summaryrefslogtreecommitdiffstats
path: root/release_docs
Commit message (Collapse)AuthorAgeFilesLines
* Add release note for ROS3 VFD anonymous credential fix (#2801)jhendersonHDF2023-04-241-0/+13
|
* Correct CMake option defaults - deprecate szip for libaec (#2778)Allen Byrne2023-04-232-64/+90
|
* Added Fortran Async APIs (#2715)Scot Breitenfeld2023-04-211-1/+2
| | | H5A, H5D, H5ES, H5G, H5F, H5L and H5O async APIs were added.
* Add no subsets option to h5diff like h5dump #2688 (#2756)Allen Byrne2023-04-181-0/+7
|
* Remove more author/date lines from RELEASE.txt (#2767)Dana Robinson2023-04-171-6/+0
|
* Remove dates and initials from RELEASE.txt entries (#2746)Dana Robinson2023-04-161-19/+13
|
* Fix memory leaks when processing OH cont messages (#2723)Dana Robinson2023-04-141-1/+14
| | | | | | | | | | | Malformed object header continuation messages can result in a too-small buffer being passed to the decode function, which could lead to reading past the end of the buffer. Additionally, errors in processing these malformed messages can lead to allocated memory not being cleaned up. This fix adds bounds checking and cleanup code to the object header continuation message processing. Fixes #2604
* Fix out of bounds in `hdf5/src/H5Fint.c:2859` (#2691)Kobrin Eli2023-04-131-0/+12
|
* Fixed GH-2603, heap-buffer-overflow in H5O__linfo_decode (#2697)bmribler2023-04-131-2/+10
| | | | | | * Fixed GH-2603, heap-buffer-overflow in H5O__linfo_decode Verified with valgrind -v --tool=memcheck --leak-check=full h5dump POV-GH-2603 The several invalid reads shown originally are now gone.
* Add a RELEASE.txt note for GH #2605 (#2724)Dana Robinson2023-04-131-0/+10
|
* Identify some options as advanced (#2717)Allen Byrne2023-04-131-0/+2
| | | | | | | * Identify some options as advanced Add explicit option statement to set default for CMake option * Revert advanced setting for file locks
* Fix for github issue #2599: (#2665)vchoi-hdfgroup2023-04-121-0/+15
| | | | | | | | | | | | | | | * Fix for github issue #2599: As indicated in the description, memory leak is detected when running "./h5dump pov". The problem is: when calling H5O__add_cont_msg() from H5O__chunk_deserialize(), memory is allocated for cont_msg_info->msgs. Eventually, when the library tries to load the continuation message via H5AC_protect() in H5O_protect(), error is encountered due to illegal info in the continuation message. Due to the error, H5O_protect() exits but the memory allocated for cont_msg_info->msgs is not freed. When we figure out how to handle fuzzed files that we didn't generate, a test needs to be added to run h5dump with the provided "pov" file. * Add message to release notes for the fix to github issue #2599.
* Clean up memory allocated when reading messages in H5Dlayout on error ↵glennsong092023-04-111-0/+10
| | | | (#2602) (#2687)
* Fix invalid memory access in H5O__ginfo_decode (#2663)mattjala2023-04-111-0/+8
|
* Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_decode (#2679)jhendersonHDF2023-04-111-0/+8
| | | Co-authored-by: Larry Knox <lrknox@hdfgroup.org>
* Perlmutter was fixed (#2677)Scot Breitenfeld2023-04-111-20/+0
|
* Fix improper include of build directory (#2422, #2621) (#2667)jhendersonHDF2023-04-111-0/+18
|
* Fix a heap buffer overflow during H5D__compact_readvv (GitHub #2606) (#2664)jhendersonHDF2023-04-111-0/+19
|
* Fix #2598 sanitize leak (#2660)Allen Byrne2023-04-071-1/+6
|
* Minor fixes for CMake code and install docs (#2623)Allen Byrne2023-04-038-55/+60
|
* CMake - Match Autotools behavior for library instrumentation (#2648)jhendersonHDF2023-04-011-0/+10
| | | Enable library instrumentation by default for parallel debug builds
* Fix a memory corruption issue in H5S__point_project_simple (#2626)jhendersonHDF2023-03-241-0/+14
|
* Fix minor things noted when doing 1.10 merges (#2610)Dana Robinson2023-03-241-1/+1
| | | | * Duplicated HDF_RESOURCES_DIR from cmake_ext_mod merge * Typos in comments
* Bring new release_docs scheme from 1.14 (#2614)Dana Robinson2023-03-238-21897/+884
|
* Subfiling VFD - fix issues with I/O concentrator selection strategies (#2571)jhendersonHDF2023-03-171-0/+20
| | | | | Fix multiple bugs with the SELECT_IOC_EVERY_NTH_RANK and SELECT_IOC_TOTAL I/O concentrator selection strategies and add a regression test for them
* Change libaec URL to actively maintained repo GH#2552 (#2559)Allen Byrne2023-03-151-3/+3
|
* Update cross compile checks and files (#2497)Allen Byrne2023-03-021-0/+81
|
* Check for overflow when calculating on-disk attribute data size (#2459)Egbert Eich2023-03-021-0/+13
| | | | | | | | | | | | | | | | | * Remove duplicate code Signed-off-by: Egbert Eich <eich@suse.com> * Add test case for CVE-2021-37501 Bogus sizes in this test case causes the on-disk data size calculation in H5O__attr_decode() to overflow so that the calculated size becomes 0. This causes the read to overflow and h5dump to segfault. This test case was crafted, the test file was not directly generated by HDF5. Test case from: https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md
* Add fetchcontent for compression libs and fix cmake config (#2487)Allen Byrne2023-02-262-5/+68
| | | | | | | | | | | | | * Add fetchcontent for compression libs and fix cmake config * MSDOS is a reserved define name * Add release note and update install doc for FetchContent * Add CI test for FetchContent * Use LINK_COMP_LIBS instead of STATIC_LIBRARY for depends * Use general link
* Subfiling VFD - add option to specify config file prefix (#2495)jhendersonHDF2023-02-261-0/+12
|
* Fix issue with collective metadata writes of global heap data (#2480)jhendersonHDF2023-02-201-0/+15
|
* CMake generated pkg-config file is incorrect #2259 (#2476)Allen Byrne2023-02-171-0/+13
| | | | | | | | | | | | | * CMake generated pkg-config file is incorrect #2259 * Fix fortran pc template * hdf5.pc is incorrect for debug builds #1546 * Correct pkg name and lib name * Fix typo * Fix missing space
* Port VOL connector Guide to doxygen (#2333)Allen Byrne2023-01-181-2/+6
| | | | | | | * Port VOL connector Guide to doxygen * Fix spelling * Updated VOL UG ref and added release note
* Adds RELEASE.txt notes and updates Doxygen (#2377) (#2379)Dana Robinson2022-12-291-0/+32
|
* H5F_LIBVER_LATEST changes for move to 1.15 (#2288)Allen Byrne2022-12-211-1/+1
| | | | | | | | | | | | | | | * H5F_LIBVER_LATEST changes for move to 1.15 * Add new default api check * Format fixes * Fix default configure * fix lib version tests * Fix another version variable * Add 1.14 doc link
* Fix doxygen warnings and remove javadocs (#2324)Allen Byrne2022-12-201-0/+8
| | | | | * Fix doxygen warnings and remove javadocs * fix typo
* Disable hl tools by default (#2313)Allen Byrne2022-12-172-4/+15
| | | | | | | | | | | * Disable hl tools by default * identify the tools * Only GIF tools are depecated * Add new option * Update autotools
* Hdffv 11052 (#2303)vchoi-hdfgroup2022-12-151-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix for HDFFV-11052: h5debug fails on a corrupted file (h5_nrefs_POC) producing a core dump. When h5debug closes the corrupted file, the library calls H5F__dest() which performs all the closing operations for the file "f" (H5F_t *) but just keeping note of errors in "ret_value" all the way till the end of the routine. The user-provided corrupted file has an illegal file size causing failure when reading the image during the closing process. At the end of this routine it sets f->shared to NULL and then frees "f". This is done whether there is error or not in "ret_value". Due to the failure in reading the file earlier, the routine then returns error. The error return from H5F__dest() causes the file object "f" not being removed from the ID node table. When the library finally exits, it will try to close the file objects in the table. This causes assert failure when H5F_ID_EXISTS(f) or H5F_NREFS(f). Fix: a) H5F_dest(): free the f only when there is no error in "ret_value" at the end of the routine. b) H5VL__native_file_close(): if f->shared is NULL, free "f"; otherwise, perform closing on "f" as before. c) h5debug.c main(): track error return from H5Fclose(). * Committing clang-format changes * Add test and release note info for fix to HDFFV-11052 which is merged via PR#2291. * Committing clang-format changes * Add the test file to Cmake. Co-authored-by: vchoi <vchoi@jelly.ad.hdfgroup.org> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
* Update windows worker compilers (#2286)Allen Byrne2022-12-141-1/+4
| | | | | | | * Update windows worker compilers * Update bin and test issues * Update script and revert java test
* Compound datatypes may not have members of size 0 (#2243)Egbert Eich2022-12-071-14/+25
| | | | | | | | | | | | | | | | | | | | | | * Compound datatypes may not have members of size 0 A member size of 0 may lead to an FPE later on as reported in CVE-2021-46244. To avoid this, check for this as soon as the member is decoded. This should probably be done in H5O_dtype_decode_helper() already, however it is not clear whether all sizes are expected to be != 0. This fixes CVE-2021-46244 / Bug #2242. Signed-off-by: Egbert Eich <eich@suse.com> * Rework error recovery code in H5O__dtype_decode_helper() and H5O__dtype_decode(). * Format changes for src/H5Odtype.c. Signed-off-by: Egbert Eich <eich@suse.com> Co-authored-by: Neil Fortner <nfortne2@hdfgroup.org> Co-authored-by: Larry Knox <lrknox@hdfgroup.org>
* Correct requires setting for pkgconfig files (#2280)Allen Byrne2022-12-071-0/+8
| | | | | * Correct requires setting for pkgconfig files * Add issue number
* CVE 2021 46242 develop (#2255)Egbert Eich2022-12-021-0/+12
| | | | | | | | | | | | | | | | | | | | | | * When evicting driver info block, NULL the corresponding entry Since H5C_expunge_entry() called (from H5AC_expunge_entry()) sets the flag H5C__FLUSH_INVALIDATE_FLAG, the driver info block will be freed. NULLing the pointer in f->shared->drvinfo will prevent use-after-free when it is used in other functions (like H5F__dest()) - as other places will check whether the pointer is initialized before using its value. This fixes CVE-2021-46242 / Bug #2254 Signed-off-by: Egbert Eich <eich@suse.com> * When evicting the superblock, NULL the corresponding entry The call to H5AC_expunge_entry() will free the corresonding structure, to avoid a use-after-free, the corrsponding pointer entry will be NULLed. Signed-off-by: Egbert Eich <eich@suse.com> Signed-off-by: Egbert Eich <eich@suse.com>
* Output should only be printed if verbose. (#2273)Allen Byrne2022-12-021-1/+6
| | | | | * Output should only be printed if verbose. * Add note
* Report error if dimensions of chunked storage in data layout < 2 (#2241)Egbert Eich2022-12-021-1/+14
| | | | | | | | | | | | | | | | For Data Layout Messages version 1 & 2 the specification state that the value stored in the data field is 1 greater than the number of dimensions in the dataspace. For version 3 this is not explicitly stated but the implementation suggests it to be the case. Thus the set value needs to be at least 2. For dimensionality < 2 an out-of-bounds access occurs as in CVE-2021-45833. This fixes CVE-2021-45833 / Bug #2240. Signed-off-by: Egbert Eich <eich@suse.com> Signed-off-by: Egbert Eich <eich@suse.com> Co-authored-by: Larry Knox <lrknox@hdfgroup.org>
* H5O_dtype_decode_helper: Parent of enum needs to have same size as enum ↵Egbert Eich2022-11-111-13/+26
| | | | | | | | | | | | | | itself (#2237) The size of the enumeration values is determined by the size of the parent. Functions accessing the enumeration values use the size of the enumeration to determine the size of each element and how much data to copy. Thus the size of the enumeration and its parent need to match. Check here to avoid unpleasant surprises later. This fixes CVE-2018-14031 / Bug #2236. Signed-off-by: Egbert Eich <eich@suse.com>
* Make sure info block for external links has at least 3 bytes (#2234)Egbert Eich2022-11-111-0/+13
| | | | | | | | | | | | According to the specification, the information block for external links contains 1 byte of version/flag information and two 0 terminated strings for the object linked to and the full path. Although not very useful, the minimum string length for each (with terminating 0) would be one byte. Checking this will help to avoid SEGVs triggered by bogus files. This fixes CVE-2018-16438 / Bug #2233. Signed-off-by: Egbert Eich <eich@suse.com>
* Validate location (offset) of the accumulated metadata when comparing (#2231)Egbert Eich2022-11-111-0/+15
| | | | | | | | | | | | | | | Initially, the accumulated metadata location is initialized to HADDR_UNDEF - the highest available address. Bogus input files may provide a location or size matching this value. Comparing this address against such bogus values may provide false positives. This make sure, the value has been initilized or fail the comparison early and let other parts of the code deal with the bogus address/size. Note: To avoid unnecessary checks, we have assumed that if the 'dirty' member in the same structure is true the location is valid. This fixes CVE-2018-13867 / Bug #2230. Signed-off-by: Egbert Eich <eich@suse.com>
* Make H5O__fsinfo_decode() more resilient to out-of-bound reads. (#2229)Egbert Eich2022-11-111-0/+13
| | | | | | | | | | | | | | | | When decoding a file space info message in H5O__fsinfo_decode() make sure each element to be decoded is still within the message. Malformed hdf5 files may have trunkated content which does not match the expected size. Checking this will prevent attempting to decode unrelated data and heap overflows. So far, only free space manager address data was checked before decoding. This fixes CVE-2021-45830 / Bug #2228. Signed-off-by: Egbert Eich <eich@suse.com> Additions Co-authored-by: Larry Knox <lrknox@hdfgroup.org>
* H5IMget_image_info(): Make sure to not exceed local array size (#2227)Egbert Eich2022-11-111-2/+12
| | | | | | | | | | | | | Malformed hdf5 files may provide more dimensions than the array dim[] in H5IMget_image_info() is able to hold. Check number of elements first by calling H5Sget_simple_extent_dims() with NULL for both 'dims' and 'maxdims' arguments. This will cause the function to return only the number of dimensions. The fix addresse a stack overflow on write. This fixes CVE-2018-17439 / HDFFV-10589 / Bug #2226. Signed-off-by: Egbert Eich <eich@suse.com> Signed-off-by: Egbert Eich <eich@suse.com>
* Adds a release note for PR #2210 (CVE-2019-8396) (#2247)Dana Robinson2022-11-101-0/+11
| | | | | * Adds a release note for PR #2210 (CVE-2019-8396) * Capitalization issue fixed
generated by cgit v0.12 at 2024-09-14 13:17:19 (GMT)