You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@orc.apache.org by om...@apache.org on 2018/05/17 22:11:38 UTC
orc git commit: Added CVE and upgrade jekyll.
Repository: orc
Updated Branches:
refs/heads/master 5afe60ef5 -> fe7e280a6
Added CVE and upgrade jekyll.
Signed-off-by: Owen O'Malley <om...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/orc/repo
Commit: http://git-wip-us.apache.org/repos/asf/orc/commit/fe7e280a
Tree: http://git-wip-us.apache.org/repos/asf/orc/tree/fe7e280a
Diff: http://git-wip-us.apache.org/repos/asf/orc/diff/fe7e280a
Branch: refs/heads/master
Commit: fe7e280a6e97e2d82c3e602a4f28f917d9413a39
Parents: 5afe60e
Author: Owen O'Malley <om...@apache.org>
Authored: Thu May 17 15:10:47 2018 -0700
Committer: Owen O'Malley <om...@apache.org>
Committed: Thu May 17 15:11:28 2018 -0700
----------------------------------------------------------------------
site/Gemfile | 4 ++--
site/_data/releases.yml | 31 ++++++++++++++++---------------
site/_includes/known_issues.md | 4 ++++
site/security/index.md | 2 +-
site/specification/index.md | 6 +++---
5 files changed, 26 insertions(+), 21 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/orc/blob/fe7e280a/site/Gemfile
----------------------------------------------------------------------
diff --git a/site/Gemfile b/site/Gemfile
index 24ffad2..75b085c 100644
--- a/site/Gemfile
+++ b/site/Gemfile
@@ -1,4 +1,4 @@
source 'https://rubygems.org'
-gem 'github-pages'
+gem 'github-pages', '~> 185'
gem 'rouge'
-gem 'jekyll', "~> 2.4.0"
+gem 'jekyll', "~> 3.7"
http://git-wip-us.apache.org/repos/asf/orc/blob/fe7e280a/site/_data/releases.yml
----------------------------------------------------------------------
diff --git a/site/_data/releases.yml b/site/_data/releases.yml
index 1d5a2e4..e0a3dd7 100644
--- a/site/_data/releases.yml
+++ b/site/_data/releases.yml
@@ -24,6 +24,7 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: 0310d6ed20d95b7c27de79bea9cf08a152565c64fd7f95b61877b2b2b2774d83
known-issues:
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
1.4.2:
date: 2018-01-23
@@ -32,6 +33,7 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: 4c32e30a2b93953c287fb6879894bec20c59c79617e5a8a103a76d8dd2a5ee89
known-issues:
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
ORC-40: Predicate push down is not implemented in C++.
1.4.1:
@@ -41,6 +43,7 @@
signed-by: Prasanth Jayachandran (65C468A3)
sha256: bf9f107c61ecd6a9f08f439ad6a3870fbabbfeb1b68d9430b1258e5df03a5bb2
known-issues:
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
ORC-40: Predicate push down is not implemented in C++.
1.4.0:
@@ -50,7 +53,7 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: 0f96b2096dd053b6e7559472c7eff8061f8e4459f914adf6c81c3d1eb83d3b0f
known-issues:
- ORC-40: Predicate push down is not implemented in C++.
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
1.3.4:
date: 2017-10-16
@@ -59,7 +62,7 @@
signed-by: Prasanth Jayachandran (65C468A3)
sha256: 55269430aea7b825e9bd67a75d41c808dd649bda962c6a040ef9137ddfe993c0
known-issues:
- ORC-40: Predicate push down is not implemented in C++.
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
1.3.3:
date: 2017-02-21
@@ -68,7 +71,7 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: 48cf9f47ab13f4baeb1770d8f773ae69712ce1c3a1010b2515dfcc22c5b6acf9
known-issues:
- ORC-40: Predicate push down is not implemented in C++.
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
1.3.2:
date: 2017-02-13
@@ -77,7 +80,7 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: 929b70f63e2caf3e1566911c72fac23209319e76631c3cd072117cb195e473a0
known-issues:
- ORC-40: Predicate push down is not implemented in C++.
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
1.3.1:
date: 2017-02-03
@@ -86,7 +89,7 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: d16c55f20f9fe217b7f206420447635647f2ff24dd9ac61b68af556aac5cc131
known-issues:
- ORC-40: Predicate push down is not implemented in C++.
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
1.3.0:
@@ -96,7 +99,6 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: d19a5b5cc1df5797e4595ba76b52a3bc5481fba3ca9fcc437e073b002970aebb
known-issues:
- ORC-40: Predicate push down is not implemented in C++.
ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
1.2.3:
@@ -106,7 +108,7 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: a86a335052553bc51f30d80f4f3b5bc70cb99f77430d062c73e8ffe00ab15562
known-issues:
- ORC-40: Predicate push down is not implemented in C++.
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
1.2.2:
@@ -116,7 +118,7 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: 6aa87390f0f03c436d9be6973414ed310b78b7fcc5072fe78a25251a1f547083
known-issues:
- ORC-40: Predicate push down is not implemented in C++.
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
1.2.1:
@@ -126,7 +128,7 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: 793bcc0419574fba727e4587fee282642ce1dd5b8fca580cb3c4ec06f2dba001
known-issues:
- ORC-40: Predicate push down is not implemented in C++.
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
1.2.0:
@@ -136,7 +138,7 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: 5c394c7ed3a31d20726ded55ed9c5a0eeff1bd5b85b1cb2ee6c3c1a94560578c
known-issues:
- ORC-40: Predicate push down is not implemented in C++.
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
ORC-101: Bloom filters for string and decimal use inconsistent encoding
ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
@@ -147,8 +149,8 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: 5d14df7d48126dd846cc9688e71462703ccaa66354fa247017c0aa0a354a4770
known-issues:
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
HIVE-14214: Schema evolution and predicate pushdown don't work together.
- ORC-40: Predicate push down is not implemented in C++.
ORC-101: Bloom filters for string and decimal use inconsistent encoding
ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
@@ -159,8 +161,8 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: 19292a1848672c9c6dca4ccb8cb1173bffbe1c43e78663b4b9656ecf439a52c6
known-issues:
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
HIVE-14214: Schema evolution and predicate pushdown don't work together.
- ORC-40: Predicate push down is not implemented in C++.
ORC-101: Bloom filters for string and decimal use inconsistent encoding
ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
@@ -171,8 +173,8 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: 8beea2be064baf37fcd5d2cc56bf002a48e19edb238a1502418b7368dcc8587c
known-issues:
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
HIVE-14214: Schema evolution and predicate pushdown don't work together.
- ORC-40: Predicate push down is not implemented in C++.
ORC-101: Bloom filters for string and decimal use inconsistent encoding
ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
@@ -183,6 +185,5 @@
signed-by: Owen O’Malley (3D0C92B9)
sha256: 8ad5111f0ca3b72fd4e3d539e51fc8df204c43bc4469a8e79f951519b728303e
known-issues:
- ORC-1: We are still working on moving the Java reader and writer out of Hive’s code base and thus it is not included here.
+ CVE-2018-8015: ORC files with malformed types cause stack overflow.
ORC-10: When moving ORC files between timezones, different daylight savings rules will cause timestamps to shift in the C++ reader.
- ORC-40: Predicate push down is not implemented in C++.
http://git-wip-us.apache.org/repos/asf/orc/blob/fe7e280a/site/_includes/known_issues.md
----------------------------------------------------------------------
diff --git a/site/_includes/known_issues.md b/site/_includes/known_issues.md
index be2a994..77f3238 100644
--- a/site/_includes/known_issues.md
+++ b/site/_includes/known_issues.md
@@ -7,5 +7,9 @@ Parameters:
Known issues:
{% for issue in site.data.releases[releaseName]["known-issues"] %}
+ {% if issue[0] | slice: 0, 4 == "CVE-" %}
+- [{{issue[0]}}]({{site.url}}/security/{{issue[0]}}) {{issue[1]}}
+ {% else %}
- [{{issue[0]}}]({{site.jira}}/{{issue[0]}}) {{issue[1]}}
+ {% endif %}
{% endfor %}
http://git-wip-us.apache.org/repos/asf/orc/blob/fe7e280a/site/security/index.md
----------------------------------------------------------------------
diff --git a/site/security/index.md b/site/security/index.md
index cecbb85..69d94ae 100644
--- a/site/security/index.md
+++ b/site/security/index.md
@@ -42,4 +42,4 @@ An overview of the vulnerability handling process is:
## Fixed CVEs
-None.
\ No newline at end of file
+* [CVE-2018-8015](CVE-2018-8015) - ORC files with malformed types cause stack overflow.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/orc/blob/fe7e280a/site/specification/index.md
----------------------------------------------------------------------
diff --git a/site/specification/index.md b/site/specification/index.md
index 29782d4..4cf9400 100644
--- a/site/specification/index.md
+++ b/site/specification/index.md
@@ -5,8 +5,8 @@ title: ORC Specification
There have been two released ORC file versions:
-* [ORC v0](ORCv0.html) was released in Hive 0.11.
-* [ORC v1](ORCv1.html) was released in Hive 0.12 and ORC 1.x.
+* [ORC v0](ORCv0) was released in Hive 0.11.
+* [ORC v1](ORCv1) was released in Hive 0.12 and ORC 1.x.
Each version of the library will detect the format version and use
the appropriate reader. The library can also write the older versions
@@ -15,4 +15,4 @@ clusters can read correctly.
We are working on a new version of the file format:
-* [ORC v2](ORCv2.html) is a work in progress and is rapidly evolving.
+* [ORC v2](ORCv2) is a work in progress and is rapidly evolving.