UPDATE: math/hdf5

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

UPDATE: math/hdf5

Ingo Feinerer-2
Hi,

update math/hdf5 1.8.20 -> 1.8.21

This update addresses CVE-2017-17505, CVE-2017-17506, CVE-2017-17508 and
CVE-2017-17509.

Summary of changes:
https://www.hdfgroup.org/2018/06/release-of-hdf5-1-8-21-newsletter-161/

Note that https://support.hdfgroup.org/ftp/HDF5/current18/src/ still only
shows 1.8.20 but the backup master site has the new version.

Shared libraries were bumped after comparing old and new versions with
/usr/src/lib/check_sym and by investigating
https://portal.hdfgroup.org/display/support/HDF5%201.8.21#compatibility.

OK?

Best regards,
Ingo

Index: Makefile
===================================================================
RCS file: /cvs/ports/devel/quirks/Makefile,v
retrieving revision 1.677
diff -u -p -r1.677 Makefile
--- Makefile 27 Dec 2018 21:31:16 -0000 1.677
+++ Makefile 28 Dec 2018 10:30:53 -0000
@@ -5,7 +5,7 @@ CATEGORIES = devel databases
 DISTFILES =
 
 # API.rev
-PKGNAME = quirks-3.70
+PKGNAME = quirks-3.71
 PKG_ARCH = *
 MAINTAINER = Marc Espie <[hidden email]>
 
Index: files/Quirks.pm
===================================================================
RCS file: /cvs/ports/devel/quirks/files/Quirks.pm,v
retrieving revision 1.691
diff -u -p -r1.691 Quirks.pm
--- files/Quirks.pm 27 Dec 2018 21:31:16 -0000 1.691
+++ files/Quirks.pm 28 Dec 2018 10:30:53 -0000
@@ -1257,6 +1257,7 @@ my $cve = {
  'mail/exim' => 'exim-<4.83',
  'mail/p5-Mail-SpamAssassin' => 'p5-Mail-SpamAssassin-<3.4.2',
  'mail/roundcubemail' => 'roundcubemail-<1.3.8',
+ 'math/hdf5' => 'hdf5-<1.8.21',
  'net/curl' => 'curl-<7.62.0',
  'net/haproxy' => 'haproxy-<1.8.16',
  'net/icecast' => 'icecast-<2.4.4',


Index: Makefile
===================================================================
RCS file: /cvs/ports/math/hdf5/Makefile,v
retrieving revision 1.16
diff -u -p -r1.16 Makefile
--- Makefile 24 Oct 2018 14:28:07 -0000 1.16
+++ Makefile 28 Dec 2018 11:03:54 -0000
@@ -2,14 +2,13 @@
 
 COMMENT = Hierarchical Data Format 5 Technology suite
 
-V = 1.8.20
+V = 1.8.21
 DISTNAME = hdf5-${V}
-REVISION = 0
 
-SHARED_LIBS += hdf5 1.1 # 13.1
-SHARED_LIBS += hdf5_cpp 4.1 # 15.0
-SHARED_LIBS += hdf5_hl 1.1 # 12.1
-SHARED_LIBS += hdf5_hl_cpp 2.0 # 12.1
+SHARED_LIBS += hdf5 1.2 # 13.2
+SHARED_LIBS += hdf5_cpp 5.0 # 16.0
+SHARED_LIBS += hdf5_hl 1.1 # 12.2
+SHARED_LIBS += hdf5_hl_cpp 2.0 # 12.2
 
 CATEGORIES = math
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/math/hdf5/distinfo,v
retrieving revision 1.6
diff -u -p -r1.6 distinfo
--- distinfo 7 Dec 2017 06:13:45 -0000 1.6
+++ distinfo 28 Dec 2018 11:03:54 -0000
@@ -1,2 +1,2 @@
-SHA256 (hdf5-1.8.20.tar.gz) = btZgzNK8RaqAjqcuCPM8xkAJ6d1OOjcrU0OLIQMS6Nk=
-SIZE (hdf5-1.8.20.tar.gz) = 12475267
+SHA256 (hdf5-1.8.21.tar.gz) = h9jILrpc92bZfNBsBU9GOcEEnEreqjp593+L03T4Dzc=
+SIZE (hdf5-1.8.21.tar.gz) = 9113482
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/math/hdf5/pkg/PLIST,v
retrieving revision 1.3
diff -u -p -r1.3 PLIST
--- pkg/PLIST 7 Dec 2017 06:13:45 -0000 1.3
+++ pkg/PLIST 28 Dec 2018 11:03:54 -0000
@@ -19,6 +19,7 @@ bin/h5redeploy
 @bin bin/h5unjam
 include/H5ACpublic.h
 include/H5AbstractDs.h
+include/H5AcreatProp.h
 include/H5Apublic.h
 include/H5ArrayType.h
 include/H5AtomType.h
@@ -65,6 +66,7 @@ include/H5IntType.h
 include/H5Ipublic.h
 include/H5LTpublic.h
 include/H5LaccProp.h
+include/H5LcreatProp.h
 include/H5Library.h
 include/H5Location.h
 include/H5Lpublic.h
@@ -82,6 +84,7 @@ include/H5PropList.h
 include/H5Rpublic.h
 include/H5Spublic.h
 include/H5StrType.h
+include/H5StrcreatProp.h
 include/H5TBpublic.h
 include/H5Tpublic.h
 include/H5VarLenType.h

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: math/hdf5

Paul Irofti-4
On Fri, Dec 28, 2018 at 12:07:32PM +0100, Ingo Feinerer wrote:

> Hi,
>
> update math/hdf5 1.8.20 -> 1.8.21
>
> This update addresses CVE-2017-17505, CVE-2017-17506, CVE-2017-17508 and
> CVE-2017-17509.
>
> Summary of changes:
> https://www.hdfgroup.org/2018/06/release-of-hdf5-1-8-21-newsletter-161/
>
> Note that https://support.hdfgroup.org/ftp/HDF5/current18/src/ still only
> shows 1.8.20 but the backup master site has the new version.
>
> Shared libraries were bumped after comparing old and new versions with
> /usr/src/lib/check_sym and by investigating
> https://portal.hdfgroup.org/display/support/HDF5%201.8.21#compatibility.
>
> OK?

Why are we avoiding the 1.10 branch? OK otherwise.

>
> Best regards,
> Ingo
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/devel/quirks/Makefile,v
> retrieving revision 1.677
> diff -u -p -r1.677 Makefile
> --- Makefile 27 Dec 2018 21:31:16 -0000 1.677
> +++ Makefile 28 Dec 2018 10:30:53 -0000
> @@ -5,7 +5,7 @@ CATEGORIES = devel databases
>  DISTFILES =
>  
>  # API.rev
> -PKGNAME = quirks-3.70
> +PKGNAME = quirks-3.71
>  PKG_ARCH = *
>  MAINTAINER = Marc Espie <[hidden email]>
>  
> Index: files/Quirks.pm
> ===================================================================
> RCS file: /cvs/ports/devel/quirks/files/Quirks.pm,v
> retrieving revision 1.691
> diff -u -p -r1.691 Quirks.pm
> --- files/Quirks.pm 27 Dec 2018 21:31:16 -0000 1.691
> +++ files/Quirks.pm 28 Dec 2018 10:30:53 -0000
> @@ -1257,6 +1257,7 @@ my $cve = {
>   'mail/exim' => 'exim-<4.83',
>   'mail/p5-Mail-SpamAssassin' => 'p5-Mail-SpamAssassin-<3.4.2',
>   'mail/roundcubemail' => 'roundcubemail-<1.3.8',
> + 'math/hdf5' => 'hdf5-<1.8.21',
>   'net/curl' => 'curl-<7.62.0',
>   'net/haproxy' => 'haproxy-<1.8.16',
>   'net/icecast' => 'icecast-<2.4.4',
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/math/hdf5/Makefile,v
> retrieving revision 1.16
> diff -u -p -r1.16 Makefile
> --- Makefile 24 Oct 2018 14:28:07 -0000 1.16
> +++ Makefile 28 Dec 2018 11:03:54 -0000
> @@ -2,14 +2,13 @@
>  
>  COMMENT = Hierarchical Data Format 5 Technology suite
>  
> -V = 1.8.20
> +V = 1.8.21
>  DISTNAME = hdf5-${V}
> -REVISION = 0
>  
> -SHARED_LIBS += hdf5 1.1 # 13.1
> -SHARED_LIBS += hdf5_cpp 4.1 # 15.0
> -SHARED_LIBS += hdf5_hl 1.1 # 12.1
> -SHARED_LIBS += hdf5_hl_cpp 2.0 # 12.1
> +SHARED_LIBS += hdf5 1.2 # 13.2
> +SHARED_LIBS += hdf5_cpp 5.0 # 16.0
> +SHARED_LIBS += hdf5_hl 1.1 # 12.2
> +SHARED_LIBS += hdf5_hl_cpp 2.0 # 12.2
>  
>  CATEGORIES = math
>  
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/math/hdf5/distinfo,v
> retrieving revision 1.6
> diff -u -p -r1.6 distinfo
> --- distinfo 7 Dec 2017 06:13:45 -0000 1.6
> +++ distinfo 28 Dec 2018 11:03:54 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (hdf5-1.8.20.tar.gz) = btZgzNK8RaqAjqcuCPM8xkAJ6d1OOjcrU0OLIQMS6Nk=
> -SIZE (hdf5-1.8.20.tar.gz) = 12475267
> +SHA256 (hdf5-1.8.21.tar.gz) = h9jILrpc92bZfNBsBU9GOcEEnEreqjp593+L03T4Dzc=
> +SIZE (hdf5-1.8.21.tar.gz) = 9113482
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/math/hdf5/pkg/PLIST,v
> retrieving revision 1.3
> diff -u -p -r1.3 PLIST
> --- pkg/PLIST 7 Dec 2017 06:13:45 -0000 1.3
> +++ pkg/PLIST 28 Dec 2018 11:03:54 -0000
> @@ -19,6 +19,7 @@ bin/h5redeploy
>  @bin bin/h5unjam
>  include/H5ACpublic.h
>  include/H5AbstractDs.h
> +include/H5AcreatProp.h
>  include/H5Apublic.h
>  include/H5ArrayType.h
>  include/H5AtomType.h
> @@ -65,6 +66,7 @@ include/H5IntType.h
>  include/H5Ipublic.h
>  include/H5LTpublic.h
>  include/H5LaccProp.h
> +include/H5LcreatProp.h
>  include/H5Library.h
>  include/H5Location.h
>  include/H5Lpublic.h
> @@ -82,6 +84,7 @@ include/H5PropList.h
>  include/H5Rpublic.h
>  include/H5Spublic.h
>  include/H5StrType.h
> +include/H5StrcreatProp.h
>  include/H5TBpublic.h
>  include/H5Tpublic.h
>  include/H5VarLenType.h

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: math/hdf5

Ingo Feinerer-2
On Fri, Dec 28, 2018 at 06:34:23PM +0200, Paul Irofti wrote:
> On Fri, Dec 28, 2018 at 12:07:32PM +0100, Ingo Feinerer wrote:
> > update math/hdf5 1.8.20 -> 1.8.21
>
> Why are we avoiding the 1.10 branch? OK otherwise.

The 1.10 branch includes changes in the HDF5 storage format
(https://portal.hdfgroup.org/display/HDF5/New+Features+in+HDF5+Release+1.10)
and expands the API of various shared libraries.

I see no obstacles for 1.10.x but did not have time to investigate large
applications like Octave for compatibility problems. As long as
https://portal.hdfgroup.org/display/HDF5/HDF5 lists 1.8.x as a current
release and since nobody has complained so far I just did not invest
time for this big update.

Best regards,
Ingo

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: math/hdf5

Paul Irofti-4
> The 1.10 branch includes changes in the HDF5 storage format
> (https://portal.hdfgroup.org/display/HDF5/New+Features+in+HDF5+Release+1.10)
> and expands the API of various shared libraries.

HDF claims that the new format is compatible with the old one and it
does not break applications still linking with 1.8.

  "If an application built on HDF5 Release 1.10 avoids use of the new
  features and does not request use of the latest format, applications
  built on HDF5 Release 1.8.x will be able to read files the first
  application created. In addition, applications originally written for
  use with HDF5 Release 1.8.x can be linked against a suitably configured
  HDF5 Release 1.10.x library, thus taking advantage of performance
  improvements in 1.10."

> I see no obstacles for 1.10.x but did not have time to investigate large
> applications like Octave for compatibility problems.

Octave seems fine with newer versions.

  https://hg.savannah.gnu.org/hgweb/octave/file/442632888649/configure.ac#l1484

> As long as
> https://portal.hdfgroup.org/display/HDF5/HDF5 lists 1.8.x as a current
> release and since nobody has complained so far I just did not invest
> time for this big update.

Sure, no pressure. Go ahead with your change. I was just curious.