Skip to content

Upgrade contrib/orc to 2.1.2#81335

Closed
harishisnow wants to merge 5 commits intoClickHouse:masterfrom
harishisnow:upgrade_orc_2.1.2
Closed

Upgrade contrib/orc to 2.1.2#81335
harishisnow wants to merge 5 commits intoClickHouse:masterfrom
harishisnow:upgrade_orc_2.1.2

Conversation

@harishisnow
Copy link
Copy Markdown
Contributor

@harishisnow harishisnow commented Jun 5, 2025
edited
Loading

Changelog category (leave one):

  • Bug Fix (user-visible misbehavior in an official stable release)

Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):

  1. The ClickHouse/contrib/orc should be updated from version 2.1.0 to 2.1.2 to remediate the CVE: CVE-2025-47436.
  2. orc version 2.1.2 does NOT have the proto directory and hence a dummy orc_proto.proto file had to be created in the contrib/arrow-cmake directory.
  3. In orc 2.1.2, a unique_ptr was expected while creating the orc::SearchArgument object as compared to the shared_ptr for older orc 2.1.0

Documentation entry for user-facing changes

  • Documentation is written (mandatory for new features)
  1. The ClickHouse/contrib/orc should be updated from version 2.1.0 to 2.1.2 to remediate the CVE: CVE-2025-47436.
  2. orc version 2.1.2 does NOT have the proto directory and hence a dummy orc_proto.proto file had to be created in the contrib/arrow-cmake directory.
  3. In orc 2.1.2, a unique_ptr was expected while creating the orc::SearchArgument object as compared to the shared_ptr for older orc 2.1.0

@rschu1ze rschu1ze added the can be tested Allows running workflows for external contributors label Jun 5, 2025
@clickhouse-gh
Copy link
Copy Markdown
Contributor

clickhouse-gh bot commented Jun 5, 2025

Workflow [PR], commit [6c1c1f8]

@clickhouse-gh clickhouse-gh bot added pr-bugfix Pull request with bugfix, not backported by default submodule changed At least one submodule changed in this PR. labels Jun 5, 2025
@thevar1able
Copy link
Copy Markdown
Member

thevar1able commented Jun 6, 2025

cc @larryluogit

@thevar1able thevar1able self-assigned this Jun 6, 2025
@thevar1able thevar1able mentioned this pull request Jun 6, 2025
Merged
@thevar1able thevar1able closed this Jun 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@thevar1able thevar1able

Labels

can be tested Allows running workflows for external contributors pr-bugfix Pull request with bugfix, not backported by default submodule changed At least one submodule changed in this PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@harishisnow @thevar1able @rschu1ze