From 210e0d91d158ea80e6d76d5656b2b467d0d1a9e6 Mon Sep 17 00:00:00 2001 From: Larry Knox Date: Fri, 1 Apr 2022 14:19:43 -0500 Subject: October 2021 Pull Requests not previously merged to 1.12 (#1570) --- fortran/test/tH5A.F90 | 4 +- release_docs/RELEASE.txt | 149 +++++++++++++++++++++-------------- tools/test/h5repack/CMakeTests.cmake | 4 +- tools/test/h5repack/h5repack.sh.in | 17 +++- 4 files changed, 109 insertions(+), 65 deletions(-) diff --git a/fortran/test/tH5A.F90 b/fortran/test/tH5A.F90 index 4d56bed..d5ce9a2 100644 --- a/fortran/test/tH5A.F90 +++ b/fortran/test/tH5A.F90 @@ -408,13 +408,13 @@ CONTAINS !open the INTEGER attrbute by name ! CALL h5aopen_name_f(dset_id, aname5, attr5_id, error) - CALL check("h5aopen_idx_f",error,total_error) + CALL check("h5aopen_name_f",error,total_error) ! !open the NULL attrbute by name ! CALL h5aopen_name_f(dset_id, aname6, attr6_id, error) - CALL check("h5aopen_idx_f",error,total_error) + CALL check("h5aopen_name_f",error,total_error) ! !get the attrbute name diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 8acbcd0..8e269bf 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -101,7 +101,13 @@ New Features that default ON/enabled. Add configure options (autotools - CMake): - enable-hltools HDF5_BUILD_HL_TOOLS + --enable-hltools HDF5_BUILD_HL_TOOLS + + Disabling this option prevents building the gif tool which + contains the following CVEs: + HDFFV-10592 CVE-2018-17433 + HDFFV-10593 CVE-2018-17436 + HDFFV-11048 CVE-2020-10809 (ADB - 2021/09/16, HDFFV-11266) @@ -347,6 +353,14 @@ Bug Fixes since HDF5-1.12.1 release (DER - 2021/08/12, HDFFV-11053) + - Fixed a segmentation fault + + A segmentation fault occurred with a Mathworks corrupted file. + + A detection of accessing a null pointer was added to prevent the problem. + + (BMR - 2021/02/19, HDFFV-11150) + - H5Pset_fapl_log() no longer crashes when passed an invalid fapl ID When passed an invalid fapl ID, H5Pset_fapl_log() would usually @@ -372,6 +386,17 @@ Bug Fixes since HDF5-1.12.1 release (DER - 2021/04/27, HDFFV-11239) + - Fixed CVE-2018-17432 + + The tool h5repack produced a segfault on a corrupted file which had + invalid rank for scalar or NULL datatype. + + The problem was fixed in HDF5 1.12.1 by modifying the dataspace encode + and decode functions to detect and report invalid rank. h5repack now + fails with an error message for the corrupted file. + + (BMR - 2020/10/26, HDFFV-10590) + Java Library ------------ @@ -472,8 +497,8 @@ Bug Fixes since HDF5-1.12.1 release - -Supported Platforms -=================== + Supported Platforms + =================== Linux 2.6.32-696.16.1.el6.ppc64 gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-18) #1 SMP ppc64 GNU/Linux g++ (GCC) 4.4.7 20120313 (Red Hat 4.4.7-18) @@ -483,11 +508,11 @@ Supported Platforms Linux 3.10.0-327.10.1.el7 GNU C (gcc), Fortran (gfortran), C++ (g++) #1 SMP x86_64 GNU/Linux compilers: - (kituo/moohan) Version 4.8.5 20150623 (Red Hat 4.8.5-4) + (kituo/moohan) Version 4.8.5 20150623 (Red Hat 4.8.5-4) Version 4.9.3, 5.2.0, 7.1.0 Intel(R) C (icc), C++ (icpc), Fortran (icc) compilers: - Version 17.0.0.098 Build 20160721 + Version 17.0.0.098 Build 20160721 MPICH 3.1.4 Linux-3.10.0- spectrum-mpi/rolling-release with cmake>3.10 and @@ -517,7 +542,7 @@ Supported Platforms SunOS 5.11 32- and 64-bit Sun C 5.12 SunOS_sparc (emu) Sun Fortran 95 8.6 SunOS_sparc Sun C++ 5.12 SunOS_sparc - + Windows 10 x64 Visual Studio 2015 w/ Intel Fortran 18 (cmake) Visual Studio 2017 w/ Intel Fortran 19 (cmake) Visual Studio 2019 w/ Intel Fortran 19 (cmake) @@ -554,7 +579,7 @@ Tested Configuration Features Summary = testing incomplete on this feature or platform Platform C F90/ F90 C++ zlib SZIP - parallel F2003 parallel + parallel F2003 parallel Solaris2.11 32-bit n y/y n y y y Solaris2.11 64-bit n y/n n y y y Windows 10 y y/y n y y y @@ -572,7 +597,7 @@ Linux 2.6.32-573.18.1.el6.ppc64 n y/n n y y y Platform Shared Shared Shared Thread- - C libs F90 libs C++ libs safe + C libs F90 libs C++ libs safe Solaris2.11 32-bit y y y y Solaris2.11 64-bit y y y y Windows 10 y y y y @@ -596,56 +621,56 @@ More Tested Platforms ===================== The following platforms are not supported but have been tested for this release. - Linux 2.6.32-573.22.1.el6 GNU C (gcc), Fortran (gfortran), C++ (g++) - #1 SMP x86_64 GNU/Linux compilers: - (mayll/platypus) Version 4.4.7 20120313 - Version 4.9.3, 5.3.0, 6.2.0 - PGI C, Fortran, C++ for 64-bit target on - x86-64; - Version 17.10-0 - Intel(R) C (icc), C++ (icpc), Fortran (icc) - compilers: - Version 17.0.4.196 Build 20170411 - MPICH 3.1.4 compiled with GCC 4.9.3 - - Linux 3.10.0-327.18.2.el7 GNU C (gcc) and C++ (g++) compilers - #1 SMP x86_64 GNU/Linux Version 4.8.5 20150623 (Red Hat 4.8.5-4) - (jelly) with NAG Fortran Compiler Release 6.1(Tozai) - GCC Version 7.1.0 - OpenMPI 3.0.0-GCC-7.2.0-2.29 - Intel(R) C (icc) and C++ (icpc) compilers - Version 17.0.0.098 Build 20160721 - with NAG Fortran Compiler Release 6.1(Tozai) - PGI C (pgcc), C++ (pgc++), Fortran (pgf90) - compilers: - Version 18.4, 19.4 - MPICH 3.3 - OpenMPI 2.1.5, 3.1.3, 4.0.0 - - - Fedora33 5.11.18-200.fc33.x86_64 - #1 SMP x86_64 GNU/Linux GNU gcc (GCC) 10.3.1 20210422 (Red Hat 10.3.1-1) - GNU Fortran (GCC) 10.3.1 20210422 (Red Hat 10.3.1-1) - clang version 11.0.0 (Fedora 11.0.0-2.fc33) - (cmake and autotools) - - Ubuntu20.04 5.8.0-53-generic-x86_64 - #60~20.04-Ubuntu SMP x86_64 GNU/Linux GNU gcc (GCC) 9.3.0-17ubuntu1 - GNU Fortran (GCC) 9.3.0-17ubuntu1 - clang version 10.0.0-4ubuntu1 - (cmake and autotools) - - Ubuntu20.10 5.8.0-53-generic-x86_64 - #60-Ubuntu SMP x86_64 GNU/Linux GNU gcc (GCC) 10.2.0-13ubuntu1 - GNU Fortran (GCC) 10.2.0-13ubuntu1 - Ubuntu clang version 11.0.0-2 - (cmake and autotools) - - SUSE15sp2 5.3.18-22-default - #1 SMP x86_64 GNU/Linux GNU gcc (SUSE Linux) 7.5.0 - GNU Fortran (SUSE Linux) 7.5.0 - clang version 7.0.1 (tags/RELEASE_701/final 349238) - (cmake and autotools) +Linux 2.6.32-573.22.1.el6 GNU C (gcc), Fortran (gfortran), C++ (g++) +#1 SMP x86_64 GNU/Linux compilers: +(mayll/platypus) Version 4.4.7 20120313 + Version 4.9.3, 5.3.0, 6.2.0 + PGI C, Fortran, C++ for 64-bit target on + x86-64; + Version 17.10-0 + Intel(R) C (icc), C++ (icpc), Fortran (icc) + compilers: + Version 17.0.4.196 Build 20170411 + MPICH 3.1.4 compiled with GCC 4.9.3 + +Linux 3.10.0-327.18.2.el7 GNU C (gcc) and C++ (g++) compilers +#1 SMP x86_64 GNU/Linux Version 4.8.5 20150623 (Red Hat 4.8.5-4) +(jelly) with NAG Fortran Compiler Release 6.1(Tozai) + GCC Version 7.1.0 + OpenMPI 3.0.0-GCC-7.2.0-2.29 + Intel(R) C (icc) and C++ (icpc) compilers + Version 17.0.0.098 Build 20160721 + with NAG Fortran Compiler Release 6.1(Tozai) + PGI C (pgcc), C++ (pgc++), Fortran (pgf90) + compilers: + Version 18.4, 19.4 + MPICH 3.3 + OpenMPI 2.1.5, 3.1.3, 4.0.0 + + +Fedora33 5.11.18-200.fc33.x86_64 +#1 SMP x86_64 GNU/Linux GNU gcc (GCC) 10.3.1 20210422 (Red Hat 10.3.1-1) + GNU Fortran (GCC) 10.3.1 20210422 (Red Hat 10.3.1-1) + clang version 11.0.0 (Fedora 11.0.0-2.fc33) + (cmake and autotools) + +Ubuntu20.04 5.8.0-53-generic-x86_64 +#60~20.04-Ubuntu SMP x86_64 GNU/Linux GNU gcc (GCC) 9.3.0-17ubuntu1 + GNU Fortran (GCC) 9.3.0-17ubuntu1 + clang version 10.0.0-4ubuntu1 + (cmake and autotools) + +Ubuntu20.10 5.8.0-53-generic-x86_64 +#60-Ubuntu SMP x86_64 GNU/Linux GNU gcc (GCC) 10.2.0-13ubuntu1 + GNU Fortran (GCC) 10.2.0-13ubuntu1 + Ubuntu clang version 11.0.0-2 + (cmake and autotools) + +SUSE15sp2 5.3.18-22-default +#1 SMP x86_64 GNU/Linux GNU gcc (SUSE Linux) 7.5.0 + GNU Fortran (SUSE Linux) 7.5.0 + clang version 7.0.1 (tags/RELEASE_701/final 349238) + (cmake and autotools) Known Problems @@ -716,3 +741,11 @@ The share folder will have the most differences because CMake builds include a number of CMake specific files for support of CMake's find_package and support for the HDF5 Examples CMake project. +The issues with the gif tool are: +HDFFV-10592 CVE-2018-17433 +HDFFV-10593 CVE-2018-17436 +HDFFV-11048 CVE-2020-10809 +These CVE issues have not yet been addressed and can be avoided by not building +the gif tool. Disable building the High-Level tools with these options: +autotools: --disable-hltools +cmake: HDF5_BUILD_HL_TOOLS=OFF diff --git a/tools/test/h5repack/CMakeTests.cmake b/tools/test/h5repack/CMakeTests.cmake index 6e9cdf7..09648ff 100644 --- a/tools/test/h5repack/CMakeTests.cmake +++ b/tools/test/h5repack/CMakeTests.cmake @@ -1552,12 +1552,12 @@ ADD_H5_TEST (HDFFV-7840 "TEST" h5diff_attr1.h5) # test CVE-2018-17432 fix - set (arg h5repack_CVE-2018-17432.h5 h5repack__CVE-2018-17432_out.h5 --low=1 --high=2 -f GZIP=8 -l dset1:CHUNK=5x6) + set (arg h5repack_CVE-2018-17432.h5 --low=1 --high=2 -f GZIP=8 -l dset1:CHUNK=5x6) set (TESTTYPE "TEST") ADD_H5_FILTER_TEST (HDFFV-10590 "" ${TESTTYPE} 1 ${arg}) # test CVE-2018-14460 fix - set (arg h5repack_CVE-2018-14460.h5 h5repack_CVE-2018-14460_out.h5) + set (arg h5repack_CVE-2018-14460.h5) set (TESTTYPE "TEST") ADD_H5_FILTER_TEST (HDFFV-11223 "" ${TESTTYPE} 1 ${arg}) diff --git a/tools/test/h5repack/h5repack.sh.in b/tools/test/h5repack/h5repack.sh.in index 3756a95..1e54670 100644 --- a/tools/test/h5repack/h5repack.sh.in +++ b/tools/test/h5repack/h5repack.sh.in @@ -885,13 +885,24 @@ TOOLTEST_FAIL() ( cd $TESTDIR $ENVCMD $RUNSERIAL $H5REPACK_BIN "$@" $infile $outfile - ) >$actual + ) >&$actual RET=$? - if [ $RET == 0 ] ; then + + # Normally h5repack of files tested with this function are expected + # to return not 0, but if the command results in "Segmentation fault" + # or "core dumped" it is a failure regardless of the return value. + failure=`grep -e 'Segmentation fault' -e 'core dumped' $actual` + if [ "$failure" != "" ]; then nerrors="`expr $nerrors + 1`" echo " FAILED" + echo " $failure" else - echo " PASSED" + if [ $RET == 0 ] ; then + nerrors="`expr $nerrors + 1`" + echo " FAILED" + else + echo " PASSED" + fi fi rm -f $outfile } -- cgit v0.12