* Update to version 1.12.3.
* Drop upstreamed patches: Remove-duplicate-code.patch, H5O__pline_decode-Make-more-resilient-to-out-of-bounds-read.patch, H5O_dtype_decode_helper-Parent-of-enum-needs-to-have-same-size-as-enum-itself.patch, Pass-compact-chunk-size-info-to-ensure-requested-elements-are-within-bounds.patch, Make-sure-info-block-for-external-links-has-at-least-3-bytes.patch, Compound-datatypes-may-not-have-members-of-size-0.patch, H5IMget_image_info-H5Sget_simple_extent_dims-does-not-exceed-array-size.patch, Check-for-overflow-when-calculating-on-disk-attribute-data-size-2459.patch
* New BuildRequires: hostname.
* Work around an sed hack in upstream configure file by dropping "-Werror=return-type" from RPM %optflags.
OBS-URL: https://build.opensuse.org/request/show/1173662
OBS-URL: https://build.opensuse.org/package/show/science/hdf5?expand=0&rev=174
- Security Fix:
Add configure option --disable-hltools to disable GIF tools as
recommended in the 1.10.8 release:
CVE-2018-17433 (bsc#1109565),
CVE-2018-17436 (bsc#1109568),
CVE-2020-10809 (bsc#1167404).
* Fixed CVE-2018-17432 (bsc#1109564)
parsing (bsc#1167401)
* Fixed CVE-2018-14460 (bsc#1102175)
* Fixed CVE-2018-11206 (bsc#1093657)
(same issue as CVE-2018-14032 (bsc#1101474))
* Fixed CVE-2018-14033 (bsc#1101471)
(same issue as CVE-2020-10811 (bsc#1167405))
H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3
(bsc#1109570)
* CVE-2018-17437: Memory leak in the H5O_dtype_decode_helper() function
in H5Odtype.c. (bsc#1109569)
* CVE-2018-17237: A SIGFPE signal is raised in the function
H5D__chunk_set_info_real (bsc#1109168) (commit 4e31361d).
OBS-URL: https://build.opensuse.org/request/show/974893
OBS-URL: https://build.opensuse.org/package/show/science/hdf5?expand=0&rev=150
* Add metadata cache optimization to reduce skip list usage.
* Add BEST_EFFORT value to HDF5_USE_FILE_LOCKING environment variable.
* Add H5Pset/get_file_locking() API calls.
* Add Mirror VFD.
Use TCP/IP sockets to perform write-only (W/O) file I/O on a remote
machine. Must be used in conjunction with the Splitter VFD.
* Add Splitter VFD.
Maintain separate R/W and W/O channels for "concurrent" file writes
to two files using a single HDF5 file handle.
* Fixed an assertion failure in the parallel library when collectively
filling chunks.
* Fortran/C++ libs: Add wrappers for H5Pset/get_file_locking() API calls.
h5pget_file_locking_f()
h5pset_file_locking_f()
* Added new Fortran parameters:
H5F_LIBVER_ERROR_F
H5F_LIBVER_NBOUNDS_F
H5F_LIBVER_V18_F
H5F_LIBVER_V110_F
* Add new Fortran API: h5pget_libver_bounds_f.
* h5repack added options to control how external links are handled.
* The tools library was updated by standardizing the error stack process.
* The H5DSis_scale function was updated to return "not a dimension scale" (0)
instead of failing (-1), when CLASS or DIMENSION_SCALE attributes are
not written according to Dimension Scales Specification.
* Bug Fixes:
+ Fix bug and simplify collective metadata write operation when some ranks
have no entries to contribute. This fixes parallel regression test
failures with IBM SpectrumScale MPI on the Summit system at ORNL.
+ Fixed use-of-uninitialized-value error.
OBS-URL: https://build.opensuse.org/request/show/851572
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hdf5?expand=0&rev=71
* Add BEST_EFFORT value to HDF5_USE_FILE_LOCKING environment variable.
* Add H5Pset/get_file_locking() API calls.
* Add Mirror VFD.
Use TCP/IP sockets to perform write-only (W/O) file I/O on a remote
machine. Must be used in conjunction with the Splitter VFD.
* Add Splitter VFD.
Maintain separate R/W and W/O channels for "concurrent" file writes
to two files using a single HDF5 file handle.
* Fixed an assertion failure in the parallel library when collectively
filling chunks.
* Fortran/C++ libs: Add wrappers for H5Pset/get_file_locking() API calls.
h5pget_file_locking_f()
h5pset_file_locking_f()
* Added new Fortran parameters:
H5F_LIBVER_ERROR_F
H5F_LIBVER_NBOUNDS_F
H5F_LIBVER_V18_F
H5F_LIBVER_V110_F
* Add new Fortran API: h5pget_libver_bounds_f.
* h5repack added options to control how external links are handled.
* The tools library was updated by standardizing the error stack process.
* The H5DSis_scale function was updated to return "not a dimension scale" (0)
instead of failing (-1), when CLASS or DIMENSION_SCALE attributes are
not written according to Dimension Scales Specification.
* Bug Fixes:
+ Fix bug and simplify collective metadata write operation when some ranks
have no entries to contribute. This fixes parallel regression test
failures with IBM SpectrumScale MPI on the Summit system at ORNL.
+ Fixed use-of-uninitialized-value error.
OBS-URL: https://build.opensuse.org/package/show/science/hdf5?expand=0&rev=141
- Update to version 1.10.7
* https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.6/src/hdf5-1.10.6-RELEASE.txt
* https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.7/src/hdf5-1.10.7-RELEASE.txt
- Security bugs fixed:
* CVE-2018-13870: heap-based buffer over-read in the function
H5O_link_decode in H5Olink.c (bsc#1101493)
* CVE-2018-13869: memcpy parameter overlap in the function
H5O_link_decode in H5Olink.c (bsc#1101495)
* CVE-2018-17438: A SIGFPE signal is raised in the function
H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3
library during an attempted parse of a crafted HDF file,
because of incorrect protection against division
(bsc#1109570)
* CVE-2018-17435: A heap-based buffer over-read in H5O_attr_decode()
in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows
attackers to cause a denial of service via a crafted HDF5 file.
(bsc#1109567)
- Refresh patches
- Security bugs fixed:
* CVE-2018-17233: A SIGFPE signal is raised in the function
H5D__create_chunk_file_map_hyper. (bsc#1109166)
* CVE-2018-17434: Memory leak in the H5O__chunk_deserialize()
function in H5Ocache.c (bsc#1109167)
* CVE-2018-17437: A SIGFPE signal is raised in the function
H5D__chunk_set_info_real. (bsc#1109168)
- Security bugs fixed:
* CVE-2017-17505: NULL pointer dereference in the function
H5O_pline_decode allowing for DoS via crafted file (bsc#1072087)
* CVE-2017-17506: Out of bounds read in the function
OBS-URL: https://build.opensuse.org/request/show/848496
OBS-URL: https://build.opensuse.org/package/show/science/hdf5?expand=0&rev=139
