I would lean towards backporting the fix too but I am not familiar with the go ecosystem and this PR contains a bunch of version bumps, unsure if those are required for the fix or were just added to the PR and if those are a problem for go users of the existing 7.0.0 version?
On Fri, Jul 15, 2022 at 11:58 PM Sutou Kouhei <k...@clear-code.com> wrote: > Hi, > > It seems that this is related to > https://github.com/apache/arrow/pull/12303 . > Should we backport this too? > > Thanks, > -- > kou > > In <cahm19a4wwtwtdmbjxqk+_vuvjvmzyun1bpjgi2jnro-shk6...@mail.gmail.com> > "Re: [VOTE] Release Apache Arrow 7.0.1 - RC0" on Fri, 15 Jul 2022 > 15:55:35 +0200, > Krisztián Szűcs <szucs.kriszt...@gmail.com> wrote: > > > +0 > > > > I'm getting the same error with go version 1.18.1 darwin/arm64 but it > > works with go version 1.16.12. > > > > On Fri, Jul 15, 2022 at 12:09 PM Jacob Wujciak > > <ja...@voltrondata.com.invalid> wrote: > >> > >> +0 I got the following repeatable error in arrow/array on manjaro > 21.3.2. > >> Full log at [1] > >> > >> └ Found go version go1.18.3 linux/amd64 at /usr/bin/go > >> /tmp/arrow-7.0.1.DuPzW/apache-arrow-7.0.1/go/arrow > >> /tmp/arrow-7.0.1.DuPzW/apache-arrow-7.0.1 ~/verify-rc/arrow > >> ok github.com/apache/arrow/go/v7/arrow 0.017s > >> unexpected fault address 0xb60cc0 > >> fatal error: fault > >> [signal SIGSEGV: segmentation violation code=0x2 addr=0xb60cc0 > pc=0x4118e3] > >> [...] > >> FAIL github.com/apache/arrow/go/v7/arrow/array 0.538s > >> > >> [1]: https://pastebin.com/yPjSCbg3 > >> > >> On Fri, Jul 15, 2022 at 10:37 AM Raul Cumplido Dominguez > >> <r...@voltrondata.com.invalid> wrote: > >> > >> > +1, verified on ubuntu 22.04 > >> > > >> > On Fri, Jul 15, 2022 at 2:59 AM Yibo Cai <yibo....@arm.com> wrote: > >> > > >> > > +1, verified on arm64 > >> > > > >> > > -----Original Message----- > >> > > From: Sutou Kouhei <k...@clear-code.com> > >> > > Sent: Friday, July 15, 2022 5:11 AM > >> > > To: dev@arrow.apache.org > >> > > Subject: [VOTE] Release Apache Arrow 7.0.1 - RC0 > >> > > > >> > > Hi, > >> > > > >> > > I would like to propose the following release candidate > >> > > (RC0) of Apache Arrow version 7.0.1. This is a release consisting > of 1 > >> > > resolved JIRA issues[1]. > >> > > > >> > > This is one of releases[2] that focus on a Go related security > >> > > vulnerability[3]. We don't publish binary artifacts of this release > >> > because > >> > > we don't have Go related binaries. > >> > > > >> > > This release candidate is based on commit: > >> > > 072ae55dc8172bb1a898fda5d5a83ec063b05a6d [4] > >> > > > >> > > The source release rc0 is hosted at [5]. > >> > > The changelog is located at [6]. > >> > > > >> > > Please download, verify checksums and signatures, run the unit > tests, and > >> > > vote on the release. See [7] for how to validate a release > candidate. But > >> > > you need to verify only Go related tests because this release > candidate > >> > > only includes a change for Go. So we can use the following command > line: > >> > > > >> > > TEST_DEFAULT=0 TEST_GO=1 dev/release/verify-release-candidate.sh > >> > 7.0.1 > >> > > 0 > >> > > > >> > > The vote will be open for at least 72 hours. > >> > > > >> > > [ ] +1 Release this as Apache Arrow 7.0.1 [ ] +0 [ ] -1 Do not > release > >> > > this as Apache Arrow 7.0.1 because... > >> > > > >> > > [1]: > >> > > > >> > > https://issues.apache.org/jira/issues/?jql=project%20%3D%20ARROW%20AND%20status%20in%20%28Resolved%2C%20Closed%29%20AND%20fixVersion%20%3D%207.0.1 > >> > > [2] > https://lists.apache.org/thread/qkkzpvmxc0coqhdkc1qoygwy6h4v5sgn > >> > > [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28948 > >> > > [4]: > >> > > > >> > > https://github.com/apache/arrow/tree/072ae55dc8172bb1a898fda5d5a83ec063b05a6d > >> > > [5]: > https://dist.apache.org/repos/dist/dev/arrow/apache-arrow-7.0.1-rc0 > >> > > [6]: > >> > > > >> > > https://github.com/apache/arrow/blob/072ae55dc8172bb1a898fda5d5a83ec063b05a6d/CHANGELOG.md > >> > > [7]: > >> > > > >> > > https://cwiki.apache.org/confluence/display/ARROW/How+to+Verify+Release+Candidates > >> > > IMPORTANT NOTICE: The contents of this email and any attachments are > >> > > confidential and may also be privileged. If you are not the intended > >> > > recipient, please notify the sender immediately and do not disclose > the > >> > > contents to any other person, use it for any purpose, or store or > copy > >> > the > >> > > information in any medium. Thank you. > >> > > > >> > >
