Accepting request 848496 from home:anag:branches:science

- Update to version 1.10.7 * https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.6/src/hdf5-1.10.6-RELEASE.txt * https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.7/src/hdf5-1.10.7-RELEASE.txt - Security bugs fixed: * CVE-2018-13870: heap-based buffer over-read in the function H5O_link_decode in H5Olink.c (bsc#1101493) * CVE-2018-13869: memcpy parameter overlap in the function H5O_link_decode in H5Olink.c (bsc#1101495) * CVE-2018-17438: A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division (bsc#1109570) * CVE-2018-17435: A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. (bsc#1109567) - Refresh patches - Security bugs fixed: * CVE-2018-17233: A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper. (bsc#1109166) * CVE-2018-17434: Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167) * CVE-2018-17437: A SIGFPE signal is raised in the function H5D__chunk_set_info_real. (bsc#1109168) - Security bugs fixed: * CVE-2017-17505: NULL pointer dereference in the function H5O_pline_decode allowing for DoS via crafted file (bsc#1072087) * CVE-2017-17506: Out of bounds read in the function OBS-URL: https://build.opensuse.org/request/show/848496 OBS-URL: https://build.opensuse.org/package/show/science/hdf5?expand=0&rev=139
2020-11-14 11:11:35 +00:00 · 2020-11-14 11:11:35 +00:00 · f7f6dfb4d4
commit f7f6dfb4d4
parent 6eaaf55460
9 changed files with 85 additions and 46 deletions
--- a/Disable-phdf5-tests.patch
+++ b/Disable-phdf5-tests.patch
@ -12,9 +12,9 @@ Index: hdf5-1.10.5/testpar/CMakeTests.cmake
 ===================================================================
 --- hdf5-1.10.5.orig/testpar/CMakeTests.cmake
 +++ hdf5-1.10.5/testpar/CMakeTests.cmake
-@@ -30,7 +30,7 @@ set (SKIP_testphdf5 "")
- #  set (SKIP_testphdf5 "${SKIP_testphdf5};-x;ecdsetw")
- #endif ()
+@@ -43,7 +43,7 @@
+   set (SKIP_testphdf5 "${SKIP_testphdf5};-x;${skiptest}")
+ endforeach ()
 
 -add_test (NAME MPI_TEST_testphdf5 COMMAND ${MPIEXEC_EXECUTABLE} ${MPIEXEC_NUMPROC_FLAG} ${MPIEXEC_MAX_NUMPROCS} ${MPIEXEC_PREFLAGS} $<TARGET_FILE:testphdf5> ${MPIEXEC_POSTFLAGS} ${SKIP_testphdf5})
 +##add_test (NAME MPI_TEST_testphdf5 COMMAND ${MPIEXEC_EXECUTABLE} ${MPIEXEC_NUMPROC_FLAG} ${MPIEXEC_MAX_NUMPROCS} ${MPIEXEC_PREFLAGS} $<TARGET_FILE:testphdf5> ${MPIEXEC_POSTFLAGS} ${SKIP_testphdf5})
--- a/PPC64LE-Fix-long-double-handling.patch
+++ b/PPC64LE-Fix-long-double-handling.patch
@ -11,10 +11,10 @@ Signed-off-by: Egbert Eich <eich@suse.com>
 hdf5-1.10.1/test/dt_arith.c                | 26 ++++++++++++++++++++++++--
 2 files changed, 40 insertions(+), 2 deletions(-)

-Index: hdf5-1.10.5/config/cmake/ConversionTests.c
+Index: hdf5-1.10.7/config/cmake/ConversionTests.c
 ===================================================================
--- hdf5-1.10.5.orig/config/cmake/ConversionTests.c
-+++ hdf5-1.10.5/config/cmake/ConversionTests.c
+--- hdf5-1.10.7.orig/config/cmake/ConversionTests.c
+++ hdf5-1.10.7/config/cmake/ConversionTests.c
@@ -34,6 +34,14 @@ int HDF_NO_UBSAN main(void)
     unsigned char       s2[8];
     int                 ret = 1;
@ -45,11 +45,11 @@ Index: hdf5-1.10.5/config/cmake/ConversionTests.c
     if(sizeof(long double) == 16) {
         /*make sure the long double type is the same as the failing type
          *which has 16 bytes in size and 11 bits of exponent.  If it is,
-Index: hdf5-1.10.5/test/dt_arith.c
+Index: hdf5-1.10.7/test/dt_arith.c
 ===================================================================
--- hdf5-1.10.5.orig/test/dt_arith.c
-+++ hdf5-1.10.5/test/dt_arith.c
-@@ -3051,7 +3051,18 @@ test_conv_flt_1 (const char *name, int r
+--- hdf5-1.10.7.orig/test/dt_arith.c
+++ hdf5-1.10.7/test/dt_arith.c
+@@ -3045,7 +3045,18 @@ test_conv_flt_1 (const char *name, int r
                         buf, saved, nelmts);
 #if H5_SIZEOF_LONG_DOUBLE!=H5_SIZEOF_DOUBLE && H5_SIZEOF_LONG_DOUBLE!=0
             } else if(src_type == FLT_LDOUBLE) {
@ -69,7 +69,7 @@ Index: hdf5-1.10.5/test/dt_arith.c
                         buf, saved, nelmts);
 #endif
             } else
-@@ -3711,7 +3722,18 @@ test_conv_int_fp(const char *name, int r
+@@ -3705,7 +3716,18 @@ test_conv_int_fp(const char *name, int r
             INIT_FP_DENORM(long double, LDBL_MANT_DIG, src_size, src_nbits, sendian, dst_size,
                     buf, saved, nelmts);
         } else {
--- a/hdf5-1.10.5.tar.bz2
+++ b/hdf5-1.10.5.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:68d6ea8843d2a106ec6a7828564c1689c7a85714a35d8efafa2fee20ca366f44
-size 8706317
--- a/hdf5-1.10.7.tar.bz2
+++ b/hdf5-1.10.7.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:02018fac7e5efc496d9539a303cfb41924a5dadffab05df9812096e273efa55e
+size 8957844
--- a/hdf5-1.8.11-abort_unknown_host_config.patch
+++ b/hdf5-1.8.11-abort_unknown_host_config.patch
@ -2,7 +2,7 @@ Index: configure
 ===================================================================
 --- configure.orig
 +++ configure
-@@ -4097,6 +4097,8 @@ done
+@@ -4160,6 +4160,8 @@ done
 if test "X$host_config" != "Xnone"; then
   CC_BASENAME="`echo $CC | cut -f1 -d' ' | xargs basename 2>/dev/null`"
   . $host_config
@ -15,7 +15,7 @@ Index: configure.ac
 ===================================================================
 --- configure.ac.orig
 +++ configure.ac
-@@ -263,6 +263,8 @@ done
+@@ -271,6 +271,8 @@ done
 if test "X$host_config" != "Xnone"; then
   CC_BASENAME="`echo $CC | cut -f1 -d' ' | xargs basename 2>/dev/null`"
   . $host_config
--- a/hdf5-LD_LIBRARY_PATH.patch
+++ b/hdf5-LD_LIBRARY_PATH.patch
@ -1,8 +1,8 @@
-Index: hdf5-1.10.5/src/Makefile.in
+Index: hdf5-1.10.7/src/Makefile.in
 ===================================================================
--- hdf5-1.10.5.orig/src/Makefile.in
-+++ hdf5-1.10.5/src/Makefile.in
-@@ -1873,8 +1873,6 @@ help:
+--- hdf5-1.10.7.orig/src/Makefile.in
+++ hdf5-1.10.7/src/Makefile.in
+@@ -1941,8 +1941,6 @@ help:
 # Remove the generated .c file if errors occur unless HDF5_Make_Ignore
 # is set to ignore the error.
 H5Tinit.c: H5detect$(EXEEXT)
@ -11,7 +11,7 @@ Index: hdf5-1.10.5/src/Makefile.in
 	$(RUNSERIAL) ./H5detect$(EXEEXT) > $@  ||                               \
 	    (test $$HDF5_Make_Ignore && echo "*** Error ignored") ||          \
 	    ($(RM) $@ ; exit 1)
-@@ -1885,8 +1883,6 @@ H5Tinit.c: H5detect$(EXEEXT)
+@@ -1953,8 +1951,6 @@ H5Tinit.c: H5detect$(EXEEXT)
 # Remove the generated .c file if errors occur unless HDF5_Make_Ignore
 # is set to ignore the error.
 H5lib_settings.c: H5make_libsettings$(EXEEXT) libhdf5.settings
--- a/hdf5-Remove-timestamps-from-binaries.patch
+++ b/hdf5-Remove-timestamps-from-binaries.patch
@ -10,11 +10,11 @@ Signed-off-by: Egbert Eich <eich@suse.de>
 ---
 src/H5detect.c | 15 ---------------
 1 file changed, 15 deletions(-)
-Index: hdf5-1.10.5/src/H5detect.c
+Index: hdf5-1.10.7/src/H5detect.c
 ===================================================================
--- hdf5-1.10.5.orig/src/H5detect.c
-+++ hdf5-1.10.5/src/H5detect.c
-@@ -1245,21 +1245,6 @@ bit.\n";
+--- hdf5-1.10.7.orig/src/H5detect.c
+++ hdf5-1.10.7/src/H5detect.c
+@@ -1234,21 +1234,6 @@ bit.\n";
     fprintf(rawoutstream, "/* Generated automatically by H5detect -- do not edit */\n\n\n");
     HDfputs(FileHeader, rawoutstream);        /*the copyright notice--see top of this file */
 
--- a/hdf5.changes
+++ b/hdf5.changes
@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Fri Nov  6 10:41:02 UTC 2020 - Ana Guerrero Lopez <aguerrero@suse.com>
+
+- Update to version 1.10.7
+  * https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.6/src/hdf5-1.10.6-RELEASE.txt
+  * https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.7/src/hdf5-1.10.7-RELEASE.txt
+- Security bugs fixed: 
+  * CVE-2018-13870: heap-based buffer over-read in the function 
+    H5O_link_decode in H5Olink.c  (bsc#1101493)
+  * CVE-2018-13869: memcpy parameter overlap in the function 
+    H5O_link_decode in H5Olink.c (bsc#1101495)
+  * CVE-2018-17438:  A SIGFPE signal is raised in the function 
+    H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 
+    library during an attempted parse of a crafted HDF file, 
+    because of incorrect protection against division
+    (bsc#1109570)
+  * CVE-2018-17435: A heap-based buffer over-read in H5O_attr_decode() 
+    in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows 
+    attackers to cause a denial of service via a crafted HDF5 file. 
+    (bsc#1109567)
+- Refresh patches
+
 -------------------------------------------------------------------
 Thu Jul 23 16:33:58 UTC 2020 - Egbert Eich <eich@suse.com>

@ -71,6 +93,13 @@ Fri Aug 23 09:58:01 UTC 2019 - Ana Guerrero Lopez <aguerrero@suse.com>

 - Update to version 1.10.5: (jsc#SLE-8501)
  * https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
+- Security bugs fixed: 
+  * CVE-2018-17233: A SIGFPE signal is raised in the function 
+  H5D__create_chunk_file_map_hyper. (bsc#1109166)
+  * CVE-2018-17434: Memory leak in the H5O__chunk_deserialize() 
+  function in H5Ocache.c (bsc#1109167)
+  * CVE-2018-17437: A SIGFPE signal is raised in the function 
+  H5D__chunk_set_info_real. (bsc#1109168)
 - Bump fortran library soname, sonum_F from 100 to 102.
 - Adjust library installation path, use %hpc_prefix/lib64 in x86_64 
  and %hpc_libdir in all other cases
@ -86,7 +115,6 @@ Fri Aug 23 09:58:01 UTC 2019 - Ana Guerrero Lopez <aguerrero@suse.com>
 - Patch removed, merged upstream
  * 0001-Fix-return-value-in-test_libver_bounds_open.patch

-
 -------------------------------------------------------------------
 Thu Jul  4 11:45:55 UTC 2019 - Egbert Eich <eich@suse.com>

@ -202,6 +230,26 @@ Fri Sep 21 14:50:12 UTC 2018 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
  * hdf5-buildcompare.patch
  * hdf5-mpi.patch
 - Rebase Disable-phdf5-tests.patch
+- Security bugs fixed: 
+  * CVE-2017-17505: NULL pointer dereference in the function
+    H5O_pline_decode allowing for DoS via crafted file (bsc#1072087)
+  * CVE-2017-17506: Out of bounds read in the function 
+    H5Opline_pline_decode (bsc#1072090)
+  * CVE-2017-17508: divide-by-zero vulnerability in function 
+    H5T_set_loc (bsc#1072108)
+  * CVE-2017-17509: out of bounds write vulnerability in function 
+    H5G__ent_decode_vec (bsc#1072111)
+  * CVE-2018-11202: NULL pointer dereference in H5S_hyper_make_spans 
+    in H5Shyper.c allows a remote denial of service attack (bsc#1093641)
+  * CVE-2018-11203: division by zero in H5D__btree_decode_key in H5Dbtree.c
+    It could allow a remote denial of service attack (bsc#1093649)
+  * CVE-2018-11204: A NULL pointer dereference was discovered in 
+    H5O__chunk_deserialize in H5Ocache.c (bsc#1093655)
+  * CVE-2018-11206: A out of bounds read was discovered 
+    in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c
+    (bsc#1093657)
+  * CVE-2018-11207: division by zero was discovered in H5D__chunk_init 
+    in H5Dchunk.c (bsc#1093653)

 -------------------------------------------------------------------
 Tue Jun 19 06:15:06 UTC 2018 - eich@suse.com
--- a/hdf5.spec
+++ b/hdf5.spec
@ -34,8 +34,8 @@

 %define use_sz2 0

-%define vers 1.10.5
-%define _vers 1_10_5
+%define vers 1.10.7
+%define _vers 1_10_7
 %define short_ver 1.10
 %define src_ver %{version}
 %define pname hdf5
@ -785,13 +785,13 @@ make install DESTDIR=%{buildroot}
 find %{buildroot} -type f -name "*.la" -delete -print

 %if %{without mpi}
-find %{buildroot}%{_prefix}/share/hdf5_examples -type f \
-                 | grep -v ".sh$" | xargs chmod 644
+
 %if %{with hpc}
 # copy to versioned subdir
 install -m 755 -d %{buildroot}%{_prefix}/share/%{version}
-mv %{buildroot}%{_prefix}/share/hdf5_examples/* \
-    %{buildroot}%{_prefix}/share/%{version}
+install -m 755 -d %{buildroot}%{_prefix}/share/hdf5_examples
+mv %{buildroot}%{_prefix}/lib/hpc/*/hdf5/*/share/hdf5_examples/* \
+    %{buildroot}%{_prefix}/share/%{version}/
 mv %{buildroot}%{_prefix}/share/%{version} \
    %{buildroot}%{_prefix}/share/hdf5_examples
 %else
@ -805,9 +805,10 @@ cat > %{buildroot}%{_rpmconfigdir}/macros.d/macros.hdf5 <<EOF
 %_hdf5_version  %{version}
 EOF
 %endif
+
 %else
 # delete examples from parallel builds
-rm -rf %{buildroot}%{_prefix}/share/hdf5_examples
+find  %{buildroot} -type d -name "hdf5_examples" -exec rm -rf {} +;
 %endif

 %fdupes -s %{buildroot}/%{_datadir}
@ -906,19 +907,16 @@ export HDF5_Make_Ignore=yes

 %if %{without mpi}
 %files -n %{vname}-examples
-%defattr(-,root,root)
 %{?with_hpc:%dir %{_prefix}/share/hdf5_examples}
 %{_prefix}/share/hdf5_examples%{?with_hpc:/%{version}}

 %if %{without hpc}
 %files -n %{pname}-devel-data
-%defattr(-,root,root,-)
 %{_rpmconfigdir}/macros.d/macros.hdf5
 %endif
 %endif # ?mpi

 %files -n %{name}
-%defattr(-,root,root)
 %{?with_hpc:%dir %my_bindir}
 %{my_bindir}/gif2h5
 %{my_bindir}/h52gif
@ -943,9 +941,10 @@ export HDF5_Make_Ignore=yes
 %{my_bindir}/h5stat
 %{my_bindir}/h5unjam
 %{my_bindir}/h5watch
+%{my_bindir}/mirror_server
+%{my_bindir}/mirror_server_stop

 %files -n %{libname -s %{sonum}}
-%defattr(-,root,root)
 %doc ACKNOWLEDGMENTS README.txt
 %mylicense COPYING 
 ##
@ -959,7 +958,6 @@ export HDF5_Make_Ignore=yes
 %{my_libdir}/libhdf5.so.%{sonum}.*

 %files -n %{libname -l _hl -s %{sonum_HL}}
-%defattr(-,root,root)
 %mylicense COPYING
 %defattr(0755,root,root)
 %{?with_hpc:%hpc_dirs}
@ -967,7 +965,6 @@ export HDF5_Make_Ignore=yes
 %{my_libdir}/libhdf5_hl.so.%{sonum_HL}.*

 %files -n %{libname -l _cpp -s %{sonum_CXX}}
-%defattr(-,root,root)
 %mylicense COPYING
 %defattr(0755,root,root)
 %{?with_hpc:%hpc_dirs}
@ -975,7 +972,6 @@ export HDF5_Make_Ignore=yes
 %{my_libdir}/libhdf5_cpp.so.%{sonum_CXX}.*

 %files -n %{libname -l _hl_cpp -s %{sonum_HL_CXX}}
-%defattr(-,root,root)
 %mylicense COPYING
 %defattr(0755,root,root)
 %{?with_hpc:%hpc_dirs}
@ -983,7 +979,6 @@ export HDF5_Make_Ignore=yes
 %{my_libdir}/libhdf5_hl_cpp.so.%{sonum_HL_CXX}.*

 %files -n %{libname -l _fortran -s %{sonum_F}}
-%defattr(-,root,root)
 %mylicense COPYING
 %defattr(0755,root,root)
 %{?with_hpc:%hpc_dirs}
@ -991,7 +986,6 @@ export HDF5_Make_Ignore=yes
 %{my_libdir}/libhdf5_fortran.so.%{sonum_F}.*

 %files -n %{libname -l hl_fortran -s %{sonum_HL_F}}
-%defattr(-,root,root)
 %mylicense COPYING
 %defattr(0755,root,root)
 %{?with_hpc:%hpc_dirs}
@ -1000,12 +994,10 @@ export HDF5_Make_Ignore=yes

 %if %{with hpc}
 %files module
-%defattr(-,root,root)
 %hpc_modules_files
 %endif

 %files devel
-%defattr(-,root,root)
 ##
 %{?with_hpc:%dir %{my_incdir}}
 %doc release_docs/HISTORY-1_0-1_8_0_rc3.txt
@ -1031,7 +1023,6 @@ export HDF5_Make_Ignore=yes
 %{my_incdir}/*.mod

 %files devel-static
-%defattr(-,root,root)
 %{my_libdir}/*.a

 %changelog