Ecoinformatics Redmine: Issueshttps://projects.ecoinformatics.org/ecoinfo/https://projects.ecoinformatics.org/ecoinfo/ecoinfo/favicon.ico?14691340362016-01-04T21:21:00ZEcoinformatics Redmine
Redmine Kepler - Bug #6928 (Resolved): Check Kepler for the Apache commons deserialization problems, cons...https://projects.ecoinformatics.org/ecoinfo/issues/69282016-01-04T21:21:00ZChristopher Brookscxh@eecs.berkeley.edu
<p>I recently had a Windows machine that was successfully attacked because it was running an old version of Jenkins that was susceptible to an attack via Apache Commons Java deserialization. The email from campus stated:</p>
<blockquote>
<p>"The snort alarms concern an apparent remote attack against a "serious vulnerability in Apache Commons, a library that contains a widely used set of Java components maintained by the Apache Software Foundation, puts thousands of Java applications and servers at risk of remote code execution attacks. The library is used by default in multiple Java application servers and other products including Oracle WebLogic, IBM WebSphere, JBoss, Jenkins and OpenNMS."</p>
</blockquote>
<blockquote>
<p>"Please see"</p>
</blockquote>
<blockquote>
<p><a class="external" href="http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/">http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/</a></p>
</blockquote>
<blockquote>
<p><a class="external" href="http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html">http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html</a></p>
</blockquote>
<blockquote>
<p><a class="external" href="https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread">https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread</a></p>
</blockquote>
<p>It looks like Kepler includes the library in question:<br /><pre>
bash-3.2$ find . -name "*.jar" | xargs grep -Rl InvokerTransformer
./configuration-manager/lib/jar/commons-collections-3.2.1.jar
</pre></p>
<p>commons-collections-3.2.1.jar contains classes in packages starting with org.apache.commons.collections</p>
<p>However, I believe that the Kepler *.java files are not directly using those classes, below are classes in org.apache.commons that are imported. Note that we are not importing classes from org.apache.commons.collections:</p>
<pre>
bash-3.2$ find . -name "*.java" | xargs grep org.apache.commons | grep import | tr -d '\r' | awk '{print $NF}' | sort | uniq -c | sort -nr
235 org.apache.commons.logging.LogFactory;
235 org.apache.commons.logging.Log;
3 org.apache.commons.io.IOUtils;
3 org.apache.commons.configuration.XMLConfiguration;
2 org.apache.commons.net.ftp.FTP;
2 org.apache.commons.lang.StringEscapeUtils;
2 org.apache.commons.io.FileUtils;
2 org.apache.commons.httpclient.methods.multipart.StringPart;
2 org.apache.commons.httpclient.methods.multipart.Part;
2 org.apache.commons.httpclient.methods.multipart.FilePart;
2 org.apache.commons.httpclient.methods.MultipartPostMethod;
2 org.apache.commons.httpclient.methods.GetMethod;
2 org.apache.commons.httpclient.HttpException;
2 org.apache.commons.httpclient.HttpClient;
2 org.apache.commons.configuration.ConfigurationException;
1 org.apache.commons.lang.time.DateUtils;
1 org.apache.commons.lang.exception.ExceptionUtils;
1 org.apache.commons.io.FilenameUtils;
1 org.apache.commons.configuration.tree.ConfigurationNode;
1 org.apache.commons.configuration.PropertiesConfiguration;
1 org.apache.commons.configuration.HierarchicalConfiguration;
bash-3.2$
</pre>
<p>However, there could be dependencies between jar files used by Kepler and commons-collections-3.2.1.jar.</p>
<p><a class="external" href="https://www.kb.cert.org/vuls/id/576313">https://www.kb.cert.org/vuls/id/576313</a> suggests upgrading to Apache Commons Collections version 3.2.2</p>
<p>However, perhaps we can remove this class?</p>
<p>The log is below:<br /><pre>
bash-3.2$ svn log ./configuration-manager/lib/jar/commons-collections-3.2.1.jar
------------------------------------------------------------------------
r24000 | berkley | 2010-04-27 17:12:36 -0700 (Tue, 27 Apr 2010) | 1 line
changing keywords and eol-style on the repository
------------------------------------------------------------------------
r20925 | berkley | 2009-10-07 15:06:24 -0700 (Wed, 07 Oct 2009) | 1 line
writing tests to show the capabilities of commons and yaml and to compare them
------------------------------------------------------------------------
bash-3.2$
</pre></p> Kepler - Bug #6829 (Closed): ant change-to fails under Windows Server 2012 R2 with Cygwinhttps://projects.ecoinformatics.org/ecoinfo/issues/68292015-08-12T23:39:08ZChristopher Brookscxh@eecs.berkeley.edu
<p>Under Windows Server 2012 R2 with Cygwin, I ran<br /><pre>
mkdir kepler.modules
cd kepler.modules
svn co https://code.kepler-project.org/code/kepler/trunk/modules/build-area
cd build-area
</pre></p>
<p>and then ant change-to failed:</p>
<pre>
$ ant change-to -Dsuite=kepler
Buildfile: C:\Users\cxh\src\kepler.modules\build-area\build.xml
change-to:
[change-to] Copying 1 file to C:\Users\cxh\src\kepler.modules\build-area
[change-to] Retrieving modules....
[change-to]
[change-to] kepler:
[change-to] Downloading (if necessary) kepler...
[change-to] svn co -r head https://code.kepler-project.org/code/kepler/trunk/modules/kepler C:\Users\cxh\src\kep\
ler.modules\kepler
[change-to] svn: E000002: Can't make directory '/cygdrive/c/Users/cxh/src/kepler.modules/build-area/C:\Users\cxh\
\src\kepler.modules\kepler': No such file or directory
[change-to]
BUILD FAILED
C:\Users\cxh\src\kepler.modules\build-area\build.xml:104: ERROR: It appears that the command did not execute pro\
perly and exited with an exit code of: 1
Total time: 1 second
cxh@AMPERE ~/src/kepler.modules/build-area
$
</pre>
<p>I can give out accounts on ampere.eecs.berkele.edu if necessary.</p> Kepler - Bug #6167 (New): Model Context Menu should have the enableBackwardTypeInference choicehttps://projects.ecoinformatics.org/ecoinfo/issues/61672013-10-23T01:07:20ZChristopher Brookscxh@eecs.berkeley.edu
<p>Ptolemy II now supports backward type inference. The way this is enabled is that the top level container has a parameter called "enableBackwardTypeInference" that is set to true or false.</p>
<p>In Ptolemy II's Vergil, this is visible by right clicking on the background of the top level model.</p>
<p>This functionality is not present in the devel tree of Kepler.</p>
<p>The workaround is to drag in a Parameter, name it "enableBackgroundTypeInference" and set the value to true.</p> Kepler - Bug #6165 (Resolved): The names of instances of the Stop actor do not display in Mac OSX.https://projects.ecoinformatics.org/ecoinfo/issues/61652013-10-22T00:48:43ZChristopher Brookscxh@eecs.berkeley.edu
<p>On Kepler-users, Kenneth Jones wrote:</p>
<blockquote>
<p>The names of instances of the Stop actor do not display in Mac OSX. Let me know if you need more info.</p>
</blockquote>
<p>Indeed, dragging in the Stop Actor results in icons without instance names</p> Kepler - Bug #5894 (Closed): Clone problems in NamedObjIdhttps://projects.ecoinformatics.org/ecoinfo/issues/58942013-03-19T19:07:23ZChristopher Brookscxh@eecs.berkeley.edu
<p>Checking the configuration results in messages about clone problems in NamedObjId:</p>
<p>The valueListeners java.util.Vector field<br /> in the clone of "org.kepler.moml.NamedObjId" <br /> does not point to an object distinct from the master. <br /> This may cause problems with actor oriented classes.<br /> The clone(Workspace) method should have a line like:<br /> newObject.valueListeners = (Vector)newObject<br /> /* Get the object method or null? <strong>/ valueListeners;<br />The _id org.kepler.objectmanager.lsid.KeplerLSID field<br /> in the clone of "org.kepler.moml.NamedObjId" <br /> does not point to an object distinct from the master. <br /> This may cause problems with actor oriented classes.<br /> The clone(Workspace) method should have a line like:<br /> newObject._id = (KeplerLSID)newObject<br /> /</strong> Get the object method or null? */ _id;</p>
<p>To replicate:<br />1) Start Kepler<br />2) Click on the Documentation link<br />3) Click on "Background information about Ptolemy" <br />4) Click on the Copyright link<br />5) Click on the Copyright link at the bottom (Other copyrights ...)<br />6) Click on "other" information about this configuration at the bottom<br />7) Click on "about:configuration"</p>
<p>The text above will appear.</p>
<p>The issue with cloning could be causing problems with actor oriented classes.</p>
<p>This class should have a clone(Workspace) method added.</p> Kepler - Bug #5893 (Closed): During installation, Kepler takes a long time to start up under Windowshttps://projects.ecoinformatics.org/ecoinfo/issues/58932013-03-19T14:51:33ZChristopher Brookscxh@eecs.berkeley.edu
<p>With Kepler-2.4RC3 under Windows2008R2 64-bit, the user is asked if they want to start up Kepler. I chose "yes" and nothing happened, so I completed the installation.</p>
<p>Then, I started up Kepler from the menu and it took a long time (over a minute?) to start up.</p>
<p>Then, it seemed like there were two Kepler instances?</p>
<p>It seems like Kepler took a long time to start, which is why when Kepler was starting during the installation, it seemed like nothing was happening.</p> Kepler - Bug #5665 (Resolved): modulemanager et al.: swing-worker-1.2.jar should be removedhttps://projects.ecoinformatics.org/ecoinfo/issues/56652012-08-07T03:19:45ZChristopher Brookscxh@eecs.berkeley.edu
<p>bug <a class="issue tracker-1 status-3 priority-2 priority-default closed" title="Bug: Remove SwingWorker and use javax.swing.SwingWorker (Resolved)" href="https://projects.ecoinformatics.org/ecoinfo/issues/5661">#5661</a> is about removing util.SwingWorker.</p>
<p>Unfortunately, there is code that uses a different SwingWorker from module-manager/lib/jar/swing-worker-1.2.jar</p>
<p>./gui/src/org/kepler/gui/kar/ImportModuleDependenciesAction.java:import org.jdesktop.swingworker.SwingWorker;<br />./module-manager-gui/src/org/kepler/modulemanager/gui/AvailableModulesPanel.java:import org.jdesktop.swingworker.SwingWorker;<br />./module-manager-gui/src/org/kepler/modulemanager/gui/CurrentSuitePanel.java:import org.jdesktop.swingworker.SwingWorker;<br />./module-manager-gui/src/org/kepler/modulemanager/gui/ModulesList.java:import org.jdesktop.swingworker.SwingWorker;<br />./module-manager-gui/src/org/kepler/modulemanager/gui/patch/UpgradeDialogPanel.java:import org.jdesktop.swingworker.SwingWorker;<br />./module-manager-gui/src/org/kepler/modulemanager/gui/SuitesList.java:import org.jdesktop.swingworker.SwingWorker;</p>
<p>bash-3.2$ jar -tvf ./module-manager/lib/jar/swing-worker-1.2.jar<br /> 0 Fri Jul 25 15:51:54 PDT 2008 META-INF/<br /> 106 Fri Jul 25 15:51:52 PDT 2008 META-INF/MANIFEST.MF<br /> 0 Fri Jul 25 15:51:50 PDT 2008 org/<br /> 0 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/<br /> 0 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/<br /> 1202 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/AccumulativeRunnable.class<br /> 673 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingPropertyChangeSupport$1.class<br /> 940 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingPropertyChangeSupport.class<br /> 925 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingWorker$1.class<br /> 901 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingWorker$2.class<br /> 801 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingWorker$3.class<br /> 1034 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingWorker$4.class<br /> 472 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingWorker$5.class<br /> 1230 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingWorker$6.class<br /> 1473 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingWorker$7.class<br /> 1516 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingWorker$DoSubmitAccumulativeRunnable.class<br /> 1038 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingWorker$StateValue.class<br /> 830 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingWorker$SwingWorkerPropertyChangeSupport$1.class<br /> 1064 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingWorker$SwingWorkerPropertyChangeSupport.class<br /> 5491 Fri Jul 25 15:51:50 PDT 2008 org/jdesktop/swingworker/SwingWorker.class</p>
<p>Wikipedia says that org.jdesktop.swingworker.SwingWorker is a backport of<br />SwingWorker to Java 1.5. Kepler requires Java 1.6, so this is no longer necessary.<br />See <a class="external" href="http://en.wikipedia.org/wiki/SwingWorker">http://en.wikipedia.org/wiki/SwingWorker</a> and<br /><a class="external" href="http://java.net/projects/swingworker/">http://java.net/projects/swingworker/</a></p>
<p>The reason to move towards javax.swing.SwingWorker is because it is now<br />the standard SwingWorker. Having a class with the same name but a different<br />set of methods will cause confusion. In addition, javax.swing.SwingWorker is<br />maintained, org.jdesktop.swingworker.SwingWorker is probably not maintained at<br />all or is not as well maintained.</p> Kepler - Bug #5664 (New): Check for duplicate codehttps://projects.ecoinformatics.org/ecoinfo/issues/56642012-08-07T00:01:51ZChristopher Brookscxh@eecs.berkeley.edu
<p>See bug <a class="issue tracker-1 status-3 priority-2 priority-default closed" title="Bug: Examine Kepler for duplicated Ptolemy code (Resolved)" href="https://projects.ecoinformatics.org/ecoinfo/issues/4926">#4926</a> for how to check for duplicate code.</p>
<p>This bug is targeted to 2.5.0 so that we don't forget to do it.</p> Kepler - Bug #5659 (Closed): Kepler CaseGraphFrame and CaseGraphTableau have duplicated Ptolemy c...https://projects.ecoinformatics.org/ecoinfo/issues/56592012-08-06T23:45:27ZChristopher Brookscxh@eecs.berkeley.edu
<p>./gui/src/org/kepler/gui/frame/CaseGraphFrame.java<br />FIXME: Refactor!<br /> Duplicate of ptolemy/src/ptolemy/vergil/modal/CaseGraphFrame.java<br /> The Kepler version extends the Kepler-specific MultiCompositeGraphFrame which extends KeplerGraphFrame</p>
<ol>
<li><br />./gui/src/org/kepler/gui/frame/CaseGraphTableau.java<br />FIXME: Refactor!<br /> Probably like CaseGraphFrame above.</li>
</ol> Kepler - Bug #5652 (New): Geon Scp and spa Ssh2Exec have duplicate code.https://projects.ecoinformatics.org/ecoinfo/issues/56522012-08-06T23:35:23ZChristopher Brookscxh@eecs.berkeley.edu
<p>Duplicate code detected with CPD. See</p>
<p>actors/src/org/geon/Scp.java line 295<br />actors/src/org/sdm/spa/Ssh2Exec.java line 361
# lines : 143</p> Kepler - Bug #5633 (Resolved): Actor/Attribute Search/Find Facility needs menu choiceshttps://projects.ecoinformatics.org/ecoinfo/issues/56332012-06-22T21:40:21ZChristopher Brookscxh@eecs.berkeley.edu
<p>Edward developed a search facility for models.<br />Under Mac OS X in the Kepler trunk, if the mouse is over the graph canvas,<br />then typing Command-F brings up a search dialog.</p>
<p>This dialog should be added to the Kepler menus.</p> Kepler - Bug #5020 (Resolved): 2.0-RC3 installer: R Kepler Module is not optionalhttps://projects.ecoinformatics.org/ecoinfo/issues/50202010-05-20T17:28:08ZChristopher Brookscxh@eecs.berkeley.edu
<p>When installing Kepler-2.0-RC3, I'm presented with<br />two choices:<br />Kepler<br />R Kepler Module</p>
<p>Both are required, I can't uncheck "R Kepler Module",<br />so why bother with this window?</p> Kepler - Bug #4281 (In Progress): ant update produces message about running svn cleanuphttps://projects.ecoinformatics.org/ecoinfo/issues/42812009-08-05T20:21:19ZChristopher Brookscxh@eecs.berkeley.edu
<p>Under Windows 2003 Server, running "ant update" produces a message<br />about a file being locked and suggesting running "svn cleanup".</p>
<p>If I do:</p>
<p>svn co <a class="external" href="https://code.kepler-project.org/code/kepler/trunk/modules/build-area">https://code.kepler-project.org/code/kepler/trunk/modules/build-area</a><br />cd build-area<br />ant change-to -Dsuite=kepler<br />ant update</p>
<p>Then I get:</p>
<p>[update-modules] Updating ptolemy-lib...<br />[update-modules] svn -r head update c:\tmp\cxh\src\kepler\ptolemy-lib <br />[update-modules] At revision 20190.<br />[update-modules] <br />[update-modules] svn -r head update c:\tmp\cxh\src\kepler\build-area <br />[update-modules] svn: Working copy 'c:\tmp\cxh\src\kepler\build-area' locked<br />[update-modules] svn: run 'svn cleanup' to remove locks (type 'svn help cleanup' for details)<br />[update-modules] <br />[update-modules] WARNING: It appears that the command did not execute properly and exited with an exit code of: 1</p>
<p>Running "ant cleanup" does not change the results.</p>
<p>This should probably be addressed before 2.0 as Windows users will find it<br />confusing.</p>
<p>I believe that the problem is likely that a file in build-area is being<br />changed and Windows is not able to deal with this.</p>
<p>I think this is a new failure, it may have started only in the last few weeks.</p> Kepler - Bug #3903 (New): Use Java logging utilities instead of Apache commons logging facilityhttps://projects.ecoinformatics.org/ecoinfo/issues/39032009-03-18T19:21:30ZChristopher Brookscxh@eecs.berkeley.edu
<p>ersonally, I'd like to switch to the logging utilities that<br />now ship with Java, see<br /><a class="external" href="http://java.sun.com/j2se/1.4.2/docs/guide/util/logging/">http://java.sun.com/j2se/1.4.2/docs/guide/util/logging/</a><br />The advantage is that it would be one less jar file to ship.<br />A quick search finds 144 files that use the apache logging facility.<br />Most of these changes could be handled automatically by a script.</p>
<p>Notes about the logging system can be found at<br /><a class="external" href="https://kepler-project.org/developers/reference/using-commons-logging">https://kepler-project.org/developers/reference/using-commons-logging</a></p> Kepler - Bug #2349 (New): Actors should have preconditions to test for long runshttps://projects.ecoinformatics.org/ecoinfo/issues/23492006-02-07T18:19:21ZChristopher Brookscxh@eecs.berkeley.edu
<p>It would be nice if there was an easy way to for a model to test for<br />trivial problems before getting far down a long run.</p>
<p>One idea would be to have such actors implement an interface that included a<br />method that the director would run.</p>
<p>We should think about why having actors do more testing in preinitialize()<br />will not work here. For example, if we have an FSM model, do all<br />the actors get preinitialize() called right away? What about the Case actor.</p>