From 51d6cd78e9c52ad36dccdaa6cfc4bb1565c42317 Mon Sep 17 00:00:00 2001 From: wk333 <13474090681@163.com> Date: Fri, 22 Dec 2023 16:28:04 +0800 Subject: [PATCH] Sync release and Add disable-hltools flag to fix CVE-2018-17433, CVE-2018-17436, CVE-2020-10809 (cherry picked from commit 56fa53c1c5aff3055e039acad83c7dbb55e33ccf) --- add-option-to-build-HL-tools.patch | 149 +++++++++++++++++++++++++++++ hdf5.spec | 20 ++-- 2 files changed, 159 insertions(+), 10 deletions(-) create mode 100644 add-option-to-build-HL-tools.patch diff --git a/add-option-to-build-HL-tools.patch b/add-option-to-build-HL-tools.patch new file mode 100644 index 0000000..77c800e --- /dev/null +++ b/add-option-to-build-HL-tools.patch @@ -0,0 +1,149 @@ +From c9c85080e9c9ba2f98cd7bf0ca69775529e280e4 Mon Sep 17 00:00:00 2001 +From: Allen Byrne <50328838+byrnHDF@users.noreply.github.com> +Date: Fri, 17 Sep 2021 11:01:26 -0500 +Subject: [PATCH] Merge HDFFV-11266 - add option to build HL tools #1018 + (#1020) + +Origin: https://github.com/HDFGroup/hdf5/commit/c9c85080e9c9ba2f98cd7bf0ca69775529e280e4 + +--- + config/cmake/hdf5-config.cmake.in | 1 + + config/cmake/libhdf5.settings.cmake.in | 1 + + configure.ac | 20 ++++++++++++++++++++ + hl/CMakeLists.txt | 12 ++++++++++-- + hl/Makefile.am | 4 ++++ + release_docs/INSTALL_CMake.txt | 1 + + release_docs/RELEASE.txt | 8 ++++++++ + 7 files changed, 45 insertions(+), 2 deletions(-) + +diff --git a/config/cmake/hdf5-config.cmake.in b/config/cmake/hdf5-config.cmake.in +index 4d02c9c5ff2..8faa2fe2ba2 100644 +--- a/config/cmake/hdf5-config.cmake.in ++++ b/config/cmake/hdf5-config.cmake.in +@@ -38,6 +38,7 @@ set (${HDF5_PACKAGE_NAME}_BUILD_CPP_LIB @HDF5_BUILD_CPP_LIB@) + set (${HDF5_PACKAGE_NAME}_BUILD_JAVA @HDF5_BUILD_JAVA@) + set (${HDF5_PACKAGE_NAME}_BUILD_TOOLS @HDF5_BUILD_TOOLS@) + set (${HDF5_PACKAGE_NAME}_BUILD_HL_LIB @HDF5_BUILD_HL_LIB@) ++set (${HDF5_PACKAGE_NAME}_BUILD_HL_TOOLS @HDF5_BUILD_HL_TOOLS@) + set (${HDF5_PACKAGE_NAME}_ENABLE_THREADSAFE @HDF5_ENABLE_THREADSAFE@) + set (${HDF5_PACKAGE_NAME}_ENABLE_PLUGIN_SUPPORT @HDF5_ENABLE_PLUGIN_SUPPORT@) + set (${HDF5_PACKAGE_NAME}_ENABLE_Z_LIB_SUPPORT @HDF5_ENABLE_Z_LIB_SUPPORT@) +diff --git a/config/cmake/libhdf5.settings.cmake.in b/config/cmake/libhdf5.settings.cmake.in +index dd345b4cd5c..e5b150409c5 100644 +--- a/config/cmake/libhdf5.settings.cmake.in ++++ b/config/cmake/libhdf5.settings.cmake.in +@@ -70,6 +70,7 @@ Parallel Filtered Dataset Writes: @PARALLEL_FILTERED_WRITES@ + High-level library: @HDF5_BUILD_HL_LIB@ + Build HDF5 Tests: @BUILD_TESTING@ + Build HDF5 Tools: @HDF5_BUILD_TOOLS@ ++ Build High-level HDF5 Tools: @HDF5_BUILD_HL_TOOLS@ + Threadsafety: @HDF5_ENABLE_THREADSAFE@ (recursive RW locks: @HDF5_USE_RECURSIVE_RW_LOCKS@) + Default API mapping: @DEFAULT_API_VERSION@ + With deprecated public symbols: @HDF5_ENABLE_DEPRECATED_SYMBOLS@ +diff --git a/configure.ac b/configure.ac +index df0cec59fe5..7b4c3f56647 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -806,6 +806,7 @@ AC_LANG_POP(C++) + ## This needs to be exposed for the library info file even if the HL + ## library is disabled. + AC_SUBST([HDF5_HL]) ++AC_SUBST([HDF5_HL_TOOLS]) + + ## The high-level library is enabled unless the build mode is clean. + if test "X-$BUILD_MODE" = "X-clean" ; then +@@ -822,6 +823,9 @@ HL="" + ## Fortran high-level library + AC_SUBST(HL_FOR) + HL_FOR="" ++## Tools high-level library ++AC_SUBST(HL_TOOLS) ++HL_TOOLS="" + + AC_MSG_CHECKING([if the high-level library is enabled]) + AC_ARG_ENABLE([hl], +@@ -840,6 +844,21 @@ else + AC_MSG_RESULT([no]) + fi + ++AC_MSG_CHECKING([if the high-level tools are enabled]) ++AC_ARG_ENABLE([hltools], ++ [AS_HELP_STRING([--enable-hltools], ++ [Enable the high-level tools. ++ [default=yes)] ++ ])], ++ [HDF5_HL_TOOLS=$enableval]) ++ ++if test "X${HDF5_HL}" = "Xyes" -a "X-$HDF5_HL_TOOLS" = "X-yes"; then ++ AC_MSG_RESULT([yes]) ++ HL_TOOLS="tools" ++else ++ AC_MSG_RESULT([no]) ++fi ++ + + ## ---------------------------------------------------------------------- + ## Check which archiving tool to use. This needs to be done before +@@ -3992,6 +4011,7 @@ AM_CONDITIONAL([BUILD_HDF5_HL_CONDITIONAL], [test "X$HDF5_HL" = "Xyes"]) + AM_CONDITIONAL([BUILD_TESTS_CONDITIONAL], [test "X$HDF5_TESTS" = "Xyes"]) + AM_CONDITIONAL([BUILD_TESTS_PARALLEL_CONDITIONAL], [test -n "$TESTPARALLEL"]) + AM_CONDITIONAL([BUILD_TOOLS_CONDITIONAL], [test "X$HDF5_TOOLS" = "Xyes"]) ++AM_CONDITIONAL([BUILD_TOOLS_HL_CONDITIONAL], [test "X$HDF5_HL_TOOLS" = "Xyes"]) + AM_CONDITIONAL([BUILD_DOXYGEN_CONDITIONAL], [test "X$HDF5_DOXYGEN" = "Xyes"]) + + ## ---------------------------------------------------------------------- +diff --git a/hl/CMakeLists.txt b/hl/CMakeLists.txt +index 083c60eb39e..5061c6c5a47 100644 +--- a/hl/CMakeLists.txt ++++ b/hl/CMakeLists.txt +@@ -7,9 +7,17 @@ project (HDF5_HL C) + + add_subdirectory (src) + +-#-- Build the High level Tools ++# Build HDF5 Tools + if (HDF5_BUILD_TOOLS) +- add_subdirectory (tools) ++ #----------------------------------------------------------------------------- ++ #-- Option to build the High level Tools ++ #----------------------------------------------------------------------------- ++ if (EXISTS "${HDF5_HL_SOURCE_DIR}/tools" AND IS_DIRECTORY "${HDF5_HL_SOURCE_DIR}/tools") ++ option (HDF5_BUILD_HL_TOOLS "Build HDF5 HL Tools" ON) ++ if (HDF5_BUILD_HL_TOOLS) ++ add_subdirectory (tools) ++ endif () ++ endif () + endif () + + #-- Add High Level Examples +diff --git a/hl/Makefile.am b/hl/Makefile.am +index 80ef66a2a2c..ad035fe5073 100644 +--- a/hl/Makefile.am ++++ b/hl/Makefile.am +@@ -37,10 +37,14 @@ else + TEST_DIR = + endif + if BUILD_TOOLS_CONDITIONAL ++if BUILD_TOOLS_HL_CONDITIONAL + TOOLS_DIR = tools + else + TOOLS_DIR = + endif ++else ++ TOOLS_DIR = ++endif + + ## Don't recurse into any subdirectories if HDF5 is not configured to + ## use the HL library +diff --git a/release_docs/INSTALL_CMake.txt b/release_docs/INSTALL_CMake.txt +index 84044c7ee7e..adceb702aea 100644 +--- a/release_docs/INSTALL_CMake.txt ++++ b/release_docs/INSTALL_CMake.txt +@@ -740,6 +740,7 @@ HDF5_BUILD_FORTRAN "Build FORTRAN support" OFF + HDF5_BUILD_JAVA "Build JAVA support" OFF + HDF5_BUILD_HL_LIB "Build HIGH Level HDF5 Library" ON + HDF5_BUILD_TOOLS "Build HDF5 Tools" ON ++HDF5_BUILD_HL_TOOLS "Build HIGH Level HDF5 Tools" ON + + ---------------- HDF5 Advanced Options --------------------- + ONLY_SHARED_LIBS "Only Build Shared Libraries" OFF diff --git a/hdf5.spec b/hdf5.spec index 7b3f735..7cb565f 100644 --- a/hdf5.spec +++ b/hdf5.spec @@ -11,7 +11,7 @@ Name: hdf5 Version: 1.12.1 -Release: 4 +Release: 6 Summary: A data model, library, and file format for storing and managing data License: GPL-2.0-or-later @@ -29,12 +29,14 @@ Patch6: CVE-2018-16438.patch Patch7: CVE-2019-8396.patch Patch8: CVE-2020-10812.patch Patch9: CVE-2021-37501.patch +Patch10: add-option-to-build-HL-tools.patch BuildRequires: gcc, gcc-c++ BuildRequires: krb5-devel, openssl-devel, zlib-devel, gcc-gfortran, time BuildRequires: automake libtool BuildRequires: openssh-clients BuildRequires: libaec-devel +BuildRequires: environment-modules %description HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format. @@ -123,6 +125,7 @@ sed -e 's|-O -finline-functions|-O3 -finline-functions|g' -i config/gnu-flags %build %global _configure ../configure %global configure_opts \\\ + --disable-hltools \\\ --disable-silent-rules \\\ --enable-fortran \\\ --enable-fortran2003 \\\ @@ -227,8 +230,6 @@ make %{?_smp_mflags} -C build check %license COPYING %doc MANIFEST README.txt release_docs/RELEASE.txt %doc release_docs/HISTORY*.txt -%{_bindir}/gif2h5 -%{_bindir}/h52gif %{_bindir}/h5clear %{_bindir}/h5copy %{_bindir}/h5debug @@ -244,7 +245,6 @@ make %{?_smp_mflags} -C build check %{_bindir}/h5repart %{_bindir}/h5stat %{_bindir}/h5unjam -%{_bindir}/h5watch %{_bindir}/mirror_server %{_bindir}/mirror_server_stop %{_libdir}/libhdf5.so.%{so_version}* @@ -272,8 +272,6 @@ make %{?_smp_mflags} -C build check %license COPYING %doc MANIFEST README.txt release_docs/RELEASE.txt %doc release_docs/HISTORY*.txt -%{_libdir}/mpich/bin/gif2h5 -%{_libdir}/mpich/bin/h52gif %{_libdir}/mpich/bin/h5clear %{_libdir}/mpich/bin/h5copy %{_libdir}/mpich/bin/h5debug @@ -291,7 +289,6 @@ make %{?_smp_mflags} -C build check %{_libdir}/mpich/bin/h5repart %{_libdir}/mpich/bin/h5stat %{_libdir}/mpich/bin/h5unjam -%{_libdir}/mpich/bin/h5watch %{_libdir}/mpich/bin/mirror_server %{_libdir}/mpich/bin/mirror_server_stop %{_libdir}/mpich/bin/ph5diff @@ -315,8 +312,6 @@ make %{?_smp_mflags} -C build check %license COPYING %doc MANIFEST README.txt release_docs/RELEASE.txt %doc release_docs/HISTORY*.txt -%{_libdir}/openmpi/bin/gif2h5 -%{_libdir}/openmpi/bin/h52gif %{_libdir}/openmpi/bin/h5clear %{_libdir}/openmpi/bin/h5copy %{_libdir}/openmpi/bin/h5debug @@ -334,7 +329,6 @@ make %{?_smp_mflags} -C build check %{_libdir}/openmpi/bin/h5repart %{_libdir}/openmpi/bin/h5stat %{_libdir}/openmpi/bin/h5unjam -%{_libdir}/openmpi/bin/h5watch %{_libdir}/openmpi/bin/mirror_server %{_libdir}/openmpi/bin/mirror_server_stop %{_libdir}/openmpi/bin/ph5diff @@ -354,6 +348,12 @@ make %{?_smp_mflags} -C build check %endif %changelog +* Wed Dec 20 2023 wangkai <13474090681@163.com> - 1.12.1-6 +- Add disable-hltools flag to fix CVE-2018-17433, CVE-2018-17436, CVE-2020-10809 + +* Thu Aug 31 2023 xu_ping <707078654@qq.com> - 1.12.1-5 +- Add BuildRequires environment-modules + * Tue Apr 11 2023 liyanan - 1.12.1-4 - Preserve the rpath of the hdf5-openmpi and hdf5-mpich subpackages -- Gitee