Public bug reported: Please sync hdf5 1.14.5+repack-3 (universe) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped: hdf5 (1.10.10+repack-5ubuntu1) plucky; urgency=medium * Merge with Debian: remaining changes: - Avoid out of bounds write when signed_headers_dest is empty, fixes FTBFS on s390x - Fix ftbfs with ELF_PACKAGE_METADATA set during configure calls. hdf5 (1.10.10+repack-5) unstable; urgency=medium * Build-Depends: libopenmpi-dev: explicitly exclude all 32bit archs instead of relying on an an alternative with architecture-is-32-bit (closes: #1087988) hdf5 (1.10.10+repack-4ubuntu3) oracular; urgency=medium * Build again with mpich on i386. -- Matthias Klose <[email protected]> Sat, 30 Nov 2024 15:12:05 +0100 We can drop the following change: - d/p/fix-signed_headers_dest.patch : Avoid out of bounds write when signed_headers_dest is empty,fixes FTBFS on s390x. Because it was fixed in upstream (#3681 - https://github.com/HDFGroup/hdf5/pull/3681 ) in version 1.14.4. To check if we can also drop the d/rules change [1], I built the package as-is from Debian targeting Plucky [2] , and it went OK. [1] https://git.launchpad.net/~mirespace/ubuntu/+source/hdf5/commit/?id=e24d9d2c09b9ad1101b27041158248cb63fde437 [2] https://launchpad.net/~mirespace/+archive/ubuntu/hdf5-2/+sourcepub/16932655/+listing-archive-extra Changelog entries since current plucky version 1.10.10+repack-5ubuntu1: hdf5 (1.14.5+repack-3) unstable; urgency=medium * New patch fortran_gmtime64.patch: fix fortran gmtime related failures on big-endian 32-bit architectures (closes: #1091911) * Update symbols files for alpha hppa hurd-i386 m68k powerpc sh4 -- Gilles Filippini <[email protected]> Sun, 05 Jan 2025 16:14:18 +0100 hdf5 (1.14.5+repack-2) unstable; urgency=medium * Acknoledge previously fixed CVE: CVE-2017-17507 CVE-2018-11205 CVE-2018-14034 CVE-2018-14035 CVE-2018-15671 CVE-2018-17433 CVE-2018-17436 CVE-2019-8396 CVE-2019-8397 CVE-2019-8398 CVE-2019-9151 CVE-2019-9152 CVE-2020-10809 CVE-2020-10812 CVE-2021-45829 CVE-2021-46243 CVE-2022-25942 CVE-2022-25972 CVE-2022-26061 * Fixed typo in changelog for 1.10.10+repack-1 * Add nojava build profile (closes: #1067758) * Add missing #MINVER# to .symbols files for libhdf5-fortran, libhdf5-hl, and libhdf5-hl-fortran (closes: #1023820) -- Gilles Filippini <[email protected]> Mon, 30 Dec 2024 20:18:56 +0100 hdf5 (1.14.5+repack-1) unstable; urgency=medium * New major upstream release * Fixed CVE-2024-33877 CVE-2024-33876 CVE-2024-33875 CVE-2024-33874 CVE-2024-33873 CVE-2024-32624 CVE-2024-32623 CVE-2024-32622 CVE-2024-32621 CVE-2024-32620 CVE-2024-32619 CVE-2024-32618 CVE-2024-32617 CVE-2024-32616 CVE-2024-32615 CVE-2024-32614 CVE-2024-32613 CVE-2024-32612 CVE-2024-32611 CVE-2024-32610 CVE-2024-32609 CVE-2024-32607 CVE-2024-32606 CVE-2024-32605 CVE-2024-29166 CVE-2024-29165 CVE-2024-29164 CVE-2024-29163 CVE-2024-29162 CVE-2024-29161 CVE-2024-29160 CVE-2024-29159 CVE-2024-29158 CVE-2024-29157 (closes: #1070861) * Fix CVE-2018-11202 CVE-2018-11206 CVE-2018-13867 CVE-2018-13867 CVE-2018-13869 CVE-2018-13870 CVE-2018-14031 CVE-2018-14033 CVE-2018-14460 CVE-2018-16438 CVE-2018-17432 CVE-2018-17435 CVE-2018-17439 CVE-2019-8396 CVE-2020-10810 CVE-2020-10810 CVE-2021-37501 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 CVE-2021-46244 * Update d/copyright * Rename and update symbols files * Refresh patches * Drop patches: - relax-version-check.patch: now useless - fix-unaligned-accesses.patch: source code was refactored and this patch doesn't apply anymore * New patches: - float128.patch: backported from upstream to fix an FTBFS on i386 - cheat-fortranlib_test.patch: temporry patch to workaround an issue in the fortranlib test for 32 bit architectures * Bump default API version from 1.8 to 1.14 * htdf5-tools: install new tools: h5delete, h5format_convert, h5fuse h5watch * Docs: no more html folder -- Gilles Filippini <[email protected]> Tue, 10 Dec 2024 21:12:10 +0100 ** Affects: hdf5 (Ubuntu) Importance: Wishlist Assignee: Graham Inggs (ginggs) Status: In Progress ** Changed in: hdf5 (Ubuntu) Importance: Undecided => Wishlist ** Description changed: Please sync hdf5 1.14.5+repack-3 (universe) from Debian unstable (main) Explanation of the Ubuntu delta and why it can be dropped: hdf5 (1.10.10+repack-5ubuntu1) plucky; urgency=medium - * Merge with Debian: remaining changes: - - Avoid out of bounds write when signed_headers_dest is empty, - fixes FTBFS on s390x - - Fix ftbfs with ELF_PACKAGE_METADATA set during configure calls. + * Merge with Debian: remaining changes: + - Avoid out of bounds write when signed_headers_dest is empty, + fixes FTBFS on s390x + - Fix ftbfs with ELF_PACKAGE_METADATA set during configure calls. hdf5 (1.10.10+repack-5) unstable; urgency=medium - * Build-Depends: libopenmpi-dev: explicitly exclude all 32bit archs - instead of relying on an an alternative with architecture-is-32-bit - (closes: #1087988) + * Build-Depends: libopenmpi-dev: explicitly exclude all 32bit archs + instead of relying on an an alternative with architecture-is-32-bit + (closes: #1087988) hdf5 (1.10.10+repack-4ubuntu3) oracular; urgency=medium - * Build again with mpich on i386. + * Build again with mpich on i386. - -- Matthias Klose <[email protected]> Sat, 30 Nov 2024 15:12:05 +0100 + -- Matthias Klose <[email protected]> Sat, 30 Nov 2024 15:12:05 +0100 - We can drop the following change: - - d/p/fix-signed_headers_dest.patch : Avoid out of bounds write - when signed_headers_dest is empty,fixes FTBFS on s390x. + We can drop the following change: + - d/p/fix-signed_headers_dest.patch : Avoid out of bounds write + when signed_headers_dest is empty,fixes FTBFS on s390x. - Because it was fixed in upstream (#3681 - https://github.com/HDFGroup/hdf5/pull/3681 ) - in version 1.14.4. + Because it was fixed in upstream (#3681 - https://github.com/HDFGroup/hdf5/pull/3681 ) + in version 1.14.4. - To check the d/rules change [1], I built the package as-is form debian targeting plucky [2] , and it went OK. - - - [1] https://git.launchpad.net/~mirespace/ubuntu/+source/hdf5/commit/?id=e24d9d2c09b9ad1101b27041158248cb63fde437 - [2] https://launchpad.net/~mirespace/+archive/ubuntu/hdf5-2/+sourcepub/16932655/+listing-archive-extra + To check if we can also drop the d/rules change [1], I built the + package as-is from Debian targeting Plucky [2] , and it went OK. + + [1] https://git.launchpad.net/~mirespace/ubuntu/+source/hdf5/commit/?id=e24d9d2c09b9ad1101b27041158248cb63fde437 + [2] https://launchpad.net/~mirespace/+archive/ubuntu/hdf5-2/+sourcepub/16932655/+listing-archive-extra Changelog entries since current plucky version 1.10.10+repack-5ubuntu1: hdf5 (1.14.5+repack-3) unstable; urgency=medium - * New patch fortran_gmtime64.patch: fix fortran gmtime related - failures on big-endian 32-bit architectures (closes: #1091911) - * Update symbols files for alpha hppa hurd-i386 m68k powerpc sh4 + * New patch fortran_gmtime64.patch: fix fortran gmtime related + failures on big-endian 32-bit architectures (closes: #1091911) + * Update symbols files for alpha hppa hurd-i386 m68k powerpc sh4 - -- Gilles Filippini <[email protected]> Sun, 05 Jan 2025 16:14:18 +0100 + -- Gilles Filippini <[email protected]> Sun, 05 Jan 2025 16:14:18 +0100 hdf5 (1.14.5+repack-2) unstable; urgency=medium - * Acknoledge previously fixed CVE: - CVE-2017-17507 CVE-2018-11205 CVE-2018-14034 CVE-2018-14035 - CVE-2018-15671 CVE-2018-17433 CVE-2018-17436 CVE-2019-8396 - CVE-2019-8397 CVE-2019-8398 CVE-2019-9151 CVE-2019-9152 - CVE-2020-10809 CVE-2020-10812 CVE-2021-45829 CVE-2021-46243 - CVE-2022-25942 CVE-2022-25972 CVE-2022-26061 - * Fixed typo in changelog for 1.10.10+repack-1 - * Add nojava build profile (closes: #1067758) - * Add missing #MINVER# to .symbols files for libhdf5-fortran, - libhdf5-hl, and libhdf5-hl-fortran (closes: #1023820) + * Acknoledge previously fixed CVE: + CVE-2017-17507 CVE-2018-11205 CVE-2018-14034 CVE-2018-14035 + CVE-2018-15671 CVE-2018-17433 CVE-2018-17436 CVE-2019-8396 + CVE-2019-8397 CVE-2019-8398 CVE-2019-9151 CVE-2019-9152 + CVE-2020-10809 CVE-2020-10812 CVE-2021-45829 CVE-2021-46243 + CVE-2022-25942 CVE-2022-25972 CVE-2022-26061 + * Fixed typo in changelog for 1.10.10+repack-1 + * Add nojava build profile (closes: #1067758) + * Add missing #MINVER# to .symbols files for libhdf5-fortran, + libhdf5-hl, and libhdf5-hl-fortran (closes: #1023820) - -- Gilles Filippini <[email protected]> Mon, 30 Dec 2024 20:18:56 +0100 + -- Gilles Filippini <[email protected]> Mon, 30 Dec 2024 20:18:56 +0100 hdf5 (1.14.5+repack-1) unstable; urgency=medium - * New major upstream release - * Fixed CVE-2024-33877 CVE-2024-33876 CVE-2024-33875 CVE-2024-33874 - CVE-2024-33873 CVE-2024-32624 CVE-2024-32623 CVE-2024-32622 - CVE-2024-32621 CVE-2024-32620 CVE-2024-32619 CVE-2024-32618 - CVE-2024-32617 CVE-2024-32616 CVE-2024-32615 CVE-2024-32614 - CVE-2024-32613 CVE-2024-32612 CVE-2024-32611 CVE-2024-32610 - CVE-2024-32609 CVE-2024-32607 CVE-2024-32606 CVE-2024-32605 - CVE-2024-29166 CVE-2024-29165 CVE-2024-29164 CVE-2024-29163 - CVE-2024-29162 CVE-2024-29161 CVE-2024-29160 CVE-2024-29159 - CVE-2024-29158 CVE-2024-29157 (closes: #1070861) - * Fix CVE-2018-11202 CVE-2018-11206 CVE-2018-13867 CVE-2018-13867 - CVE-2018-13869 CVE-2018-13870 CVE-2018-14031 CVE-2018-14033 - CVE-2018-14460 CVE-2018-16438 CVE-2018-17432 CVE-2018-17435 - CVE-2018-17439 CVE-2019-8396 CVE-2020-10810 CVE-2020-10810 - CVE-2021-37501 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 - CVE-2021-46244 - * Update d/copyright - * Rename and update symbols files - * Refresh patches - * Drop patches: - - relax-version-check.patch: now useless - - fix-unaligned-accesses.patch: source code was refactored - and this patch doesn't apply anymore - * New patches: - - float128.patch: backported from upstream to fix an FTBFS on i386 - - cheat-fortranlib_test.patch: temporry patch to workaround an issue - in the fortranlib test for 32 bit architectures - * Bump default API version from 1.8 to 1.14 - * htdf5-tools: install new tools: h5delete, h5format_convert, h5fuse - h5watch - * Docs: no more html folder + * New major upstream release + * Fixed CVE-2024-33877 CVE-2024-33876 CVE-2024-33875 CVE-2024-33874 + CVE-2024-33873 CVE-2024-32624 CVE-2024-32623 CVE-2024-32622 + CVE-2024-32621 CVE-2024-32620 CVE-2024-32619 CVE-2024-32618 + CVE-2024-32617 CVE-2024-32616 CVE-2024-32615 CVE-2024-32614 + CVE-2024-32613 CVE-2024-32612 CVE-2024-32611 CVE-2024-32610 + CVE-2024-32609 CVE-2024-32607 CVE-2024-32606 CVE-2024-32605 + CVE-2024-29166 CVE-2024-29165 CVE-2024-29164 CVE-2024-29163 + CVE-2024-29162 CVE-2024-29161 CVE-2024-29160 CVE-2024-29159 + CVE-2024-29158 CVE-2024-29157 (closes: #1070861) + * Fix CVE-2018-11202 CVE-2018-11206 CVE-2018-13867 CVE-2018-13867 + CVE-2018-13869 CVE-2018-13870 CVE-2018-14031 CVE-2018-14033 + CVE-2018-14460 CVE-2018-16438 CVE-2018-17432 CVE-2018-17435 + CVE-2018-17439 CVE-2019-8396 CVE-2020-10810 CVE-2020-10810 + CVE-2021-37501 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 + CVE-2021-46244 + * Update d/copyright + * Rename and update symbols files + * Refresh patches + * Drop patches: + - relax-version-check.patch: now useless + - fix-unaligned-accesses.patch: source code was refactored + and this patch doesn't apply anymore + * New patches: + - float128.patch: backported from upstream to fix an FTBFS on i386 + - cheat-fortranlib_test.patch: temporry patch to workaround an issue + in the fortranlib test for 32 bit architectures + * Bump default API version from 1.8 to 1.14 + * htdf5-tools: install new tools: h5delete, h5format_convert, h5fuse + h5watch + * Docs: no more html folder - -- Gilles Filippini <[email protected]> Tue, 10 Dec 2024 21:12:10 +0100 + -- Gilles Filippini <[email protected]> Tue, 10 Dec 2024 21:12:10 +0100 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2096669 Title: Sync hdf5 1.14.5+repack-3 (universe) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hdf5/+bug/2096669/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
