packages/hdf5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 1.12.1 and fix CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2019-8396,CVE-2020-10812 and CVE-2021-37501

Browse Source
This commit is contained in:
starlet-dx 2023-03-29 10:49:37 +08:00
parent 6d7fdc8d4f
commit dc03dc2e04
25 changed files with 721 additions and 3099 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1869
CVE-2017-17506.patch
View File

File diff suppressed because it is too large Load Diff

96
CVE-2018-13867.patch Normal file
View File

@ -0,0 +1,96 @@
From: Egbert Eich <eich@suse.com>
Date: Mon Oct 10 08:43:44 2022 +0200
Subject: Validate location (offset) of the accumulated metadata when comparing
Patch-mainline: Not yet
Git-repo: ssh://eich@192.168.122.1:/home/eich/sources/HPC/hdf5
Git-commit: 2cf9918ae66f023a2b6d44eb591ee2ac479a6e53
References:
Initially, the accumulated metadata location is initialized to HADDR_UNDEF
- the highest available address. Bogus input files may provide a location
or size matching this value. Comparing this address against such bogus
values may provide false positives. This make sure, the value has been
initilized or fail the comparison early and let other parts of the
code deal with the bogus address/size.
Note: To avoid unnecessary checks, we have assumed that if the 'dirty'
member in the same structure is true the location is valid.
This fixes CVE-2018-13867.
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
src/H5Faccum.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/src/H5Faccum.c b/src/H5Faccum.c
index aed5812e63..73bd4b811e 100644
--- a/src/H5Faccum.c
+++ b/src/H5Faccum.c
@@ -48,6 +48,7 @@
#define H5F_ACCUM_THROTTLE 8
#define H5F_ACCUM_THRESHOLD 2048
#define H5F_ACCUM_MAX_SIZE (1024 * 1024) /* Max. accum. buf size (max. I/Os will be 1/2 this size) */
+#define H5F_LOC_VALID(x) (x != HADDR_UNDEF)
/******************/
/* Local Typedefs */
@@ -126,8 +127,9 @@ H5F__accum_read(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t si
HDassert(!accum->buf || (accum->alloc_size >= accum->size));
/* Current read adjoins or overlaps with metadata accumulator */
- if (H5F_addr_overlap(addr, size, accum->loc, accum->size) || ((addr + size) == accum->loc) ||
- (accum->loc + accum->size) == addr) {
+ if (H5F_LOC_VALID(accum->loc) &&
+ (H5F_addr_overlap(addr, size, accum->loc, accum->size) || ((addr + size) == accum->loc) ||
+ (accum->loc + accum->size) == addr)) {
size_t amount_before; /* Amount to read before current accumulator */
haddr_t new_addr; /* New address of the accumulator buffer */
size_t new_size; /* New size of the accumulator buffer */
@@ -439,7 +441,8 @@ H5F__accum_write(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t s
/* Check if there is already metadata in the accumulator */
if (accum->size > 0) {
/* Check if the new metadata adjoins the beginning of the current accumulator */
- if ((addr + size) == accum->loc) {
+ if (H5F_LOC_VALID(accum->loc)
+ && (addr + size) == accum->loc) {
/* Check if we need to adjust accumulator size */
if (H5F__accum_adjust(accum, file, H5F_ACCUM_PREPEND, size) < 0)
HGOTO_ERROR(H5E_IO, H5E_CANTRESIZE, FAIL, "can't adjust metadata accumulator")
@@ -464,7 +467,8 @@ H5F__accum_write(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t s
accum->dirty_off = 0;
} /* end if */
/* Check if the new metadata adjoins the end of the current accumulator */
- else if (addr == (accum->loc + accum->size)) {
+ else if (H5F_LOC_VALID(accum->loc) &&
+ addr == (accum->loc + accum->size)) {
/* Check if we need to adjust accumulator size */
if (H5F__accum_adjust(accum, file, H5F_ACCUM_APPEND, size) < 0)
HGOTO_ERROR(H5E_IO, H5E_CANTRESIZE, FAIL, "can't adjust metadata accumulator")
@@ -485,7 +489,8 @@ H5F__accum_write(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t s
accum->size += size;
} /* end if */
/* Check if the piece of metadata being written overlaps the metadata accumulator */
- else if (H5F_addr_overlap(addr, size, accum->loc, accum->size)) {
+ else if (H5F_LOC_VALID(accum->loc) &&
+ H5F_addr_overlap(addr, size, accum->loc, accum->size)) {
size_t add_size; /* New size of the accumulator buffer */
/* Check if the new metadata is entirely within the current accumulator */
@@ -745,7 +750,8 @@ H5F__accum_write(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t s
/* (Note that this could be improved by updating the accumulator
* with [some of] the information just read in. -QAK)
*/
- if (H5F_addr_overlap(addr, size, accum->loc, accum->size)) {
+ if (H5F_LOC_VALID(accum->loc) &&
+ H5F_addr_overlap(addr, size, accum->loc, accum->size)) {
/* Check for write starting before beginning of accumulator */
if (H5F_addr_le(addr, accum->loc)) {
/* Check for write ending within accumulator */
@@ -868,6 +874,7 @@ H5F__accum_free(H5F_shared_t *f_sh, H5FD_mem_t H5_ATTR_UNUSED type, haddr_t addr
/* Adjust the metadata accumulator to remove the freed block, if it overlaps */
if ((f_sh->feature_flags & H5FD_FEAT_ACCUMULATE_METADATA) &&
+ H5F_LOC_VALID(accum->loc) &&
H5F_addr_overlap(addr, size, accum->loc, accum->size)) {
size_t overlap_size; /* Size of overlap with accumulator */

77
CVE-2018-13869-CVE-2018-13870.patch
View File

@ -1,77 +0,0 @@
From 068fc878c39a37c0b3865cb6cd01eb57f4dbde74 Mon Sep 17 00:00:00 2001
From: Binh-Minh Ribler <bmribler@hdfgroup.org>
Date: Mon, 3 Aug 2020 12:48:58 -0500
Subject: [PATCH] Fix HDFFV-11120 and HDFFV-11121 (CVE-2018-13870 and
CVE-2018-13869)
Description:
When a buffer overflow occurred because a name length was corrupted
and became very large, h5dump produced a segfault on one file and a
memcpy parameter overlap on another file. This commit added checks
that detect a read pass the end of the buffer to prevent these error
conditions.
Platforms tested:
Linux/64 (jelly)
---
src/H5Olink.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/src/H5Olink.c b/src/H5Olink.c
index c0dd1d8c4b..e48ec45c74 100644
--- a/src/H5Olink.c
+++ b/src/H5Olink.c
@@ -118,11 +118,12 @@ H5FL_DEFINE_STATIC(H5O_link_t);
static void *
H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh,
unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags,
- size_t H5_ATTR_UNUSED p_size, const uint8_t *p)
+ size_t p_size, const uint8_t *p)
{
H5O_link_t *lnk = NULL; /* Pointer to link message */
size_t len = 0; /* Length of a string in the message */
unsigned char link_flags; /* Flags for encoding link info */
+ const uint8_t *p_end = p + p_size; /* End of the p buffer */
void *ret_value; /* Return value */
FUNC_ENTER_NOAPI_NOINIT
@@ -198,6 +199,11 @@ H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *op
if(len == 0)
HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "invalid name length")
+ /* Make sure that length doesn't exceed buffer size, which could occur
+ when the file is corrupted */
+ if(p + len > p_end)
+ HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "name length causes read past end of buffer")
+
/* Get the link's name */
if(NULL == (lnk->name = (char *)H5MM_malloc(len + 1)))
HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed")
@@ -217,6 +223,12 @@ H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *op
UINT16DECODE(p, len)
if(len == 0)
HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "invalid link length")
+
+ /* Make sure that length doesn't exceed buffer size, which could occur
+ when the file is corrupted */
+ if(p + len > p_end)
+ HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "name length causes read past end of buffer")
+
if(NULL == (lnk->u.soft.name = (char *)H5MM_malloc((size_t)len + 1)))
HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed")
HDmemcpy(lnk->u.soft.name, p, len);
@@ -237,6 +249,11 @@ H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *op
lnk->u.ud.size = len;
if(len > 0)
{
+ /* Make sure that length doesn't exceed buffer size, which could
+ occur when the file is corrupted */
+ if(p + len > p_end)
+ HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "name length causes read past end of buffer")
+
if(NULL == (lnk->u.ud.udata = H5MM_malloc((size_t)len)))
HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed")
HDmemcpy(lnk->u.ud.udata, p, len);
--
2.23.0

54
CVE-2018-13873.patch
View File

@ -1,54 +0,0 @@
From e1b59919bb96f68f3b372a73790ecbe4ac3b395a Mon Sep 17 00:00:00 2001
From: Binh-Minh Ribler <bmribler@hdfgroup.org>
Date: Sun, 6 Jan 2019 01:44:40 -0600
Subject: [PATCH] HDFFV-10578 and HDFFV-10676 Description: HDFFV-10578 -
CVE-2018-17234 The file has some issue, however, there was a bug in
h5dump that caused memory leaks after the problem in the file was
encountered. The bug was that an if statement was missing in the
function table_list_add() resulting in the memory not being freed at
a later time. After the fix had been applied, there were no more
leaks after h5dump detected the issue in the file and reported the
error.
In H5O__chunk_deserialize, replaced an assert with an if statement
and reporting error, per Neil's recommendation
HDFFV-10676 - CVE-2018-13873
Also in H5O__chunk_deserialize, added an assertion to detect
out of bound ids
---
src/H5Ocache.c | 5 ++++-
tools/src/h5dump/h5dump.c | 7 ++++---
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/H5Ocache.c b/src/H5Ocache.c
index fba4f6e586..034048fd4e 100644
--- a/src/H5Ocache.c
+++ b/src/H5Ocache.c
@@ -1129,6 +1129,8 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image
HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message")
if((flags & H5O_MSG_FLAG_WAS_UNKNOWN) && !(flags & H5O_MSG_FLAG_MARK_IF_UNKNOWN))
HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message")
+
+ HDassert(id < NELMTS(H5O_msg_class_g));
if((flags & H5O_MSG_FLAG_SHAREABLE)
&& H5O_msg_class_g[id]
&& !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE))
diff --git a/tools/src/h5dump/h5dump.c b/tools/src/h5dump/h5dump.c
index b9e37e8379..5267188dad 100644
--- a/tools/h5dump/h5dump.c
+++ b/tools/h5dump/h5dump.c
@@ -403,9 +403,10 @@ table_list_add(hid_t oid, unsigned long file_no)
}
if(init_objs(oid, &info, &table_list.tables[idx].group_table,
&table_list.tables[idx].dset_table, &table_list.tables[idx].type_table) < 0) {
- H5Idec_ref(oid);
- table_list.nused--;
- return -1;
+ if (H5Idec_ref(oid) < 0) {
+ table_list.nused--;
+ return -1;
+ }
}
#ifdef H5DUMP_DEBUG

35
CVE-2018-14031.patch Normal file
View File

@ -0,0 +1,35 @@
From: Egbert Eich <eich@suse.com>
Date: Wed Sep 28 14:54:58 2022 +0200
Subject: H5O_dtype_decode_helper: Parent of enum needs to have same size as enum itself
Patch-mainline: Not yet
Git-repo: ssh://eich@192.168.122.1:/home/eich/sources/HPC/hdf5
Git-commit: d39a27113ef75058f236b0606a74b4af5767c4e7
References:
The size of the enumeration values is determined by the size of the parent.
Functions accessing the enumeration values use the size of the enumartion
to determine the size of each element and how much data to copy. Thus the
size of the enumeration and its parent need to match.
Check here to avoid unpleasant surprises later.
This fixes CVE-2018-14031.
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
src/H5Odtype.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/H5Odtype.c b/src/H5Odtype.c
index 9af79f4e9a..dc2b904362 100644
--- a/src/H5Odtype.c
+++ b/src/H5Odtype.c
@@ -472,6 +472,9 @@ H5O__dtype_decode_helper(unsigned *ioflags /*in,out*/, const uint8_t **pp, H5T_t
if (H5O__dtype_decode_helper(ioflags, pp, dt->shared->parent) < 0)
HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, FAIL, "unable to decode parent datatype")
+ if (dt->shared->parent->shared->size != dt->shared->size)
+ HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, FAIL, "ENUM size does not match parent")
+
/* Check if the parent of this enum has a version greater than the
* enum itself. */
H5O_DTYPE_CHECK_VERSION(dt, version, dt->shared->parent->shared->version, ioflags, "enum", FAIL)

34
CVE-2018-16438.patch Normal file
View File

@ -0,0 +1,34 @@
From: Egbert Eich <eich@suse.com>
Date: Sun Oct 9 08:07:23 2022 +0200
Subject: Make sure info block for external links has at least 3 bytes
Patch-mainline: Not yet
Git-repo: ssh://eich@192.168.122.1:/home/eich/sources/HPC/hdf5
Git-commit: 082bfe392b04b1137da9eabd1ecac76c212ab385
References:
According to the specification, the information block for external links
contains 1 byte of version/flag information and two 0 terminated strings
for the object linked to and the full path.
Although not very useful, the minimum string length for each would be one
byte.
This fixes CVE-2018-16438.
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
src/H5Olink.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/H5Olink.c b/src/H5Olink.c
index 51c44a36b0..074744b022 100644
--- a/src/H5Olink.c
+++ b/src/H5Olink.c
@@ -241,6 +241,8 @@ H5O__link_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSE
/* A UD link. Get the user-supplied data */
UINT16DECODE(p, len)
lnk->u.ud.size = len;
+ if (lnk->type == H5L_TYPE_EXTERNAL && len < 3)
+ HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "external link information lenght < 3")
if (len > 0) {
/* Make sure that length doesn't exceed buffer size, which could
occur when the file is corrupted */

88
CVE-2018-17233.patch
View File

@ -1,88 +0,0 @@
From f891c38c6e724e9032a534512618b9650be76377 Mon Sep 17 00:00:00 2001
From: Binh-Minh Ribler <bmribler@hdfgroup.org>
Date: Fri, 4 Jan 2019 11:46:29 -0600
Subject: [PATCH] Fixed CVE division-by-zero issues Description: Fixed
HDFFV-10577 and similar issues found in H5Dchunk.c. All the occurrences
are in: H5D__create_chunk_map_single
H5D__create_chunk_file_map_hyper H5D__chunk_allocate
H5D__chunk_update_old_edge_chunks H5D__chunk_prune_by_extent
H5D__chunk_copy_cb H5D__chunk_collective_fill Also updated
RELEASE.txt for the chunk query functions and removed some blank lines in
chunk_info.c. Platforms tested: Linux/64 (jelly) Linux/64 (platypus)
Darwin (osx1010test)
---
src/H5Dchunk.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/H5Dchunk.c b/src/H5Dchunk.c
index 021335f..1dc7a25 100644
--- a/src/H5Dchunk.c
+++ b/src/H5Dchunk.c
@@ -1380,6 +1380,9 @@ H5D__create_chunk_map_single(H5D_chunk_map_t *fm, const H5D_io_info_t
/* Set chunk location & hyperslab size */
for(u = 0; u < fm->f_ndims; u++) {
+ /* Validate this chunk dimension */
+ if(fm->layout->u.chunk.dim[u] == 0)
+ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "chunk size must be > 0, dim = %u ", u)
HDassert(sel_start[u] == sel_end[u]);
chunk_info->coords[u] = (sel_start[u] / fm->layout->u.chunk.dim[u]) * fm->layout->u.chunk.dim[u];
} /* end for */
@@ -1465,6 +1468,9 @@ H5D__create_chunk_file_map_hyper(H5D_chunk_map_t *fm, const H5D_io_info_t
/* Set initial chunk location & hyperslab size */
for(u = 0; u < fm->f_ndims; u++) {
+ /* Validate this chunk dimension */
+ if(fm->layout->u.chunk.dim[u] == 0)
+ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "chunk size must be > 0, dim = %u ", u)
start_coords[u] = (sel_start[u] / fm->layout->u.chunk.dim[u]) * fm->layout->u.chunk.dim[u];
coords[u] = start_coords[u];
end[u] = (coords[u] + fm->chunk_dim[u]) - 1;
@@ -3595,6 +3601,9 @@ H5D__chunk_allocate(const H5D_t *dset, hid_t dxpl_id, hbool_t full_overwrite,
* that we assume here that all elements of space_dim are > 0. This is
* checked at the top of this function */
for(op_dim=0; op_dim<space_ndims; op_dim++) {
+ /* Validate this chunk dimension */
+ if(chunk_dim[op_dim] == 0)
+ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "chunk size must be > 0, dim = %u ", op_dim)
min_unalloc[op_dim] = ((old_dim[op_dim] + chunk_dim[op_dim] - 1)
/ chunk_dim[op_dim]) * chunk_dim[op_dim];
max_unalloc[op_dim] = ((space_dim[op_dim] - 1) / chunk_dim[op_dim])
@@ -3865,6 +3874,8 @@ H5D__chunk_collective_fill(const H5D_t *dset, hid_t dxpl_id,
HGOTO_ERROR(H5E_PLIST, H5E_CANTCOPY, FAIL, "can't copy property list")
/* Distribute evenly the number of blocks between processes. */
+ if(mpi_size == 0)
+ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "Resulted in division by zero")
num_blocks = chunk_info->num_io / mpi_size; /* value should be the same on all procs */
/* after evenly distributing the blocks between processes, are
@@ -4324,6 +4335,10 @@ H5D__chunk_prune_by_extent(H5D_t *dset, hid_t dxpl_id, const hsize_t *old_dim)
HDmemset(min_mod_chunk_off, 0, sizeof(min_mod_chunk_off));
HDmemset(max_mod_chunk_off, 0, sizeof(max_mod_chunk_off));
for(op_dim = 0; op_dim < space_ndims; op_dim++) {
+ /* Validate this chunk dimension */
+ if(chunk_dim[op_dim] == 0)
+ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "chunk size must be > 0, dim = %u ", op_dim)
+
/* Calculate the largest offset of chunks that might need to be
* modified in this dimension */
max_mod_chunk_off[op_dim] = chunk_dim[op_dim] * ((old_dim[op_dim] - 1)
@@ -4929,9 +4944,12 @@ H5D__chunk_copy_cb(const H5D_chunk_rec_t *chunk_rec, void *_udata)
/* (background buffer has already been zeroed out, if not expanding) */
if(udata->cpy_info->expand_ref) {
size_t ref_count;
+ size_t dt_size;
/* Determine # of reference elements to copy */
- ref_count = nbytes / H5T_get_size(udata->dt_src);
+ if((dt_size = H5T_get_size(udata->dt_src)) == 0)
+ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "size must not be 0")
+ ref_count = nbytes / dt_size;
/* Copy the reference elements */
if(H5O_copy_expand_ref(udata->file_src, buf, udata->idx_info_dst->dxpl_id, udata->idx_info_dst->f, bkg, ref_count, H5T_get_ref_type(udata->dt_src), udata->cpy_info) < 0)
--
2.23.0

84
CVE-2018-17234.patch
View File

@ -1,84 +0,0 @@
From f4138013dbc6851e968ea3d37b32776538ef306b Mon Sep 17 00:00:00 2001
From: Binh-Minh Ribler <bmribler@hdfgroup.org>
Date: Tue, 15 Jan 2019 13:07:22 -0600
Subject: [PATCH] Fixed HDFFV-10578
Description:
- HDFFV-10578 - CVE-2018-17234 Memory leak in H5O__chunk_deserialize()
Actually, the leak was in h5tools_util. Applied Neil's fix.
- Changed an assert to if/HGOTO_ERROR to fail gracefully.
Platforms tested:
Linux/64 (jelly)
Linux/64 (platypus)
Darwin (osx1010test)
---
src/H5Ocache.c | 3 ++-
src/H5VM.c | 2 +-
tools/lib/h5tools_utils.c | 17 ++++++++++++++++-
3 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/src/H5Ocache.c b/src/H5Ocache.c
index ebae3f5..454b287 100644
--- a/src/H5Ocache.c
+++ b/src/H5Ocache.c
@@ -1116,7 +1116,8 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image,
/* Message size */
UINT16DECODE(p, mesg_size);
- HDassert(mesg_size == H5O_ALIGN_OH(oh, mesg_size));
+ if(mesg_size != H5O_ALIGN_OH(oh, mesg_size))
+ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message not aligned")
/* Message flags */
flags = *p++;
diff --git a/src/H5VM.c b/src/H5VM.c
index 4e48001..db6362c 100644
--- a/src/H5VM.c
+++ b/src/H5VM.c
@@ -1503,7 +1503,7 @@ done:
*
* Purpose: Given source and destination buffers in memory (SRC & DST)
* copy sequences of from the source buffer into the destination
- * buffer. Each set of sequnces has an array of lengths, an
+ * buffer. Each set of sequences has an array of lengths, an
* array of offsets, the maximum number of sequences and the
* current sequence to start at in the sequence.
*
diff --git a/tools/lib/h5tools_utils.c b/tools/lib/h5tools_utils.c
index 3f66ef6..2e19bfa 100644
--- a/tools/lib/h5tools_utils.c
+++ b/tools/lib/h5tools_utils.c
@@ -562,6 +562,8 @@ herr_t
init_objs(hid_t fid, find_objs_t *info, table_t **group_table,
table_t **dset_table, table_t **type_table)
{
+ herr_t ret_value = SUCCEED;
+
/* Initialize the tables */
init_table(group_table);
init_table(dset_table);
@@ -574,7 +576,20 @@ init_objs(hid_t fid, find_objs_t *info, table_t **group_table,
info->dset_table = *dset_table;
/* Find all shared objects */
- return(h5trav_visit(fid, "/", TRUE, TRUE, find_objs_cb, NULL, info));
+ if((ret_value = h5trav_visit(fid, "/", TRUE, TRUE, find_objs_cb, NULL, info)) <0)
+ HGOTO_ERROR(FAIL, H5E_tools_min_id_g, "finding shared objects failed")
+
+done:
+ /* Release resources */
+ if(ret_value < 0) {
+ free_table(*group_table);
+ info->group_table = NULL;
+ free_table(*type_table);
+ info->type_table = NULL;
+ free_table(*dset_table);
+ info->dset_table = NULL;
+ }
+ return ret_value;
}
--
2.23.0

247
CVE-2018-17237.patch
View File

@ -1,247 +0,0 @@
From 4e31361dad4add06792b652dbe5b97e501f9031d Mon Sep 17 00:00:00 2001
From: Songyu Lu <songyulu@hdfgroup.org>
Date: Tue, 12 Feb 2019 13:48:49 -0600
Subject: [PATCH] I'm bringing the fixes for the following Jira issues from the
develop branch to 1.10 branch: HDFFV-10571: Divided by Zero vulnerability.
HDFFV-10601: Issues with chunk cache hash value calcuation. HDFFV-10607:
Patches for warnings in the core libraries. HDFFV-10635: HDF5 library
segmentation fault with H5Sselect_element.
---
src/H5Dchunk.c | 3 ++
src/H5HG.c | 8 +++-
src/H5Olayout.c | 8 +++-
src/H5RS.c | 4 +-
src/H5RSprivate.h | 2 +-
test/tvlstr.c | 102 ++++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 122 insertions(+), 5 deletions(-)
diff --git a/src/H5Dchunk.c b/src/H5Dchunk.c
index 021335f..6183ad8 100644
--- a/src/H5Dchunk.c
+++ b/src/H5Dchunk.c
@@ -641,6 +641,9 @@ H5D__chunk_set_info_real(H5O_layout_chunk_t *layout, unsigned ndims, const hsize
/* Compute the # of chunks in dataset dimensions */
for(u = 0, layout->nchunks = 1; u < ndims; u++) {
+ /* Sanity check */
+ HDassert(layout->dim[u] > 0);
+
/* Round up to the next integer # of chunks, to accomodate partial chunks */
layout->chunks[u] = ((curr_dims[u] + layout->dim[u]) - 1) / layout->dim[u];
diff --git a/src/H5HG.c b/src/H5HG.c
index 194e4eb..e07ca0e 100644
--- a/src/H5HG.c
+++ b/src/H5HG.c
@@ -757,7 +757,13 @@ H5HG_remove (H5F_t *f, hid_t dxpl_id, H5HG_t *hobj)
HGOTO_ERROR(H5E_HEAP, H5E_CANTPROTECT, FAIL, "unable to protect global heap")
HDassert(hobj->idx < heap->nused);
- HDassert(heap->obj[hobj->idx].begin);
+ /* When the application selects the same location to rewrite the VL element by using H5Sselect_elements,
+ * it can happen that the entry has been removed by first rewrite. Here we simply skip the removal of
+ * the entry and let the second rewrite happen (see HDFFV-10635). In the future, it'd be nice to handle
+ * this situation in H5T_conv_vlen in H5Tconv.c instead of this level (HDFFV-10648). */
+ if(heap->obj[hobj->idx].nrefs == 0 && heap->obj[hobj->idx].size == 0 && !heap->obj[hobj->idx].begin)
+ HGOTO_DONE(ret_value)
+
obj_start = heap->obj[hobj->idx].begin;
/* Include object header size */
need = H5HG_ALIGN(heap->obj[hobj->idx].size) + H5HG_SIZEOF_OBJHDR(f);
diff --git a/src/H5Olayout.c b/src/H5Olayout.c
index 17385c2..3bbee12 100644
--- a/src/H5Olayout.c
+++ b/src/H5Olayout.c
@@ -223,9 +223,15 @@ H5O_layout_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *
H5F_addr_decode(f, &p, &(mesg->storage.u.chunk.idx_addr));
/* Chunk dimensions */
- for(u = 0; u < mesg->u.chunk.ndims; u++)
+ for(u = 0; u < mesg->u.chunk.ndims; u++) {
UINT32DECODE(p, mesg->u.chunk.dim[u]);
+ /* Just in case that something goes very wrong, such as file corruption. */
+ if(mesg->u.chunk.dim[u] == 0)
+ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, NULL, "chunk dimension must be positive: mesg->u.chunk.dim[%u] = %u",
+ u, mesg->u.chunk.dim[u])
+ } /* end for */
+
/* Compute chunk size */
for(u = 1, mesg->u.chunk.size = mesg->u.chunk.dim[0]; u < mesg->u.chunk.ndims; u++)
mesg->u.chunk.size *= mesg->u.chunk.dim[u];
diff --git a/src/H5RS.c b/src/H5RS.c
index 0a3fff0..ae500c5 100644
--- a/src/H5RS.c
+++ b/src/H5RS.c
@@ -137,7 +137,7 @@ done:
REVISION LOG
--------------------------------------------------------------------------*/
H5RS_str_t *
-H5RS_wrap(char *s)
+H5RS_wrap(const char *s)
{
H5RS_str_t *ret_value; /* Return value */
@@ -148,7 +148,7 @@ H5RS_wrap(char *s)
HGOTO_ERROR(H5E_RS, H5E_NOSPACE, NULL, "memory allocation failed")
/* Set the internal fields */
- ret_value->s = s;
+ ret_value->s = (char *)s;
ret_value->wrapped = 1;
ret_value->n = 1;
diff --git a/src/H5RSprivate.h b/src/H5RSprivate.h
index f69624a..1d26a18 100644
--- a/src/H5RSprivate.h
+++ b/src/H5RSprivate.h
@@ -44,7 +44,7 @@ typedef struct H5RS_str_t H5RS_str_t;
/* Private routines */
/********************/
H5_DLL H5RS_str_t *H5RS_create(const char *s);
-H5_DLL H5RS_str_t *H5RS_wrap(char *s);
+H5_DLL H5RS_str_t *H5RS_wrap(const char *s);
H5_DLL H5RS_str_t *H5RS_own(char *s);
H5_DLL herr_t H5RS_decr(H5RS_str_t *rs);
H5_DLL herr_t H5RS_incr(H5RS_str_t *rs);
diff --git a/test/tvlstr.c b/test/tvlstr.c
index e5b2a60..bb860a2 100644
--- a/test/tvlstr.c
+++ b/test/tvlstr.c
@@ -25,10 +25,14 @@
#define DATAFILE "tvlstr.h5"
#define DATAFILE2 "tvlstr2.h5"
+#define DATAFILE3 "sel2el.h5"
+
+#define DATASET "1Darray"
/* 1-D dataset with fixed dimensions */
#define SPACE1_RANK 1
#define SPACE1_DIM1 4
+#define NUMP 4
#define VLSTR_TYPE "vl_string_type"
@@ -846,6 +850,101 @@ static void test_vl_rewrite(void)
return;
} /* end test_vl_rewrite() */
+/****************************************************************
+ **
+ ** test_write_same_element():
+ ** Tests writing to the same element of VL string using
+ ** H5Sselect_element.
+ **
+ ****************************************************************/
+static void test_write_same_element(void)
+{
+ hid_t file1, dataset1;
+ hid_t mspace, fspace, dtype;
+ hsize_t fdim[] = {SPACE1_DIM1};
+ char *val[SPACE1_DIM1] = {"But", "reuniting", "is a", "great joy"};
+ hsize_t marray[] = {NUMP};
+ hsize_t coord[SPACE1_RANK][NUMP];
+ herr_t ret;
+
+ char *wdata[SPACE1_DIM1] = {"Parting", "is such a", "sweet", "sorrow."};
+
+ file1 = H5Fcreate(DATAFILE3, H5F_ACC_TRUNC, H5P_DEFAULT, H5P_DEFAULT);
+ CHECK(file1, FAIL, "H5Fcreate");
+
+ dtype = H5Tcopy(H5T_C_S1);
+ CHECK(dtype, FAIL, "H5Tcopy");
+
+ ret = H5Tset_size(dtype, H5T_VARIABLE);
+ CHECK(ret, FAIL, "H5Tset_size");
+
+ fspace = H5Screate_simple(SPACE1_RANK, fdim, NULL);
+ CHECK(fspace, FAIL, "H5Screate_simple");
+
+ dataset1 = H5Dcreate(file1, DATASET, dtype, fspace, H5P_DEFAULT,
+ H5P_DEFAULT, H5P_DEFAULT);
+ CHECK(dataset1, FAIL, "H5Dcreate");
+
+ ret = H5Dwrite(dataset1, dtype, H5S_ALL, H5S_ALL, H5P_DEFAULT, wdata);
+ CHECK(ret, FAIL, "H5Dwrite");
+
+ ret = H5Dclose(dataset1);
+ CHECK(ret, FAIL, "H5Dclose");
+
+ ret = H5Tclose(dtype);
+ CHECK(ret, FAIL, "H5Tclose");
+
+ ret = H5Sclose(fspace);
+ CHECK(ret, FAIL, "H5Sclose");
+
+ ret = H5Fclose(file1);
+ CHECK(ret, FAIL, "H5Fclose");
+
+ /*
+ * Open the file. Select the same points, write values to those point locations.
+ */
+ file1 = H5Fopen(DATAFILE3, H5F_ACC_RDWR, H5P_DEFAULT);
+ CHECK(file1, FAIL, "H5Fopen");
+
+ dataset1 = H5Dopen(file1, DATASET, H5P_DEFAULT);
+ CHECK(dataset1, FAIL, "H5Dopen");
+
+ fspace = H5Dget_space(dataset1);
+ CHECK(fspace, FAIL, "H5Dget_space");
+
+ dtype = H5Dget_type(dataset1);
+ CHECK(dtype, FAIL, "H5Dget_type");
+
+ mspace = H5Screate_simple(1, marray, NULL);
+ CHECK(mspace, FAIL, "H5Screate_simple");
+
+ coord[0][0] = 0;
+ coord[0][1] = 2;
+ coord[0][2] = 2;
+ coord[0][3] = 0;
+
+ ret = H5Sselect_elements(fspace, H5S_SELECT_SET, NUMP, (const hsize_t *)&coord);
+ CHECK(ret, FAIL, "H5Sselect_elements");
+
+ ret = H5Dwrite(dataset1, dtype, mspace, fspace, H5P_DEFAULT, val);
+ CHECK(ret, FAIL, "H5Dwrite");
+
+ ret = H5Tclose(dtype);
+ CHECK(ret, FAIL, "H5Tclose");
+
+ ret = H5Dclose(dataset1);
+ CHECK(ret, FAIL, "H5Dclose");
+
+ ret = H5Sclose(fspace);
+ CHECK(ret, FAIL, "H5Dclose");
+
+ ret = H5Sclose(mspace);
+ CHECK(ret, FAIL, "H5Sclose");
+
+ ret = H5Fclose(file1);
+ CHECK(ret, FAIL, "H5Fclose");
+} /* test_write_same_element */
+
/****************************************************************
**
** test_vlstrings(): Main VL string testing routine.
@@ -870,6 +969,8 @@ test_vlstrings(void)
/* Test writing VL datasets in files with lots of unlinking */
test_vl_rewrite();
+ /* Test writing to the same element more than once using H5Sselect_elements */
+ test_write_same_element();
} /* test_vlstrings() */
@@ -892,5 +993,6 @@ cleanup_vlstrings(void)
{
HDremove(DATAFILE);
HDremove(DATAFILE2);
+ HDremove(DATAFILE3);
}
--
2.23.0

61
CVE-2018-17432.patch
View File

@ -1,61 +0,0 @@
From 7bfa10018ecf5efe54b4a699bb684d31468c8b42 Mon Sep 17 00:00:00 2001
From: Binh-Minh Ribler <bmribler@hdfgroup.org>
Date: Mon, 26 Oct 2020 08:36:27 -0500
Subject: [PATCH] Fix HDFFV-10590
Description
This is to fix the CVE issue CVE-2018-17432.
h5repack produced a segfault on a corrupted file. This fix modified
the
dataspace encode and decode functions per Quincey's suggestion to
prevent
the segfault. h5repack only failed for the corrupted file now.
Platforms tested:
Linux/64 (jelly)
---
src/H5Osdspace.c | 23 +-
1 files changed, 14 insertions(+), 9 deletions(-)
diff --git a/src/H5Osdspace.c b/src/H5Osdspace.c
index 627ea190a3..6e34960d87 100644
--- a/src/H5Osdspace.c
+++ b/src/H5Osdspace.c
@@ -143,8 +143,11 @@ H5O_sdspace_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED
flags = *p++;
/* Get or determine the type of the extent */
- if(version >= H5O_SDSPACE_VERSION_2)
+ if(version >= H5O_SDSPACE_VERSION_2) {
sdim->type = (H5S_class_t)*p++;
+ if(sdim->type != H5S_SIMPLE && sdim->rank > 0)
+ HGOTO_ERROR(H5E_OHDR, H5E_BADVALUE, NULL, "invalid rank for scalar or NULL dataspace")
+ } /* end if */
else {
/* Set the dataspace type to be simple or scalar as appropriate */
if(sdim->rank > 0)
@@ -267,14 +270,16 @@ H5O_sdspace_encode(H5F_t *f, uint8_t *p, const void *_mesg)
*p++ = 0; /*reserved*/
} /* end else */
- /* Current & maximum dimensions */
- if(sdim->rank > 0) {
- for(u = 0; u < sdim->rank; u++)
- H5F_ENCODE_LENGTH(f, p, sdim->size[u]);
- if(flags & H5S_VALID_MAX) {
- for(u = 0; u < sdim->rank; u++)
- H5F_ENCODE_LENGTH(f, p, sdim->max[u]);
- } /* end if */
+ /* Encode dataspace dimensions for simple dataspaces */
+ if(H5S_SIMPLE == sdim->type) {
+ /* Encode current & maximum dimensions */
+ if(sdim->rank > 0) {
+ for(u = 0; u < sdim->rank; u++)
+ H5F_ENCODE_LENGTH(f, p, sdim->size[u]);
+ if(flags & H5S_VALID_MAX)
+ for(u = 0; u < sdim->rank; u++)
+ H5F_ENCODE_LENGTH(f, p, sdim->max[u]);
+ } /* end if */
} /* end if */
FUNC_LEAVE_NOAPI(SUCCEED)

200
CVE-2018-17434-CVE-2018-17437.patch
View File

@ -1,200 +0,0 @@
From 02d03b4624122955ee3de635699a4e3880fea377 Mon Sep 17 00:00:00 2001
From: Binh-Minh Ribler <bmribler@hdfgroup.org>
Date: Wed, 30 Jan 2019 20:04:30 -0600
Subject: [PATCH] Fixed HDFFV-10586, HDFFV-10588, and HDFFV-10684
Description:
HDFFV-10586 CVE-2018-17434 Divide by zero in h5repack_filters
Added a check for zero value
HDFFV-10588 CVE-2018-17437 Memory leak in H5O_dtype_decode_helper
This is actually an Invalid read issue. It was found that the
attribute name length in an attribute message was corrupted,
which caused the buffer pointer to be advanced too far and later
caused an invalid read.
Added a check to detect attribute name and its length mismatch. The
fix does not cover all cases, but it'll reduce the chance of this issue
when a name length is corrupted or the attribute name is corrupted.
HDFFV-10684 H5Ewalk does not stop until all errors in the stack are visited
The test for HDFFV-10588 has revealed a bug in H5Ewalk.
H5Ewalk did not stop midway even when the call back function returns
H5_ITER_STOP. This is because a condition is missing from the for
loops in H5E__walk causing the callback functions unable to stop until
all the errors in the stack are iterated. Quincey advised on the final
fix. In this fix, "status" is switched to "ret_value" and HGOTO_ERROR
to HERROR, and the for loops won't continue when "ret_value" is not 0.
Platforms tested:
Linux/64 (jelly)
Linux/64 (platypus)
Darwin (osx1011test)
---
src/H5E.c | 6 ++---
src/H5Eint.c | 37 ++++++++++++++-----------------
src/H5Oattr.c | 5 +++++
tools/h5repack/h5repack_filters.c | 6 +++--
4 files changed, 29 insertions(+), 25 deletions(-)
diff --git a/src/H5E.c b/src/H5E.c
index a94c5bc..e8da166 100644
--- a/src/H5E.c
+++ b/src/H5E.c
@@ -1471,7 +1471,7 @@ done:
*
* Purpose: Prints the error stack in some default way. This is just a
* convenience function for H5Ewalk() with a function that
- * prints error messages. Users are encouraged to write there
+ * prints error messages. Users are encouraged to write their
* own more specific error handlers.
*
* Return: Non-negative on success/Negative on failure
@@ -1553,8 +1553,8 @@ H5Ewalk2(hid_t err_stack, H5E_direction_t direction, H5E_walk2_t stack_func, voi
/* Walk the error stack */
op.vers = 2;
op.u.func2 = stack_func;
- if(H5E_walk(estack, direction, &op, client_data) < 0)
- HGOTO_ERROR(H5E_ERROR, H5E_CANTLIST, FAIL, "can't walk error stack")
+ if((ret_value = H5E_walk(estack, direction, &op, client_data)) < 0)
+ HERROR(H5E_ERROR, H5E_CANTLIST, "can't walk error stack");
done:
FUNC_LEAVE_API(ret_value)
diff --git a/src/H5Eint.c b/src/H5Eint.c
index 636866b..85edb90 100644
--- a/src/H5Eint.c
+++ b/src/H5Eint.c
@@ -442,13 +442,13 @@ done:
/*-------------------------------------------------------------------------
* Function: H5E_print
*
- * Purpose: Private function to print the error stack in some default
+ * Purpose: Private function to print the error stack in some default
* way. This is just a convenience function for H5Ewalk() and
* H5Ewalk2() with a function that prints error messages.
- * Users are encouraged to write there own more specific error
+ * Users are encouraged to write their own more specific error
* handlers.
*
- * Return: Non-negative on success/Negative on failure
+ * Return: Non-negative on success/Negative on failure
*
* Programmer: Robb Matzke
* Friday, February 27, 1998
@@ -533,9 +533,8 @@ herr_t
H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op,
void *client_data)
{
- int i; /* Local index variable */
- herr_t status; /* Status from callback function */
- herr_t ret_value = SUCCEED; /* Return value */
+ int i; /* Local index variable */
+ herr_t ret_value = H5_ITER_CONT; /* Return value */
FUNC_ENTER_NOAPI_NOINIT
@@ -553,9 +552,8 @@ H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op
if(op->u.func1) {
H5E_error1_t old_err;
- status = SUCCEED;
if(H5E_WALK_UPWARD == direction) {
- for(i = 0; i < (int)estack->nused && status >= 0; i++) {
+ for(i = 0; i < (int)estack->nused && ret_value == H5_ITER_CONT; i++) {
/* Point to each error record on the stack and pass it to callback function.*/
old_err.maj_num = estack->slot[i].maj_num;
old_err.min_num = estack->slot[i].min_num;
@@ -564,12 +562,12 @@ H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op
old_err.desc = estack->slot[i].desc;
old_err.line = estack->slot[i].line;
- status = (op->u.func1)(i, &old_err, client_data);
+ ret_value = (op->u.func1)(i, &old_err, client_data);
} /* end for */
} /* end if */
else {
H5_CHECK_OVERFLOW(estack->nused - 1, size_t, int);
- for(i = (int)(estack->nused - 1); i >= 0 && status >= 0; i--) {
+ for(i = (int)(estack->nused - 1); i >= 0 && ret_value == H5_ITER_CONT; i--) {
/* Point to each error record on the stack and pass it to callback function.*/
old_err.maj_num = estack->slot[i].maj_num;
old_err.min_num = estack->slot[i].min_num;
@@ -578,12 +576,12 @@ H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op
old_err.desc = estack->slot[i].desc;
old_err.line = estack->slot[i].line;
- status = (op->u.func1)((int)(estack->nused - (size_t)(i + 1)), &old_err, client_data);
+ ret_value = (op->u.func1)((int)(estack->nused - (size_t)(i + 1)), &old_err, client_data);
} /* end for */
} /* end else */
- if(status < 0)
- HGOTO_ERROR(H5E_ERROR, H5E_CANTLIST, FAIL, "can't walk error stack")
+ if(ret_value < 0)
+ HERROR(H5E_ERROR, H5E_CANTLIST, "can't walk error stack");
} /* end if */
#else /* H5_NO_DEPRECATED_SYMBOLS */
HDassert(0 && "version 1 error stack walk without deprecated symbols!");
@@ -592,19 +590,18 @@ H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op
else {
HDassert(op->vers == 2);
if(op->u.func2) {
- status = SUCCEED;
if(H5E_WALK_UPWARD == direction) {
- for(i = 0; i < (int)estack->nused && status >= 0; i++)
- status = (op->u.func2)((unsigned)i, estack->slot + i, client_data);
+ for(i = 0; i < (int)estack->nused && ret_value == H5_ITER_CONT; i++)
+ ret_value = (op->u.func2)((unsigned)i, estack->slot + i, client_data);
} /* end if */
else {
H5_CHECK_OVERFLOW(estack->nused - 1, size_t, int);
- for(i = (int)(estack->nused - 1); i >= 0 && status >= 0; i--)
- status = (op->u.func2)((unsigned)(estack->nused - (size_t)(i + 1)), estack->slot + i, client_data);
+ for(i = (int)(estack->nused - 1); i >= 0 && ret_value == H5_ITER_CONT; i--)
+ ret_value = (op->u.func2)((unsigned)(estack->nused - (size_t)(i + 1)), estack->slot + i, client_data);
} /* end else */
- if(status < 0)
- HGOTO_ERROR(H5E_ERROR, H5E_CANTLIST, FAIL, "can't walk error stack")
+ if(ret_value < 0)
+ HERROR(H5E_ERROR, H5E_CANTLIST, "can't walk error stack");
} /* end if */
} /* end else */
diff --git a/src/H5Oattr.c b/src/H5Oattr.c
index 149f04a..a8d2a31 100644
--- a/src/H5Oattr.c
+++ b/src/H5Oattr.c
@@ -175,6 +175,11 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED
/* Decode and store the name */
if(NULL == (attr->shared->name = H5MM_strdup((const char *)p)))
HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed")
+
+ /* Make an attempt to detect corrupted name or name length - HDFFV-10588 */
+ if(name_len != (HDstrlen(attr->shared->name) + 1))
+ HGOTO_ERROR(H5E_ATTR, H5E_CANTDECODE, NULL, "attribute name has different length than stored length")
+
if(attr->shared->version < H5O_ATTR_VERSION_2)
p += H5O_ALIGN_OLD(name_len); /* advance the memory pointer */
else
diff --git a/tools/h5repack/h5repack_filters.c b/tools/h5repack/h5repack_filters.c
index 523f81a..1eea3e9 100644
--- a/tools/h5repack/h5repack_filters.c
+++ b/tools/h5repack/h5repack_filters.c
@@ -333,12 +333,14 @@ int apply_filters(const char* name, /* object name from traverse list */
sm_nbytes = msize;
for (i = rank; i > 0; --i) {
- hsize_t size = H5TOOLS_BUFSIZE / sm_nbytes;
+ hsize_t size = 0;
+ if(sm_nbytes == 0)
+ HGOTO_ERROR(FAIL, H5E_tools_min_id_g, "number of bytes per stripmine must be > 0");
+ size = H5TOOLS_BUFSIZE / sm_nbytes;
if (size == 0) /* datum size > H5TOOLS_BUFSIZE */
size = 1;
sm_size[i - 1] = MIN(dims[i - 1], size);
sm_nbytes *= sm_size[i - 1];
- HDassert(sm_nbytes > 0);
}
for (i = 0; i < rank; i++) {
--
2.23.0

114
CVE-2018-17435.patch
View File

@ -1,114 +0,0 @@
From c12da4884f18dda4c9dbc23efd10eb053ec7cf0d Mon Sep 17 00:00:00 2001
From: Binh-Minh Ribler <bmribler@hdfgroup.org>
Date: Fri, 19 Jun 2020 10:53:32 -0500
Subject: [PATCH] Fix HDFFV-10591
Description:
h52gif produced a segfault when a buffer overflow occurred because
the data size was corrupted and became very large. This commit
added
a check on the data size against the buffer size to prevent the
segfault.
It also added error reporting to h52gif to display an error message
instead of silently exiting when the failure occurred.
Platforms tested:
Linux/64 (jelly)
SunOS 5.11 (emu)
---
hl/src/H5IM.c | 3 ++-
hl/tools/gif2h5/hdf2gif.c | 19 +++++++++++++++----
src/H5Oattr.c | 5 +++++
3 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/hl/src/H5IM.c b/hl/src/H5IM.c
index f76f029ae2..495f296625 100644
--- a/hl/src/H5IM.c
+++ b/hl/src/H5IM.c
@@ -274,7 +274,8 @@ herr_t H5IMget_image_info( hid_t loc_id,
return -1;
/* Try to find the attribute "INTERLACE_MODE" on the >>image<< dataset */
- has_attr = H5LT_find_attribute(did, "INTERLACE_MODE");
+ if ((has_attr = H5LT_find_attribute(did, "INTERLACE_MODE")) < 0)
+ goto out;
/* It exists, get it */
if(has_attr == 1)
diff --git a/hl/tools/gif2h5/hdf2gif.c b/hl/tools/gif2h5/hdf2gif.c
index ce9d8786f8..ec81194a71 100644
--- a/hl/tools/gif2h5/hdf2gif.c
+++ b/hl/tools/gif2h5/hdf2gif.c
@@ -143,17 +143,22 @@ int main(int argc , char **argv)
goto out;
}
- /* read image */
+ /* get image's information */
if ( H5IMget_image_info( fid, image_name, &width, &height, &planes, interlace, &npals ) < 0 )
+ {
+ fprintf(stderr , "Unable to get information of the image. Aborting.\n");
goto out;
+ }
- if (width > IMAGE_WIDTH_MAX || height > IMAGE_HEIGHT_MAX){
+ if (width > IMAGE_WIDTH_MAX || height > IMAGE_HEIGHT_MAX)
+ {
fprintf(stderr, "HDF5 image is too large. Limit is %d by %d.\n", IMAGE_WIDTH_MAX, IMAGE_HEIGHT_MAX);
goto out;
}
/* tool can handle single plane images only. */
- if (planes > 1){
+ if (planes > 1)
+ {
fprintf(stderr, "Cannot handle multiple planes image\n");
goto out;
}
@@ -161,12 +166,18 @@ int main(int argc , char **argv)
Image = (BYTE*) malloc( (size_t) width * (size_t) height );
if ( H5IMread_image( fid, image_name, Image ) < 0 )
+ {
+ fprintf(stderr , "Unable to read the image. Aborting.\n");
goto out;
+ }
if (npals)
{
if ( H5IMget_palette_info( fid, image_name, 0, pal_dims ) < 0 )
+ {
+ fprintf(stderr , "Unable to get information of the palette. Aborting.\n");
goto out;
+ }
pal = (BYTE*) malloc( (size_t) pal_dims[0] * (size_t) pal_dims[1] );
@@ -240,7 +251,7 @@ int main(int argc , char **argv)
if (j==i)
{
/* wasn't found */
- pc2nc[i] = (BYTE)nc;
+ pc2nc[i] = (BYTE)nc;
r1[nc] = Red[i];
g1[nc] = Green[i];
b1[nc] = Blue[i];
diff --git a/src/H5Oattr.c b/src/H5Oattr.c
index 882912155a..a13c944264 100644
--- a/src/H5Oattr.c
+++ b/src/H5Oattr.c
@@ -225,6 +225,11 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED
/* Go get the data */
if(attr->shared->data_size) {
+ /* Ensure that data size doesn't exceed buffer size, in case of
+ it's being corrupted in the file */
+ if(attr->shared->data_size > p_size)
+ HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL, "data size exceeds buffer size")
+
if(NULL == (attr->shared->data = H5FL_BLK_MALLOC(attr_buf, attr->shared->data_size)))
HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed")
HDmemcpy(attr->shared->data, p, attr->shared->data_size);
--
2.23.0

70
CVE-2018-17438.patch
View File

@ -1,70 +0,0 @@
From 7add52ff4f2443357648d53d52add274d1b18b5f Mon Sep 17 00:00:00 2001
From: Binh-Minh Ribler <bmribler@hdfgroup.org>
Date: Wed, 20 Mar 2019 14:03:48 -0500
Subject: [PATCH] Fixed HDFFV-10210 and HDFFV-10587 Description: - Added
parameter validation (HDFFV-10210) - Added detection of division by zero
(HDFFV-10587 - CVE-2018-17438) - Fixed typos in various tests Platforms
tested: Linux/64 (jelly) Linux/64 (platypus) Darwin (osx1011test)
---
src/H5Dselect.c | 2 ++
src/H5I.c | 3 +++
test/tid.c | 15 +++++++++++++++
3 files changed, 20 insertions(+)
diff --git a/src/H5Dselect.c b/src/H5Dselect.c
index 7e86b9d..84cd849 100644
--- a/src/H5Dselect.c
+++ b/src/H5Dselect.c
@@ -220,6 +220,8 @@ H5D__select_io(const H5D_io_info_t *io_info, size_t elmt_size,
/* Decrement number of elements left to process */
HDassert(((size_t)tmp_file_len % elmt_size) == 0);
+ if(elmt_size == 0)
+ HGOTO_ERROR(H5E_DATASPACE, H5E_BADVALUE, FAIL, "Resulted in division by zero")
nelmts -= ((size_t)tmp_file_len / elmt_size);
} /* end while */
} /* end else */
diff --git a/src/H5I.c b/src/H5I.c
index 2a4a38c..5cc8e69 100644
--- a/src/H5I.c
+++ b/src/H5I.c
@@ -406,6 +406,9 @@ H5Itype_exists(H5I_type_t type)
FUNC_ENTER_API(FAIL)
H5TRACE1("t", "It", type);
+ if(H5I_IS_LIB_TYPE(type))
+ HGOTO_ERROR(H5E_ATOM, H5E_BADGROUP, FAIL, "cannot call public function on library type")
+
if(type <= H5I_BADID || type >= H5I_next_type)
HGOTO_ERROR(H5E_ARGS, H5E_BADRANGE, FAIL, "invalid type number")
diff --git a/test/tid.c b/test/tid.c
index c98514b..aca32fd 100644
--- a/test/tid.c
+++ b/test/tid.c
@@ -224,6 +224,21 @@ static int basic_id_test(void)
goto out;
H5E_END_TRY
+ /* Test that H5Itype_exists cannot be called on library types because
+ * it is a public function
+ */
+ H5E_BEGIN_TRY
+ err = H5Itype_exists(H5I_GROUP);
+ if(err >= 0)
+ goto out;
+ H5E_END_TRY
+
+ H5E_BEGIN_TRY
+ err = H5Itype_exists(H5I_ATTR);
+ if(err >= 0)
+ goto out;
+ H5E_END_TRY
+
return 0;
out:
--
2.23.0

92
CVE-2019-8396.patch Normal file
View File

@ -0,0 +1,92 @@
From 8e5d36c7465699671b89023f752a378f5ee8b7cb Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Tue, 28 Mar 2023 17:31:29 +0800
Subject: [PATCH 1/1] H5O__pline_decode() Make more resilient to out-of-bounds read (#2210)
Malformed hdf5 files may have trunkated content which does not match the expected size. When this function attempts to decode these it may read past the end of the allocated space leading to heap overflows as bounds checking is incomplete.
Make sure each element is within bounds before reading.
This fixes CVE-2019-8396 / HDFFV-10712 / github bug #2209.
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.com>
---
src/H5Opline.c | 17 +++++++++++++++--
src/H5private.h | 3 +++
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/src/H5Opline.c b/src/H5Opline.c
index 4b76da9..eacf81a 100644
--- a/src/H5Opline.c
+++ b/src/H5Opline.c
@@ -110,6 +110,7 @@ H5FL_DEFINE(H5O_pline_t);
*
*-------------------------------------------------------------------------
*/
+
static void *
H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSED mesg_flags,
unsigned H5_ATTR_UNUSED *ioflags, size_t p_size, const uint8_t *p)
@@ -131,6 +132,9 @@ H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsign
HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed")
/* Version */
+ if (p + 4 - 1 > p_end) /* 4 byte is minimum for all versions */
+ HGOTO_ERROR(H5E_OHDR, H5E_NOSPACE, NULL, "ran off the end of the buffer: current p = %p, p_end = %p",
+ p + 4, p_end)
pline->version = *p++;
if (pline->version < H5O_PLINE_VERSION_1 || pline->version > H5O_PLINE_VERSION_LATEST)
HGOTO_ERROR(H5E_PLINE, H5E_CANTLOAD, NULL, "bad version number for filter pipeline message")
@@ -159,6 +163,9 @@ H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsign
/* Decode filters */
for (i = 0, filter = &pline->filter[0]; i < pline->nused; i++, filter++) {
/* Filter ID */
+ if (p + 6 - 1 > p_end) /* 6 bytes minimum */
+ HGOTO_ERROR(H5E_OHDR, H5E_NOSPACE, NULL,
+ "ran off the end of the buffer: current p = %p, p_end = %p", p + 6, p_end)
UINT16DECODE(p, filter->id);
/* Length of filter name */
@@ -168,6 +175,9 @@ H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsign
UINT16DECODE(p, name_length);
if (pline->version == H5O_PLINE_VERSION_1 && name_length % 8)
HGOTO_ERROR(H5E_PLINE, H5E_CANTLOAD, NULL, "filter name length is not a multiple of eight")
+ if (p + 4 - 1 > p_end) /* with name_length 4 bytes to go */
+ HGOTO_ERROR(H5E_OHDR, H5E_NOSPACE, NULL,
+ "ran off the end of the buffer: current p = %p, p_end = %p", p + 4, p_end)
} /* end if */
/* Filter flags */
@@ -179,9 +189,12 @@ H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsign
/* Filter name, if there is one */
if (name_length) {
size_t actual_name_length; /* Actual length of name */
-
+ size_t len = (size_t)(p_end - p + 1);
/* Determine actual name length (without padding, but with null terminator) */
- actual_name_length = HDstrlen((const char *)p) + 1;
+ actual_name_length = HDstrnlen((const char *)p, len);
+ if (actual_name_length == len)
+ HGOTO_ERROR(H5E_OHDR, H5E_NOSPACE, NULL, "filter name not null terminated")
+ actual_name_length += 1; /* include \0 byte */
HDassert(actual_name_length <= name_length);
/* Allocate space for the filter name, or use the internal buffer */
diff --git a/src/H5private.h b/src/H5private.h
index 56ded14..58ccfef 100644
--- a/src/H5private.h
+++ b/src/H5private.h
@@ -1444,6 +1444,9 @@ H5_DLL void HDsrand(unsigned int seed);
#ifndef HDstrlen
#define HDstrlen(S) strlen(S)
#endif /* HDstrlen */
+#ifndef HDstrnlen
+#define HDstrnlen(S, L) strnlen(S, L)
+#endif
#ifndef HDstrncat
#define HDstrncat(X, Y, Z) strncat(X, Y, Z)
#endif /* HDstrncat */
--
2.30.0

43
CVE-2020-10812.patch Normal file
View File

@ -0,0 +1,43 @@
From: Egbert Eich <eich@suse.com>
Date: Wed Oct 5 09:44:02 2022 +0200
Subject: Hot fix for CVE-2020-10812
Patch-mainline: Not yet
Git-repo: ssh://eich@192.168.122.1:/home/eich/sources/HPC/hdf5
Git-commit: 2465fc41d208d57eb0d7d025286a81664148fbaf
References:
CVE-2020-10812 unveils a more fundamental design flaw in H5F__dest():
this function returns FAIL if one of multiple operations fail (in this
case H5AC_prep_for_file_close()) while it still proceeds to prepare the
close operation, free the 'shared' member in struct H5F_t and ulimately
deallocate the structure itself.
When H5F__dest() signals back FAIL to the caller, the caller itself
(H5F_try_close() in this case) will fail. This failure is signalled
up the stack, thus the file will not be considered closed and another
attempt will be made to close it - latest in the exit handler.
The next attempt to close will however need the already deallocated
H5F_t structure and the H5T_shared_t structure in its 'shared' member,
however.
This fix papers over the failure of H5AC_prep_for_file_close() by not
changing the return status of H5F__dest() to fail. There are numerous
other opportunities where this will happen.
This may call for a more fundamental solution.
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
src/H5Fint.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/H5Fint.c b/src/H5Fint.c
index 9b5613972f..01faf33495 100644
--- a/src/H5Fint.c
+++ b/src/H5Fint.c
@@ -1413,7 +1413,7 @@ H5F__dest(H5F_t *f, hbool_t flush)
*/
if (H5AC_prep_for_file_close(f) < 0)
/* Push error, but keep going */
- HDONE_ERROR(H5E_FILE, H5E_CANTFLUSH, FAIL, "metadata cache prep for close failed")
+ HDONE_ERROR(H5E_FILE, H5E_CANTFLUSH, ret_value, "metadata cache prep for close failed")
/* Flush at this point since the file will be closed (phase 2).
* Only try to flush the file if it was opened with write access, and if

66
CVE-2021-37501.patch Normal file
View File

@ -0,0 +1,66 @@
From: Egbert Eich <eich@suse.com>
Date: Sat Feb 11 13:54:17 2023 +0100
Subject: Check for overflow when calculating on-disk attribute data size (#2459)
Patch-mainline: Not yet
Git-repo: https://github.com/HDFGroup/hdf5
Git-commit: 0d026daa13a81be72495872f651c036fdc84ae5e
References:
A bogus hdf5 file may contain dataspace messages with sizes
which lead to the on-disk data sizes to exceed what is addressable.
When calculating the size, make sure, the multiplication does not
overflow.
The test case was crafted in a way that the overflow caused the
size to be 0.
This fixes CVE-2021-37501 / Bug #2458.
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
src/H5Oattr.c | 3 +++
src/H5private.h | 18 ++++++++++++++++++
2 files changed, 21 insertions(+)
diff --git a/src/H5Oattr.c b/src/H5Oattr.c
index 4dee7aa187..3ef0b99aa4 100644
--- a/src/H5Oattr.c
+++ b/src/H5Oattr.c
@@ -235,6 +235,9 @@ H5O_attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, un
/* Compute the size of the data */
H5_CHECKED_ASSIGN(attr->shared->data_size, size_t, ds_size * (hsize_t)dt_size, hsize_t);
+ H5_CHECK_MUL_OVERFLOW(attr->shared->data_size, ds_size, dt_size,
+ HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL,
+ "data size exceeds addressable range"))
/* Go get the data */
if (attr->shared->data_size) {
diff --git a/src/H5private.h b/src/H5private.h
index 931d7b9046..a115aee1a4 100644
--- a/src/H5private.h
+++ b/src/H5private.h
@@ -1605,6 +1605,24 @@ H5_DLL int HDvasprintf(char **bufp, const char *fmt, va_list _ap);
#define H5_CHECK_OVERFLOW(var, vartype, casttype)
#endif /* NDEBUG */
+/*
+ * A macro for checking whether a multiplication has overflown
+ * r is assumed to be the result of a prior multiplication of a and b
+ */
+#define H5_CHECK_MUL_OVERFLOW(r, a, b, err) \
+ { \
+ bool mul_overflow = false; \
+ if (r != 0) { \
+ if (r / a != b) \
+ mul_overflow = true; \
+ } else { \
+ if (a != 0 && b != 0) \
+ mul_overflow = true; \
+ } \
+ if (mul_overflow) \
+ err \
+ }
+
/*
* A macro for detecting over/under-flow when assigning between types
*/

100
fix-compile-error.patch
View File

@ -1,100 +0,0 @@
From aa52644d1f9e5a1103e4f670b56074c4e46a04f2 Mon Sep 17 00:00:00 2001
From: lrknox <lrknox>
Date: Fri, 11 May 2018 11:02:43 -0500
Subject: [PATCH] Address compile errors and merge conflicts.
---
src/H5Abtree2.c | 2 +-
src/H5HFcache.c | 2 +-
src/H5Ocache.c | 4 ++--
src/H5T.c | 8 +++-----
4 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/H5Abtree2.c b/src/H5Abtree2.c
index 02fffce21c..318c60d750 100644
--- a/src/H5Abtree2.c
+++ b/src/H5Abtree2.c
@@ -162,7 +162,7 @@ const H5B2_class_t H5A_BT2_CORDER[1]={{ /* B-tree class information */
*-------------------------------------------------------------------------
*/
static herr_t
-H5A__dense_fh_name_cmp(const void *obj, size_t obj_len, void *_udata)
+H5A_dense_fh_name_cmp(const void *obj, size_t obj_len, void *_udata)
{
H5A_fh_ud_cmp_t *udata = (H5A_fh_ud_cmp_t *)_udata; /* User data for 'op' callback */
H5A_t *attr = NULL; /* Pointer to attribute created from heap object */
diff --git a/src/H5HFcache.c b/src/H5HFcache.c
index 319a865438..0d25dbf603 100644
--- a/src/H5HFcache.c
+++ b/src/H5HFcache.c
@@ -384,7 +384,7 @@ H5HF_cache_hdr_load(H5F_t *f, hid_t dxpl_id, haddr_t addr, void *_udata)
UINT32DECODE(p, hdr->pline_root_direct_filter_mask);
/* Decode I/O filter information */
- if(NULL == (pline = (H5O_pline_t *)H5O_msg_decode(hdr->f, udata->dxpl_id, NULL, H5O_PLINE_ID, len, image)))
+ if(NULL == (pline = (H5O_pline_t *)H5O_msg_decode(hdr->f, udata->dxpl_id, NULL, H5O_PLINE_ID, hdr->filter_len, p)))
HGOTO_ERROR(H5E_HEAP, H5E_CANTDECODE, NULL, "can't decode I/O pipeline filters")
p += hdr->filter_len;
diff --git a/src/H5Ocache.c b/src/H5Ocache.c
index ebae3f55bf..39f3ca330f 100644
--- a/src/H5Ocache.c
+++ b/src/H5Ocache.c
@@ -1288,7 +1288,7 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image,
unsigned ioflags = 0; /* Flags for decode routine */
/* Decode continuation message */
- cont = (H5O_cont_t *)(H5O_MSG_CONT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw);
+ cont = (H5O_cont_t *)(H5O_MSG_CONT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw_size, oh->mesg[curmesg].raw);
cont->chunkno = udata->cont_msg_info->nmsgs + 1; /*the next continuation message/chunk */
/* Save 'native' form of continuation message */
@@ -1312,7 +1312,7 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image,
/* Decode ref. count message */
HDassert(oh->version > H5O_VERSION_1);
- refcount = (H5O_refcount_t *)(H5O_MSG_REFCOUNT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw);
+ refcount = (H5O_refcount_t *)(H5O_MSG_REFCOUNT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw_size, oh->mesg[curmesg].raw);
/* Save 'native' form of ref. count message */
oh->mesg[curmesg].native = refcount;
diff --git a/src/H5T.c b/src/H5T.c
index 9eeb7db193..36b4c63001 100644
--- a/src/H5T.c
+++ b/src/H5T.c
@@ -298,8 +298,6 @@ static herr_t H5T_unregister(H5T_pers_t pers, const char *name, H5T_t *src,
static herr_t H5T_register(H5T_pers_t pers, const char *name, H5T_t *src,
H5T_t *dst, H5T_conv_t func, hid_t dxpl_id, hbool_t api_call);
static htri_t H5T_compiler_conv(H5T_t *src, H5T_t *dst);
-static herr_t H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc);
-static H5T_t *H5T_decode(const unsigned char *buf);
static herr_t H5T_set_size(H5T_t *dt, size_t size);
@@ -2839,7 +2837,7 @@ H5Tdecode(const void *buf)
*
*-------------------------------------------------------------------------
*/
-static herr_t
+herr_t
H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc)
{
size_t buf_size; /* Encoded size of datatype */
@@ -2895,7 +2893,7 @@ H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc)
*
*-------------------------------------------------------------------------
*/
-static H5T_t *
+H5T_t *
H5T_decode(size_t buf_size, const unsigned char *buf)
{
H5F_t *f = NULL; /* Fake file structure*/
@@ -2916,7 +2914,7 @@ H5T_decode(size_t buf_size, const unsigned char *buf)
HGOTO_ERROR(H5E_DATATYPE, H5E_VERSION, NULL, "unknown version of encoded datatype")
/* Decode the serialized datatype message */
- if(NULL == (ret_value = (H5T_t *)H5O_msg_decode(f, H5AC_noio_dxpl_id, NULL, H5O_DTYPE_ID, buf_size, buf)))
+ if(NULL == (ret_value = (H5T_t *)H5O_msg_decode(f, H5AC_ind_dxpl_id, NULL, H5O_DTYPE_ID, buf_size, buf)))
HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, NULL, "can't decode object")
/* Mark datatype as being in memory now */

BIN
hdf5-1.8.20.tar.bz2 → hdf5-1.12.1.tar.bz2
View File

Binary file not shown.

13
hdf5-LD_LIBRARY_PATH.patch
View File

@ -1,21 +1,20 @@
diff -up hdf5-1.8.13/src/Makefile.am.LD_LIBRARY_PATH hdf5-1.8.13/src/Makefile.am
--- hdf5-1.8.13/src/Makefile.am.LD_LIBRARY_PATH 2014-05-05 20:13:01.000000000 -0600
+++ hdf5-1.8.13/src/Makefile.am 2014-05-15 09:53:59.569476295 -0600
@@ -128,8 +128,6 @@ settings_DATA=libhdf5.settings
--- hdf5-1.12.0/src/Makefile.am~ 2020-02-29 00:29:58.000000000 +0100
+++ hdf5-1.12.0/src/Makefile.am 2021-02-26 16:10:03.612252484 +0100
@@ -156,8 +156,6 @@
# Remove the generated .c file if errors occur unless HDF5_Make_Ignore
# is set to ignore the error.
H5Tinit.c: H5detect$(EXEEXT)
- LD_LIBRARY_PATH="$$LD_LIBRARY_PATH`echo $(LDFLAGS) | \
- sed -e 's/-L/:/g' -e 's/ //g'`" \
$(RUNSERIAL) ./H5detect$(EXEEXT) > $@ || \
$(RUNSERIAL) ./H5detect$(EXEEXT) $@ || \
(test $$HDF5_Make_Ignore && echo "*** Error ignored") || \
($(RM) $@ ; exit 1)
@@ -140,8 +138,6 @@ H5Tinit.c: H5detect$(EXEEXT)
@@ -168,8 +166,6 @@
# Remove the generated .c file if errors occur unless HDF5_Make_Ignore
# is set to ignore the error.
H5lib_settings.c: H5make_libsettings$(EXEEXT) libhdf5.settings
- LD_LIBRARY_PATH="$$LD_LIBRARY_PATH`echo $(LDFLAGS) | \
- sed -e 's/-L/:/g' -e 's/ //g'`" \
$(RUNSERIAL) ./H5make_libsettings$(EXEEXT) > $@ || \
$(RUNSERIAL) ./H5make_libsettings$(EXEEXT) $@ || \
(test $$HDF5_Make_Ignore && echo "*** Error ignored") || \
($(RM) $@ ; exit 1)

145
hdf5-build.patch Normal file
View File

@ -0,0 +1,145 @@
diff --git a/java/examples/datasets/JavaDatasetExample.sh.in b/java/examples/datasets/JavaDatasetExample.sh.in
index f29739a..fc9cddb 100644
--- a/java/examples/datasets/JavaDatasetExample.sh.in
+++ b/java/examples/datasets/JavaDatasetExample.sh.in
@@ -39,7 +39,7 @@ HDFLIB_HOME="$top_srcdir/java/lib"
BLDDIR="."
BLDLIBDIR="$BLDDIR/testlibs"
HDFTEST_HOME="$top_srcdir/java/examples/datasets"
-JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar
+JARFILE=@PACKAGE_TARNAME@.jar
TESTJARFILE=jar@PACKAGE_TARNAME@datasets.jar
test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR
diff --git a/java/examples/datasets/Makefile.am b/java/examples/datasets/Makefile.am
index 41a914b..195201a 100644
--- a/java/examples/datasets/Makefile.am
+++ b/java/examples/datasets/Makefile.am
@@ -26,7 +26,7 @@ classes:
test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT)
pkgpath = examples/datasets
-hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
+hdfjarfile = $(PACKAGE_TARNAME).jar
CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH
jarfile = jar$(PACKAGE_TARNAME)datasets.jar
diff --git a/java/examples/datatypes/JavaDatatypeExample.sh.in b/java/examples/datatypes/JavaDatatypeExample.sh.in
index e26d8c0..f6a9d87 100644
--- a/java/examples/datatypes/JavaDatatypeExample.sh.in
+++ b/java/examples/datatypes/JavaDatatypeExample.sh.in
@@ -36,7 +36,7 @@ HDFLIB_HOME="$top_srcdir/java/lib"
BLDDIR="."
BLDLIBDIR="$BLDDIR/testlibs"
HDFTEST_HOME="$top_srcdir/java/examples/datatypes"
-JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar
+JARFILE=@PACKAGE_TARNAME@.jar
TESTJARFILE=jar@PACKAGE_TARNAME@datatypes.jar
test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR
diff --git a/java/examples/datatypes/Makefile.am b/java/examples/datatypes/Makefile.am
index 90790f7..450edef 100644
--- a/java/examples/datatypes/Makefile.am
+++ b/java/examples/datatypes/Makefile.am
@@ -26,7 +26,7 @@ classes:
test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT)
pkgpath = examples/datatypes
-hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
+hdfjarfile = $(PACKAGE_TARNAME).jar
CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH
jarfile = jar$(PACKAGE_TARNAME)datatypes.jar
diff --git a/java/examples/groups/JavaGroupExample.sh.in b/java/examples/groups/JavaGroupExample.sh.in
index 3b0e9d1..416c69f 100644
--- a/java/examples/groups/JavaGroupExample.sh.in
+++ b/java/examples/groups/JavaGroupExample.sh.in
@@ -37,7 +37,7 @@ BLDDIR="."
BLDLIBDIR="$BLDDIR/testlibs"
BLDITERDIR="./groups"
HDFTEST_HOME="$top_srcdir/java/examples/groups"
-JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar
+JARFILE=@PACKAGE_TARNAME@.jar
TESTJARFILE=jar@PACKAGE_TARNAME@groups.jar
test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR
test -d $BLDITERDIR || mkdir -p $BLDITERDIR
diff --git a/java/examples/groups/Makefile.am b/java/examples/groups/Makefile.am
index bfde9ae..f48a5b9 100644
--- a/java/examples/groups/Makefile.am
+++ b/java/examples/groups/Makefile.am
@@ -26,7 +26,7 @@ classes:
test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT)
pkgpath = examples/groups
-hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
+hdfjarfile = $(PACKAGE_TARNAME).jar
CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH
jarfile = jar$(PACKAGE_TARNAME)groups.jar
diff --git a/java/examples/intro/JavaIntroExample.sh.in b/java/examples/intro/JavaIntroExample.sh.in
index db741e5..d0ba65d 100644
--- a/java/examples/intro/JavaIntroExample.sh.in
+++ b/java/examples/intro/JavaIntroExample.sh.in
@@ -36,7 +36,7 @@ HDFLIB_HOME="$top_srcdir/java/lib"
BLDDIR="."
BLDLIBDIR="$BLDDIR/testlibs"
HDFTEST_HOME="$top_srcdir/java/examples/intro"
-JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar
+JARFILE=@PACKAGE_TARNAME@.jar
TESTJARFILE=jar@PACKAGE_TARNAME@intro.jar
test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR
diff --git a/java/examples/intro/Makefile.am b/java/examples/intro/Makefile.am
index 7d1aeab..01a10c9 100644
--- a/java/examples/intro/Makefile.am
+++ b/java/examples/intro/Makefile.am
@@ -26,7 +26,7 @@ classes:
test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT)
pkgpath = examples/intro
-hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
+hdfjarfile = $(PACKAGE_TARNAME).jar
CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH
jarfile = jar$(PACKAGE_TARNAME)intro.jar
diff --git a/java/src/Makefile.am b/java/src/Makefile.am
index 98630e6..fd8d057 100644
--- a/java/src/Makefile.am
+++ b/java/src/Makefile.am
@@ -32,8 +32,8 @@ JAVAROOT = .classes
classes:
test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT)
-jarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
-hdf5_javadir = $(libdir)
+jarfile = $(PACKAGE_TARNAME).jar
+hdf5_javadir = $(prefix)/lib/java
pkgpath = hdf/hdf5lib
CLASSPATH_ENV=CLASSPATH=.:$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$$CLASSPATH
diff --git a/java/test/Makefile.am b/java/test/Makefile.am
index 08e79e3..b336c2f 100644
--- a/java/test/Makefile.am
+++ b/java/test/Makefile.am
@@ -26,7 +26,7 @@ classes:
test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT)
pkgpath = test
-hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
+hdfjarfile = $(PACKAGE_TARNAME).jar
CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/junit.jar:$(top_srcdir)/java/lib/hamcrest-core.jar:$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH
jarfile = jar$(PACKAGE_TARNAME)test.jar
diff --git a/java/test/junit.sh.in b/java/test/junit.sh.in
index 39db296..83d6c7c 100644
--- a/java/test/junit.sh.in
+++ b/java/test/junit.sh.in
@@ -47,7 +47,7 @@ BLDLIBDIR="$BLDDIR/testlibs"
HDFTEST_HOME="$top_srcdir/java/test"
TOOLS_TESTFILES="$top_srcdir/tools/testfiles"
-JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar
+JARFILE=@PACKAGE_TARNAME@.jar
TESTJARFILE=jar@PACKAGE_TARNAME@test.jar
test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR

37
hdf5-gfortran12.patch Normal file
View File

@ -0,0 +1,37 @@
commit 3ea6f8c17228d2629e419563138a6180bc4a5a6a
Author: Orion Poplawski <orion@nwra.com>
Date: Sun Jan 30 15:21:08 2022 -0700
Mark minusone as a PARAMETER in tH5A_1_8.F90.
diff --git a/fortran/test/tH5A_1_8.F90 b/fortran/test/tH5A_1_8.F90
index 4e02c58a39..c2f8e9984a 100644
--- a/fortran/test/tH5A_1_8.F90
+++ b/fortran/test/tH5A_1_8.F90
@@ -776,7 +776,7 @@ SUBROUTINE test_attr_info_by_idx(new_format, fcpl, fapl, total_error)
INTEGER :: Input1
INTEGER(HSIZE_T) :: hzero = 0_HSIZE_T
- INTEGER :: minusone = -1
+ INTEGER, PARAMETER :: minusone = -1
INTEGER(HSIZE_T) :: htmp
data_dims = 0
@@ -1427,7 +1427,7 @@ SUBROUTINE test_attr_delete_by_idx(new_format, fcpl, fapl, total_error)
INTEGER :: u ! Local index variable
INTEGER :: Input1
INTEGER(HSIZE_T) :: hzero = 0_HSIZE_T
- INTEGER :: minusone = -1
+ INTEGER, PARAMETER :: minusone = -1
data_dims = 0
@@ -2268,7 +2268,7 @@ SUBROUTINE test_attr_corder_create_basic( fcpl, fapl, total_error )
INTEGER :: error
INTEGER :: crt_order_flags
- INTEGER :: minusone = -1
+ INTEGER, PARAMETER :: minusone = -1
! Output message about test being performed
! WRITE(*,*) " - Testing Basic Code for Attributes with Creation Order Info"

75
hdf5-ldouble-ppc64le.patch
View File

@ -1,75 +0,0 @@
diff -up hdf5-1.8.16/configure.ac.ldouble-ppc64le hdf5-1.8.16/configure.ac
--- hdf5-1.8.16/configure.ac.ldouble-ppc64le 2015-11-13 09:29:08.749125801 -0700
+++ hdf5-1.8.16/configure.ac 2015-11-13 09:47:02.705174991 -0700
@@ -2278,6 +2278,13 @@ else
unsigned char s2[8];
int ret = 1;
+#if defined __powerpc64__ && defined _LITTLE_ENDIAN
+ /* Don't bother checking on ppc64le, we know it'll work, and
+ * that what hdf5 calls 'special algorithm' simply is
+ * IBM ldouble 128 (i.e. two seperately scaled doubles).
+ * The check below assumes big endian. */
+ ret = 0;
+#endif
if(sizeof(long double) == 16 && sizeof(long) == 8) {
/*make sure the long double type has 16 bytes in size and
* 11 bits of exponent. If it is,
@@ -2355,6 +2362,13 @@ else
unsigned char s[16];
int flag=0, ret=1;
+#if defined __powerpc64__ && defined _LITTLE_ENDIAN
+ /* Don't bother checking on ppc64le, we know it'll work, and
+ * that what hdf5 calls 'special algorithm' simply is
+ * IBM ldouble 128 (i.e. two seperately scaled doubles).
+ * The check below assumes big endian. */
+ ret = 0;
+#endif
/*Determine if long double has 16 byte in size, 11 bit exponent, and
*the bias is 0x3ff */
if(sizeof(long double) == 16) {
diff -up hdf5-1.8.16/configure.ldouble-ppc64le hdf5-1.8.16/configure
diff -up hdf5-1.8.16/test/dt_arith.c.ldouble-ppc64le hdf5-1.8.16/test/dt_arith.c
--- hdf5-1.8.16/test/dt_arith.c.ldouble-ppc64le 2015-10-23 23:13:43.000000000 -0600
+++ hdf5-1.8.16/test/dt_arith.c 2015-11-13 09:29:08.765125707 -0700
@@ -3010,7 +3010,18 @@ test_conv_flt_1 (const char *name, int r
buf, saved, nelmts);
#if H5_SIZEOF_LONG_DOUBLE!=H5_SIZEOF_DOUBLE && H5_SIZEOF_LONG_DOUBLE!=0
} else if(src_type == FLT_LDOUBLE) {
- INIT_FP_SPECIAL(src_size, src_nbits, sendian, LDBL_MANT_DIG, dst_size,
+ size_t mant_dig = LDBL_MANT_DIG;
+ if (mant_dig >= src_nbits) {
+ /* This happens for IBM long double in little endian.
+ The macro LDBL_MANT_DIG says 106 mantissa bits, but the
+ HDF5 detection code actually represents it as a normal 64bit
+ double (52 bit mantissa) with the upper double being
+ unspec bits (which is sort of okay as the testsuite
+ wouldn't deal with that format correctly anyway). So
+ override the mantissa size. */
+ mant_dig = 52;
+ }
+ INIT_FP_SPECIAL(src_size, src_nbits, sendian, mant_dig, dst_size,
buf, saved, nelmts);
#endif
} else
@@ -3663,7 +3674,18 @@ test_conv_int_fp(const char *name, int r
INIT_FP_DENORM(long double, LDBL_MANT_DIG, src_size, src_nbits, sendian, dst_size,
buf, saved, nelmts);
} else {
- INIT_FP_SPECIAL(src_size, src_nbits, sendian, LDBL_MANT_DIG, dst_size, buf, saved, nelmts);
+ size_t mant_dig = LDBL_MANT_DIG;
+ if (mant_dig >= src_nbits) {
+ /* This happens for IBM long double in little endian.
+ The macro LDBL_MANT_DIG says 106 mantissa bits, but the
+ HDF5 detection code actually represents it as a normal 64bit
+ double (52 bit mantissa) with the upper double being
+ unspec bits (which is sort of okay as the testsuite
+ wouldn't deal with that format correctly anyway). So
+ override the mantissa size. */
+ mant_dig = 52;
+ }
+ INIT_FP_SPECIAL(src_size, src_nbits, sendian, mant_dig, dst_size, buf, saved, nelmts);
}
#endif
} else

29
hdf5-mpi.patch
View File

@ -1,29 +0,0 @@
diff -up hdf5-1.8.16/testpar/t_pflush1.c.mpi hdf5-1.8.16/testpar/t_pflush1.c
--- hdf5-1.8.16/testpar/t_pflush1.c.mpi 2015-10-23 23:13:44.000000000 -0600
+++ hdf5-1.8.16/testpar/t_pflush1.c 2016-03-20 21:46:42.089409776 -0600
@@ -171,6 +171,7 @@ main(int argc, char* argv[])
* because MPI_File_close wants to modify the file-handle variable.
*/
+#if 0
/* close file1 */
if(H5Fget_vfd_handle(file1, fapl, (void **)&mpifh_p) < 0) {
printf("H5Fget_vfd_handle for file1 failed\n");
@@ -189,14 +190,17 @@ main(int argc, char* argv[])
printf("MPI_File_close for file2 failed\n");
goto error;
} /* end if */
+#endif
fflush(stdout);
fflush(stderr);
+ MPI_Finalize();
HD_exit(0);
error:
fflush(stdout);
fflush(stderr);
+ MPI_Finalize();
HD_exit(1);
}

109
hdf5-wrappers.patch Normal file
View File

@ -0,0 +1,109 @@
diff -up hdf5-1.10.7/bin/h5cc.in.wrappers hdf5-1.10.7/bin/h5cc.in
--- hdf5-1.10.7/bin/h5cc.in.wrappers 2020-10-07 20:24:29.127283333 -0600
+++ hdf5-1.10.7/bin/h5cc.in 2020-10-07 20:27:05.289536904 -0600
@@ -89,10 +89,10 @@ CLINKERBASE="@CC@"
# paths and libraries from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in
# from the hdf5 build. The order of the flags is intended to give precedence
# to the user's flags.
-H5BLD_CFLAGS="@AM_CFLAGS@ @CFLAGS@"
+H5BLD_CFLAGS=
H5BLD_CPPFLAGS="@AM_CPPFLAGS@ @CPPFLAGS@"
-H5BLD_LDFLAGS="@AM_LDFLAGS@ @LDFLAGS@"
-H5BLD_LIBS="@LIBS@"
+H5BLD_LDFLAGS=
+H5BLD_LIBS=
CC="${HDF5_CC:-$CCBASE}"
CLINKER="${HDF5_CLINKER:-$CLINKERBASE}"
@@ -105,7 +105,8 @@ LIBS="${HDF5_LIBS:-$LIBSBASE}"
# available library is shared, it will be used by default. The user can
# override either default, although choosing an unavailable library will result
# in link errors.
-STATIC_AVAILABLE="@enable_static@"
+# Fedora prefers shared libraries
+STATIC_AVAILABLE=no
if test "${STATIC_AVAILABLE}" = "yes"; then
USE_SHARED_LIB="${HDF5_USE_SHLIB:-no}"
else
@@ -385,7 +386,7 @@ if test "x$do_link" = "xyes"; then
# paths and libraries from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in
# from the hdf5 build. The order of the flags is intended to give precedence
# to the user's flags.
- $SHOW $CLINKER $H5BLD_CPPFLAGS $CPPFLAGS $H5BLD_CFLAGS $CFLAGS $LDFLAGS $clibpath $link_objs $LIBS $link_args $shared_link
+ $SHOW $CLINKER $H5BLD_CPPFLAGS $CPPFLAGS $H5BLD_CFLAGS $CFLAGS $LDFLAGS $clibpath $link_objs $LIBS $link_args
status=$?
fi
diff -up hdf5-1.10.7/c++/src/h5c++.in.wrappers hdf5-1.10.7/c++/src/h5c++.in
--- hdf5-1.10.7/c++/src/h5c++.in.wrappers 2020-08-27 21:38:23.000000000 -0600
+++ hdf5-1.10.7/c++/src/h5c++.in 2020-10-07 20:24:29.126283325 -0600
@@ -87,10 +87,10 @@ CXXLINKERBASE="@CXX@"
# paths and libraries from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in
# from the hdf5 build. The order of the flags is intended to give precedence
# to the user's flags.
-H5BLD_CXXFLAGS="@AM_CXXFLAGS@ @CXXFLAGS@"
+H5BLD_CXXFLAGS=
H5BLD_CPPFLAGS="@AM_CPPFLAGS@ @CPPFLAGS@"
-H5BLD_LDFLAGS="@AM_LDFLAGS@ @LDFLAGS@"
-H5BLD_LIBS="@LIBS@"
+H5BLD_LDFLAGS=
+H5BLD_LIBS=
CXX="${HDF5_CXX:-$CXXBASE}"
CXXLINKER="${HDF5_CLINKER:-$CXXLINKERBASE}"
@@ -103,7 +103,8 @@ LIBS="${HDF5_LIBS:-$LIBSBASE}"
# available library is shared, it will be used by default. The user can
# override either default, although choosing an unavailable library will result
# in link errors.
-STATIC_AVAILABLE="@enable_static@"
+# Fedora prefers shared libraries
+STATIC_AVAILABLE=no
if test "${STATIC_AVAILABLE}" = "yes"; then
USE_SHARED_LIB="${HDF5_USE_SHLIB:-no}"
else
@@ -385,7 +386,7 @@ if test "x$do_link" = "xyes"; then
# from the hdf5 build. The order of the flags is intended to give precedence
# to the user's flags.
- $SHOW $CXXLINKER $H5BLD_CPPFLAGS $CPPFLAGS $H5BLD_CXXFLAGS $CXXFLAGS $LDFLAGS $clibpath $link_objs $LIBS $link_args $shared_link
+ $SHOW $CXXLINKER $H5BLD_CPPFLAGS $CPPFLAGS $H5BLD_CXXFLAGS $CXXFLAGS $LDFLAGS $clibpath $link_objs $LIBS $link_args
status=$?
fi
diff -up hdf5-1.10.7/fortran/src/h5fc.in.wrappers hdf5-1.10.7/fortran/src/h5fc.in
--- hdf5-1.10.7/fortran/src/h5fc.in.wrappers 2020-08-27 21:38:23.000000000 -0600
+++ hdf5-1.10.7/fortran/src/h5fc.in 2020-10-07 20:25:53.793962985 -0600
@@ -83,11 +83,11 @@ FLINKERBASE="@FC@"
# libraries in $link_args, followed by any external library paths and libraries
# from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in from the hdf5 build.
# The order of the flags is intended to give precedence to the user's flags.
-H5BLD_FCFLAGS="@AM_FCFLAGS@ @FCFLAGS@"
+H5BLD_FCFLAGS=
F9XMODFLAG="@F9XMODFLAG@"
F9XSUFFIXFLAG="@F9XSUFFIXFLAG@"
-H5BLD_LDFLAGS="@AM_LDFLAGS@ @LDFLAGS@"
-H5BLD_LIBS="@LIBS@"
+H5BLD_LDFLAGS=
+H5BLD_LIBS=
FC="${HDF5_FC:-$FCBASE}"
FLINKER="${HDF5_FLINKER:-$FLINKERBASE}"
@@ -99,7 +99,8 @@ LIBS="${HDF5_LIBS:-$LIBSBASE}"
# available library is shared, it will be used by default. The user can
# override either default, although choosing an unavailable library will result
# in link errors.
-STATIC_AVAILABLE="@enable_static@"
+# Fedora prefers shared libraries
+STATIC_AVAILABLE=no
if test "${STATIC_AVAILABLE}" = "yes"; then
USE_SHARED_LIB="${HDF5_USE_SHLIB:-no}"
else
@@ -363,7 +364,7 @@ if test "x$do_link" = "xyes"; then
# libraries in $link_args, followed by any external library paths and libraries
# from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in from the hdf5 build.
# The order of the flags is intended to give precedence to the user's flags.
- $SHOW $FLINKER $FCFLAGS $H5BLD_FCFLAGS $F9XSUFFIXFLAG $LDFLAGS $fmodules $link_objs $LIBS $link_args $shared_link
+ $SHOW $FLINKER $FCFLAGS $H5BLD_FCFLAGS $F9XSUFFIXFLAG $LDFLAGS $fmodules $link_objs $LIBS $link_args
status=$?
fi

82
hdf5.spec
View File

@ -7,35 +7,33 @@
%global mpi_list %{?mpi_list} openmpi
%endif
%global so_version 200
Name: hdf5
Version: 1.8.20
Release: 12
Version: 1.12.1
Release: 1
Summary: A data model, library, and file format for storing and managing data
License: GPL
License: GPL-2.0-or-later
URL: https://portal.hdfgroup.org/display/HDF5/HDF5
Source0: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.8/hdf5-1.8.20/src/hdf5-1.8.20.tar.bz2
Source0: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.12/hdf5-1.12.1/src/hdf5-1.12.1.tar.bz2
Patch0: hdf5-LD_LIBRARY_PATH.patch
Patch1: hdf5-mpi.patch
Patch2: hdf5-ldouble-ppc64le.patch
Patch3: CVE-2018-17233.patch
Patch4: CVE-2018-17234.patch
Patch5: CVE-2018-17237.patch
Patch6: CVE-2018-17434-CVE-2018-17437.patch
Patch7: CVE-2018-17438.patch
Patch8: CVE-2017-17506.patch
Patch9: fix-compile-error.patch
Patch10: CVE-2018-17432.patch
Patch11: CVE-2018-17435.patch
Patch12: CVE-2018-13869-CVE-2018-13870.patch
Patch13: CVE-2018-13873.patch
Patch1: hdf5-gfortran12.patch
Patch2: hdf5-build.patch
Patch3: hdf5-wrappers.patch
Patch4: CVE-2018-13867.patch
Patch5: CVE-2018-14031.patch
Patch6: CVE-2018-16438.patch
Patch7: CVE-2019-8396.patch
Patch8: CVE-2020-10812.patch
Patch9: CVE-2021-37501.patch
BuildRequires: gcc, gcc-c++
BuildRequires: krb5-devel, openssl-devel, zlib-devel, gcc-gfortran, time
BuildRequires: automake libtool
BuildRequires: openssh-clients
BuildRequires: libaec-devel
BuildRequires: libaec-devel chrpath
%description
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format.
@ -158,7 +156,6 @@ do
ln -s ../configure .
%configure \
%{configure_opts} \
FCFLAGS="$FCFLAGS -I$MPI_FORTRAN_MOD_DIR" \
--enable-parallel \
--exec-prefix=%{_libdir}/$mpi \
--libdir=%{_libdir}/$mpi/lib \
@ -232,20 +229,37 @@ cat > ${RPM_BUILD_ROOT}/%{_rpmmacrodir}/macros.hdf5 <<EOF
%%_hdf5_version %{version}
EOF
cd $RPM_BUILD_ROOT/usr
file `find -type f`| grep -w ELF | awk -F":" '{print $1}' | for i in `xargs`
do
chrpath -d $i
done
cd -
mkdir -p $RPM_BUILD_ROOT/etc/ld.so.conf.d
echo "%{_libdir}/mpich/lib" > $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf
%check
make %{?_smp_mflags} -C build check
%ldconfig_scriptlets
%post
/sbin/ldconfig
%postun
/sbin/ldconfig
%files
%license COPYING
%doc MANIFEST README.txt release_docs/RELEASE.txt
%doc release_docs/HISTORY*.txt
%{_bindir}/gif2h5
%{_bindir}/h52gif
%{_bindir}/h5clear
%{_bindir}/h5copy
%{_bindir}/h5debug
%{_bindir}/h5diff
%{_bindir}/h5dump
%{_bindir}/h5format_convert
%{_bindir}/h5import
%{_bindir}/h5jam
%{_bindir}/h5ls
@ -255,9 +269,16 @@ make %{?_smp_mflags} -C build check
%{_bindir}/h5repart
%{_bindir}/h5stat
%{_bindir}/h5unjam
%{_libdir}/*.so.10*
%{_libdir}/libhdf5_cpp.so.15*
%{_libdir}/libhdf5_hl_cpp.so.11*
%{_bindir}/h5watch
%{_bindir}/mirror_server
%{_bindir}/mirror_server_stop
%{_libdir}/libhdf5.so.%{so_version}*
%{_libdir}/libhdf5_cpp.so.%{so_version}*
%{_libdir}/libhdf5_fortran.so.%{so_version}*
%{_libdir}/libhdf5hl_fortran.so.%{so_version}*
%{_libdir}/libhdf5_hl.so.%{so_version}*
%{_libdir}/libhdf5_hl_cpp.so.%{so_version}*
%config(noreplace) /etc/ld.so.conf.d/*
%files devel
%{_bindir}/h5c++*
@ -279,10 +300,12 @@ make %{?_smp_mflags} -C build check
%doc release_docs/HISTORY*.txt
%{_libdir}/mpich/bin/gif2h5
%{_libdir}/mpich/bin/h52gif
%{_libdir}/mpich/bin/h5clear
%{_libdir}/mpich/bin/h5copy
%{_libdir}/mpich/bin/h5debug
%{_libdir}/mpich/bin/h5diff
%{_libdir}/mpich/bin/h5dump
%{_libdir}/mpich/bin/h5format_convert
%{_libdir}/mpich/bin/h5import
%{_libdir}/mpich/bin/h5jam
%{_libdir}/mpich/bin/h5ls
@ -294,8 +317,11 @@ make %{?_smp_mflags} -C build check
%{_libdir}/mpich/bin/h5repart
%{_libdir}/mpich/bin/h5stat
%{_libdir}/mpich/bin/h5unjam
%{_libdir}/mpich/bin/h5watch
%{_libdir}/mpich/bin/mirror_server
%{_libdir}/mpich/bin/mirror_server_stop
%{_libdir}/mpich/bin/ph5diff
%{_libdir}/mpich/lib/*.so.10*
%{_libdir}/mpich/lib/*.so.%{so_version}*
%files mpich-devel
%{_includedir}/mpich-%{_arch}
@ -317,10 +343,12 @@ make %{?_smp_mflags} -C build check
%doc release_docs/HISTORY*.txt
%{_libdir}/openmpi/bin/gif2h5
%{_libdir}/openmpi/bin/h52gif
%{_libdir}/openmpi/bin/h5clear
%{_libdir}/openmpi/bin/h5copy
%{_libdir}/openmpi/bin/h5debug
%{_libdir}/openmpi/bin/h5diff
%{_libdir}/openmpi/bin/h5dump
%{_libdir}/openmpi/bin/h5format_convert
%{_libdir}/openmpi/bin/h5import
%{_libdir}/openmpi/bin/h5jam
%{_libdir}/openmpi/bin/h5ls
@ -332,8 +360,11 @@ make %{?_smp_mflags} -C build check
%{_libdir}/openmpi/bin/h5repart
%{_libdir}/openmpi/bin/h5stat
%{_libdir}/openmpi/bin/h5unjam
%{_libdir}/openmpi/bin/h5watch
%{_libdir}/openmpi/bin/mirror_server
%{_libdir}/openmpi/bin/mirror_server_stop
%{_libdir}/openmpi/bin/ph5diff
%{_libdir}/openmpi/lib/*.so.10*
%{_libdir}/openmpi/lib/*.so.%{so_version}*
%files openmpi-devel
%{_includedir}/openmpi-%{_arch}
@ -349,6 +380,9 @@ make %{?_smp_mflags} -C build check
%endif
%changelog
* Wed Mar 29 2023 yaoxin <yaoxin30@h-parters.com> - 1.12.1-1
- Update to 1.12.1 and fix CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2019-8396,CVE-2020-10812 and CVE-2021-37501
* Fri May 14 2021 caodongxia <caodongxia@huawei.com> - 1.8.20-12
- add sub packages hdf5-openmpi-static, hdf5-openmpi-devel, hdf5-openmpi,
- hdf5-mpich-static, hdf5-mpich-devel, hdf5-mpich