diff options
author | Dana Robinson <43805+derobins@users.noreply.github.com> | 2023-02-13 14:03:11 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-13 14:03:11 (GMT) |
commit | 768575225ecfe81e8965c47369576c9befb9d4c1 (patch) | |
tree | 6bf82693dc0b4f8b8d72f94f6afea1fcc378f444 /release_docs/RELEASE.txt | |
parent | b5ddec4554731191f3a7f04c57c87dae61762e74 (diff) | |
download | hdf5-768575225ecfe81e8965c47369576c9befb9d4c1.zip hdf5-768575225ecfe81e8965c47369576c9befb9d4c1.tar.gz hdf5-768575225ecfe81e8965c47369576c9befb9d4c1.tar.bz2 |
Update release_docs HISTORY scheme (#2443)
We will no longer maintain HISTORY files for other maintenance branches,
so those have been removed. Adds a README.md explaining the purpose
and procedures of HDF5 HISTORY. Also adds a newsletter template and
updates the RELEASE.txt note part of CONTRIBUTING.md.
Also cleans out RELEASE.txt post-HDF5-1.14.0
Diffstat (limited to 'release_docs/RELEASE.txt')
-rw-r--r-- | release_docs/RELEASE.txt | 272 |
1 files changed, 11 insertions, 261 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 2cef92d..052428a 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -21,7 +21,7 @@ The official HDF5 releases can be obtained from: https://www.hdfgroup.org/downloads/hdf5/ -Changes from Release to Release and New Features in the HDF5-1.13.x release series +Changes from release to release and new features in the HDF5-1.14.x release series can be found at: https://portal.hdfgroup.org/display/HDF5/Release+Specific+Information @@ -36,7 +36,7 @@ CONTENTS - New Features - Support for new platforms and languages -- Bug Fixes since HDF5-1.13.3 +- Bug Fixes since HDF5-1.14.0 - Platforms Tested - Known Problems - CMake vs. Autotools installations @@ -47,108 +47,13 @@ New Features Configuration: ------------- - - Removal of MPE support - - The ability to build with MPE instrumentation has been removed along with - the following configure options: - - Autotools: - --with-mpe= - - CMake has never supported building with MPE support. - - (DER - 2022/11/08) - - - Removal of dmalloc support - - The ability to build with dmalloc support has been removed along with - the following configure options: - - Autotools: - --with-dmalloc= - - CMake: - HDF5_ENABLE_USING_DMALLOC - - (DER - 2022/11/08) - - - Removal of memory allocation sanity checks configure options - - With the removal of the memory allocation sanity checks feature, the - following configure options are no longer necessary and have been - removed: - - Autotools: - --enable-memory-alloc-sanity-check - - CMake: - HDF5_MEMORY_ALLOC_SANITY_CHECK - HDF5_ENABLE_MEMORY_STATS + - - (DER - 2022/11/03) Library: -------- - - Overhauled the Virtual Object Layer (VOL) - - The virtual object layer (VOL) was added in HDF5 1.12.0 but the initial - implementation required API-breaking changes to better support optional - operations and pass-through VOL connectors. The original VOL API is - now considered deprecated and VOL users and connector authors should - target the 1.14 VOL API. - - The specific changes are too extensive to document in a release note, so - VOL users and connector authors should consult the updated VOL connector - author's guide and the 1.12-1.14 VOL migration guide. - - (DER - 2022/12/28) - - - H5VLquery_optional() signature change - - The last parameter of this API call has changed from a pointer to hbool_t - to a pointer to uint64_t. Due to the changes in how optional operations - are handled in the 1.14 VOL API, we cannot make the old API call work - with the new scheme, so there is no API compatibility macro for it. - - (DER - 2022/12/28) - - - H5I_free_t callback signature change - - In order to support asynchronous operations and future IDs, the signature - of the H5I_free_t callback has been modified to take a second 'request' - parameter. Due to the nature of the internal library changes, no API - compatibility macro is available for this change. - - (DER - 2022/12/28) - - - Fix for CVE-2019-8396 - - Malformed HDF5 files may have truncated content which does not match - the expected size. When H5O__pline_decode() attempts to decode these it - may read past the end of the allocated space leading to heap overflows - as bounds checking is incomplete. - - The fix ensures each element is within bounds before reading. - - (2022/11/09 - HDFFV-10712, CVE-2019-8396, GitHub #2209) - - - Removal of memory allocation sanity checks feature - - This feature added heap canaries and statistics tracking for internal - library memory operations. Unfortunately, the heap canaries caused - problems when library memory operations were mixed with standard C - library memory operations (such as in the filter pipeline, where - buffers may have to be reallocated). Since any platform with a C - compiler also usually has much more sophisticated memory sanity - checking tools than the HDF5 library provided (e.g., valgrind), we - have decided to to remove the feature entirely. - - In addition to the configure changes described above, this also removes - the following from the public API: - H5get_alloc_stats() - H5_alloc_stats_t + - - (DER - 2022/11/03) Parallel Library: ----------------- @@ -198,132 +103,13 @@ New Features Support for new platforms, languages and compilers ================================================== - - -Bug Fixes since HDF5-1.13.3 release + + +Bug Fixes since HDF5-1.14.0 release =================================== Library ------- - - Seg fault on file close - - h5debug fails at file close with core dump on a file that has an - illegal file size in its cache image. In H5F_dest(), the library - performs all the closing operations for the file and keeps track of - the error encountered when reading the file cache image. - At the end of the routine, it frees the file's file structure and - returns error. Due to the error return, the file object is not removed - from the ID node table. This eventually causes assertion failure in - H5VL__native_file_close() when the library finally exits and tries to - access that file object in the table for closing. - - The closing routine, H5F_dest(), will not free the file structure if - there is error, keeping a valid file structure in the ID node table. - It will be freed later in H5VL__native_file_close() when the - library exits and terminates the file package. - - (VC - 2022/12/14, HDFFV-11052, CVE-2020-10812) - - - Fix CVE-2018-13867 / GHSA-j8jr-chrh-qfrf - - Validate location (offset) of the accumulated metadata when comparing. - - Initially, the accumulated metadata location is initialized to HADDR_UNDEF - - the highest available address. Bogus input files may provide a location - or size matching this value. Comparing this address against such bogus - values may provide false positives. Thus make sure, the value has been - initialized or fail the comparison early and let other parts of the - code deal with the bogus address/size. - Note: To avoid unnecessary checks, it is assumed that if the 'dirty' - member in the same structure is true the location is valid. - - (EFE - 2022/10/10 GH-2230) - - - Fix CVE-2018-16438 / GHSA-9xmm-cpf8-rgmx - - Make sure info block for external links has at least 3 bytes. - - According to the specification, the information block for external links - contains 1 byte of version/flag information and two 0 terminated strings - for the object linked to and the full path. - Although not very useful, the minimum string length for each (with - terminating 0) would be one byte. - Checking this helps to avoid SEGVs triggered by bogus files. - - (EFE - 2022/10/09 GH-2233) - - - CVE-2021-46244 / GHSA-vrxh-5gxg-rmhm - - Compound datatypes may not have members of size 0 - - A member size of 0 may lead to an FPE later on as reported in - CVE-2021-46244. To avoid this, check for this as soon as the - member is decoded. - - (EFE - 2022/10/05 GEH-2242) - - - - Fix CVE-2021-45830 / GHSA-5h2h-fjjr-x9m2 - - Make H5O__fsinfo_decode() more resilient to out-of-bound reads. - - When decoding a file space info message in H5O__fsinfo_decode() make - sure each element to be decoded is still within the message. Malformed - hdf5 files may have trunkated content which does not match the - expected size. Checking this will prevent attempting to decode - unrelated data and heap overflows. So far, only free space manager - address data was checked before decoding. - - (EFE - 2022/10/05 GH-2228) - - - Fix CVE-2021-46242 / GHSA-x9pw-hh7v-wjpf - - When evicting driver info block, NULL the corresponding entry. - - Since H5C_expunge_entry() called (from H5AC_expunge_entry()) sets the flag - H5C__FLUSH_INVALIDATE_FLAG, the driver info block will be freed. NULLing - the pointer in f->shared->drvinfo will prevent use-after-free when it is - used in other functions (like H5F__dest()) - as other places will check - whether the pointer is initialized before using its value. - - (EFE - 2022/09/29 GH-2254) - - - Fix CVE-2021-45833 / GHSA-x57p-jwp6-4v79 - - Report error if dimensions of chunked storage in data layout < 2 - - For Data Layout Messages version 1 & 2 the specification state - that the value stored in the data field is 1 greater than the - number of dimensions in the dataspace. For version 3 this is - not explicitly stated but the implementation suggests it to be - the case. - Thus the set value needs to be at least 2. For dimensionality - < 2 an out-of-bounds access occurs. - - (EFE - 2022/09/28 GH-2240) - - - Fix CVE-2018-14031 / GHSA-2xc7-724c-r36j - - Parent of enum datatype message must have the same size as the - enum datatype message itself. - Functions accessing the enumeration values use the size of the - enumeration datatype to determine the size of each element and - how much data to copy. - Thus the size of the enumeration and its parent need to match. - Check in H5O_dtype_decode_helper() to avoid unpleasant surprises - later. - - (EFE - 2022/09/28 GH-2236) - - - Fix CVE-2018-17439 / GHSA-vcxv-vp43-rch7 - - H5IMget_image_info(): Make sure to not exceed local array size - - Malformed hdf5 files may provide more dimensions than the array dim[] in - H5IMget_image_info() is able to hold. Check number of elements first by calling - H5Sget_simple_extent_dims() with NULL for both 'dims' and 'maxdims' arguments. - This will cause the function to return only the number of dimensions. - The fix addresses a stack overflow on write. - - (EFE - 2022/09/27 HDFFV-10589, GH-2226) + - Java Library @@ -333,49 +119,12 @@ Bug Fixes since HDF5-1.13.3 release Configuration ------------- - - Remove Javadoc generation - - The use of doxygen now supersedes the requirement to build javadocs. We do not - have the resources to continue to support two documentation methods and have - chosen doxygen as our standard. - - (ADB - 2022/12/19) - - - Change the default for building the high-level tools - - The gif2hdf5 and hdf2gif high-level tools are deprecated and will be removed - in a future release. The default build setting for them have been changed from enabled - to disabled. A user can enable the build of these tools if needed. - autotools: --enable-hlgiftools - cmake: HDF5_BUILD_HL_GIF_TOOLS=ON - - (ADB - 2022/12/16) - - - Change the settings of the *pc files to use the correct format - - The pkg-config files generated by CMake uses incorrect syntax for the 'Requires' - settings. Changing the set to use 'lib-name = version' instead 'lib-name-version' - fixes the issue - - (ADB - 2022/12/06 HDFFV-11355) - - - Move MPI libraries link from PRIVATE to PUBLIC - - The install dependencies were not including the need for MPI libraries when - an application or library was built with the C library. Also updated the - CMake target link command to use the newer style MPI::MPI_C link variable. - - (ADB - 2022/10/27) + - Tools ----- - - Fix h5repack to only print output when verbose option is selected - - When timing option was added to h5repack, the check for verbose was - incorrectly implemented. - - (ADB - 2022/12/02, GH #2270) + - Performance @@ -387,6 +136,7 @@ Bug Fixes since HDF5-1.13.3 release ----------- - + High-Level Library ------------------ - |