacyTagAction.java
src/main/resources/hudson/scm/CVSChangeLogSet/digest.jelly
src/main/resources/hudson/scm/CVSChangeLogSet/index.jelly
src/main/resources/hudson/scm/CVSSCM/config.jelly
src/main/resources/hudson/scm/CVSSCM/global.jelly
src/main/resources/hudson/scm/CvsModule/config.jelly
src/main/resources/hudson/scm/CvsProjectset/config.jelly
src/main/resources/hudson/scm/CvsRepository/config.jelly
src/main/resources/hudson/scm/CvsRepositoryItem/config.jelly
src/main/resources/hudson/scm/CvsRepositoryLocation/BranchRepositoryLocation/config.jelly
src/main/resources/hudson/scm/CvsRepositoryLocation/HeadRepositoryLocation/config.jelly
src/main/resources/hudson/scm/CvsRepositoryLocation/TagRepositoryLocation/config.jelly
src/main/resources/hudson/scm/CvsTagsParamDefinition/config.jelly
src/main/resources/hudson/scm/CvsTagsParamDefinition/index.jelly
src/main/resources/hudson/scm/CvsTagsParamValue/value.jelly
src/main/resources/hudson/scm/ExcludedRegion/config.jelly
src/main/resources/hudson/scm/browsers/FishEyeCVS/config.jelly
src/main/resources/hudson/scm/browsers/OpenGrok/config.jelly
src/main/resources/hudson/scm/browsers/ViewCVS/config.jelly
src/main/resources/hudson/scm/cvstagging/CvsTagAction/tagForm.jelly
src/main/resources/hudson/scm/cvstagging/LegacyTagAction/tagForm.jelly
src/main/resources/index.jelly
src/test/java/hudson/scm/IntegrationTest.java
http://jenkins-ci.org/commit/cvs-plugin/b06434d590add2c631622d32c30db76a6aaa3103
Log:
Merge pull request #46 from jglick/JEP-200-~~JENKINS-49574~~

~~JENKINS-49574~~ JEP-200 compatibility

Compare: https://github.com/jenkinsci/cvs-plugin/compare/25e0d5f18785...b06434d590ad

SCM/JIRA link daemon added a comment - 2018-02-28 19:31 Code changed in jenkins User: Jesse Glick Path: Jenkinsfile pom.xml src/main/java/hudson/scm/AbstractCvs.java src/main/java/hudson/scm/CVSChangeLogSet.java src/main/java/hudson/scm/CVSSCM.java src/main/java/hudson/scm/CvsModuleLocation.java src/main/java/hudson/scm/CvsProjectset.java src/main/java/hudson/scm/CvsRepository.java src/main/java/hudson/scm/CvsRepositoryItem.java src/main/java/hudson/scm/CvsRepositoryLocation.java src/main/java/hudson/scm/CvsTagsParamDefinition.java src/main/java/hudson/scm/LegacyConvertor.java src/main/java/hudson/scm/browsers/CvsFacadeRepositoryBrowser.java src/main/java/hudson/scm/browsers/FishEyeCVS.java src/main/java/hudson/scm/cvstagging/CvsTagAction.java src/main/java/hudson/scm/cvstagging/LegacyTagAction.java src/main/resources/hudson/scm/CVSChangeLogSet/digest.jelly src/main/resources/hudson/scm/CVSChangeLogSet/index.jelly src/main/resources/hudson/scm/CVSSCM/config.jelly src/main/resources/hudson/scm/CVSSCM/global.jelly src/main/resources/hudson/scm/CvsModule/config.jelly src/main/resources/hudson/scm/CvsProjectset/config.jelly src/main/resources/hudson/scm/CvsRepository/config.jelly src/main/resources/hudson/scm/CvsRepositoryItem/config.jelly src/main/resources/hudson/scm/CvsRepositoryLocation/BranchRepositoryLocation/config.jelly src/main/resources/hudson/scm/CvsRepositoryLocation/HeadRepositoryLocation/config.jelly src/main/resources/hudson/scm/CvsRepositoryLocation/TagRepositoryLocation/config.jelly src/main/resources/hudson/scm/CvsTagsParamDefinition/config.jelly src/main/resources/hudson/scm/CvsTagsParamDefinition/index.jelly src/main/resources/hudson/scm/CvsTagsParamValue/value.jelly src/main/resources/hudson/scm/ExcludedRegion/config.jelly src/main/resources/hudson/scm/browsers/FishEyeCVS/config.jelly src/main/resources/hudson/scm/browsers/OpenGrok/config.jelly src/main/resources/hudson/scm/browsers/ViewCVS/config.jelly src/main/resources/hudson/scm/cvstagging/CvsTagAction/tagForm.jelly src/main/resources/hudson/scm/cvstagging/LegacyTagAction/tagForm.jelly src/main/resources/index.jelly src/test/java/hudson/scm/IntegrationTest.java http://jenkins-ci.org/commit/cvs-plugin/b06434d590add2c631622d32c30db76a6aaa3103 Log: Merge pull request #46 from jglick/JEP-200- JENKINS-49574 JENKINS-49574 JEP-200 compatibility Compare: https://github.com/jenkinsci/cvs-plugin/compare/25e0d5f18785...b06434d590ad

Jesse Glick added a comment - 2018-02-28 19:34

the CVS radio button and section is not visible from the Configuration section

Not sure what is going on there, but sounds like some unrelated problem with the particular build, rather than the patch per se. Not reproducible.

Jesse Glick added a comment - 2018-02-28 19:34 the CVS radio button and section is not visible from the Configuration section Not sure what is going on there, but sounds like some unrelated problem with the particular build, rather than the patch per se. Not reproducible.

Jesse Glick added a comment - 2018-02-28 19:35

Possibly you downloaded the wrong artifact pending https://github.com/jenkins-infra/pipeline-library/pull/25 then tried to run the result on a 2.102–2.106 core, which would result in the plugin not being enabled and thus not appearing. That would not apply to actual release builds, only PR artifacts.

Jesse Glick added a comment - 2018-02-28 19:35 Possibly you downloaded the wrong artifact pending https://github.com/jenkins-infra/pipeline-library/pull/25 then tried to run the result on a 2.102–2.106 core, which would result in the plugin not being enabled and thus not appearing. That would not apply to actual release builds, only PR artifacts.

People

Assignee:: Jesse Glick

Reporter:: Adrien CLERC

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2018-02-15 09:48

Updated:: 2018-02-28 21:13

Resolved:: 2018-02-28 19:36