Modify

Opened 9 years ago

Closed 9 years ago

Last modified 2 years ago

#11570 closed defect (fixed)

Error updating log4j plugin under JavaWebStart

Reported by: SergeyAstakhov Owned by: team
Priority: normal Milestone:
Component: Plugin Version: tested
Keywords: webstart log4j Cc:

Description

Environment:

Java Web Start 10.72.2.14
Using JRE version 1.7.0_72-b14 Java HotSpot(TM) 64-Bit Server VM
Windows 8.1
---

Exception:

ОШИБКА: org.openstreetmap.josm.plugins.PluginDownloadException: java.util.zip.ZipException: duplicate entry: META-INF/DEPENDENCIES. Причина: java.util.zip.ZipException: duplicate entry: META-INF/DEPENDENCIES
org.openstreetmap.josm.plugins.PluginDownloadException: java.util.zip.ZipException: duplicate entry: META-INF/DEPENDENCIES

at org.openstreetmap.josm.plugins.PluginDownloadTask.download(PluginDownloadTask.java:146)
at org.openstreetmap.josm.plugins.PluginDownloadTask.realRun(PluginDownloadTask.java:169)
at org.openstreetmap.josm.gui.PleaseWaitRunnable.doRealRun(PleaseWaitRunnable.java:93)
at org.openstreetmap.josm.gui.PleaseWaitRunnable.run(PleaseWaitRunnable.java:161)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Caused by: java.util.zip.ZipException: duplicate entry: META-INF/DEPENDENCIES

at java.util.zip.ZipOutputStream.putNextEntry(Unknown Source)
at java.util.jar.JarOutputStream.putNextEntry(Unknown Source)
at com.sun.deploy.net.HttpDownloadHelper.decompressWrite(Unknown Source)
at com.sun.deploy.net.HttpDownloadHelper.download(Unknown Source)
at com.sun.deploy.cache.Cache$6.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.cache.Cache.downloadResourceToCache(Unknown Source)
at com.sun.deploy.cache.DeployFileOutputStream.close(Unknown Source)
at java.io.FilterOutputStream.close(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.close(Unknown Source)
at org.openstreetmap.josm.plugins.PluginDownloadTask.download(PluginDownloadTask.java:137)
... 8 more

Attachments (0)

Change History (4)

comment:1 by Don-vip, 9 years ago

Resolution: fixed
Status: newclosed

Fixed in 31281/osm.

Last edited 2 years ago by taylor.smock (previous) (diff)

comment:2 by taylor.smock, 2 years ago

@Don-vip: Do you remember why you excluded "META-INF/maven/*"?

I was looking at downloading non-svn jar files and processing them to find any vulnerabilities. Some tools use the pom.xml files to parse dependencies quickly. I can use the OWASP dependency checker, which seems to check the actual file content.

EDIT: It looks like the OWASP dependency checkers detects the usage of packages, but does not know the version. So it isn't very helpful without the pom files.

Last edited 2 years ago by taylor.smock (previous) (diff)

in reply to:  2 ; comment:3 by Don-vip, 2 years ago

Replying to taylor.smock:

@Don-vip: Do you remember why you excluded "META-INF/maven/*"?

Likely because it's not needed at runtime for JOSM so I didn't see the need to keep them. It was simpler to delete everything in META-INF except manifest and SPI files.

in reply to:  3 comment:4 by taylor.smock, 2 years ago

Replying to Don-vip:

Likely because it's not needed at runtime for JOSM so I didn't see the need to keep them. It was simpler to delete everything in META-INF except manifest and SPI files.

OK. Good to know. I'll go ahead and make a patch so that it is easier to run vulnerability checkers in the future. I'll open a separate ticket for that.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.