!63 Sync release and Add disable-hltools flag to fix CVE-2018-17433, CVE-2018-17436, CVE-2020-10809

From: @wk333 Reviewed-by: @starlet-dx Signed-off-by: @starlet-dx
2023-12-25 01:28:38 +00:00 · 2023-12-25 01:28:38 +00:00 · d2ae565d33
commit d2ae565d33
parent 09de2d5271 56fa53c1c5
2 changed files with 159 additions and 10 deletions
--- a/add-option-to-build-HL-tools.patch
+++ b/add-option-to-build-HL-tools.patch
@ -0,0 +1,149 @@
+From c9c85080e9c9ba2f98cd7bf0ca69775529e280e4 Mon Sep 17 00:00:00 2001
+From: Allen Byrne <50328838+byrnHDF@users.noreply.github.com>
+Date: Fri, 17 Sep 2021 11:01:26 -0500
+Subject: [PATCH] Merge HDFFV-11266 - add option to build HL tools #1018
+ (#1020)
+
+Origin: https://github.com/HDFGroup/hdf5/commit/c9c85080e9c9ba2f98cd7bf0ca69775529e280e4
+
+---
+ config/cmake/hdf5-config.cmake.in      |  1 +
+ config/cmake/libhdf5.settings.cmake.in |  1 +
+ configure.ac                           | 20 ++++++++++++++++++++
+ hl/CMakeLists.txt                      | 12 ++++++++++--
+ hl/Makefile.am                         |  4 ++++
+ release_docs/INSTALL_CMake.txt         |  1 +
+ release_docs/RELEASE.txt               |  8 ++++++++
+ 7 files changed, 45 insertions(+), 2 deletions(-)
+
+diff --git a/config/cmake/hdf5-config.cmake.in b/config/cmake/hdf5-config.cmake.in
+index 4d02c9c5ff2..8faa2fe2ba2 100644
+--- a/config/cmake/hdf5-config.cmake.in
+++ b/config/cmake/hdf5-config.cmake.in
+@@ -38,6 +38,7 @@ set (${HDF5_PACKAGE_NAME}_BUILD_CPP_LIB   @HDF5_BUILD_CPP_LIB@)
+ set (${HDF5_PACKAGE_NAME}_BUILD_JAVA      @HDF5_BUILD_JAVA@)
+ set (${HDF5_PACKAGE_NAME}_BUILD_TOOLS     @HDF5_BUILD_TOOLS@)
+ set (${HDF5_PACKAGE_NAME}_BUILD_HL_LIB    @HDF5_BUILD_HL_LIB@)
+set (${HDF5_PACKAGE_NAME}_BUILD_HL_TOOLS  @HDF5_BUILD_HL_TOOLS@)
+ set (${HDF5_PACKAGE_NAME}_ENABLE_THREADSAFE @HDF5_ENABLE_THREADSAFE@)
+ set (${HDF5_PACKAGE_NAME}_ENABLE_PLUGIN_SUPPORT @HDF5_ENABLE_PLUGIN_SUPPORT@)
+ set (${HDF5_PACKAGE_NAME}_ENABLE_Z_LIB_SUPPORT @HDF5_ENABLE_Z_LIB_SUPPORT@)
+diff --git a/config/cmake/libhdf5.settings.cmake.in b/config/cmake/libhdf5.settings.cmake.in
+index dd345b4cd5c..e5b150409c5 100644
+--- a/config/cmake/libhdf5.settings.cmake.in
+++ b/config/cmake/libhdf5.settings.cmake.in
+@@ -70,6 +70,7 @@ Parallel Filtered Dataset Writes: @PARALLEL_FILTERED_WRITES@
+               High-level library: @HDF5_BUILD_HL_LIB@
+                 Build HDF5 Tests: @BUILD_TESTING@
+                 Build HDF5 Tools: @HDF5_BUILD_TOOLS@
+     Build High-level HDF5 Tools: @HDF5_BUILD_HL_TOOLS@
+                     Threadsafety: @HDF5_ENABLE_THREADSAFE@ (recursive RW locks: @HDF5_USE_RECURSIVE_RW_LOCKS@) 
+              Default API mapping: @DEFAULT_API_VERSION@
+   With deprecated public symbols: @HDF5_ENABLE_DEPRECATED_SYMBOLS@
+diff --git a/configure.ac b/configure.ac
+index df0cec59fe5..7b4c3f56647 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -806,6 +806,7 @@ AC_LANG_POP(C++)
+ ## This needs to be exposed for the library info file even if the HL
+ ## library is disabled.
+ AC_SUBST([HDF5_HL])
+AC_SUBST([HDF5_HL_TOOLS])
+ 
+ ## The high-level library is enabled unless the build mode is clean.
+ if test "X-$BUILD_MODE" = "X-clean" ; then
+@@ -822,6 +823,9 @@ HL=""
+ ## Fortran high-level library
+ AC_SUBST(HL_FOR)
+ HL_FOR=""
+## Tools high-level library
+AC_SUBST(HL_TOOLS)
+HL_TOOLS=""
+ 
+ AC_MSG_CHECKING([if the high-level library is enabled])
+ AC_ARG_ENABLE([hl],
+@@ -840,6 +844,21 @@ else
+   AC_MSG_RESULT([no])
+ fi
+ 
+AC_MSG_CHECKING([if the high-level tools are enabled])
+AC_ARG_ENABLE([hltools],
+     [AS_HELP_STRING([--enable-hltools],
+                     [Enable the high-level tools.
+                     [default=yes)]
+                     ])],
+     [HDF5_HL_TOOLS=$enableval])
+
+if test "X${HDF5_HL}" = "Xyes" -a "X-$HDF5_HL_TOOLS" = "X-yes"; then
+ AC_MSG_RESULT([yes])
+ HL_TOOLS="tools"
+else
+  AC_MSG_RESULT([no])
+fi
+
+ 
+ ## ----------------------------------------------------------------------
+ ## Check which archiving tool to use. This needs to be done before
+@@ -3992,6 +4011,7 @@ AM_CONDITIONAL([BUILD_HDF5_HL_CONDITIONAL], [test "X$HDF5_HL" = "Xyes"])
+ AM_CONDITIONAL([BUILD_TESTS_CONDITIONAL], [test "X$HDF5_TESTS" = "Xyes"])
+ AM_CONDITIONAL([BUILD_TESTS_PARALLEL_CONDITIONAL], [test -n "$TESTPARALLEL"])
+ AM_CONDITIONAL([BUILD_TOOLS_CONDITIONAL], [test "X$HDF5_TOOLS" = "Xyes"])
+AM_CONDITIONAL([BUILD_TOOLS_HL_CONDITIONAL], [test "X$HDF5_HL_TOOLS" = "Xyes"])
+ AM_CONDITIONAL([BUILD_DOXYGEN_CONDITIONAL], [test "X$HDF5_DOXYGEN" = "Xyes"])
+ 
+ ## ----------------------------------------------------------------------
+diff --git a/hl/CMakeLists.txt b/hl/CMakeLists.txt
+index 083c60eb39e..5061c6c5a47 100644
+--- a/hl/CMakeLists.txt
+++ b/hl/CMakeLists.txt
+@@ -7,9 +7,17 @@ project (HDF5_HL C)
+ 
+ add_subdirectory (src)
+ 
+-#-- Build the High level Tools
+# Build HDF5 Tools
+ if (HDF5_BUILD_TOOLS)
+-  add_subdirectory (tools)
+  #-----------------------------------------------------------------------------
+  #-- Option to build the High level Tools
+  #-----------------------------------------------------------------------------
+  if (EXISTS "${HDF5_HL_SOURCE_DIR}/tools" AND IS_DIRECTORY "${HDF5_HL_SOURCE_DIR}/tools")
+    option (HDF5_BUILD_HL_TOOLS  "Build HDF5 HL Tools" ON)
+    if (HDF5_BUILD_HL_TOOLS)
+      add_subdirectory (tools)
+    endif ()
+  endif ()
+ endif ()
+ 
+ #-- Add High Level Examples
+diff --git a/hl/Makefile.am b/hl/Makefile.am
+index 80ef66a2a2c..ad035fe5073 100644
+--- a/hl/Makefile.am
+++ b/hl/Makefile.am
+@@ -37,10 +37,14 @@ else
+   TEST_DIR =
+ endif
+ if BUILD_TOOLS_CONDITIONAL
+if BUILD_TOOLS_HL_CONDITIONAL
+   TOOLS_DIR = tools
+ else
+   TOOLS_DIR =
+ endif
+else
+  TOOLS_DIR =
+endif
+ 
+ ## Don't recurse into any subdirectories if HDF5 is not configured to
+ ## use the HL library
+diff --git a/release_docs/INSTALL_CMake.txt b/release_docs/INSTALL_CMake.txt
+index 84044c7ee7e..adceb702aea 100644
+--- a/release_docs/INSTALL_CMake.txt
+++ b/release_docs/INSTALL_CMake.txt
+@@ -740,6 +740,7 @@ HDF5_BUILD_FORTRAN  "Build FORTRAN support"          OFF
+ HDF5_BUILD_JAVA     "Build JAVA support"             OFF
+ HDF5_BUILD_HL_LIB   "Build HIGH Level HDF5 Library"  ON
+ HDF5_BUILD_TOOLS    "Build HDF5 Tools"               ON
+HDF5_BUILD_HL_TOOLS "Build HIGH Level HDF5 Tools"    ON
+ 
+ ---------------- HDF5 Advanced Options ---------------------
+ ONLY_SHARED_LIBS               "Only Build Shared Libraries"                                  OFF
--- a/hdf5.spec
+++ b/hdf5.spec
@ -11,7 +11,7 @@

 Name: hdf5
 Version: 1.12.1
-Release: 4
+Release: 6
 Summary: A data model, library, and file format for storing and managing data
 License: GPL-2.0-or-later

@ -29,12 +29,14 @@ Patch6: CVE-2018-16438.patch
 Patch7: CVE-2019-8396.patch
 Patch8: CVE-2020-10812.patch
 Patch9: CVE-2021-37501.patch
+Patch10: add-option-to-build-HL-tools.patch

 BuildRequires: gcc, gcc-c++
 BuildRequires: krb5-devel, openssl-devel, zlib-devel, gcc-gfortran, time
 BuildRequires: automake libtool
 BuildRequires: openssh-clients
 BuildRequires: libaec-devel
+BuildRequires: environment-modules

 %description
 HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format.
@ -123,6 +125,7 @@ sed -e 's|-O -finline-functions|-O3 -finline-functions|g' -i config/gnu-flags
 %build
 %global _configure ../configure
 %global configure_opts \\\
+  --disable-hltools \\\
  --disable-silent-rules \\\
  --enable-fortran \\\
  --enable-fortran2003 \\\
@ -227,8 +230,6 @@ make %{?_smp_mflags} -C build check
 %license COPYING
 %doc MANIFEST README.txt release_docs/RELEASE.txt
 %doc release_docs/HISTORY*.txt
-%{_bindir}/gif2h5
-%{_bindir}/h52gif
 %{_bindir}/h5clear
 %{_bindir}/h5copy
 %{_bindir}/h5debug
@ -244,7 +245,6 @@ make %{?_smp_mflags} -C build check
 %{_bindir}/h5repart
 %{_bindir}/h5stat
 %{_bindir}/h5unjam
-%{_bindir}/h5watch
 %{_bindir}/mirror_server
 %{_bindir}/mirror_server_stop
 %{_libdir}/libhdf5.so.%{so_version}*
@ -272,8 +272,6 @@ make %{?_smp_mflags} -C build check
 %license COPYING
 %doc MANIFEST README.txt release_docs/RELEASE.txt
 %doc release_docs/HISTORY*.txt
-%{_libdir}/mpich/bin/gif2h5
-%{_libdir}/mpich/bin/h52gif
 %{_libdir}/mpich/bin/h5clear
 %{_libdir}/mpich/bin/h5copy
 %{_libdir}/mpich/bin/h5debug
@ -291,7 +289,6 @@ make %{?_smp_mflags} -C build check
 %{_libdir}/mpich/bin/h5repart
 %{_libdir}/mpich/bin/h5stat
 %{_libdir}/mpich/bin/h5unjam
-%{_libdir}/mpich/bin/h5watch
 %{_libdir}/mpich/bin/mirror_server
 %{_libdir}/mpich/bin/mirror_server_stop
 %{_libdir}/mpich/bin/ph5diff
@ -315,8 +312,6 @@ make %{?_smp_mflags} -C build check
 %license COPYING
 %doc MANIFEST README.txt release_docs/RELEASE.txt
 %doc release_docs/HISTORY*.txt
-%{_libdir}/openmpi/bin/gif2h5
-%{_libdir}/openmpi/bin/h52gif
 %{_libdir}/openmpi/bin/h5clear
 %{_libdir}/openmpi/bin/h5copy
 %{_libdir}/openmpi/bin/h5debug
@ -334,7 +329,6 @@ make %{?_smp_mflags} -C build check
 %{_libdir}/openmpi/bin/h5repart
 %{_libdir}/openmpi/bin/h5stat
 %{_libdir}/openmpi/bin/h5unjam
-%{_libdir}/openmpi/bin/h5watch
 %{_libdir}/openmpi/bin/mirror_server
 %{_libdir}/openmpi/bin/mirror_server_stop
 %{_libdir}/openmpi/bin/ph5diff
@ -354,6 +348,12 @@ make %{?_smp_mflags} -C build check
 %endif

 %changelog
+* Wed Dec 20 2023 wangkai <13474090681@163.com> - 1.12.1-6
+- Add disable-hltools flag to fix CVE-2018-17433, CVE-2018-17436, CVE-2020-10809
+
+* Thu Aug 31 2023 xu_ping <707078654@qq.com> - 1.12.1-5
+- Add BuildRequires environment-modules
+
 * Tue Apr 11 2023 liyanan <thistleslyn@163.com> - 1.12.1-4
 - Preserve the rpath of the hdf5-openmpi and hdf5-mpich subpackages