You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@impala.apache.org by "Joe McDonnell (Code Review)" <ge...@cloudera.org> on 2023/04/14 22:42:57 UTC
[native-toolchain-CR] IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
Joe McDonnell has uploaded this change for review. ( http://gerrit.cloudera.org:8080/19748
Change subject: IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
......................................................................
IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
Zlib fixed CVE-2022-37434, an issue in inflateGetHeader() in 1.2.13.
This bumps the version of zlib to 1.2.13 to pick up this fix.
This also adds a build of Cloudflare zlib. Cloudflare zlib is a
drop-in replacement for the standard zlib library that has been
optimized to take advantage of SIMD and other processor support
on x86_64 and ARM. This adds a build of the latest Cloudflare zlib
as a new component. This version of Cloudflare zlib also contains
the fix for CVE-2022-37434.
Testing:
- Ran a native-toolchain build
Change-Id: I14137848ebbe82f42df6a97fd24f5cdba4f65d21
---
M buildall.sh
A source/cloudflarezlib/build.sh
2 files changed, 61 insertions(+), 3 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/native-toolchain refs/changes/48/19748/1
--
To view, visit http://gerrit.cloudera.org:8080/19748
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: native-toolchain
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I14137848ebbe82f42df6a97fd24f5cdba4f65d21
Gerrit-Change-Number: 19748
Gerrit-PatchSet: 1
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
[native-toolchain-CR] IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
Posted by "Joe McDonnell (Code Review)" <ge...@cloudera.org>.
Joe McDonnell has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/19748 )
Change subject: IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
......................................................................
IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
Zlib fixed CVE-2022-37434, an issue in inflateGetHeader() in 1.2.13.
This bumps the version of zlib to 1.2.13 to pick up this fix.
This also adds a build of Cloudflare zlib. Cloudflare zlib is a
drop-in replacement for the standard zlib library that has been
optimized to take advantage of SIMD and other processor support
on x86_64 and ARM. This adds a build of the latest Cloudflare zlib
as a new component. This version of Cloudflare zlib also contains
the fix for CVE-2022-37434.
Testing:
- Ran a native-toolchain build
Change-Id: I14137848ebbe82f42df6a97fd24f5cdba4f65d21
Reviewed-on: http://gerrit.cloudera.org:8080/19748
Reviewed-by: Michael Smith <mi...@cloudera.com>
Reviewed-by: Wenzhe Zhou <wz...@cloudera.com>
Tested-by: Joe McDonnell <jo...@cloudera.com>
---
M buildall.sh
A source/cloudflarezlib/build.sh
2 files changed, 61 insertions(+), 3 deletions(-)
Approvals:
Michael Smith: Looks good to me, but someone else must approve
Wenzhe Zhou: Looks good to me, approved
Joe McDonnell: Verified
--
To view, visit http://gerrit.cloudera.org:8080/19748
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: native-toolchain
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I14137848ebbe82f42df6a97fd24f5cdba4f65d21
Gerrit-Change-Number: 19748
Gerrit-PatchSet: 3
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
[native-toolchain-CR] IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
Posted by "Michael Smith (Code Review)" <ge...@cloudera.org>.
Michael Smith has posted comments on this change. ( http://gerrit.cloudera.org:8080/19748 )
Change subject: IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
......................................................................
Patch Set 1: Code-Review+1
(1 comment)
lgtm
http://gerrit.cloudera.org:8080/#/c/19748/1/source/cloudflarezlib/build.sh
File source/cloudflarezlib/build.sh:
http://gerrit.cloudera.org:8080/#/c/19748/1/source/cloudflarezlib/build.sh@28
PS1, Line 28: CLOUDFLARE_ZLIB_GITHUB_URL=https://github.com/cloudflare/zlib.git
License looks unchanged from original zlib.
--
To view, visit http://gerrit.cloudera.org:8080/19748
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: native-toolchain
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I14137848ebbe82f42df6a97fd24f5cdba4f65d21
Gerrit-Change-Number: 19748
Gerrit-PatchSet: 1
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Comment-Date: Fri, 14 Apr 2023 22:55:17 +0000
Gerrit-HasComments: Yes
[native-toolchain-CR] IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
Posted by "Joe McDonnell (Code Review)" <ge...@cloudera.org>.
Joe McDonnell has posted comments on this change. ( http://gerrit.cloudera.org:8080/19748 )
Change subject: IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
......................................................................
Patch Set 2: Verified+1
--
To view, visit http://gerrit.cloudera.org:8080/19748
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: native-toolchain
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I14137848ebbe82f42df6a97fd24f5cdba4f65d21
Gerrit-Change-Number: 19748
Gerrit-PatchSet: 2
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Wed, 19 Apr 2023 21:49:57 +0000
Gerrit-HasComments: No
[native-toolchain-CR] IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
Posted by "Joe McDonnell (Code Review)" <ge...@cloudera.org>.
Hello Michael Smith,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/19748
to look at the new patch set (#2).
Change subject: IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
......................................................................
IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
Zlib fixed CVE-2022-37434, an issue in inflateGetHeader() in 1.2.13.
This bumps the version of zlib to 1.2.13 to pick up this fix.
This also adds a build of Cloudflare zlib. Cloudflare zlib is a
drop-in replacement for the standard zlib library that has been
optimized to take advantage of SIMD and other processor support
on x86_64 and ARM. This adds a build of the latest Cloudflare zlib
as a new component. This version of Cloudflare zlib also contains
the fix for CVE-2022-37434.
Testing:
- Ran a native-toolchain build
Change-Id: I14137848ebbe82f42df6a97fd24f5cdba4f65d21
---
M buildall.sh
A source/cloudflarezlib/build.sh
2 files changed, 61 insertions(+), 3 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/native-toolchain refs/changes/48/19748/2
--
To view, visit http://gerrit.cloudera.org:8080/19748
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: native-toolchain
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I14137848ebbe82f42df6a97fd24f5cdba4f65d21
Gerrit-Change-Number: 19748
Gerrit-PatchSet: 2
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
[native-toolchain-CR] IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
Posted by "Wenzhe Zhou (Code Review)" <ge...@cloudera.org>.
Wenzhe Zhou has posted comments on this change. ( http://gerrit.cloudera.org:8080/19748 )
Change subject: IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
......................................................................
Patch Set 2: Code-Review+2
carry +1 from Michael
--
To view, visit http://gerrit.cloudera.org:8080/19748
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: native-toolchain
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I14137848ebbe82f42df6a97fd24f5cdba4f65d21
Gerrit-Change-Number: 19748
Gerrit-PatchSet: 2
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Tue, 18 Apr 2023 17:19:13 +0000
Gerrit-HasComments: No
[native-toolchain-CR] IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
Posted by "Joe McDonnell (Code Review)" <ge...@cloudera.org>.
Joe McDonnell has posted comments on this change. ( http://gerrit.cloudera.org:8080/19748 )
Change subject: IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
......................................................................
Patch Set 2:
The corresponding Impala change is over here: https://gerrit.cloudera.org/#/c/19760/
It passed GVO and performance is the same, so these changes are looking ok (including the whole stack above this point as well).
I will be merging these and creating a new toolchain build to use for the Impala change.
--
To view, visit http://gerrit.cloudera.org:8080/19748
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: native-toolchain
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I14137848ebbe82f42df6a97fd24f5cdba4f65d21
Gerrit-Change-Number: 19748
Gerrit-PatchSet: 2
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Wed, 19 Apr 2023 16:44:35 +0000
Gerrit-HasComments: No
[native-toolchain-CR] IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
Posted by "Michael Smith (Code Review)" <ge...@cloudera.org>.
Michael Smith has posted comments on this change. ( http://gerrit.cloudera.org:8080/19748 )
Change subject: IMPALA-11603, IMPALA-12063: Address CVE in zlib by upgrading to 1.2.13
......................................................................
Patch Set 2: Code-Review+1
--
To view, visit http://gerrit.cloudera.org:8080/19748
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: native-toolchain
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I14137848ebbe82f42df6a97fd24f5cdba4f65d21
Gerrit-Change-Number: 19748
Gerrit-PatchSet: 2
Gerrit-Owner: Joe McDonnell <jo...@cloudera.com>
Gerrit-Reviewer: Michael Smith <mi...@cloudera.com>
Gerrit-Comment-Date: Mon, 17 Apr 2023 18:37:39 +0000
Gerrit-HasComments: No