Changelog for
libhdf5_hl_1_12_2-gnu-openmpi4-hpc-1.12.2-5.3.i586.rpm :
* Mon Feb 13 2023 Egbert Eich
- Fix CVE-2021-37501 - overflow in calculation of data buffer due to bogus input file (bsc#1207973). https://github.com/HDFGroup/hdf5/issues/2458 https://github.com/HDFGroup/hdf5/pull/2459 Check-for-overflow-when-calculating-on-disk-attribute-data-size-2459.patch Remove-duplicate-code.patch
* Tue Nov 15 2022 Atri Bhattacharya - Add to specfile missing patch: Fix-error-message-not-the-name-but-the-link-information-is-parsed.patch
* Sat Oct 15 2022 Egbert Eich - Fix CVEs:
* CVE-2021-46244 (bsc#1195215) Compound-datatypes-may-not-have-members-of-size-0.patch
* CVE-2018-13867 (bsc#1101906) Validate-location-offset-of-the-accumulated-metadata-when-comparing.patch
* CVE-2018-16438 (bsc#1107069) Make-sure-info-block-for-external-links-has-at-least-3-bytes.patch
* CVE-2020-10812 (bsc#1167400) Hot-fix-for-CVE-2020-10812.patch
* CVE-2021-45830 (bsc#1194375) H5O_fsinfo_decode-Make-more-resilient-to-out-of-bounds-read.patch
* CVE-2019-8396 (bsc#1125882) H5O__pline_decode-Make-more-resilient-to-out-of-bounds-read.patch
* CVE-2018-11205 (bsc#1093663) Pass-compact-chunk-size-info-to-ensure-requested-elements-are-within-bounds.patch
* CVE-2021-46242 (bsc#1195212) When-evicting-driver-info-block-NULL-the-corresponding-entry.patch
* CVE-2021-45833 (bsc#1194366) Report-error-if-dimensions-of-chunked-storage-in-data-layout-2.patch
* CVE-2018-14031 (bsc#1101475) H5O_dtype_decode_helper-Parent-of-enum-needs-to-have-same-size-as-enum-itself.patch
* CVE-2018-17439 (bsc#1111598) H5IMget_image_info-H5Sget_simple_extent_dims-does-not-exceed-array-size.patch- Fix an error message: Fix-error-message-not-the-name-but-the-link-information-is-parsed.patch
* Wed Sep 21 2022 Stefan Brüns - Remove timestamp/buildhost/kernel version from libhdf5.settings (boo#1209548).
* Wed Jul 27 2022 Atri Bhattacharya - Update to version 1.12.2: See .- Minor re-base of existing patches to apply cleanly:
* hdf5-LD_LIBRARY_PATH.patch
* hdf5-1.8.11-abort_unknown_host_config.patch
* hdf5-Remove-timestamps-from-binaries.patch
* hdf5-mpi.patch
* Disable-phdf5-tests.patch- Drop upstreamed patch: hdf5-1.10.8-pr1494-fix-release-check-version.patch.
* Wed May 04 2022 Egbert Eich - Security Fix: Add configure option --disable-hltools to disable GIF tools as recommended in the 1.10.8 release: CVE-2018-17433 (bsc#1109565), CVE-2018-17436 (bsc#1109568), CVE-2020-10809 (bsc#1167404).
* Thu Apr 07 2022 Christoph Junghans - add hdf5-wrappers.patch from Fedora, so strip flags from wrappers and prefer shared linking- add missing zlib-devel devel dep
* Thu Mar 31 2022 Ben Greiner - Add hdf5-1.10.8-pr1494-fix-release-check-version.patch
* boo#1179521, boo#1196682, gh#HDFGroup/hdf5#1494
* Avoids package crashes due to an overeager version check. Packages depending on the shared libraries are not being rebuilt in Factory after a patchlevel version bump of hdf5 without SONAME changes.
* Wed Feb 16 2022 Atri Bhattacharya - Update to version 1.10.8:
* Added new option to control the build of High-Level tools
* Adds C++ Autotools configuration file for Intel
* Adds C++ Autotools configuration file for PGI
* Updates PGI C options
* CMake will now run the shell script tests in test/ by default
* Removed unused HDF5_ENABLE_HSIZET option from CMake
* CMake no longer builds the C++ library by default
* Removal of pre-VS2015 work-arounds
* Add CMake variable HDF5_LIB_INFIX
* Added a configure-time option to control certain compiler warnings
* CMake option to build the HDF filter plugins project as an external project
* Added a configure-time option to consider certain compiler warnings
* Autotools and CMake target added to produce doxygen generated documentation
* CMake option to build the HDF filter plugins project as an external project
* Added CMake option to format source files
* Change how the release part of version, in major.minor.release is checked
* H5Gcreate1() now rejects size_hint parameters larger than UINT32_MAX
* H5Pset_fapl_log() no longer crashes when passed an invalid fapl ID
* Fixes a segfault when H5Pset_mdc_log_options() is called multiple times
* File locking now works on Windows
* H5Epush_ret() now requires a trailing semicolon
* Improved performance of H5Sget_select_elem_pointlist
* H5Fget_name_f fixed to handle correctly trailing whitespaces and newly allocated buffers.
* Added new H5S functions.
* Refactored the perform tools and removed dependencies on test library.
* h5repack added help text for user-defined filters.
* Doxygen documentation is available when configured and generated.
* Fixed CVE-2018-17432 (bsc#1109564)
* Fixed a segmentation fault
* Detection of simple data transform function \"x\"
* Fixed CVE-2020-10810 - an invalid read and memory leak when parsing (bsc#1167401)
* Fixed CVE-2018-14460 (bsc#1102175)
* Fixed CVE-2018-11206 (bsc#1093657) (same issue as CVE-2018-14032 (bsc#1101474))
* Fixed CVE-2018-14033 (bsc#1101471) (same issue as CVE-2020-10811 (bsc#1167405))
* Remove underscores on header file guards
* H5FArray.java class: - Convert the entire byte array into a 1-d array of the desired type, rather than performing 1 conversion per row; - Use the Java Arrays method copyOfRange to grab the section of the array from (1) that is desired to be inserted into the destination array.
* Corrected path searched by CMake find_package command
* Corrected pkg-config compile script
* Fixed CMake C++ compiler flags
* Autotools clang debug optimization level change
* Better support for libaec (open-source Szip library) in CMake
* Refactor CMake configure for Fortran
* Remove arbitrary warning flag groups from CMake builds
* Reclassify CMake messages, to allow new modes and --log-level option
* Fixes Autotools determination of the stat struct having an st_blocks field
* Changed how h5dump and h5ls identify long double.
* Fixed tools argument parsing.
* Updated doxygen comments with changes for release- Minor rebase of patches to apply cleanly.
* Fri Jan 29 2021 Egbert Eich - Fix update_so_version.sh, write so versions to file being included.
* Fri Nov 06 2020 Ana Guerrero Lopez - Update to version 1.10.7
* Add metadata cache optimization to reduce skip list usage.
* Add BEST_EFFORT value to HDF5_USE_FILE_LOCKING environment variable.
* Add H5Pset/get_file_locking() API calls.
* Add Mirror VFD. Use TCP/IP sockets to perform write-only (W/O) file I/O on a remote machine. Must be used in conjunction with the Splitter VFD.
* Add Splitter VFD. Maintain separate R/W and W/O channels for \"concurrent\" file writes to two files using a single HDF5 file handle.
* Fixed an assertion failure in the parallel library when collectively filling chunks.
* Fortran/C++ libs: Add wrappers for H5Pset/get_file_locking() API calls. h5pget_file_locking_f() h5pset_file_locking_f()
* Added new Fortran parameters: H5F_LIBVER_ERROR_F H5F_LIBVER_NBOUNDS_F H5F_LIBVER_V18_F H5F_LIBVER_V110_F
* Add new Fortran API: h5pget_libver_bounds_f.
* h5repack added options to control how external links are handled.
* The tools library was updated by standardizing the error stack process.
* The H5DSis_scale function was updated to return \"not a dimension scale\" (0) instead of failing (-1), when CLASS or DIMENSION_SCALE attributes are not written according to Dimension Scales Specification.
* Bug Fixes: + Fix bug and simplify collective metadata write operation when some ranks have no entries to contribute. This fixes parallel regression test failures with IBM SpectrumScale MPI on the Summit system at ORNL. + Fixed use-of-uninitialized-value error. Appropriate initialization of local structs was added to remove the use-of-uninitialized-value errors reported by MemorySanitizer. + Creation of dataset with optional filter. A fix is applied to allow the creation of a dataset in such situation, as specified in the user documentation. + Explicitly declared dlopen to use RTLD_LOCAL. + H5Sset_extent_none() sets the dataspace class to H5S_NO_CLASS which causes asserts/errors when passed to other dataspace API calls. + Fixed the segmentation fault when reading attributes with multiple threads The problem was fixed by setting the file pointer to the current opened file pointer when the attribute was accessed. Similar patch up was done before when reading dataset with variable length string datatype. + Don\'t allocate an empty (0-dimensioned) chunked dataset\'s chunk index, until the dataset\'s dimensions are increased. + Fortan: Corrected INTERFACE INTENT(IN) to INTENT(OUT) for buf_size in h5fget_file_image_f. + h5diff fixed a command line parsing error. + h5diff added a command line option to ignore attributes. + h5diff added another level to the verbose argument to print filenames. + h5repack was fixed to repack the reference attributes properly.
* For details check: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.7/src/hdf5-1.10.7-RELEASE.txt- version 1.10.6
* Added S3 and HDFS Virtual File Drivers (VFDs) to HDF5. Instructions to enable them when configuring HDF5 on Linux and Mac may be found at. https://portal.hdfgroup.org/display/HDF5/Virtual+File+Drivers+-+S3+and+HDFS.
* Added new wrappers for H5Pset/get_create_intermediate_group() LinkCreatPropList::setCreateIntermediateGroup() LinkCreatPropList::getCreateIntermediateGroup()
* h5repack was fixed to repack datasets with external storage to other types of storage.
* Bug Fixes: + Improved performance when creating a large number of small datasets by retrieving default property values from the API context instead of doing skip list searches. More work is required to achieve parity with HDF5 1.8. + Fixed user-created data access properties not existing in the property list returned by H5Dget_access_plist. Thanks to Steven Varga for submitting a reproducer and a patch. + Inappropriate linking with deprecated MPI C++ libraries. HDF5 does not define
*_SKIP_MPICXX in the public headers, so applications can inadvertently wind up linking to the deprecated MPI C++ wrappers. MPICH_SKIP_MPICXX and OMPI_SKIP_MPICXX have both been defined in H5public.h so this should no longer be an issue. HDF5 makes no use of the deprecated MPI C++ wrappers. + fcntl(2)-based file locking incorrectly passed the lock argument struct instead of a pointer to the struct, causing errors on systems where flock(2) is not available. This bug affects HDF5 1.10.0 through 1.10.5. fcntl(2)-based file locking now correctly passes the struct pointer. + Fixed a bug caused by a bad tag value when condensing object header messages. + Fixed an issue when creating a file with non-default file space info together with library high bound setting to H5F_LIBVER_V18. This was fixed by setting and checking the proper version in the file space info message based on the library low and high bounds when creating and opening the HDF5 file. + Fixed an issue where copying a version 1.8 dataset between files using H5Ocopy fails due to an incompatible fill version. + Fixed a bug that would cause an error or cause fill values to be incorrectly read from a chunked dataset using the \"single chunk\" index if + Fixed a bug that could cause an error or cause fill values to be incorrectly read from a dataset that was written to using H5Dwrite_chunk if the dataset was not closed after writing. + Fixed memory leak in scale offset filter.
* For details check: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.6/src/hdf5-1.10.6-RELEASE.txt- Security bugs fixed:
* CVE-2018-13870: heap-based buffer over-read in the function H5O_link_decode in H5Olink.c (bsc#1101493)
* CVE-2018-13869: memcpy parameter overlap in the function H5O_link_decode in H5Olink.c (bsc#1101495)
* CVE-2018-17438: A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 (bsc#1109570) library during an attempted parse of a crafted HDF file, because of incorrect protection against division (bsc#1109570)
* CVE-2018-17435: A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. (bsc#1109567)- Refresh patches
* Thu Jul 23 2020 Egbert Eich - Add build support for gcc10 to HPC build (bsc#1174439).
* Mon Jul 20 2020 Egbert Eich - Add missing openmpi4 flavors.- Enable build of non-HPC flavors for all non-HPC builds.
* Wed Jun 24 2020 Alin M Elena - add openmpi4 packages to build and disable build for leap
* Fri Apr 17 2020 Egbert Eich - Fix .so number in baselibs.conf for libhdf5_fortran libs (boo#1169793).
* Thu Apr 02 2020 Egbert Eich - Fix library link flags on pkg-config file for HPC builds (boo#1134298).
* Mon Jan 20 2020 Stefan Brüns - Remove bogus undefines of suffix and mpi_flavor. suffix is the name of an RPM built-in (like expand or echo), and since RPM 4.15 trying to alter a built-in is an error. Fixes built of serial flavor on Tumbleweed. See https://rpm.org/user_doc/macros.html