summaryrefslogtreecommitdiffstats
path: root/release_docs/RELEASE.txt
blob: b12068c0b6e02b18b56e5f616fa2168e567df794 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
HDF5 version 1.13.4-1 currently under development
================================================================================


INTRODUCTION
============

This document describes the differences between this release and the previous
HDF5 release. It contains information on the platforms tested and known
problems in this release. For more details check the HISTORY*.txt files in the
HDF5 source.

Note that documentation in the links below will be updated at the time of each
final release.

Links to HDF5 documentation can be found on The HDF5 web page:

     https://portal.hdfgroup.org/display/HDF5/HDF5

The official HDF5 releases can be obtained from:

     https://www.hdfgroup.org/downloads/hdf5/

Changes from Release to Release and New Features in the HDF5-1.13.x release series
can be found at:

     https://portal.hdfgroup.org/display/HDF5/Release+Specific+Information

If you have any questions or comments, please send them to the HDF Help Desk:

     help@hdfgroup.org


CONTENTS
========

- New Features
- Support for new platforms and languages
- Bug Fixes since HDF5-1.13.3
- Platforms Tested
- Known Problems
- CMake vs. Autotools installations


New Features
============

    Configuration:
    -------------
    - Removal of MPE support

      The ability to build with MPE instrumentation has been removed along with
      the following configure options:

      Autotools:
          --with-mpe=

      CMake has never supported building with MPE support.

      (DER - 2022/11/08)

     - Removal of dmalloc support

      The ability to build with dmalloc support has been removed along with
      the following configure options:

      Autotools:
          --with-dmalloc=

      CMake:
          HDF5_ENABLE_USING_DMALLOC

      (DER - 2022/11/08)
      
    - Removal of memory allocation sanity checks configure options

      With the removal of the memory allocation sanity checks feature, the
      following configure options are no longer necessary and have been
      removed:

      Autotools:
          --enable-memory-alloc-sanity-check

      CMake:
          HDF5_MEMORY_ALLOC_SANITY_CHECK
          HDF5_ENABLE_MEMORY_STATS

      (DER - 2022/11/03)

    Library:
    --------
    - Fix for CVE-2019-8396

      Malformed HDF5 files may have truncated content which does not match
      the expected size. When H5O__pline_decode() attempts to decode these it
      may read past the end of the allocated space leading to heap overflows
      as bounds checking is incomplete.

      The fix ensures each element is within bounds before reading.

      (2022/11/09 - HDFFV-10712, CVE-2019-8396, GitHub #2209)

    - Removal of memory allocation sanity checks feature

      This feature added heap canaries and statistics tracking for internal
      library memory operations. Unfortunately, the heap canaries caused
      problems when library memory operations were mixed with standard C
      library memory operations (such as in the filter pipeline, where
      buffers may have to be reallocated). Since any platform with a C
      compiler also usually has much more sophisticated memory sanity
      checking tools than the HDF5 library provided (e.g., valgrind), we
      have decided to to remove the feature entirely.

      In addition to the configure changes described above, this also removes
      the following from the public API:
          H5get_alloc_stats()
          H5_alloc_stats_t

      (DER - 2022/11/03)

    Parallel Library:
    -----------------
    -


    Fortran Library:
    ----------------
    -


    C++ Library:
    ------------
    -


    Java Library:
    -------------
    -


    Tools:
    ------
    -


    High-Level APIs:
    ----------------
    -


    C Packet Table API:
    -------------------
    -


    Internal header file:
    ---------------------
    -


    Documentation:
    --------------
    -


Support for new platforms, languages and compilers
==================================================
    -
    
Bug Fixes since HDF5-1.13.3 release
===================================
    Library
    -------
    - Fix CVE-2018-13867 / GHSA-j8jr-chrh-qfrf
 
      Validate location (offset) of the accumulated metadata when comparing.

      Initially, the accumulated metadata location is initialized to HADDR_UNDEF
      - the highest available address. Bogus input files may provide a location
      or size matching this value. Comparing this address against such bogus
      values may provide false positives. Thus make sure, the value has been
      initialized or fail the comparison early and let other parts of the
      code deal with the bogus address/size.
      Note: To avoid unnecessary checks, it is assumed that if the 'dirty'
      member in the same structure is true the location is valid.

      (EFE - 2022/10/10 GH-2230)
      
    - Fix CVE-2018-16438 / GHSA-9xmm-cpf8-rgmx

      Make sure info block for external links has at least 3 bytes.
    
      According to the specification, the information block for external links
      contains 1 byte of version/flag information and two 0 terminated strings
      for the object linked to and the full path.
      Although not very useful, the minimum string length for each (with
      terminating 0) would be one byte.
      Checking this helps to avoid SEGVs triggered by bogus files.

      (EFE - 2022/10/09 GH-2233)

    - CVE-2021-46244 / GHSA-vrxh-5gxg-rmhm

      Compound datatypes may not have members of size 0
 
      A member size of 0 may lead to an FPE later on as reported in
      CVE-2021-46244. To avoid this, check for this as soon as the
      member is decoded.

      (EFE - 2022/10/05 GEH-2242)


    - Fix CVE-2021-45830 / GHSA-5h2h-fjjr-x9m2

      Make H5O__fsinfo_decode() more resilient to out-of-bound reads.

      When decoding a file space info message in H5O__fsinfo_decode()  make
      sure each element to be decoded is still within the message. Malformed
      hdf5 files may have trunkated content which does not match the
      expected size. Checking this will prevent attempting to decode
      unrelated data and heap overflows. So far, only free space manager
      address data was checked before decoding.

      (EFE - 2022/10/05 GH-2228)

    - Fix CVE-2021-46242 / GHSA-x9pw-hh7v-wjpf

      When evicting driver info block, NULL the corresponding entry.

      Since H5C_expunge_entry() called (from H5AC_expunge_entry()) sets the  flag
      H5C__FLUSH_INVALIDATE_FLAG, the driver info block will be freed. NULLing
      the pointer in f->shared->drvinfo will prevent use-after-free  when it is
      used in other functions (like  H5F__dest()) - as other places will check
      whether the pointer is initialized before using its value.

      (EFE - 2022/09/29 GH-2254)

    - Fix CVE-2021-45833 / GHSA-x57p-jwp6-4v79

      Report error if dimensions of chunked storage in data layout < 2
    
      For Data Layout Messages version 1 & 2 the specification state
      that the value stored in the data field is 1 greater than the
      number of dimensions in the dataspace. For version 3 this is
      not explicitly stated but the implementation suggests it to be
      the case.
      Thus the set value needs to be at least 2. For dimensionality
      < 2 an out-of-bounds access occurs.
 
      (EFE - 2022/09/28 GH-2240)
      
    - Fix CVE-2018-14031 / GHSA-2xc7-724c-r36j

      Parent of enum datatype message must have the same size as the
      enum datatype message itself.
      Functions accessing the enumeration values use the size of the
      enumeration datatype to determine the size of each element and
      how much data to copy.
      Thus the size of the enumeration and its parent need to match.
      Check in H5O_dtype_decode_helper()  to avoid unpleasant surprises
      later.

      (EFE - 2022/09/28 GH-2236)

    - Fix CVE-2018-17439 / GHSA-vcxv-vp43-rch7

      H5IMget_image_info(): Make sure to not exceed local array size

      Malformed hdf5 files may provide more dimensions than the array dim[] in
      H5IMget_image_info() is able to hold. Check number of elements first by calling
      H5Sget_simple_extent_dims() with NULL for both 'dims' and 'maxdims' arguments.
      This will cause the function to return only the number of dimensions.
      The fix addresses a stack overflow on write.

      (EFE - 2022/09/27 HDFFV-10589, GH-2226)


    Java Library
    ------------
    -


    Configuration
    -------------
    - Change the settings of the *pc files to use the correct format

      The pkg-config files generated by CMake uses incorrect syntax for the 'Requires'
      settings. Changing the set to use 'lib-name = version' instead 'lib-name-version'
      fixes the issue

      (ADB - 2022/12/06 HDFFV-11355)

    - Move MPI libraries link from PRIVATE to PUBLIC

      The install dependencies were not including the need for MPI libraries when
      an application or library was built with the C library. Also updated the
      CMake target link command to use the newer style MPI::MPI_C link variable.

      (ADB - 2022/10/27)


    Tools
    -----
    - Fix h5repack to only print output when verbose option is selected

      When timing option was added to h5repack, the check for verbose was
      incorrectly implemented.

      (ADB -  2022/12/02, GH #2270)


    Performance
    -------------
    -


    Fortran API
    -----------
    -

    High-Level Library
    ------------------
    -


    Fortran High-Level APIs
    -----------------------
    -


    Documentation
    -------------
    -


    F90 APIs
    --------
    -


    C++ APIs
    --------
    - 


    Testing
    -------
    -


Platforms Tested
===================

    Linux 5.16.14-200.fc35           GNU gcc (GCC) 11.2.1 20220127 (Red Hat 11.2.1-9)
    #1 SMP x86_64  GNU/Linux         GNU Fortran (GCC) 11.2.1 20220127 (Red Hat 11.2.1-9)
    Fedora35                         clang version 13.0.0 (Fedora 13.0.0-3.fc35)
                                     (cmake and autotools)

    Linux 5.11.0-34-generic          GNU gcc (GCC) 9.3.0-17ubuntu1
    #36-Ubuntu SMP x86_64 GNU/Linux  GNU Fortran (GCC) 9.3.0-17ubuntu1
    Ubuntu 20.04                     Ubuntu clang version 10.0.0-4
                                     (cmake and autotools)

    Linux 5.3.18-150300-cray_shasta_c cray-mpich/8.1.16
    #1 SMP x86_64 GNU/Linux              Cray clang 14.0.0
    (crusher)                            GCC 11.2.0
                                     (cmake)

    Linux 4.14.0-115.35.1.1chaos     openmpi 4.0.5
    #1 SMP aarch64 GNU/Linux             GCC 9.2.0 (ARM-build-5)
    (stria)                              GCC 7.2.0 (Spack GCC)
                                     (cmake)

    Linux 4.14.0-115.35.1.3chaos     spectrum-mpi/rolling-release
    #1 SMP ppc64le GNU/Linux             clang 12.0.1
    (vortex)                             GCC 8.3.1
                                         XL 16.1.1
                                     (cmake)

    Linux-4.14.0-115.21.2            spectrum-mpi/rolling-release
    #1 SMP ppc64le GNU/Linux             clang 12.0.1, 14.0.5
    (lassen)                             GCC 8.3.1
                                         XL 16.1.1.2, 2021,09.22, 2022.08.05
                                     (cmake)

    Linux-4.12.14-197.99-default     cray-mpich/7.7.14
    #1 SMP x86_64 GNU/Linux              cce 12.0.3
    (theta)                              GCC 11.2.0
                                         llvm 9.0
                                         Intel 19.1.2

    Linux 3.10.0-1160.36.2.el7.ppc64 gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-39)
    #1 SMP ppc64be GNU/Linux         g++ (GCC) 4.8.5 20150623 (Red Hat 4.8.5-39)
    Power8 (echidna)                 GNU Fortran (GCC) 4.8.5 20150623 (Red Hat 4.8.5-39)

    Linux 3.10.0-1160.24.1.el7       GNU C (gcc), Fortran (gfortran), C++ (g++)
    #1 SMP x86_64 GNU/Linux          compilers:
    Centos7                              Version 4.8.5 20150623 (Red Hat 4.8.5-4)
    (jelly/kituo/moohan)                 Version 4.9.3, Version 5.3.0, Version 6.3.0,
                                         Version 7.2.0, Version 8.3.0, Version 9.1.0
                                     Intel(R) C (icc), C++ (icpc), Fortran (icc)
                                     compilers:
                                         Version 17.0.0.098 Build 20160721
                                     GNU C (gcc) and C++ (g++) 4.8.5 compilers
                                         with NAG Fortran Compiler Release 6.1(Tozai)
                                     Intel(R) C (icc) and C++ (icpc) 17.0.0.098 compilers
                                         with NAG Fortran Compiler Release 6.1(Tozai)
                                     MPICH 3.1.4 compiled with GCC 4.9.3
                                     MPICH 3.3 compiled with GCC 7.2.0
                                     OpenMPI 2.1.6 compiled with icc 18.0.1
                                     OpenMPI 3.1.3 and 4.0.0 compiled with GCC 7.2.0
                                     PGI C, Fortran, C++ for 64-bit target on
                                     x86_64;
                                         Version 19.10-0
                                     (autotools and cmake)

    Linux-3.10.0-1160.0.0.1chaos     openmpi-4.1.2
    #1 SMP x86_64 GNU/Linux              clang 6.0.0, 11.0.1
    (quartz)                             GCC 7.3.0, 8.1.0
                                         Intel 19.0.4, 2022.2, oneapi.2022.2

    Linux-3.10.0-1160.71.1.1chaos    openmpi/4.1
    #1 SMP x86_64 GNU/Linux              GCC 7.2.0
    (skybridge)                          Intel/19.1
                                     (cmake)

    Linux-3.10.0-1160.66.1.1chaos    openmpi/4.1
    #1 SMP x86_64 GNU/Linux              GCC 7.2.0
    (attaway)                            Intel/19.1
                                     (cmake)

    Linux-3.10.0-1160.59.1.1chaos    openmpi/4.1
    #1 SMP x86_64 GNU/Linux              Intel/19.1
    (chama)                          (cmake)

    macOS Apple M1 11.6              Apple clang version 12.0.5 (clang-1205.0.22.11)
    Darwin 20.6.0 arm64              gfortran GNU Fortran (Homebrew GCC 11.2.0) 11.1.0
    (macmini-m1)                     Intel icc/icpc/ifort version 2021.3.0 202106092021.3.0 20210609

    macOS Big Sur 11.3.1             Apple clang version 12.0.5 (clang-1205.0.22.9)
    Darwin 20.4.0 x86_64             gfortran GNU Fortran (Homebrew GCC 10.2.0_3) 10.2.0
    (bigsur-1)                       Intel icc/icpc/ifort version 2021.2.0 20210228

    macOS High Sierra 10.13.6        Apple LLVM version 10.0.0 (clang-1000.10.44.4)
    64-bit                           gfortran GNU Fortran (GCC) 6.3.0
    (bear)                           Intel icc/icpc/ifort version 19.0.4.233 20190416

    macOS Sierra 10.12.6             Apple LLVM version 9.0.0 (clang-900.39.2)
    64-bit                           gfortran GNU Fortran (GCC) 7.4.0
    (kite)                           Intel icc/icpc/ifort version 17.0.2

    Mac OS X El Capitan 10.11.6      Apple clang version 7.3.0 from Xcode 7.3
    64-bit                           gfortran GNU Fortran (GCC) 5.2.0
    (osx1011test)                    Intel icc/icpc/ifort version 16.0.2


    Linux 2.6.32-573.22.1.el6        GNU C (gcc), Fortran (gfortran), C++ (g++)
    #1 SMP x86_64 GNU/Linux          compilers:
    Centos6                              Version 4.4.7 20120313
    (platypus)                           Version 4.9.3, 5.3.0, 6.2.0
                                     MPICH 3.1.4 compiled with GCC 4.9.3
                                     PGI C, Fortran, C++ for 64-bit target on
                                     x86_64;
                                         Version 19.10-0

    Windows 10 x64                  Visual Studio 2015 w/ Intel C/C++/Fortran 18 (cmake)
                                    Visual Studio 2017 w/ Intel C/C++/Fortran 19 (cmake)
                                    Visual Studio 2019 w/ clang 12.0.0
                                        with MSVC-like command-line (C/C++ only - cmake)
                                    Visual Studio 2019 w/ Intel C/C++/Fortran oneAPI 2021 (cmake)
                                    Visual Studio 2019 w/ MSMPI 10.1 (C only - cmake)


Known Problems
==============

       ************************************************************
       *                                  _                       *
       *                                 (_)                      *
       *        __      ____ _ _ __ _ __  _ _ __   __ _           *
       *        \ \ /\ / / _` | '__| '_ \| | '_ \ / _` |          *
       *         \ V  V / (_| | |  | | | | | | | | (_| |          *
       *          \_/\_/ \__,_|_|  |_| |_|_|_| |_|\__, |          *
       *                                           __/ |          *
       *                                          |___/           *
       *                                                          *
       *  Please refrain from running any program (including      *
       *  HDF5 tests) which uses the subfiling VFD on Perlmutter  *
       *  at the National Energy Research Scientific Computing    *
       *  Center, NERSC.                                          *
       *  Doing so may cause a system disruption due to subfiling *
       *  crashing Lustre. The sytem's Lustre bug is expected     *
       *  to be resolved by 2023.                                 *
       *                                                          *
       ************************************************************

    CMake files do not behave correctly with paths containing spaces.
    Do not use spaces in paths because the required escaping for handling spaces
    results in very complex and fragile build files.
    ADB - 2019/05/07

    At present, metadata cache images may not be generated by parallel
    applications.  Parallel applications can read files with metadata cache
    images, but since this is a collective operation, a deadlock is possible
    if one or more processes do not participate.

    CPP ptable test fails on both VS2017 and VS2019 with Intel compiler, JIRA
    issue: HDFFV-10628.  This test will pass with VS2015 with Intel compiler.

    The subsetting option in ph5diff currently will fail and should be avoided.
    The subsetting option works correctly in serial h5diff.

    Several tests currently fail on certain platforms:
        MPI_TEST-t_bigio fails with spectrum-mpi on ppc64le platforms.

        MPI_TEST-t_subfiling_vfd and MPI_TEST_EXAMPLES-ph5_subfiling fail with
        cray-mpich on theta and with XL compilers on ppc64le platforms.

        MPI_TEST_testphdf5_tldsc fails with cray-mpich 7.7 on cori and theta.

    Known problems in previous releases can be found in the HISTORY*.txt files
    in the HDF5 source. Please report any new problems found to
    help@hdfgroup.org.


CMake vs. Autotools installations
=================================
While both build systems produce similar results, there are differences.
Each system produces the same set of folders on linux (only CMake works
on standard Windows); bin, include, lib and share. Autotools places the
COPYING and RELEASE.txt file in the root folder, CMake places them in
the share folder.

The bin folder contains the tools and the build scripts. Additionally, CMake
creates dynamic versions of the tools with the suffix "-shared". Autotools
installs one set of tools depending on the "--enable-shared" configuration
option.
  build scripts
  -------------
  Autotools: h5c++, h5cc, h5fc
  CMake: h5c++, h5cc, h5hlc++, h5hlcc

The include folder holds the header files and the fortran mod files. CMake
places the fortran mod files into separate shared and static subfolders,
while Autotools places one set of mod files into the include folder. Because
CMake produces a tools library, the header files for tools will appear in
the include folder.

The lib folder contains the library files, and CMake adds the pkgconfig
subfolder with the hdf5*.pc files used by the bin/build scripts created by
the CMake build. CMake separates the C interface code from the fortran code by
creating C-stub libraries for each Fortran library. In addition, only CMake
installs the tools library. The names of the szip libraries are different
between the build systems.

The share folder will have the most differences because CMake builds include
a number of CMake specific files for support of CMake's find_package and support
for the HDF5 Examples CMake project.

The issues with the gif tool are:
    HDFFV-10592 CVE-2018-17433
    HDFFV-10593 CVE-2018-17436
    HDFFV-11048 CVE-2020-10809
These CVE issues have not yet been addressed and can be avoided by not building
the gif tool. Disable building the High-Level tools with these options:
    autotools:   --disable-hltools
    cmake:       HDF5_BUILD_HL_TOOLS=OFF