HDF5 version 1.12.2-2 currently under development ================================================================================ INTRODUCTION ============ This document describes the new features introduced in the HDF5 1.12.2 release. It contains information on the platforms tested and known problems in this release. For more details check the HISTORY*.txt files in the HDF5 source. Note that documentation in the links below will be updated at the time of the release. Links to HDF5 documentation can be found on The HDF5 web page: https://portal.hdfgroup.org/display/HDF5/HDF5 The official HDF5 releases can be obtained from: https://www.hdfgroup.org/downloads/hdf5/ More information about the new features can be found at: https://portal.hdfgroup.org/display/HDF5/New+Features+in+HDF5+Release+1.12 If you have any questions or comments, please send them to the HDF Help Desk: help@hdfgroup.org CONTENTS ======== - New Features - Support for new platforms and languages - Bug Fixes since HDF5-1.12.1 - Supported Platforms - Tested Configuration Features Summary - More Tested Platforms - Known Problems - CMake vs. Autotools installations New Features ============ Configuration: ------------- - CPack will now generate RPM/DEB packages. Enabled the RPM and DEB CPack generators on linux. In addition to generating STGZ and TGZ packages, CPack will try to package the library for RPM and DEB packages. This is the initial attempt and may change as issues are resolved. (ADB - 2022/03/25) - Added new option to the h5cc scripts produced by CMake. Add -showconfig option to h5cc scripts to cat the libhdf5-settings to the standard output. (ADB - 2022/03/11) - HDF5 memory allocation sanity checking is now off by default for Autotools debug builds HDF5 can be configured to perform sanity checking on internal memory allocations by adding heap canaries to these allocations. However, enabling this option can cause issues with external filter plugins when working with (reallocating/freeing/allocating and passing back) buffers. Previously, this option was off by default for all CMake build types, but only off by default for non-debug Autotools builds. Since debug is the default build mode for HDF5 when built from source with Autotools, this can result in surprising segfaults that don't occur when an application is built against a release version of HDF5. Therefore, this option is now off by default for all build types across both CMake and Autotools. (JTH - 2022/03/01) - Refactored the utils folder. Added subfolder test and moved the 'swmr_check_compat_vfd.c file' from test into utils/test. Deleted the duplicate swmr_check_compat_vfd.c file in hl/tools/h5watch folder. Also fixed vfd check options. (ADB - 2021/10/18) - Changed autotools and CMake configurations to derive both compilation warnings-as-errors and warnings-only-warn configurations from the same files, 'config/*/*error*'. Removed redundant files 'config/*/*noerror*'. (DCY - 2021/09/29) - Added new option to control the build of High-Level tools that default ON/enabled. Add configure options (autotools - CMake): --enable-hltools HDF5_BUILD_HL_TOOLS Disabling this option prevents building the gif tool which contains the following CVEs: HDFFV-10592 CVE-2018-17433 HDFFV-10593 CVE-2018-17436 HDFFV-11048 CVE-2020-10809 (ADB - 2021/09/16, HDFFV-11266) - CMake will now run the shell script tests in test/ by default The test directory includes several shell script tests that previously were not run by CMake. These are now run by default. TEST_SHELL_SCRIPTS has been set to ON and SH_PROGRAM has been set to bash (some test scripts use bash-isms). Platforms without bash (e.g., Windows) will ignore the script tests. (DER - 2021/05/23) - Removed unused HDF5_ENABLE_HSIZET option from CMake This has been unused for some time and has no effect. (DER - 2021/05/23) Library: -------- - Change how the release part of version, in major.minor.release is checked for compatibility The HDF5 library uses a function, H5check_version, to check that the version defined in the header files, which is used to compile an application is compatible with the version codified in the library, which the application loads at runtime. This previously required an exact match or the library would print a warning, dump the build settings and then abort or continue. An environment variable controlled the logic. Now the function first checks that the library release version, in major.minor.release, is not older than the version in the headers. Secondly, if the release version is different, it checks if either the library version or the header version is in the exception list, in which case the release part of version, in major.minor.release, must be exact. An environment variable still controls the logic. (ADB - 2021/07/27) Parallel Library: ----------------- - Several improvements to parallel compression feature, including: * Improved support for collective I/O (for both writes and reads) * Significant reduction of memory usage for the feature as a whole * Reduction of copying of application data buffers passed to H5Dwrite * Addition of support for incremental file space allocation for filtered datasets created in parallel. Incremental file space allocation is the default for these types of datasets (early file space allocation is also still supported), while early file space allocation is still the default (and only supported allocation time) for unfiltered datasets created in parallel. Incremental file space allocation should help with parallel HDF5 applications that wish to use fill values on filtered datasets, but would typically avoid doing so since dataset creation in parallel would often take an excessive amount of time. Since these datasets previously used early file space allocation, HDF5 would allocate space for and write fill values to every chunk in the dataset at creation time, leading to noticeable overhead. Instead, with incremental file space allocation, allocation of file space for chunks and writing of fill values to those chunks will be delayed until each individual chunk is initially written to. * Addition of support for HDF5's "don't filter partial edge chunks" flag (https://portal.hdfgroup.org/display/HDF5/H5P_SET_CHUNK_OPTS) * Addition of proper support for HDF5 fill values with the feature * Addition of 'H5_HAVE_PARALLEL_FILTERED_WRITES' macro to H5pubconf.h so HDF5 applications can determine at compile-time whether the feature is available * Addition of simple examples (ph5_filtered_writes.c and ph5_filtered_writes_no_sel.c) under examples directory to demonstrate usage of the feature * Improved coverage of regression testing for the feature (JTH - 2022/2/23) Fortran Library: ---------------- - H5Fget_name_f fixed to handle correctly trailing whitespaces and newly allocated buffers. (MSB - 2021/08/30, github-826,972) C++ Library: ------------ - Java Library: ------------- - Tools: ------ - Refactored the perform tools and removed depends on test library. Moved the perf and h5perf tools from tools/test/perform to tools/src/h5perf so that they can be installed. This required that the test library dependency be removed by copying the needed functions from h5test.c. The standalone scripts and other perform tools remain in the tools/test/perform folder. (ADB - 2021/08/10) - Removed partial long exceptions Some of the tools accepted shortened versions of the long options (ex: --datas instead of --dataset). These were implemented inconsistently, are difficult to maintain, and occasionally block useful long option names. These partial long options have been removed from all the tools. (DER - 2021/08/03) Support for new platforms, languages and compilers ================================================== - Bug Fixes since HDF5-1.12.1 release =================================== Library ------- - Fixed a metadata cache bug when resizing a pinned/protected cache entry When resizing a pinned/protected cache entry, the metadata cache code previously would wait until after resizing the entry to attempt to log the newly-dirtied entry. This would cause H5C_resize_entry to mark the entry as dirty and make H5AC_resize_entry think that it doesn't need to add the newly-dirtied entry to the dirty entries skiplist. Thus, a subsequent H5AC__log_moved_entry would think it needs to allocate a new entry for insertion into the dirty entry skip list, since the entry doesn't exist on that list. This causes an assertion failure, as the code to allocate a new entry assumes that the entry is not dirty. (JRM - 2022/02/28) - Issue #1436 identified a problem with the H5_VERS_RELEASE check in the H5check_version function. Investigating the original fix, #812, we discovered some inconsistencies with a new block added to check H5_VERS_RELEASE for incompatibilities. This new block was not using the new warning text dealing with the H5_VERS_RELEASE check and would cause the warning to be duplicated. By removing the H5_VERS_RELEASE argument in the first check for H5_VERS_MAJOR and H5_VERS_MINOR, the second check would only check the H5_VERS_RELEASE for incompatible release versions. This adheres to the statement that except for the develop branch, all release versions in a major.minor maintenance branch should be compatible. The prerequisite is that an application will not use any APIs not present in all release versions. (ADB - 2022/03/11, #1438) - Unified handling of collective metadata reads to correctly fix old bugs Due to MPI-related issues occurring in HDF5 from mismanagement of the status of collective metadata reads, they were forced to be disabled during chunked dataset raw data I/O in the HDF5 1.10.5 release. This wouldn't generally have affected application performance because HDF5 already disables collective metadata reads during chunk lookup, since it is generally unlikely that the same chunks will be read by all MPI ranks in the I/O operation. However, this was only a partial solution that wasn't granular enough. This change now unifies the handling of the file-global flag and the API context-level flag for collective metadata reads in order to simplify querying of the true status of collective metadata reads. Thus, collective metadata reads are once again enabled for chunked dataset raw data I/O, but manually controlled at places where some processing occurs on MPI rank 0 only and would cause issues when collective metadata reads are enabled. (JTH - 2021/11/16, HDFFV-10501/HDFFV-10562) - Fixed several potential MPI deadlocks in library failure conditions In the parallel library, there were several places where MPI rank 0 could end up skipping past collective MPI operations when some failure occurs in rank 0-specific processing. This would lead to deadlocks where rank 0 completes an operation while other ranks wait in the collective operation. These places have been rewritten to have rank 0 push an error and try to cleanup after the failure, then continue to participate in the collective operation to the best of its ability. (JTH - 2021/11/09) - Fixed an issue with collective metadata reads being permanently disabled after a dataset chunk lookup operation. This would usually cause a mismatched MPI_Bcast and MPI_ERR_TRUNCATE issue in the library for simple cases of H5Dcreate() -> H5Dwrite() -> H5Dcreate(). (JTH - 2021/11/08, HDFFV-11090) - Fixed a segmentation fault A segmentation fault occurred with a Mathworks corrupted file. A detection of accessing a null pointer was added to prevent the problem. (BMR - 2021/10/14, HDFFV-11150) - Detection of simple data transform function "x" In the case of the simple data transform function "x" the (parallel) library recognizes this is the same as not applying this data transform function. This improves the I/O performance. In the case of the parallel library, it also avoids breaking to independent I/O, which makes it possible to apply a filter when writing or reading data to or from teh HDF5 file. (JWSB - 2021/09/13) - Fixed an invalid read and memory leak when parsing corrupt file space info messages When the corrupt file from CVE-2020-10810 was parsed by the library, the code that imports the version 0 file space info object header message to the version 1 struct could read past the buffer read from the disk, causing an invalid memory read. Not catching this error would cause downstream errors that eventually resulted in a previously allocated buffer to be unfreed when the library shut down. In builds where the free lists are in use, this could result in an infinite loop and SIGABRT when the library shuts down. We now track the buffer size and raise an error on attempts to read past the end of it. (DER - 2021/08/12, HDFFV-11053) - Fixed a segmentation fault A segmentation fault occurred with a Mathworks corrupted file. A detection of accessing a null pointer was added to prevent the problem. (BMR - 2021/02/19, HDFFV-11150) - H5Pset_fapl_log() no longer crashes when passed an invalid fapl ID When passed an invalid fapl ID, H5Pset_fapl_log() would usually segfault when attempting to free an uninitialized pointer in the error handling code. This behavior is more common in release builds or when the memory sanitization checks were not selected as a build option. The pointer is now correctly initialized and the API call now produces a normal HDF5 error when fed an invalid fapl ID. (DER - 2021/04/28, HDFFV-11240) - Fixes a segfault when H5Pset_mdc_log_options() is called multiple times The call incorrectly attempts to free an internal copy of the previous log location string, which causes a segfault. This only happens when the call is invoked multiple times on the same property list. On the first call to a given fapl, the log location is set to NULL so the segfault does not occur. The string is now handled properly and the segfault no longer occurs. (DER - 2021/04/27, HDFFV-11239) - Fixed CVE-2018-17432 The tool h5repack produced a segfault on a corrupted file which had invalid rank for scalar or NULL datatype. The problem was fixed in HDF5 1.12.1 by modifying the dataspace encode and decode functions to detect and report invalid rank. h5repack now fails with an error message for the corrupted file. (BMR - 2020/10/26, HDFFV-10590) Java Library ------------ - Configuration ------------- - Reworked corrected path searched by CMake find_package command The install path for cmake find_package files had been changed to use "share/cmake" for all platforms. However setting the HDF5_ROOT variable failed to locate the configuration files. The build variable HDF5_INSTALL_CMAKE_DIR is now set to the /cmake folder. The location of the configuration files can still be specified by the "HDF5_DIR" variable. (ADB - 2022/03/11) - Corrected path searched by CMake find_package command The install path for cmake find_package files had been changed to use "share/cmake" for all platforms. However the trailing "hdf5" directory was not removed. This "hdf5" additional directory has been removed. (ADB - 2021/09/27) - Corrected pkg-config compile script It was discovered that the position of the "$@" argument for the command in the compile script may fail on some platforms and configurations. The position of the "$@"command argument was moved before the pkg-config sub command. (ADB - 2021/08/30) - Fixed CMake C++ compiler flags A recent refactoring of the C++ configure files accidentally removed the file that executed the enable_language command for C++ needed by the HDFCXXCompilerFlags.cmake file. Also updated the intel warnings files, including adding support for windows platforms. (ADB - 2021/08/10) - Better support for libaec (open-source Szip library) in CMake Implemented better support for libaec 1.0.5 (or later) library. This version of libaec contains improvements for better integration with HDF5. Furthermore, the variable USE_LIBAEC_STATIC has been introduced to allow to make use of static version of libaec library. Use libaec_DIR or libaec_ROOT to set the location in which libaec can be found. Be aware, the Szip library of libaec 1.0.4 depends on another library within libaec library. This dependency is not specified in the current CMake configuration which means that one can not use the static Szip library of libaec 1.0.4 when building HDF5. This has been resolved in libaec 1.0.5. (JWSB - 2021/06/22) Fortran API ----------- - High-Level Library ------------------ - Fixed HL_test_packet, test for packet table vlen of vlen. Incorrect length assignment. (ADB - 2021/10/14) Fortran High-Level APIs ----------------------- - Documentation ------------- - F90 APIs -------- - C++ APIs -------- - Testing ------- - Supported Platforms =================== Linux 2.6.32-696.16.1.el6.ppc64 gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-18) #1 SMP ppc64 GNU/Linux g++ (GCC) 4.4.7 20120313 (Red Hat 4.4.7-18) (ostrich) GNU Fortran (GCC) 4.4.7 20120313 (Red Hat 4.4.7-18) IBM XL C/C++ V13.1 IBM XL Fortran V15.1 Linux 3.10.0-327.10.1.el7 GNU C (gcc), Fortran (gfortran), C++ (g++) #1 SMP x86_64 GNU/Linux compilers: (kituo/moohan) Version 4.8.5 20150623 (Red Hat 4.8.5-4) Version 4.9.3, 5.2.0, 7.1.0 Intel(R) C (icc), C++ (icpc), Fortran (icc) compilers: Version 17.0.0.098 Build 20160721 MPICH 3.1.4 Linux-3.10.0- spectrum-mpi/rolling-release with cmake>3.10 and 862.14.4.1chaos.ch6.ppc64le clang/3.9,8.0 #1 SMP ppc64le GNU/Linux gcc/7.3 (ray) xl/2016,2019 Linux 3.10.0- openmpi/3.1,4.0 with cmake>3.10 and 957.12.2.1chaos.ch6.x86_64 clang 5.0 #1 SMP x86_64 GNU/Linux gcc/7.3,8.2 (serrano) intel/17.0,18.0/19.0 Linux 3.10.0- openmpi/3.1/4.0 with cmake>3.10 and 1062.1.1.1chaos.ch6.x86_64 clang/3.9,5.0,8.0 #1 SMP x86_64 GNU/Linux gcc/7.3,8.1,8.2 (chama,quartz) intel/16.0,18.0,19.0 Linux 4.4.180-94.100-default cray-mpich/7.7.6 with PrgEnv-*/6.0.5, cmake>3.10 and #1 SMP x86_64 GNU/Linux gcc/7.2.0,8.2.0 (mutrino) intel/17.0,18.0 Linux 4.14.0- spectrum-mpi/rolling-release with cmake>3.10 and 49.18.1.bl6.ppc64le clang/6.0,8.0 #1 SMP ppc64le GNU/Linux gcc/7.3 (lassen) xl/2019 SunOS 5.11 32- and 64-bit Sun C 5.12 SunOS_sparc (emu) Sun Fortran 95 8.6 SunOS_sparc Sun C++ 5.12 SunOS_sparc Windows 10 x64 Visual Studio 2015 w/ Intel Fortran 18 (cmake) Visual Studio 2017 w/ Intel Fortran 19 (cmake) Visual Studio 2019 w/ Intel Fortran 19 (cmake) Visual Studio 2019 w/ MSMPI 10.1 (cmake) Mac OS X Yosemite 10.10.5 Apple clang/clang++ version 6.1 from Xcode 7.0 64-bit gfortran GNU Fortran (GCC) 4.9.2 (osx1010dev/osx1010test) Intel icc/icpc/ifort version 15.0.3 Mac OS X El Capitan 10.11.6 Apple clang/clang++ version 7.3.0 from Xcode 7.3 64-bit gfortran GNU Fortran (GCC) 5.2.0 (osx1011dev/osx1011test) Intel icc/icpc/ifort version 16.0.2 Mac OS High Sierra 10.13.6 Apple LLVM version 10.0.0 (clang/clang++-1000.10.44.4) 64-bit gfortran GNU Fortran (GCC) 6.3.0 (bear) Intel icc/icpc/ifort version 19.0.4 Mac OS Mojave 10.14.6 Apple LLVM version 10.0.1 (clang/clang++-1001.0.46.4) 64-bit gfortran GNU Fortran (GCC) 6.3.0 (bobcat) Intel icc/icpc/ifort version 19.0.4 Tested Configuration Features Summary ===================================== In the tables below y = tested n = not tested in this release C = Cluster W = Workstation x = not working in this release dna = does not apply ( ) = footnote appears below second table = testing incomplete on this feature or platform Platform C F90/ F90 C++ zlib SZIP parallel F2003 parallel Solaris2.11 32-bit n y/y n y y y Solaris2.11 64-bit n y/n n y y y Windows 10 y y/y n y y y Windows 10 x64 y y/y n y y y Mac OS X Mountain Lion 10.8.5 64-bit n y/y n y y y Mac OS X Mavericks 10.9.5 64-bit n y/y n y y ? Mac OS X Yosemite 10.10.5 64-bit n y/y n y y ? Mac OS X El Capitan 10.11.6 64-bit n y/y n y y ? CentOS 6.7 Linux 2.6.18 x86_64 GNU n y/y n y y y CentOS 6.7 Linux 2.6.18 x86_64 Intel n y/y n y y y CentOS 6.7 Linux 2.6.32 x86_64 PGI n y/y n y y y CentOS 7.2 Linux 2.6.32 x86_64 GNU y y/y y y y y CentOS 7.2 Linux 2.6.32 x86_64 Intel n y/y n y y y Linux 2.6.32-573.18.1.el6.ppc64 n y/n n y y y Platform Shared Shared Shared Thread- C libs F90 libs C++ libs safe Solaris2.11 32-bit y y y y Solaris2.11 64-bit y y y y Windows 10 y y y y Windows 10 x64 y y y y Mac OS X Mountain Lion 10.8.5 64-bit y n y y Mac OS X Mavericks 10.9.5 64-bit y n y y Mac OS X Yosemite 10.10.5 64-bit y n y y Mac OS X El Capitan 10.11.6 64-bit y n y y CentOS 6.7 Linux 2.6.18 x86_64 GNU y y y y CentOS 6.7 Linux 2.6.18 x86_64 Intel y y y n CentOS 6.7 Linux 2.6.32 x86_64 PGI y y y n CentOS 7.2 Linux 2.6.32 x86_64 GNU y y y n CentOS 7.2 Linux 2.6.32 x86_64 Intel y y y n Linux 2.6.32-573.18.1.el6.ppc64 y y y n Compiler versions for each platform are listed in the preceding "Supported Platforms" table. More Tested Platforms ===================== The following platforms are not supported but have been tested for this release. Linux 2.6.32-573.22.1.el6 GNU C (gcc), Fortran (gfortran), C++ (g++) #1 SMP x86_64 GNU/Linux compilers: (mayll/platypus) Version 4.4.7 20120313 Version 4.9.3, 5.3.0, 6.2.0 PGI C, Fortran, C++ for 64-bit target on x86-64; Version 17.10-0 Intel(R) C (icc), C++ (icpc), Fortran (icc) compilers: Version 17.0.4.196 Build 20170411 MPICH 3.1.4 compiled with GCC 4.9.3 Linux 3.10.0-327.18.2.el7 GNU C (gcc) and C++ (g++) compilers #1 SMP x86_64 GNU/Linux Version 4.8.5 20150623 (Red Hat 4.8.5-4) (jelly) with NAG Fortran Compiler Release 6.1(Tozai) GCC Version 7.1.0 OpenMPI 3.0.0-GCC-7.2.0-2.29 Intel(R) C (icc) and C++ (icpc) compilers Version 17.0.0.098 Build 20160721 with NAG Fortran Compiler Release 6.1(Tozai) PGI C (pgcc), C++ (pgc++), Fortran (pgf90) compilers: Version 18.4, 19.4 MPICH 3.3 OpenMPI 2.1.5, 3.1.3, 4.0.0 Fedora33 5.11.18-200.fc33.x86_64 #1 SMP x86_64 GNU/Linux GNU gcc (GCC) 10.3.1 20210422 (Red Hat 10.3.1-1) GNU Fortran (GCC) 10.3.1 20210422 (Red Hat 10.3.1-1) clang version 11.0.0 (Fedora 11.0.0-2.fc33) (cmake and autotools) Ubuntu20.04 5.8.0-53-generic-x86_64 #60~20.04-Ubuntu SMP x86_64 GNU/Linux GNU gcc (GCC) 9.3.0-17ubuntu1 GNU Fortran (GCC) 9.3.0-17ubuntu1 clang version 10.0.0-4ubuntu1 (cmake and autotools) Ubuntu20.10 5.8.0-53-generic-x86_64 #60-Ubuntu SMP x86_64 GNU/Linux GNU gcc (GCC) 10.2.0-13ubuntu1 GNU Fortran (GCC) 10.2.0-13ubuntu1 Ubuntu clang version 11.0.0-2 (cmake and autotools) SUSE15sp2 5.3.18-22-default #1 SMP x86_64 GNU/Linux GNU gcc (SUSE Linux) 7.5.0 GNU Fortran (SUSE Linux) 7.5.0 clang version 7.0.1 (tags/RELEASE_701/final 349238) (cmake and autotools) Known Problems ============== testflushrefresh.sh will fail when run with "make check-passthrough-vol" on centos7, with 3 Errors/Segmentation faults. These will not occur when run with "make check". See https://github.com/HDFGroup/hdf5/issues/673 for details. The t_bigio test fails on several HPC platforms, generally by timeout with OpenMPI 4.0.0 or with this error from spectrum-mpi: *** on communicator MPI_COMM_WORLD *** MPI_ERR_COUNT: invalid count argument CMake files do not behave correctly with paths containing spaces. Do not use spaces in paths because the required escaping for handling spaces results in very complex and fragile build files. ADB - 2019/05/07 At present, metadata cache images may not be generated by parallel applications. Parallel applications can read files with metadata cache images, but since this is a collective operation, a deadlock is possible if one or more processes do not participate. CPP ptable test fails on both VS2017 and VS2019 with Intel compiler, JIRA issue: HDFFV-10628. This test will pass with VS2015 with Intel compiler. The subsetting option in ph5diff currently will fail and should be avoided. The subsetting option works correctly in serial h5diff. Known problems in previous releases can be found in the HISTORY*.txt files in the HDF5 source. Please report any new problems found to help@hdfgroup.org. CMake vs. Autotools installations ================================= While both build systems produce similar results, there are differences. Each system produces the same set of folders on linux (only CMake works on standard Windows); bin, include, lib and share. Autotools places the COPYING and RELEASE.txt file in the root folder, CMake places them in the share folder. The bin folder contains the tools and the build scripts. Additionally, CMake creates dynamic versions of the tools with the suffix "-shared". Autotools installs one set of tools depending on the "--enable-shared" configuration option. build scripts ------------- Autotools: h5c++, h5cc, h5fc CMake: h5c++, h5cc, h5hlc++, h5hlcc The include folder holds the header files and the fortran mod files. CMake places the fortran mod files into separate shared and static subfolders, while Autotools places one set of mod files into the include folder. Because CMake produces a tools library, the header files for tools will appear in the include folder. The lib folder contains the library files, and CMake adds the pkgconfig subfolder with the hdf5*.pc files used by the bin/build scripts created by the CMake build. CMake separates the C interface code from the fortran code by creating C-stub libraries for each Fortran library. In addition, only CMake installs the tools library. The names of the szip libraries are different between the build systems. The share folder will have the most differences because CMake builds include a number of CMake specific files for support of CMake's find_package and support for the HDF5 Examples CMake project. The issues with the gif tool are: HDFFV-10592 CVE-2018-17433 HDFFV-10593 CVE-2018-17436 HDFFV-11048 CVE-2020-10809 These CVE issues have not yet been addressed and can be avoided by not building the gif tool. Disable building the High-Level tools with these options: autotools: --disable-hltools cmake: HDF5_BUILD_HL_TOOLS=OFF