This is an automated email from the ASF dual-hosted git repository. joemcdonnell pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/impala.git
commit b4920295ac7ceef3921e879c247f29c584c14b24 Author: Joe McDonnell <[email protected]> AuthorDate: Mon Apr 17 15:01:22 2023 -0700 IMPALA-12063: Upgrade zlib to 1.2.13 This bumps the toolchain version to get zlib 1.2.13, which contains the fix for CVE-2022-37434. This toolchain incorporates several changes to clean up the native-toolchain and remove unnecessary component builds. As part of this, OpenSSL is no longer built in the toolchain, so this stops downloading it. This changes the build to require OpenSSL 1.0.2 or higher. This doesn't impact anything, because all supported platforms already used OpenSSL 1.0.2 or higher. See IMPALA-12064. Testing: - perf-AB-test shows no change in performance for ORC with deflate - GVO passes Change-Id: I96efc947534cda8d15d4f440cd6851d397b6562d Reviewed-on: http://gerrit.cloudera.org:8080/19760 Reviewed-by: Wenzhe Zhou <[email protected]> Tested-by: Impala Public Jenkins <[email protected]> --- CMakeLists.txt | 18 +++--------------- bin/bootstrap_toolchain.py | 2 +- bin/impala-config.sh | 8 ++------ 3 files changed, 6 insertions(+), 22 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 2bfc50f5d..b7c7a65cd 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -203,21 +203,9 @@ include_directories(SYSTEM ${Boost_INCLUDE_DIRS}) message(STATUS "Boost include dir: " ${Boost_INCLUDE_DIRS}) message(STATUS "Boost libraries: ${Boost_LIBRARIES}") -# If at all possible, try to link with system OpenSSL in an attempt to match what the -# platform that this build might ultimately be deployed on. If no suitable OpenSSL is -# found, use the toolchain version - but beware that Impala will then fail to start if -# deployed on a system with a lower version. -find_package(OpenSSL 1.0.1 QUIET) -if (NOT ${OPENSSL_FOUND}) - set_dep_root(OPENSSL) - set(OPENSSL_FOUND ON) - set(OPENSSL_INCLUDE_DIR ${OPENSSL_ROOT}/include) - set(OPENSSL_SSL_LIBRARY ${OPENSSL_ROOT}/lib/libssl.so) - set(OPENSSL_CRYPTO_LIBRARY ${OPENSSL_ROOT}/lib/libcrypto.so) - set(OPENSSL_VERSION $ENV{IMPALA_OPENSSL_VERSION}) - message(STATUS "System OpenSSL not found. Defaulting to toolchain version in" - " ${OPENSSL_ROOT_DIR}") -endif() +# Use OpenSSL from the system, because that is the closest match to the version that this +# build will use when it is deployed. +find_package(OpenSSL 1.0.2 REQUIRED) # OpenSSL, being a security dependency, is always dynamically linked. IMPALA_ADD_THIRDPARTY_LIB(openssl_ssl ${OPENSSL_INCLUDE_DIR} "" ${OPENSSL_SSL_LIBRARY}) diff --git a/bin/bootstrap_toolchain.py b/bin/bootstrap_toolchain.py index 097484822..eb95eaf4a 100755 --- a/bin/bootstrap_toolchain.py +++ b/bin/bootstrap_toolchain.py @@ -492,7 +492,7 @@ def get_toolchain_downloads(): toolchain_packages += map(ToolchainPackage, ["avro", "binutils", "boost", "breakpad", "bzip2", "calloncehack", "cctz", "cmake", "crcutil", "curl", "flatbuffers", "gdb", "gflags", "glog", "gperftools", "gtest", - "jwt-cpp", "libev", "libunwind", "lz4", "openldap", "openssl", "orc", "protobuf", + "jwt-cpp", "libev", "libunwind", "lz4", "openldap", "orc", "protobuf", "python", "rapidjson", "re2", "snappy", "tpc-h", "tpc-ds", "zlib", "zstd"]) python3_package = ToolchainPackage( "python", explicit_version=os.environ.get("IMPALA_PYTHON3_VERSION")) diff --git a/bin/impala-config.sh b/bin/impala-config.sh index cd280198e..558989c4c 100755 --- a/bin/impala-config.sh +++ b/bin/impala-config.sh @@ -81,7 +81,7 @@ export USE_APACHE_HIVE=${USE_APACHE_HIVE-false} # moving to a different build of the toolchain, e.g. when a version is bumped or a # compile option is changed. The build id can be found in the output of the toolchain # build jobs, it is constructed from the build number and toolchain git hash prefix. -export IMPALA_TOOLCHAIN_BUILD_ID=258-821f1d91bd +export IMPALA_TOOLCHAIN_BUILD_ID=268-f2a9999487 # Versions of toolchain dependencies. # ----------------------------------- export IMPALA_AVRO_VERSION=1.7.4-p5 @@ -147,8 +147,6 @@ export IMPALA_ZSTD_VERSION=1.5.2 unset IMPALA_ZSTD_URL export IMPALA_OPENLDAP_VERSION=2.4.47 unset IMPALA_OPENLDAP_URL -export IMPALA_OPENSSL_VERSION=1.0.2l -unset IMPALA_OPENSSL_URL export IMPALA_ORC_VERSION=1.7.0-p14 unset IMPALA_ORC_URL export IMPALA_PROTOBUF_VERSION=3.14.0 @@ -173,7 +171,7 @@ export IMPALA_TPC_DS_VERSION=2.1.0-p1 unset IMPALA_TPC_DS_URL export IMPALA_TPC_H_VERSION=2.17.0 unset IMPALA_TPC_H_URL -export IMPALA_ZLIB_VERSION=1.2.12 +export IMPALA_ZLIB_VERSION=1.2.13 unset IMPALA_ZLIB_URL export IMPALA_CALLONCEHACK_VERSION=1.0.0 unset IMPALA_CALLONCEHACK_URL @@ -206,8 +204,6 @@ if [[ $OSTYPE == "darwin"* ]]; then unset IMPALA_CYRUS_SASL_URL IMPALA_GPERFTOOLS_VERSION=2.3 unset IMPALA_GPERFTOOLS_URL - IMPALA_OPENSSL_VERSION=1.0.1p - unset IMPALA_OPENSSL_URL fi : ${IMPALA_TOOLCHAIN_HOST:=native-toolchain.s3.amazonaws.com}
