Bug 1869646

Summary: CVE-2019-17638 : Bump jenkins version to 2.235.5
Product: OpenShift Container Platform Reporter: Akram Ben Aissi <abenaiss>
Component: JenkinsAssignee: Akram Ben Aissi <abenaiss>
Status: CLOSED ERRATA QA Contact: Jitendar Singh <jitsingh>
Severity: urgent Docs Contact:
Priority: high    
Version: 4.6CC: aos-bugs, pbhattac, sfowler, vbobade
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 16:29:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1874830, 1875232, 1875234, 1875259    

Description Akram Ben Aissi 2020-08-18 12:40:55 UTC 
As code freeze is in a few days, we will try to fix this one on 4.6 .



Jenkins bundles Winstone-Jetty, a wrapper around Jetty, to act as HTTP and servlet server when started using java -jar jenkins.war. This is how Jenkins is run when using any of the installers or packages, but not when run using servlet containers such as Tomcat," read the advisory.
Comment 1 Akram Ben Aissi 2020-08-18 17:44:51 UTC 
ART request: https://issues.redhat.com/browse/ART-2149
Comment 4 Jitendar Singh 2020-09-03 08:59:21 UTC 
VERIFIED Jenkins 2.235.5
============================================================
Running the smoke to test the operator post fix
====================================
jsingh@localhost  ~/go/src/github.com/jenkins   master ●  behave ./smoke/features                                                                                             
Feature: Deploy Jenkins Operator # smoke/features/deployJenkinsOperator.feature:1
  As a user of Jenkins Operator
  I deploy Jenkins and configure my CI/CD on openshift clusterGetting OC status before <Scenario "Create jenkins operator using ephemeral template"> scenario
[CODE] 0
[CMD] NAME      DISPLAY NAME   STATUS
default                  Active
***Connected to cluster***

  Scenario: Create jenkins operator using ephemeral template          # smoke/features/deployJenkinsOperator.feature:6
    Given Project jenkins-test is used                                # smoke/features/steps/steps.py:44 5.474s
    When User enters oc new-app jenkins-ephemeral command             # smoke/features/steps/steps.py:56 6.862s
    Then route.route.openshift.io "jenkins" created                   # smoke/features/steps/steps.py:63 2.945s
    And configmap "jenkins-trusted-ca-bundle" created                 # smoke/features/steps/steps.py:80 4.650s
    And deploymentconfig.apps.openshift.io "jenkins" created          # smoke/features/steps/steps.py:93 2.631s
    And serviceaccount "jenkins" created                              # smoke/features/steps/steps.py:105 2.602s
    And rolebinding.authorization.openshift.io "jenkins_edit" created # smoke/features/steps/steps.py:117 2.743s
    And service "jenkins-jnlp" created                                # smoke/features/steps/steps.py:129 2.666s
    And service "jenkins" created                                     # smoke/features/steps/steps.py:141 2.629s
    Then The operator pod and deployment pod must be runnning         # smoke/features/steps/steps.py:153 301.436s
Getting OC status before <Scenario "Deploy sample application on openshift"> scenario
[CODE] 0
[CMD] NAME      DISPLAY NAME   STATUS
default                  Active
***Connected to cluster***

  Scenario: Deploy sample application on openshift                     # smoke/features/deployJenkinsOperator.feature:18
    Given The jenkins pod is up and runnning                           # smoke/features/steps/steps.py:180 30.747s
    When The user enters new-app command with sample-pipeline          # smoke/features/steps/steps.py:207 11.981s
    Then Trigger the build using oc start-build                        # smoke/features/steps/steps.py:222 2.741s
    Then nodejs-mongodb-example pod must come up                       # smoke/features/steps/steps.py:232 242.036s
    And route nodejs-mongodb-example must be created and be accessible # smoke/features/steps/steps.py:261 35.317s
====================================================================================================================
logs
=========================================================================
09/03/2020 02:13:57 PM: INFO: Project is not present, creating project: jenkins-test...
09/03/2020 02:13:59 PM: INFO: Project jenkins-test is created!!!
09/03/2020 02:14:06 PM: INFO: --> Deploying template "openshift/jenkins-ephemeral" to project jenkins-test

     Jenkins (Ephemeral)
     ---------
     Jenkins service, without persistent storage.
     
     WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.

     A Jenkins service has been created in your project.  Log into Jenkins with your OpenShift account.  The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.

     * With parameters:
        * Jenkins Service Name=jenkins
        * Jenkins JNLP Service Name=jenkins-jnlp
        * Enable OAuth in Jenkins=true
        * Memory Limit=1Gi
        * Jenkins ImageStream Namespace=openshift
        * Disable memory intensive administrative monitors=false
        * Jenkins ImageStreamTag=jenkins:2
        * Allows use of Jenkins Update Center repository with invalid SSL certificate=false

--> Creating resources ...
    route.route.openshift.io "jenkins" created
    configmap "jenkins-trusted-ca-bundle" created
    deploymentconfig.apps.openshift.io "jenkins" created
    serviceaccount "jenkins" created
    rolebinding.authorization.openshift.io "jenkins_edit" created
    service "jenkins-jnlp" created
    service "jenkins" created
--> Success
    Access your application via route 'jenkins-jenkins-test.apps.jenkins-dev-4.6-090204.qe.devcluster.openshift.com' 
    Run 'oc status' to view your app.

09/03/2020 02:14:06 PM: INFO: Checking resources
09/03/2020 02:14:09 PM: INFO: route jenkins created
09/03/2020 02:14:11 PM: INFO: Pre 4.6 not available
09/03/2020 02:14:14 PM: INFO: configmap jenkins-trusted-ca-bundle created
09/03/2020 02:14:17 PM: INFO: deploymentconfig jenkins created
09/03/2020 02:14:19 PM: INFO: serviceaccount jenkins created
09/03/2020 02:14:22 PM: INFO: rolebinding jenkins_edit created
09/03/2020 02:14:25 PM: INFO: service jenkins-jnlp created
09/03/2020 02:14:27 PM: INFO: service jenkins created
09/03/2020 02:19:29 PM: INFO: Getting pod list
09/03/2020 02:19:29 PM: INFO: 10.129.2.205
09/03/2020 02:19:29 PM: INFO: jenkins-1-deploy
09/03/2020 02:19:29 PM: INFO: Succeeded
09/03/2020 02:19:29 PM: INFO: Getting pod list
09/03/2020 02:19:29 PM: INFO: 10.128.2.170
09/03/2020 02:19:29 PM: INFO: jenkins-1-srlzr
09/03/2020 02:19:29 PM: INFO: Running
09/03/2020 02:19:29 PM: INFO: checking pod status
09/03/2020 02:19:29 PM: INFO: jenkins-1-deploy
09/03/2020 02:19:29 PM: INFO: Succeeded
09/03/2020 02:19:29 PM: INFO: still checking pod status
09/03/2020 02:19:29 PM: INFO: jenkins-1-srlzr
09/03/2020 02:19:29 PM: INFO: Running
09/03/2020 02:20:02 PM: INFO: Getting pod list
09/03/2020 02:20:02 PM: INFO: 10.129.2.205
09/03/2020 02:20:02 PM: INFO: jenkins-1-deploy
09/03/2020 02:20:02 PM: INFO: Succeeded
09/03/2020 02:20:02 PM: INFO: Getting pod list
09/03/2020 02:20:02 PM: INFO: 10.128.2.170
09/03/2020 02:20:02 PM: INFO: jenkins-1-srlzr
09/03/2020 02:20:02 PM: INFO: Running
09/03/2020 02:20:02 PM: INFO: checking pod status
09/03/2020 02:20:02 PM: INFO: jenkins-1-deploy
09/03/2020 02:20:02 PM: INFO: Succeeded
09/03/2020 02:20:02 PM: INFO: still checking pod status
09/03/2020 02:20:02 PM: INFO: jenkins-1-srlzr
09/03/2020 02:20:02 PM: INFO: Running
09/03/2020 02:20:10 PM: INFO: Buildconfig sample-pipeline created
09/03/2020 02:20:14 PM: INFO: Buildconfig nodejs-mongodb-example created
09/03/2020 02:20:14 PM: INFO: --> Deploying template "jenkins-test/jenkins-pipeline-example" for "https://raw.githubusercontent.com/openshift/origin/master/examples/jenkins/pipeline/samplepipeline.yaml" to project jenkins-test

     Pipeline Build Example
     ---------
     This example showcases the new Jenkins Pipeline integration in OpenShift,
     which performs continuous integration and deployment right on the platform.
     The template contains a Jenkinsfile - a definition of a multi-stage CI/CD process - that
     leverages the underlying OpenShift platform for dynamic and scalable
     builds. OpenShift integrates the status of your pipeline builds into the web
     console allowing you to see your entire application lifecycle in a single view.

     A Jenkins server must be instantiated in this project to manage
     the Pipeline BuildConfig created by this template.  You will be able to log in to
     it using your OpenShift user credentials.

     * With parameters:
        * Name=nodejs-mongodb-example
        * Application Hostname=
        * Git Repository URL=https://github.com/openshift/nodejs-ex.git
        * Database Name=sampledb
        * MongoDB Username=userKSR # generated
        * MongoDB Password=HcPClQrS3rClh31e # generated
        * Memory Limit=512Mi
        * Memory Limit (MongoDB)=512Mi
        * Database Service Name=mongodb
        * Database Administrator Password=skgN50IO0dfUrj2i # generated
        * Git Reference=
        * Context Directory=
        * GitHub Webhook Secret=CdJH25Ra1SXhRujtRkWi8f5tuDiXXaoQRdKbMav3 # generated
        * Generic Webhook Secret=B6hfohKs8rgwfbaGyoCO1CqGoYELBnurrsdKqeV4 # generated
        * Custom NPM Mirror URL=
        * Namespace=openshift

--> Creating resources ...
    buildconfig.build.openshift.io "sample-pipeline" created
    service "nodejs-mongodb-example" created
    route.route.openshift.io "nodejs-mongodb-example" created
    imagestream.image.openshift.io "nodejs-mongodb-example" created
    buildconfig.build.openshift.io "nodejs-mongodb-example" created
    deploymentconfig.apps.openshift.io "nodejs-mongodb-example" created
    service "mongodb" created
    deploymentconfig.apps.openshift.io "mongodb" created
--> Success
    Use 'oc start-build sample-pipeline' to start a build.
    Access your application via route 'nodejs-mongodb-example-jenkins-test.apps.jenkins-dev-4.6-090204.qe.devcluster.openshift.com' 
    Use 'oc start-build nodejs-mongodb-example' to start a build.
    Run 'oc status' to view your app.

09/03/2020 02:20:15 PM: INFO: build.build.openshift.io/sample-pipeline-1 started

09/03/2020 02:20:17 PM: INFO: build.build.openshift.io/nodejs-mongodb-example-1 started

09/03/2020 02:24:19 PM: INFO: Getting pods
09/03/2020 02:24:19 PM: INFO: nodejs-mongodb-example-1-qcr24
09/03/2020 02:24:19 PM: INFO: Getting pods
09/03/2020 02:24:19 PM: INFO: jenkins-1-srlzr
09/03/2020 02:24:19 PM: INFO: ---> App pods are ready
09/03/2020 02:24:19 PM: INFO: Getting application route/url
09/03/2020 02:24:53 PM: INFO: --->App url:
09/03/2020 02:24:53 PM: INFO: http://nodejs-mongodb-example-jenkins-test.apps.jenkins-dev-4.6-090204.qe.devcluster.openshift.com
09/03/2020 02:24:54 PM: INFO: ---> Application is accessible via the route
09/03/2020 02:24:54 PM: INFO: http://nodejs-mongodb-example-jenkins-test.apps.jenkins-dev-4.6-090204.qe.devcluster.openshift.com
Comment 5 Akram Ben Aissi 2020-09-07 16:34:22 UTC 
*** Bug 1875260 has been marked as a duplicate of this bug. ***
Comment 7 errata-xmlrpc 2020-10-27 16:29:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196