[arch-commits] Commit in hdf5-openmpi/trunk (PKGBUILD hdf51.10-CVE2016.patch)
Date: Saturday, June 17, 2017 @ 14:57:15 Author: archange Revision: 237925 upgpkg: hdf5-openmpi 1.10.1-1 Remove CVE patch, fixed upstream in this release. Modified: hdf5-openmpi/trunk/PKGBUILD Deleted: hdf5-openmpi/trunk/hdf51.10-CVE2016.patch + PKGBUILD | 16 +- hdf51.10-CVE2016.patch | 280 --- 2 files changed, 7 insertions(+), 289 deletions(-) Modified: PKGBUILD === --- PKGBUILD2017-06-17 14:57:14 UTC (rev 237924) +++ PKGBUILD2017-06-17 14:57:15 UTC (rev 237925) @@ -10,9 +10,8 @@ _pkgname=hdf5 _mpi=openmpi pkgname=${_pkgname}-${_mpi} -_patch=patch1 -pkgver=1.10.0_${_patch} -pkgrel=3 +pkgver=1.10.1 +pkgrel=1 pkgdesc="General purpose library and file format for storing scientific data (${_mpi} version)" arch=('i686' 'x86_64') url="https://www.hdfgroup.org/HDF5/; @@ -23,16 +22,13 @@ conflicts=('hdf5') replaces=("hdf5-fortran-${_mpi}") source=("https://support.hdfgroup.org/ftp/HDF5/releases/${_pkgname}-${pkgver:0:4}/${_pkgname}-${pkgver/_/-}/src/${_pkgname}-${pkgver/_/-}.tar.bz2; -'mpi.patch' -'hdf51.10-CVE2016.patch') -md5sums=('f6d980febe2c35c11670a9b34fa3b487' - 'dfa8dd50b8a7ebb3ad7249c627156cf9' - 'ebc0db3fe6d55dc39f63143ebb6327d4') +'mpi.patch') +md5sums=('d89893c05ee7ea8611b51bb39450d64e' + 'dfa8dd50b8a7ebb3ad7249c627156cf9') prepare() { cd ${_pkgname}-${pkgver/_/-} -patch -p0 -i ../hdf51.10-CVE2016.patch # FS#33343 patch -p1 -i ../mpi.patch } @@ -66,6 +62,8 @@ make -j1 DESTDIR="${pkgdir}" install +rm -rf "${pkgdir}"/usr/lib/libdynlib*.so + install -dm755 "${pkgdir}"/usr/share/${_pkgname} mv "${pkgdir}"/usr/share/{hdf5_examples,${_pkgname}/examples} Deleted: hdf51.10-CVE2016.patch === --- hdf51.10-CVE2016.patch 2017-06-17 14:57:14 UTC (rev 237924) +++ hdf51.10-CVE2016.patch 2017-06-17 14:57:15 UTC (rev 237925) @@ -1,280 +0,0 @@ -diff --git src/H5Ocache.c src/H5Ocache.c -index 831b08a..eab0fd2 100644 src/H5Ocache.c -+++ src/H5Ocache.c -@@ -1433,6 +1433,10 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image - HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message") - if((flags & H5O_MSG_FLAG_WAS_UNKNOWN) && !(flags & H5O_MSG_FLAG_MARK_IF_UNKNOWN)) - HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message") -+if((flags & H5O_MSG_FLAG_SHAREABLE) -+&& H5O_msg_class_g[id] -+&& !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE)) -+HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message of unsharable class flagged as sharable") - - /* Reserved bytes/creation index */ - if(oh->version == H5O_VERSION_1) -diff --git src/H5Odtype.c src/H5Odtype.c -index e51d319..799f475 100644 src/H5Odtype.c -+++ src/H5Odtype.c -@@ -311,7 +311,11 @@ H5O_dtype_decode_helper(H5F_t *f, unsigned *ioflags/*in,out*/, const uint8_t **p - if(version == H5O_DTYPE_VERSION_1) { - /* Decode the number of dimensions */ - ndims = *(*pp)++; --HDassert(ndims <= 4); -+ -+/* Check that ndims is valid */ -+if(ndims > 4) -+HGOTO_ERROR(H5E_DATATYPE, H5E_BADTYPE, FAIL, "invalid number of dimensions for array") -+ - *pp += 3; /*reserved bytes */ - - /* Skip dimension permutation */ -@@ -519,7 +523,8 @@ H5O_dtype_decode_helper(H5F_t *f, unsigned *ioflags/*in,out*/, const uint8_t **p - dt->shared->u.array.ndims = *(*pp)++; - - /* Double-check the number of dimensions */ --HDassert(dt->shared->u.array.ndims <= H5S_MAX_RANK); -+if(dt->shared->u.array.ndims > H5S_MAX_RANK) -+HGOTO_ERROR(H5E_DATATYPE, H5E_CANTLOAD, FAIL, "too many dimensions for array datatype") - - /* Skip reserved bytes, if version has them */ - if(version < H5O_DTYPE_VERSION_3) -diff --git src/H5Opkg.h src/H5Opkg.h -index 7473397..0fefa21 100644 src/H5Opkg.h -+++ src/H5Opkg.h -@@ -212,6 +212,7 @@ - \ - /* Set the message's "shared info", if it's shareable */\ - if((MSG)->flags & H5O_MSG_FLAG_SHAREABLE) { \ -+HDassert(msg_type->share_flags & H5O_SHARE_IS_SHARABLE); \ - H5O_UPDATE_SHARED((H5O_shared_t *)(MSG)->native, H5O_SHARE_TYPE_HERE, (F), msg_type->id, (MSG)->crt_idx, (OH)->chunk[0].addr) \ - } /* end if */
[arch-commits] Commit in hdf5-openmpi/trunk (PKGBUILD hdf51.10-CVE2016.patch)
Date: Saturday, June 17, 2017 @ 13:39:09 Author: archange Revision: 237876 Fix several CVEs, add Fortran bindings The following CVE are fixed in this release: CVE-2016-4330: HDF5 bug HDFFV-9992 (TALOS-2016-176) CVE-2016-4331: HDF5 bug HDFFV-9951 (TALOS-2016-177) CVE-2016-4332: HDF5 bug HDFFV-9950 (TALOS-2016-178) CVE-2016-4333: HDF5 bug HDFFV-9993 (TALOS-2016-179) Fortran bindings are added (no incompatibilities at all). Some cleaning Added: hdf5-openmpi/trunk/hdf51.10-CVE2016.patch Modified: hdf5-openmpi/trunk/PKGBUILD + PKGBUILD | 96 hdf51.10-CVE2016.patch | 280 +++ 2 files changed, 331 insertions(+), 45 deletions(-) Modified: PKGBUILD === --- PKGBUILD2017-06-17 13:11:21 UTC (rev 237875) +++ PKGBUILD2017-06-17 13:39:09 UTC (rev 237876) @@ -1,5 +1,6 @@ # $Id$ # Maintainer: Ronald van Haren +# Maintainer: Bruno Pagani (a.k.a. ArchangeGabriel)# Contributor: Stefan Husmann # Contributor: damir # Contributor: Tom K @@ -6,62 +7,67 @@ # Contributor: Jed Brown # Contributor: Simone Pezzuto -pkgname=hdf5-openmpi _pkgname=hdf5 -pkgver=1.10.0_patch1 -_pkgver=1.10.0-patch1 -pkgrel=2 +_mpi=openmpi +pkgname=${_pkgname}-${_mpi} +_patch=patch1 +pkgver=1.10.0_${_patch} +pkgrel=3 +pkgdesc="General purpose library and file format for storing scientific data (${_mpi} version)" arch=('i686' 'x86_64') -pkgdesc="General purpose library and file format for storing scientific data (OpenMPI version)" -url="http://www.hdfgroup.org/HDF5/; +url="https://www.hdfgroup.org/HDF5/; license=('custom') -depends=('zlib' 'sh' 'openmpi') -makedepends=('time') -provides=('hdf5') +depends=('zlib' 'bash' 'openmpi') +makedepends=('time' 'gcc-fortran') +provides=('hdf5' 'hdf5-cpp-fortran' "hdf5-fortran-${_mpi}") conflicts=('hdf5') -source=(ftp://ftp.hdfgroup.org/HDF5/releases/${_pkgname}-1.10/${_pkgname}-${_pkgver}/src/${_pkgname}-${_pkgver}.tar.bz2 -mpi.patch) -sha1sums=('2f34251186fa9e59887d8f094bc0bc90187d0aa4' - '658d4a3e537c9c76da3200effa8f95b656a21936') +replaces=("hdf5-fortran-${_mpi}") +source=("https://support.hdfgroup.org/ftp/HDF5/releases/${_pkgname}-${pkgver:0:4}/${_pkgname}-${pkgver/_/-}/src/${_pkgname}-${pkgver/_/-}.tar.bz2; +'mpi.patch' +'hdf51.10-CVE2016.patch') +md5sums=('f6d980febe2c35c11670a9b34fa3b487' + 'dfa8dd50b8a7ebb3ad7249c627156cf9' + 'ebc0db3fe6d55dc39f63143ebb6327d4') -build() { - cd "$srcdir/${_pkgname}-${pkgver/_/-}" +prepare() { +cd ${_pkgname}-${pkgver/_/-} - # FS#33343 - patch -Np1 -i "${srcdir}/mpi.patch" +patch -p0 -i ../hdf51.10-CVE2016.patch +# FS#33343 +patch -p1 -i ../mpi.patch +} - ./configure \ -CXX="mpicxx" \ -CC="mpicc" \ -FC="mpif90" \ -F9X="mpif90" \ -RUNPARALLEL="mpirun" \ -OMPI_MCA_disable_memory_allocator=1 \ ---prefix=/usr \ ---with-pthread=/usr/lib/ \ ---enable-linux-lfs \ ---enable-unsupported \ ---enable-shared \ ---disable-static \ ---enable-build-mode=production \ ---with-zlib \ ---enable-parallel=yes \ ---enable-cxx \ ---disable-sharedlib-rpath - - make +build() { +cd ${_pkgname}-${pkgver/_/-} +./configure \ +CXX="mpicxx" \ +CC="mpicc" \ +FC="mpif90" \ +F9X="mpif90" \ +RUNPARALLEL="mpirun" \ +OMPI_MCA_disable_memory_allocator=1 \ +--prefix=/usr \ +--disable-static \ +--enable-hl \ +--enable-build-mode=production \ +--with-pic \ +--docdir=/usr/share/doc/hdf5/ \ +--disable-sharedlib-rpath \ +--enable-cxx \ +--enable-fortran \ +--enable-parallel \ +--enable-unsupported \ +--with-zlib +make } package() { - cd "$srcdir/${_pkgname}-${pkgver/_/-}" +cd ${_pkgname}-${pkgver/_/-} - make -j1 DESTDIR="${pkgdir}" install +make -j1 DESTDIR="${pkgdir}" install - install -d -m755 "$pkgdir/usr/share/$_pkgname" - mv "$pkgdir"/usr/share/{hdf5_examples,$_pkgname/examples} +install -dm755 "${pkgdir}"/usr/share/${_pkgname} +mv "${pkgdir}"/usr/share/{hdf5_examples,${_pkgname}/examples} - install -d -m755 "$pkgdir/usr/share/licenses/${pkgname}" - install -m644 "$srcdir/${_pkgname}-${pkgver/_/-}/COPYING" \ - "$pkgdir/usr/share/licenses/${pkgname}/LICENSE" +install -Dm644 COPYING "${pkgdir}"/usr/share/licenses/${_pkgname}/LICENSE } - Added: hdf51.10-CVE2016.patch === --- hdf51.10-CVE2016.patch (rev 0) +++ hdf51.10-CVE2016.patch 2017-06-17 13:39:09 UTC (rev 237876) @@ -0,0 +1,280 @@ +diff --git src/H5Ocache.c src/H5Ocache.c