From f7f6dfb4d4e5ca9208dfcde1f62d9ff79ee1e79ba5dd4004009b8bb76dbd6b9f Mon Sep 17 00:00:00 2001 From: Ana Guerrero Date: Sat, 14 Nov 2020 11:11:35 +0000 Subject: [PATCH] Accepting request 848496 from home:anag:branches:science - Update to version 1.10.7 * https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.6/src/hdf5-1.10.6-RELEASE.txt * https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.7/src/hdf5-1.10.7-RELEASE.txt - Security bugs fixed: * CVE-2018-13870: heap-based buffer over-read in the function H5O_link_decode in H5Olink.c (bsc#1101493) * CVE-2018-13869: memcpy parameter overlap in the function H5O_link_decode in H5Olink.c (bsc#1101495) * CVE-2018-17438: A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division (bsc#1109570) * CVE-2018-17435: A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. (bsc#1109567) - Refresh patches - Security bugs fixed: * CVE-2018-17233: A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper. (bsc#1109166) * CVE-2018-17434: Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167) * CVE-2018-17437: A SIGFPE signal is raised in the function H5D__chunk_set_info_real. (bsc#1109168) - Security bugs fixed: * CVE-2017-17505: NULL pointer dereference in the function H5O_pline_decode allowing for DoS via crafted file (bsc#1072087) * CVE-2017-17506: Out of bounds read in the function OBS-URL: https://build.opensuse.org/request/show/848496 OBS-URL: https://build.opensuse.org/package/show/science/hdf5?expand=0&rev=139 --- Disable-phdf5-tests.patch | 8 ++-- PPC64LE-Fix-long-double-handling.patch | 16 +++---- hdf5-1.10.5.tar.bz2 | 3 -- hdf5-1.10.7.tar.bz2 | 3 ++ hdf5-1.8.11-abort_unknown_host_config.patch | 4 +- hdf5-LD_LIBRARY_PATH.patch | 10 ++--- hdf5-Remove-timestamps-from-binaries.patch | 8 ++-- hdf5.changes | 50 ++++++++++++++++++++- hdf5.spec | 29 +++++------- 9 files changed, 85 insertions(+), 46 deletions(-) delete mode 100644 hdf5-1.10.5.tar.bz2 create mode 100644 hdf5-1.10.7.tar.bz2 diff --git a/Disable-phdf5-tests.patch b/Disable-phdf5-tests.patch index f55d46f..5ad73ca 100644 --- a/Disable-phdf5-tests.patch +++ b/Disable-phdf5-tests.patch @@ -12,12 +12,12 @@ Index: hdf5-1.10.5/testpar/CMakeTests.cmake =================================================================== --- hdf5-1.10.5.orig/testpar/CMakeTests.cmake +++ hdf5-1.10.5/testpar/CMakeTests.cmake -@@ -30,7 +30,7 @@ set (SKIP_testphdf5 "") - # set (SKIP_testphdf5 "${SKIP_testphdf5};-x;ecdsetw") - #endif () +@@ -43,7 +43,7 @@ + set (SKIP_testphdf5 "${SKIP_testphdf5};-x;${skiptest}") + endforeach () -add_test (NAME MPI_TEST_testphdf5 COMMAND ${MPIEXEC_EXECUTABLE} ${MPIEXEC_NUMPROC_FLAG} ${MPIEXEC_MAX_NUMPROCS} ${MPIEXEC_PREFLAGS} $ ${MPIEXEC_POSTFLAGS} ${SKIP_testphdf5}) -+## add_test (NAME MPI_TEST_testphdf5 COMMAND ${MPIEXEC_EXECUTABLE} ${MPIEXEC_NUMPROC_FLAG} ${MPIEXEC_MAX_NUMPROCS} ${MPIEXEC_PREFLAGS} $ ${MPIEXEC_POSTFLAGS} ${SKIP_testphdf5}) ++##add_test (NAME MPI_TEST_testphdf5 COMMAND ${MPIEXEC_EXECUTABLE} ${MPIEXEC_NUMPROC_FLAG} ${MPIEXEC_MAX_NUMPROCS} ${MPIEXEC_PREFLAGS} $ ${MPIEXEC_POSTFLAGS} ${SKIP_testphdf5}) set_tests_properties (MPI_TEST_testphdf5 PROPERTIES FIXTURES_REQUIRED par_clear_testphdf5 ENVIRONMENT "HDF5_ALARM_SECONDS=3600;srcdir=${HDF5_TEST_PAR_BINARY_DIR}" diff --git a/PPC64LE-Fix-long-double-handling.patch b/PPC64LE-Fix-long-double-handling.patch index 87d0c7e..2643893 100644 --- a/PPC64LE-Fix-long-double-handling.patch +++ b/PPC64LE-Fix-long-double-handling.patch @@ -11,10 +11,10 @@ Signed-off-by: Egbert Eich hdf5-1.10.1/test/dt_arith.c | 26 ++++++++++++++++++++++++-- 2 files changed, 40 insertions(+), 2 deletions(-) -Index: hdf5-1.10.5/config/cmake/ConversionTests.c +Index: hdf5-1.10.7/config/cmake/ConversionTests.c =================================================================== ---- hdf5-1.10.5.orig/config/cmake/ConversionTests.c -+++ hdf5-1.10.5/config/cmake/ConversionTests.c +--- hdf5-1.10.7.orig/config/cmake/ConversionTests.c ++++ hdf5-1.10.7/config/cmake/ConversionTests.c @@ -34,6 +34,14 @@ int HDF_NO_UBSAN main(void) unsigned char s2[8]; int ret = 1; @@ -45,11 +45,11 @@ Index: hdf5-1.10.5/config/cmake/ConversionTests.c if(sizeof(long double) == 16) { /*make sure the long double type is the same as the failing type *which has 16 bytes in size and 11 bits of exponent. If it is, -Index: hdf5-1.10.5/test/dt_arith.c +Index: hdf5-1.10.7/test/dt_arith.c =================================================================== ---- hdf5-1.10.5.orig/test/dt_arith.c -+++ hdf5-1.10.5/test/dt_arith.c -@@ -3051,7 +3051,18 @@ test_conv_flt_1 (const char *name, int r +--- hdf5-1.10.7.orig/test/dt_arith.c ++++ hdf5-1.10.7/test/dt_arith.c +@@ -3045,7 +3045,18 @@ test_conv_flt_1 (const char *name, int r buf, saved, nelmts); #if H5_SIZEOF_LONG_DOUBLE!=H5_SIZEOF_DOUBLE && H5_SIZEOF_LONG_DOUBLE!=0 } else if(src_type == FLT_LDOUBLE) { @@ -69,7 +69,7 @@ Index: hdf5-1.10.5/test/dt_arith.c buf, saved, nelmts); #endif } else -@@ -3711,7 +3722,18 @@ test_conv_int_fp(const char *name, int r +@@ -3705,7 +3716,18 @@ test_conv_int_fp(const char *name, int r INIT_FP_DENORM(long double, LDBL_MANT_DIG, src_size, src_nbits, sendian, dst_size, buf, saved, nelmts); } else { diff --git a/hdf5-1.10.5.tar.bz2 b/hdf5-1.10.5.tar.bz2 deleted file mode 100644 index 321b1a8..0000000 --- a/hdf5-1.10.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:68d6ea8843d2a106ec6a7828564c1689c7a85714a35d8efafa2fee20ca366f44 -size 8706317 diff --git a/hdf5-1.10.7.tar.bz2 b/hdf5-1.10.7.tar.bz2 new file mode 100644 index 0000000..bc0978d --- /dev/null +++ b/hdf5-1.10.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:02018fac7e5efc496d9539a303cfb41924a5dadffab05df9812096e273efa55e +size 8957844 diff --git a/hdf5-1.8.11-abort_unknown_host_config.patch b/hdf5-1.8.11-abort_unknown_host_config.patch index e8a65c0..7fa33eb 100644 --- a/hdf5-1.8.11-abort_unknown_host_config.patch +++ b/hdf5-1.8.11-abort_unknown_host_config.patch @@ -2,7 +2,7 @@ Index: configure =================================================================== --- configure.orig +++ configure -@@ -4097,6 +4097,8 @@ done +@@ -4160,6 +4160,8 @@ done if test "X$host_config" != "Xnone"; then CC_BASENAME="`echo $CC | cut -f1 -d' ' | xargs basename 2>/dev/null`" . $host_config @@ -15,7 +15,7 @@ Index: configure.ac =================================================================== --- configure.ac.orig +++ configure.ac -@@ -263,6 +263,8 @@ done +@@ -271,6 +271,8 @@ done if test "X$host_config" != "Xnone"; then CC_BASENAME="`echo $CC | cut -f1 -d' ' | xargs basename 2>/dev/null`" . $host_config diff --git a/hdf5-LD_LIBRARY_PATH.patch b/hdf5-LD_LIBRARY_PATH.patch index f1515fe..92e3bcd 100644 --- a/hdf5-LD_LIBRARY_PATH.patch +++ b/hdf5-LD_LIBRARY_PATH.patch @@ -1,8 +1,8 @@ -Index: hdf5-1.10.5/src/Makefile.in +Index: hdf5-1.10.7/src/Makefile.in =================================================================== ---- hdf5-1.10.5.orig/src/Makefile.in -+++ hdf5-1.10.5/src/Makefile.in -@@ -1873,8 +1873,6 @@ help: +--- hdf5-1.10.7.orig/src/Makefile.in ++++ hdf5-1.10.7/src/Makefile.in +@@ -1941,8 +1941,6 @@ help: # Remove the generated .c file if errors occur unless HDF5_Make_Ignore # is set to ignore the error. H5Tinit.c: H5detect$(EXEEXT) @@ -11,7 +11,7 @@ Index: hdf5-1.10.5/src/Makefile.in $(RUNSERIAL) ./H5detect$(EXEEXT) > $@ || \ (test $$HDF5_Make_Ignore && echo "*** Error ignored") || \ ($(RM) $@ ; exit 1) -@@ -1885,8 +1883,6 @@ H5Tinit.c: H5detect$(EXEEXT) +@@ -1953,8 +1951,6 @@ H5Tinit.c: H5detect$(EXEEXT) # Remove the generated .c file if errors occur unless HDF5_Make_Ignore # is set to ignore the error. H5lib_settings.c: H5make_libsettings$(EXEEXT) libhdf5.settings diff --git a/hdf5-Remove-timestamps-from-binaries.patch b/hdf5-Remove-timestamps-from-binaries.patch index 9f8b70a..125ee35 100644 --- a/hdf5-Remove-timestamps-from-binaries.patch +++ b/hdf5-Remove-timestamps-from-binaries.patch @@ -10,11 +10,11 @@ Signed-off-by: Egbert Eich --- src/H5detect.c | 15 --------------- 1 file changed, 15 deletions(-) -Index: hdf5-1.10.5/src/H5detect.c +Index: hdf5-1.10.7/src/H5detect.c =================================================================== ---- hdf5-1.10.5.orig/src/H5detect.c -+++ hdf5-1.10.5/src/H5detect.c -@@ -1245,21 +1245,6 @@ bit.\n"; +--- hdf5-1.10.7.orig/src/H5detect.c ++++ hdf5-1.10.7/src/H5detect.c +@@ -1234,21 +1234,6 @@ bit.\n"; fprintf(rawoutstream, "/* Generated automatically by H5detect -- do not edit */\n\n\n"); HDfputs(FileHeader, rawoutstream); /*the copyright notice--see top of this file */ diff --git a/hdf5.changes b/hdf5.changes index 9f7b4d7..128cd64 100644 --- a/hdf5.changes +++ b/hdf5.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Fri Nov 6 10:41:02 UTC 2020 - Ana Guerrero Lopez + +- Update to version 1.10.7 + * https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.6/src/hdf5-1.10.6-RELEASE.txt + * https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.7/src/hdf5-1.10.7-RELEASE.txt +- Security bugs fixed: + * CVE-2018-13870: heap-based buffer over-read in the function + H5O_link_decode in H5Olink.c (bsc#1101493) + * CVE-2018-13869: memcpy parameter overlap in the function + H5O_link_decode in H5Olink.c (bsc#1101495) + * CVE-2018-17438: A SIGFPE signal is raised in the function + H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 + library during an attempted parse of a crafted HDF file, + because of incorrect protection against division + (bsc#1109570) + * CVE-2018-17435: A heap-based buffer over-read in H5O_attr_decode() + in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows + attackers to cause a denial of service via a crafted HDF5 file. + (bsc#1109567) +- Refresh patches + ------------------------------------------------------------------- Thu Jul 23 16:33:58 UTC 2020 - Egbert Eich @@ -71,6 +93,13 @@ Fri Aug 23 09:58:01 UTC 2019 - Ana Guerrero Lopez - Update to version 1.10.5: (jsc#SLE-8501) * https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt +- Security bugs fixed: + * CVE-2018-17233: A SIGFPE signal is raised in the function + H5D__create_chunk_file_map_hyper. (bsc#1109166) + * CVE-2018-17434: Memory leak in the H5O__chunk_deserialize() + function in H5Ocache.c (bsc#1109167) + * CVE-2018-17437: A SIGFPE signal is raised in the function + H5D__chunk_set_info_real. (bsc#1109168) - Bump fortran library soname, sonum_F from 100 to 102. - Adjust library installation path, use %hpc_prefix/lib64 in x86_64 and %hpc_libdir in all other cases @@ -86,7 +115,6 @@ Fri Aug 23 09:58:01 UTC 2019 - Ana Guerrero Lopez - Patch removed, merged upstream * 0001-Fix-return-value-in-test_libver_bounds_open.patch - ------------------------------------------------------------------- Thu Jul 4 11:45:55 UTC 2019 - Egbert Eich @@ -202,6 +230,26 @@ Fri Sep 21 14:50:12 UTC 2018 - Stefan BrĂ¼ns * hdf5-buildcompare.patch * hdf5-mpi.patch - Rebase Disable-phdf5-tests.patch +- Security bugs fixed: + * CVE-2017-17505: NULL pointer dereference in the function + H5O_pline_decode allowing for DoS via crafted file (bsc#1072087) + * CVE-2017-17506: Out of bounds read in the function + H5Opline_pline_decode (bsc#1072090) + * CVE-2017-17508: divide-by-zero vulnerability in function + H5T_set_loc (bsc#1072108) + * CVE-2017-17509: out of bounds write vulnerability in function + H5G__ent_decode_vec (bsc#1072111) + * CVE-2018-11202: NULL pointer dereference in H5S_hyper_make_spans + in H5Shyper.c allows a remote denial of service attack (bsc#1093641) + * CVE-2018-11203: division by zero in H5D__btree_decode_key in H5Dbtree.c + It could allow a remote denial of service attack (bsc#1093649) + * CVE-2018-11204: A NULL pointer dereference was discovered in + H5O__chunk_deserialize in H5Ocache.c (bsc#1093655) + * CVE-2018-11206: A out of bounds read was discovered + in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c + (bsc#1093657) + * CVE-2018-11207: division by zero was discovered in H5D__chunk_init + in H5Dchunk.c (bsc#1093653) ------------------------------------------------------------------- Tue Jun 19 06:15:06 UTC 2018 - eich@suse.com diff --git a/hdf5.spec b/hdf5.spec index 1aa4af3..2dbe751 100644 --- a/hdf5.spec +++ b/hdf5.spec @@ -34,8 +34,8 @@ %define use_sz2 0 -%define vers 1.10.5 -%define _vers 1_10_5 +%define vers 1.10.7 +%define _vers 1_10_7 %define short_ver 1.10 %define src_ver %{version} %define pname hdf5 @@ -785,13 +785,13 @@ make install DESTDIR=%{buildroot} find %{buildroot} -type f -name "*.la" -delete -print %if %{without mpi} -find %{buildroot}%{_prefix}/share/hdf5_examples -type f \ - | grep -v ".sh$" | xargs chmod 644 + %if %{with hpc} # copy to versioned subdir install -m 755 -d %{buildroot}%{_prefix}/share/%{version} -mv %{buildroot}%{_prefix}/share/hdf5_examples/* \ - %{buildroot}%{_prefix}/share/%{version} +install -m 755 -d %{buildroot}%{_prefix}/share/hdf5_examples +mv %{buildroot}%{_prefix}/lib/hpc/*/hdf5/*/share/hdf5_examples/* \ + %{buildroot}%{_prefix}/share/%{version}/ mv %{buildroot}%{_prefix}/share/%{version} \ %{buildroot}%{_prefix}/share/hdf5_examples %else @@ -805,9 +805,10 @@ cat > %{buildroot}%{_rpmconfigdir}/macros.d/macros.hdf5 <