diff options
Diffstat (limited to 'release_docs/RELEASE.txt')
-rw-r--r-- | release_docs/RELEASE.txt | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index d9a4e8e..247f182 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -66,7 +66,13 @@ New Features that default ON/enabled. Add configure options (autotools - CMake): - enable-hltools HDF5_BUILD_HL_TOOLS + --enable-hltools HDF5_BUILD_HL_TOOLS + + Disabling this option prevents building the gif tool which + contains the following CVEs: + HDFFV-10592 CVE-2018-17433 + HDFFV-10593 CVE-2018-17436 + HDFFV-11048 CVE-2020-10809 (ADB - 2021/09/16, HDFFV-11266) @@ -1100,6 +1106,14 @@ Bug Fixes since HDF5-1.12.0 release (ADB - 2021/03/03, #361) + - Fixed a segmentation fault + + A segmentation fault occurred with a Mathworks corrupted file. + + A detection of accessing a null pointer was added to prevent the problem. + + (BMR - 2021/02/19, HDFFV-11150) + - Fixed issue with MPI communicator and info object not being copied into new FAPL retrieved from H5F_get_access_plist @@ -1118,6 +1132,17 @@ Bug Fixes since HDF5-1.12.0 release (NAF - 2021/01/22) + - Fixed CVE-2018-17432 + + The tool h5repack produced a segfault on a corrupted file which had + invalid rank for scalar or NULL datatype. + + The problem was fixed by modifying the dataspace encode and decode + functions to detect and report invalid rank. h5repack now fails + with an error message for the corrupted file. + + (BMR - 2020/10/26, HDFFV-10590) + - Creation of dataset with optional filter When the combination of type, space, etc doesn't work for filter @@ -1447,7 +1472,11 @@ Bug Fixes since HDF5-1.12.0 release High-Level Library ------------------ - - + - Fixed HL_test_packet, test for packet table vlen of vlen. + + Incorrect length assignment. + + (ADB - 2021/10/14) Fortran High-Level APIs @@ -1653,3 +1682,11 @@ The share folder will have the most differences because CMake builds include a number of CMake specific files for support of CMake's find_package and support for the HDF5 Examples CMake project. +The issues with the gif tool are: + HDFFV-10592 CVE-2018-17433 + HDFFV-10593 CVE-2018-17436 + HDFFV-11048 CVE-2020-10809 +These CVE issues have not yet been addressed and can be avoided by not building +the gif tool. Disable building the High-Level tools with these options: + autotools: --disable-hltools + cmake: HDF5_BUILD_HL_TOOLS=OFF |