Package: clickhouse Version: 18.16.1+ds-7.2 Severity: normal Tags: patch pending
Dear maintainer, I've prepared an NMU for clickhouse (versioned as 18.16.1+ds-7.3) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Regards.
diff -Nru clickhouse-18.16.1+ds/debian/changelog clickhouse-18.16.1+ds/debian/changelog --- clickhouse-18.16.1+ds/debian/changelog 2020-12-03 20:45:03.000000000 +0100 +++ clickhouse-18.16.1+ds/debian/changelog 2022-10-31 13:03:08.000000000 +0100 @@ -1,3 +1,31 @@ +clickhouse (18.16.1+ds-7.3) unstable; urgency=medium + + * Non maintainer upload. + * Fixing FTBFS with newer gcc. (Closes: #996130) + - New patch fix-996130.patch to add missing include. + * Fix FTBFS with OpenSSL3.0: Change DH params to 512 bits. (Closes: #995660) + * Fixing other FTBFS issues: + - New patch ftbfs_capn_version_check.patch, fixing version range as a class + was only supplied in a limit version range of the library. + - New patch fix-gtest-missing-include.patch. + - Skip test_unit_tests_dbms, it hangs… See #1023145. + - Fix testsuite invocation on archs where a test is disabled. + (Closes: #1023136) + - Skip test 00700_decimal_math fails. Seems to be a rounding error. See + #1023141. + - Skip test 00047_stored_aggregates_complex. Seems another rounding issue. + - Test "with_server" hangs also on arm64. Do not execute it there. + * Fix CVE-2021-42387, CVE-2021-42388, CVE-2021-43304, CVE-2021-43305 + (Closes: #1008216) + * Add patch dont-fail-setrlimit.patch, avoid failing when server tries to + increases core dump size if not explictly configured. (Closes: #1023138) + * New patch 0000-cmake-ignore-git-submodules.patch to avoid FTBFS when + working from the packaging git repo. (Closes: #1023137) + * Add patch picked from upstream to limit compiled expression cache size. + (Closes: #956415) + + -- Tobias Frost <[email protected]> Mon, 31 Oct 2022 13:03:08 +0100 + clickhouse (18.16.1+ds-7.2) unstable; urgency=medium [Balint Reczey] diff -Nru clickhouse-18.16.1+ds/debian/patches/0000-cmake-ignore-git-submodules.patch clickhouse-18.16.1+ds/debian/patches/0000-cmake-ignore-git-submodules.patch --- clickhouse-18.16.1+ds/debian/patches/0000-cmake-ignore-git-submodules.patch 1970-01-01 01:00:00.000000000 +0100 +++ clickhouse-18.16.1+ds/debian/patches/0000-cmake-ignore-git-submodules.patch 2022-10-30 16:51:45.000000000 +0100 @@ -0,0 +1,26 @@ +Description: Make CMakeLists.txt ignoring git submodules. + The embedded boost is removed, so CMake will fail believing that stuff is missing. +Author: Tobias Frost <[email protected]> +Forwarded: not-needed, Debian specific. +Reviewed-by: <name and email of a reviewer, optional> +Last-Update: 2022-10-29 <YYYY-MM-DD, last update of the meta-information, optional> +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -17,10 +17,11 @@ + message (WARNING "You are using an unsupported compiler. Compilation has only been tested with Clang 5+ and GCC 7+.") + endif () + +-# Check that submodules are present only if source was downloaded with git +-if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/.git" AND NOT EXISTS "${ClickHouse_SOURCE_DIR}/contrib/boost/boost") +- message (FATAL_ERROR "Submodules are not initialized. Run\n\tgit submodule update --init --recursive") +-endif () ++# Interferes when bulding Debian package from git repository. ++## Check that submodules are present only if source was downloaded with git ++#if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/.git" AND NOT EXISTS "${ClickHouse_SOURCE_DIR}/contrib/boost/boost") ++# message (FATAL_ERROR "Submodules are not initialized. Run\n\tgit submodule update --init --recursive") ++#endif () + + # Write compile_commands.json + set(CMAKE_EXPORT_COMPILE_COMMANDS 1) diff -Nru clickhouse-18.16.1+ds/debian/patches/CVE-2021-4238x-and-4330x.patch clickhouse-18.16.1+ds/debian/patches/CVE-2021-4238x-and-4330x.patch --- clickhouse-18.16.1+ds/debian/patches/CVE-2021-4238x-and-4330x.patch 1970-01-01 01:00:00.000000000 +0100 +++ clickhouse-18.16.1+ds/debian/patches/CVE-2021-4238x-and-4330x.patch 2022-10-31 09:36:00.000000000 +0100 @@ -0,0 +1,134 @@ +Description: Fix for CVE-2021-42387, CVE-2021-42388, CVE-2021-43304, CVE-2021-43305 + Cherry pick relevant parts from upstream PR, adapted to version in Debian. +Origin: https://github.com/ClickHouse/ClickHouse/pull/27136 +Bug-Debian: https://bugs.debian.org/1008216 +Forwarded: no +Applied-Upstream: yes, https://github.com/ClickHouse/ClickHouse/pull/27136 +Last-Update: 2022-10-30 <YYYY-MM-DD, last update of the meta-information, optional> +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/dbms/src/IO/LZ4_decompress_faster.cpp ++++ b/dbms/src/IO/LZ4_decompress_faster.cpp +@@ -342,13 +342,16 @@ + + + template <size_t copy_amount, bool use_shuffle> +-void NO_INLINE decompressImpl( ++bool NO_INLINE decompressImpl( + const char * const source, + char * const dest, ++ size_t source_size, + size_t dest_size) + { + const UInt8 * ip = (UInt8 *)source; + UInt8 * op = (UInt8 *)dest; ++ const UInt8 * const input_end = ip + source_size; ++ UInt8 * const output_begin = op; + UInt8 * const output_end = op + dest_size; + + while (1) +@@ -387,13 +390,19 @@ + /// output: xyzHello, w + /// ^-op (we will overwrite excessive bytes on next iteration) + +- wildCopy<copy_amount>(op, ip, copy_end); /// Here we can write up to copy_amount - 1 bytes after buffer. ++ { ++ auto * target = std::min(copy_end, output_end); ++ wildCopy<copy_amount>(op, ip, target); /// Here we can write up to copy_amount - 1 bytes after buffer. ++ ++ if (target == output_end) ++ return true; ++ } + + ip += length; + op = copy_end; + +- if (copy_end >= output_end) +- return; ++ if (unlikely(ip > input_end)) ++ return false; + + /// Get match offset. + +@@ -401,6 +410,9 @@ + ip += 2; + const UInt8 * match = op - offset; + ++ if (unlikely(match < output_begin)) ++ return false; ++ + /// Get match length. + + length = token & 0x0F; +@@ -441,7 +453,10 @@ + + copy<copy_amount>(op, match); /// copy_amount + copy_amount - 1 - 4 * 2 bytes after buffer. + if (length > copy_amount * 2) +- wildCopy<copy_amount>(op + copy_amount, match + copy_amount, copy_end); ++ { ++ auto * target = std::min(copy_end, output_end); ++ wildCopy<copy_amount>(op + copy_amount, match + copy_amount, target); ++ } + + op = copy_end; + } +@@ -450,7 +465,7 @@ + } + + +-void decompress( ++bool decompress( + const char * const source, + char * const dest, + size_t source_size, +@@ -458,7 +473,7 @@ + PerformanceStatistics & statistics [[maybe_unused]]) + { + if (source_size == 0 || dest_size == 0) +- return; ++ return true; + + /// Don't run timer if the block is too small. + if (dest_size >= 32768) +@@ -468,23 +483,26 @@ + /// Run the selected method and measure time. + + Stopwatch watch; ++ bool success = true; + + if (best_variant == 0) +- decompressImpl<16, true>(source, dest, dest_size); ++ success = decompressImpl<16, true>(source, dest, source_size, dest_size); + if (best_variant == 1) +- decompressImpl<16, false>(source, dest, dest_size); ++ success = decompressImpl<16, false>(source, dest, source_size, dest_size); + if (best_variant == 2) +- decompressImpl<8, true>(source, dest, dest_size); ++ success = decompressImpl<8, true>(source, dest, source_size, dest_size); + + watch.stop(); + + /// Update performance statistics. + + statistics.data[best_variant].update(watch.elapsedSeconds(), dest_size); ++ ++ return success; + } + else + { +- decompressImpl<8, false>(source, dest, dest_size); ++ return decompressImpl<8, false>(source, dest, source_size, dest_size); + } + } + +--- a/dbms/src/IO/LZ4_decompress_faster.h ++++ b/dbms/src/IO/LZ4_decompress_faster.h +@@ -128,7 +128,7 @@ + + /** This method dispatch to one of different implementations depending on performance statistics. + */ +-void decompress( ++bool decompress( + const char * const source, + char * const dest, + size_t source_size, diff -Nru clickhouse-18.16.1+ds/debian/patches/dont-fail-setrlimit.patch clickhouse-18.16.1+ds/debian/patches/dont-fail-setrlimit.patch --- clickhouse-18.16.1+ds/debian/patches/dont-fail-setrlimit.patch 1970-01-01 01:00:00.000000000 +0100 +++ clickhouse-18.16.1+ds/debian/patches/dont-fail-setrlimit.patch 2022-10-31 07:25:45.000000000 +0100 @@ -0,0 +1,36 @@ +Description: Do not fail setrlimit if core dump size is not configured + If coresize is not configured, clickhouse tries to set max core size to 1GiB. + However, if core size limit is lower already, this syscall will fail due to + insufficient permissions. (see setrlimit). + This patch will only try to apply the 1GiB default if the current limit is + greater. + It will still fail if the user has configured something setrlimit is not + allowed to set. +Author: Tobias Frost <[email protected]> +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023138 +Forwarded: no +Last-Update: 2022-10-31 <YYYY-MM-DD, last update of the meta-information, optional> +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/libs/libdaemon/src/BaseDaemon.cpp ++++ b/libs/libdaemon/src/BaseDaemon.cpp +@@ -905,9 +905,17 @@ + if (getrlimit(RLIMIT_CORE, &rlim)) + throw Poco::Exception("Cannot getrlimit"); + /// 1 GiB by default. If more - it writes to disk too long. +- rlim.rlim_cur = config().getUInt64("core_dump.size_limit", 1024 * 1024 * 1024); ++ auto wanted = config().getUInt64("core_dump.size_limit", 0); ++ if(!wanted) { ++ // configuration is not present -- default to 1 GiB, but only if current rlimits allows it. ++ wanted = std::min(1024*1024*1024, rlim.rlim_cur); ++ wanted = std::min(wanted, rlim.rlim_max); ++ } + +- if (setrlimit(RLIMIT_CORE, &rlim)) ++ auto orig = rlim.rlim_cur; ++ rlim.rlim_cur = wanted; ++ ++ if (orig != wanted && setrlimit(RLIMIT_CORE, &rlim)) + { + std::string message = "Cannot set max size of core file to " + std::to_string(rlim.rlim_cur); + #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) && !defined(MEMORY_SANITIZER) && !defined(SANITIZER) && !defined(__APPLE__) diff -Nru clickhouse-18.16.1+ds/debian/patches/fix-995660-FTBFS-OpenSSL3.patch clickhouse-18.16.1+ds/debian/patches/fix-995660-FTBFS-OpenSSL3.patch --- clickhouse-18.16.1+ds/debian/patches/fix-995660-FTBFS-OpenSSL3.patch 1970-01-01 01:00:00.000000000 +0100 +++ clickhouse-18.16.1+ds/debian/patches/fix-995660-FTBFS-OpenSSL3.patch 2022-10-30 11:33:50.000000000 +0100 @@ -0,0 +1,22 @@ +Description: Fix FTBFS with OpenSSL 3.0 + DH parameters needs to be minimum 512 bits. Test suite tries to generate 256 + bits, so it fails. The patch changes this to 512. Thanks Kurt for the analyis + in the Debian bug report. +Author: Tobias Frost <[email protected]> +Bug-Debian: https://bugs.debian.org/995660 +Forwarded: no +Reviewed-by: <name and email of a reviewer, optional> +Last-Update: 2022-10-29 <YYYY-MM-DD, last update of the meta-information, optional> +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/dbms/tests/clickhouse-test-server ++++ b/dbms/tests/clickhouse-test-server +@@ -69,7 +69,7 @@ + PRIVATEKEY=`$CLICKHOUSE_EXTRACT_CONFIG --key=openSSL.server.privateKeyFile` + CERT=`$CLICKHOUSE_EXTRACT_CONFIG --key=openSSL.server.certificateFile` + # Do not generate in case broken extract-config +-[ -n "$DHPARAM" ] && openssl dhparam -out $DHPARAM 256 ++[ -n "$DHPARAM" ] && openssl dhparam -out $DHPARAM 512 + [ -n "$PRIVATEKEY" ] && [ -n "$CERT" ] && openssl req -subj "/CN=localhost" -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout $PRIVATEKEY -out $CERT + + if [ "$TEST_GDB" ] || [ "$GDB" ]; then diff -Nru clickhouse-18.16.1+ds/debian/patches/fix-996130.patch clickhouse-18.16.1+ds/debian/patches/fix-996130.patch --- clickhouse-18.16.1+ds/debian/patches/fix-996130.patch 1970-01-01 01:00:00.000000000 +0100 +++ clickhouse-18.16.1+ds/debian/patches/fix-996130.patch 2022-10-30 11:32:59.000000000 +0100 @@ -0,0 +1,10 @@ +--- a/dbms/src/IO/copyData.cpp ++++ b/dbms/src/IO/copyData.cpp +@@ -3,6 +3,7 @@ + #include <IO/WriteBuffer.h> + #include <IO/copyData.h> + ++#include <limits> + + namespace DB + { diff -Nru clickhouse-18.16.1+ds/debian/patches/fix-gtest-missing-include.patch clickhouse-18.16.1+ds/debian/patches/fix-gtest-missing-include.patch --- clickhouse-18.16.1+ds/debian/patches/fix-gtest-missing-include.patch 1970-01-01 01:00:00.000000000 +0100 +++ clickhouse-18.16.1+ds/debian/patches/fix-gtest-missing-include.patch 2022-10-30 11:32:59.000000000 +0100 @@ -0,0 +1,16 @@ +Description: Missing include to <thread> in test suite. +Author: Tobias Frost <[email protected]> +Forwarded: no (unclear if still needed, upstream is way ahead of Debian.) +Last-Update: 2022-10-29 <YYYY-MM-DD, last update of the meta-information, optional> +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/dbms/src/Common/ZooKeeper/tests/gtest_zkutil_test_multi_exception.cpp ++++ b/dbms/src/Common/ZooKeeper/tests/gtest_zkutil_test_multi_exception.cpp +@@ -4,6 +4,7 @@ + #include <Common/StringUtils/StringUtils.h> + #include <iostream> + #include <chrono> ++#include <thread> + + #pragma GCC diagnostic ignored "-Wsign-compare" + #ifdef __clang__ diff -Nru clickhouse-18.16.1+ds/debian/patches/ftbfs_capn_version_check.patch clickhouse-18.16.1+ds/debian/patches/ftbfs_capn_version_check.patch --- clickhouse-18.16.1+ds/debian/patches/ftbfs_capn_version_check.patch 1970-01-01 01:00:00.000000000 +0100 +++ clickhouse-18.16.1+ds/debian/patches/ftbfs_capn_version_check.patch 2022-10-30 11:32:59.000000000 +0100 @@ -0,0 +1,24 @@ +Description: Fix capnproto version check for capnp::UnalignedFlatArrayMessageReader + capnp::UnalignedFlatArrayMessageReader was introduced in + capnproto/capnproto@3aa2b2a + (which is a part of 0.7.0 release). Unfortunately, + capnp::UnalignedFlatArrayMessageReader was removed in + capnproto/capnproto@3f0fee6 + (which is a part of 0.8.0 release) + So change CAPNP_VERSION check accordingly. +Origin: https://github.com/ClickHouse/ClickHouse/pull/10618 +Bug: https://github.com/ClickHouse/ClickHouse/pull/10618 +Applied-Upstream: https://github.com/ClickHouse/ClickHouse/commit/3289f8972100f69344906e5b92d3e739eed3d523 +Reviewed-by: Tobias Frost <[email protected]> +Last-Update: 2022-10-29 <YYYY-MM-DD, last update of the meta-information, optional> +--- a/dbms/src/Formats/CapnProtoRowInputStream.cpp ++++ b/dbms/src/Formats/CapnProtoRowInputStream.cpp +@@ -222,7 +222,7 @@ + } + + +-#if CAPNP_VERSION >= 8000 ++#if CAPNP_VERSION >= 7000 && CAPNP_VERSION < 8000 + capnp::UnalignedFlatArrayMessageReader msg(array); + #else + capnp::FlatArrayMessageReader msg(array); diff -Nru clickhouse-18.16.1+ds/debian/patches/limit-compiled-expressions-cache-size-956415.patch clickhouse-18.16.1+ds/debian/patches/limit-compiled-expressions-cache-size-956415.patch --- clickhouse-18.16.1+ds/debian/patches/limit-compiled-expressions-cache-size-956415.patch 1970-01-01 01:00:00.000000000 +0100 +++ clickhouse-18.16.1+ds/debian/patches/limit-compiled-expressions-cache-size-956415.patch 2022-10-31 09:56:00.000000000 +0100 @@ -0,0 +1,21 @@ +Description: Limit default compiled expressions cache size. + Default it is unbound and leads to OOM eventually. +Origin: https://github.com/ClickHouse/ClickHouse/pull/4041 +Bug: https://github.com/ClickHouse/ClickHouse/issues/9945 +Bug-Debian: https://bugs.debian.org/956415 +Applied-Upstream: https://github.com/ClickHouse/ClickHouse/pull/4041/commits/0ba1db8b2715d07ae6dd5360757ddffdb0a701da +Reviewed-by: <name and email of a reviewer, optional> +Last-Update: 2022-10-31 <YYYY-MM-DD, last update of the meta-information, optional> +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/dbms/programs/server/Server.cpp ++++ b/dbms/programs/server/Server.cpp +@@ -365,7 +365,7 @@ + global_context->setMarkCache(mark_cache_size); + + #if USE_EMBEDDED_COMPILER +- size_t compiled_expression_cache_size = config().getUInt64("compiled_expression_cache_size", std::numeric_limits<UInt64>::max()); ++ size_t compiled_expression_cache_size = config().getUInt64("compiled_expression_cache_size", 500); + if (compiled_expression_cache_size) + global_context->setCompiledExpressionCache(compiled_expression_cache_size); + #endif diff -Nru clickhouse-18.16.1+ds/debian/patches/series clickhouse-18.16.1+ds/debian/patches/series --- clickhouse-18.16.1+ds/debian/patches/series 2020-12-03 20:45:03.000000000 +0100 +++ clickhouse-18.16.1+ds/debian/patches/series 2022-10-31 09:51:13.000000000 +0100 @@ -1,3 +1,4 @@ +0000-cmake-ignore-git-submodules.patch 0001-Enable-link-time-optimization-flto.patch 0002-Remove-non-determinism.patch 0003-Fix-FTBFS-with-gcc-because-of-Wno-format.patch @@ -19,3 +20,10 @@ python3.patch gcc10-ftbfs.patch dont-redefine-numeric-limits-for-int128.patch +fix-996130.patch +ftbfs_capn_version_check.patch +fix-gtest-missing-include.patch +fix-995660-FTBFS-OpenSSL3.patch +dont-fail-setrlimit.patch +CVE-2021-4238x-and-4330x.patch +limit-compiled-expressions-cache-size-956415.patch diff -Nru clickhouse-18.16.1+ds/debian/rules clickhouse-18.16.1+ds/debian/rules --- clickhouse-18.16.1+ds/debian/rules 2020-12-03 20:45:03.000000000 +0100 +++ clickhouse-18.16.1+ds/debian/rules 2022-10-31 08:35:22.000000000 +0100 @@ -27,6 +27,14 @@ SKIP_TESTS+=00047 endif +#likely rounding problem. See Bug#1023141 +SKIP_TESTS+=00700_decimal_math + +# another rounding problem, apparently… but only on arm64. See Bug#1023141 +ifeq ($(DEB_HOST_ARCH),arm64) + SKIP_TESTS+=00047_stored_aggregates_complex +endif + # # LP: #1840511 cleanup # @@ -55,8 +63,18 @@ endif #exclude with_server test on archs other than listed ones -ifeq (,$(filter $(DEB_HOST_ARCH),amd64 arm64 ppc64el)) - TEST_ARGS+="-E with_server" +# test_unit_tests_dbms hangs. See Bug#1023145 +ifeq (,$(filter $(DEB_HOST_ARCH),amd64 ppc64el)) + TEST_ARGS+=-E '(with_server|test_unit_tests_dbms)' +else + TEST_ARGS+=-E 'test_unit_tests_dbms' +endif + +ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + TEST_ARGS+=--parallel $(NUMJOBS) -VV +else + TEST_ARGS+=--parallel $(nproc) -VV endif CMAKE_FLAGS = -DUNBUNDLED=1 -DUSE_STATIC_LIBRARIES=0 USE_UNWIND=0 -DCLICKHOUSE_SPLIT_BINARY=1 -DVERSION_DESCRIBE=$(shell dpkg-parsechangelog -S Version) @@ -73,5 +91,5 @@ override_dh_auto_test: ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) - dh_auto_test -- ARGS+=$(TEST_ARGS) + (cd obj-* ; ctest ARGS+=$(TEST_ARGS) ) endif diff -Nru clickhouse-18.16.1+ds/debian/salsa-ci.yml clickhouse-18.16.1+ds/debian/salsa-ci.yml --- clickhouse-18.16.1+ds/debian/salsa-ci.yml 1970-01-01 01:00:00.000000000 +0100 +++ clickhouse-18.16.1+ds/debian/salsa-ci.yml 2022-10-30 11:45:46.000000000 +0100 @@ -0,0 +1,7 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml +variables: + DEB_BUILD_OPTIONS: "noddebs optimize=-lto nocheck" + SALSA_CI_DISABLE_BUILD_PACKAGE_I386: "1" +
signature.asc
Description: PGP signature

