[arch-commits] Commit in hdf5/repos (6 files)
Bruno Pagani
archange at archlinux.org
Fri Jun 16 13:41:59 UTC 2017
Date: Friday, June 16, 2017 @ 13:41:58
Author: archange
Revision: 237627
archrelease: copy trunk to community-i686, community-x86_64
Added:
hdf5/repos/community-i686/PKGBUILD
(from rev 237626, hdf5/trunk/PKGBUILD)
hdf5/repos/community-i686/hdf51.10-CVE2016.patch
(from rev 237626, hdf5/trunk/hdf51.10-CVE2016.patch)
hdf5/repos/community-x86_64/PKGBUILD
(from rev 237626, hdf5/trunk/PKGBUILD)
hdf5/repos/community-x86_64/hdf51.10-CVE2016.patch
(from rev 237626, hdf5/trunk/hdf51.10-CVE2016.patch)
Deleted:
hdf5/repos/community-i686/PKGBUILD
hdf5/repos/community-x86_64/PKGBUILD
-----------------------------------------+
/PKGBUILD | 116 ++++++++++++
community-i686/PKGBUILD | 43 ----
community-i686/hdf51.10-CVE2016.patch | 280 ++++++++++++++++++++++++++++++
community-x86_64/PKGBUILD | 43 ----
community-x86_64/hdf51.10-CVE2016.patch | 280 ++++++++++++++++++++++++++++++
5 files changed, 676 insertions(+), 86 deletions(-)
Deleted: community-i686/PKGBUILD
===================================================================
--- community-i686/PKGBUILD 2017-06-16 13:13:24 UTC (rev 237626)
+++ community-i686/PKGBUILD 2017-06-16 13:41:58 UTC (rev 237627)
@@ -1,43 +0,0 @@
-# $Id$
-# Maintainer: Ronald van Haren <ronald.archlinux.org>
-# Contributor: Stefan Husmann <stefan-husmann at t-online.de>
-# Contributor: damir <damir at archlinux.org>
-# Contributor: Tom K <tomk at runbox.com>
-
-pkgname=hdf5
-pkgver=1.10.0_patch1
-_pkgver=1.10.0-patch1
-pkgrel=1
-arch=('i686' 'x86_64')
-pkgdesc="General purpose library and file format for storing scientific data"
-url="http://www.hdfgroup.org/HDF5/"
-license=('custom')
-depends=('zlib' 'sh')
-makedepends=('time')
-source=(ftp://ftp.hdfgroup.org/HDF5/releases/${pkgname}-1.10/${pkgname}-${_pkgver}/src/${pkgname}-${_pkgver}.tar.bz2)
-sha1sums=('2f34251186fa9e59887d8f094bc0bc90187d0aa4')
-
-build() {
- cd "$srcdir/${pkgname}-${pkgver/_/-}"
-
- ./configure --prefix=/usr --disable-static \
- --enable-hl \
- --enable-linux-lfs \
- --enable-build-mode=production \
- --with-pic \
- --docdir=/usr/share/doc/hdf5/ \
- --with-pthread=/usr/lib/ \
- --disable-sharedlib-rpath
- make
-}
-
-package() {
- cd "$srcdir/${pkgname}-${pkgver/_/-}"
-
- make -j1 DESTDIR="${pkgdir}" install
-
- install -d -m755 "$pkgdir/usr/share/licenses/${pkgname}"
- install -m644 "$srcdir/${pkgname}-${pkgver/_/-}/COPYING" \
- "$pkgdir/usr/share/licenses/${pkgname}/LICENSE"
-}
-
Copied: hdf5/repos/community-i686/PKGBUILD (from rev 237626, hdf5/trunk/PKGBUILD)
===================================================================
--- community-i686/PKGBUILD (rev 0)
+++ community-i686/PKGBUILD 2017-06-16 13:41:58 UTC (rev 237627)
@@ -0,0 +1,58 @@
+# $Id$
+# Maintainer: Ronald van Haren <ronald.archlinux.org>
+# Maintainer: Bruno Pagani (a.k.a. ArchangeGabriel) <archange at archlinux.org>
+# Contributor: Stefan Husmann <stefan-husmann at t-online.de>
+# Contributor: damir <damir at archlinux.org>
+# Contributor: Tom K <tomk at runbox.com>
+
+pkgname=hdf5
+_patch=patch1
+pkgver=1.10.0_${_patch}
+pkgrel=2
+pkgdesc="General purpose library and file format for storing scientific data"
+arch=('i686' 'x86_64')
+url="https://www.hdfgroup.org/hdf5/"
+license=('custom')
+depends=('zlib' 'bash')
+makedepends=('time' 'gcc-fortran')
+replaces=('hdf5-cpp-fortran')
+provides=('hdf5-cpp-fortran')
+source=("https://support.hdfgroup.org/ftp/HDF5/releases/${pkgname}-${pkgver:0:4}/${pkgname}-${pkgver/_/-}/src/${pkgname}-${pkgver/_/-}.tar.bz2"
+ 'hdf51.10-CVE2016.patch')
+# https://support.hdfgroup.org/ftp/HDF5/releases/${pkgname}-${pkgver:0:4}/${pkgname}-${pkgver/_/-}/src/${pkgname}-${pkgver/_/-}.md5
+md5sums=('f6d980febe2c35c11670a9b34fa3b487'
+ 'ebc0db3fe6d55dc39f63143ebb6327d4')
+
+prepare() {
+ cd ${pkgname}-${pkgver/_/-}
+
+ patch -p0 -i ../hdf51.10-CVE2016.patch
+}
+
+build() {
+ cd ${pkgname}-${pkgver/_/-}
+
+ ./configure \
+ --prefix=/usr \
+ --disable-static \
+ --enable-hl \
+ --enable-build-mode=production \
+ --with-pic \
+ --docdir=/usr/share/doc/hdf5/ \
+ --disable-sharedlib-rpath \
+ --enable-cxx \
+ --enable-fortran \
+ --with-zlib
+ make
+}
+
+package() {
+ cd ${pkgname}-${pkgver/_/-}
+
+ make -j1 DESTDIR="${pkgdir}" install
+
+ install -dm755 "${pkgdir}"/usr/share/${pkgname}
+ mv "${pkgdir}"/usr/share/{hdf5_examples,${pkgname}/examples}
+
+ install -Dm644 COPYING "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE
+}
Copied: hdf5/repos/community-i686/hdf51.10-CVE2016.patch (from rev 237626, hdf5/trunk/hdf51.10-CVE2016.patch)
===================================================================
--- community-i686/hdf51.10-CVE2016.patch (rev 0)
+++ community-i686/hdf51.10-CVE2016.patch 2017-06-16 13:41:58 UTC (rev 237627)
@@ -0,0 +1,280 @@
+diff --git src/H5Ocache.c src/H5Ocache.c
+index 831b08a..eab0fd2 100644
+--- src/H5Ocache.c
++++ src/H5Ocache.c
+@@ -1433,6 +1433,10 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image
+ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message")
+ if((flags & H5O_MSG_FLAG_WAS_UNKNOWN) && !(flags & H5O_MSG_FLAG_MARK_IF_UNKNOWN))
+ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message")
++ if((flags & H5O_MSG_FLAG_SHAREABLE)
++ && H5O_msg_class_g[id]
++ && !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE))
++ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message of unsharable class flagged as sharable")
+
+ /* Reserved bytes/creation index */
+ if(oh->version == H5O_VERSION_1)
+diff --git src/H5Odtype.c src/H5Odtype.c
+index e51d319..799f475 100644
+--- src/H5Odtype.c
++++ src/H5Odtype.c
+@@ -311,7 +311,11 @@ H5O_dtype_decode_helper(H5F_t *f, unsigned *ioflags/*in,out*/, const uint8_t **p
+ if(version == H5O_DTYPE_VERSION_1) {
+ /* Decode the number of dimensions */
+ ndims = *(*pp)++;
+- HDassert(ndims <= 4);
++
++ /* Check that ndims is valid */
++ if(ndims > 4)
++ HGOTO_ERROR(H5E_DATATYPE, H5E_BADTYPE, FAIL, "invalid number of dimensions for array")
++
+ *pp += 3; /*reserved bytes */
+
+ /* Skip dimension permutation */
+@@ -519,7 +523,8 @@ H5O_dtype_decode_helper(H5F_t *f, unsigned *ioflags/*in,out*/, const uint8_t **p
+ dt->shared->u.array.ndims = *(*pp)++;
+
+ /* Double-check the number of dimensions */
+- HDassert(dt->shared->u.array.ndims <= H5S_MAX_RANK);
++ if(dt->shared->u.array.ndims > H5S_MAX_RANK)
++ HGOTO_ERROR(H5E_DATATYPE, H5E_CANTLOAD, FAIL, "too many dimensions for array datatype")
+
+ /* Skip reserved bytes, if version has them */
+ if(version < H5O_DTYPE_VERSION_3)
+diff --git src/H5Opkg.h src/H5Opkg.h
+index 7473397..0fefa21 100644
+--- src/H5Opkg.h
++++ src/H5Opkg.h
+@@ -212,6 +212,7 @@
+ \
+ /* Set the message's "shared info", if it's shareable */ \
+ if((MSG)->flags & H5O_MSG_FLAG_SHAREABLE) { \
++ HDassert(msg_type->share_flags & H5O_SHARE_IS_SHARABLE); \
+ H5O_UPDATE_SHARED((H5O_shared_t *)(MSG)->native, H5O_SHARE_TYPE_HERE, (F), msg_type->id, (MSG)->crt_idx, (OH)->chunk[0].addr) \
+ } /* end if */ \
+ \
+diff --git src/H5Znbit.c src/H5Znbit.c
+index e2fb300..ca9f52a 100644
+--- src/H5Znbit.c
++++ src/H5Znbit.c
+@@ -60,11 +60,11 @@ static void H5Z_nbit_decompress_one_nooptype(unsigned char *data, size_t data_of
+ unsigned char *buffer, size_t *j, int *buf_len, unsigned size);
+ static void H5Z_nbit_decompress_one_atomic(unsigned char *data, size_t data_offset,
+ unsigned char *buffer, size_t *j, int *buf_len, parms_atomic p);
+-static void H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
++static herr_t H5Z__nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+ unsigned char *buffer, size_t *j, int *buf_len, const unsigned parms[]);
+-static void H5Z_nbit_decompress_one_compound(unsigned char *data, size_t data_offset,
++static herr_t H5Z__nbit_decompress_one_compound(unsigned char *data, size_t data_offset,
+ unsigned char *buffer, size_t *j, int *buf_len, const unsigned parms[]);
+-static void H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer,
++static herr_t H5Z__nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer,
+ const unsigned parms[]);
+ static void H5Z_nbit_compress_one_nooptype(unsigned char *data, size_t data_offset,
+ unsigned char *buffer, size_t *j, int *buf_len, unsigned size);
+@@ -990,7 +990,8 @@ H5Z_filter_nbit(unsigned flags, size_t cd_nelmts, const unsigned cd_values[],
+ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, 0, "memory allocation failed for nbit decompression")
+
+ /* decompress the buffer */
+- H5Z_nbit_decompress(outbuf, d_nelmts, (unsigned char *)*buf, cd_values);
++ if(H5Z__nbit_decompress(outbuf, d_nelmts, (unsigned char *)*buf, cd_values) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, 0, "can't decompress buffer")
+ } /* end if */
+ /* output; compress */
+ else {
+@@ -1139,12 +1140,15 @@ H5Z_nbit_decompress_one_atomic(unsigned char *data, size_t data_offset,
+ }
+ }
+
+-static void
+-H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
++static herr_t
++H5Z__nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+ unsigned char *buffer, size_t *j, int *buf_len, const unsigned parms[])
+ {
+ unsigned i, total_size, base_class, base_size, n, begin_index;
+ parms_atomic p;
++ herr_t ret_value = SUCCEED; /* Return value */
++
++ FUNC_ENTER_STATIC
+
+ total_size = parms[parms_index++];
+ base_class = parms[parms_index++];
+@@ -1155,7 +1159,12 @@ H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+ p.order = parms[parms_index++];
+ p.precision = parms[parms_index++];
+ p.offset = parms[parms_index++];
+- n = total_size/p.size;
++
++ /* Check values of precision and offset */
++ if(p.precision > p.size * 8 || (p.precision + p.offset) > p.size * 8)
++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "invalid datatype precision/offset")
++
++ n = total_size / p.size;
+ for(i = 0; i < n; i++)
+ H5Z_nbit_decompress_one_atomic(data, data_offset + i*p.size,
+ buffer, j, buf_len, p);
+@@ -1165,8 +1174,9 @@ H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+ n = total_size/base_size; /* number of base_type elements inside the array datatype */
+ begin_index = parms_index;
+ for(i = 0; i < n; i++) {
+- H5Z_nbit_decompress_one_array(data, data_offset + i*base_size,
+- buffer, j, buf_len, parms);
++ if(H5Z__nbit_decompress_one_array(data, data_offset + i * base_size,
++ buffer, j, buf_len, parms) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress array")
+ parms_index = begin_index;
+ }
+ break;
+@@ -1175,8 +1185,9 @@ H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+ n = total_size/base_size; /* number of base_type elements inside the array datatype */
+ begin_index = parms_index;
+ for(i = 0; i < n; i++) {
+- H5Z_nbit_decompress_one_compound(data, data_offset + i*base_size,
+- buffer, j, buf_len, parms);
++ if(H5Z__nbit_decompress_one_compound(data, data_offset + i * base_size,
++ buffer, j, buf_len, parms) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress compound")
+ parms_index = begin_index;
+ }
+ break;
+@@ -1187,51 +1198,76 @@ H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+ default:
+ HDassert(0 && "This Should never be executed!");
+ } /* end switch */
++
++done:
++ FUNC_LEAVE_NOAPI(ret_value)
+ }
+
+-static void
+-H5Z_nbit_decompress_one_compound(unsigned char *data, size_t data_offset,
++static herr_t
++H5Z__nbit_decompress_one_compound(unsigned char *data, size_t data_offset,
+ unsigned char *buffer, size_t *j, int *buf_len, const unsigned parms[])
+ {
+- unsigned i, nmembers, member_offset, member_class, size;
++ unsigned i, nmembers, member_offset, member_class, member_size, used_size = 0, size;
+ parms_atomic p;
++ herr_t ret_value = SUCCEED; /* Return value */
+
+- parms_index++; /* skip total size of compound datatype */
++ FUNC_ENTER_STATIC
++
++ size = parms[parms_index++];
+ nmembers = parms[parms_index++];
+
+ for(i = 0; i < nmembers; i++) {
+ member_offset = parms[parms_index++];
+ member_class = parms[parms_index++];
++
++ /* Check for overflow */
++ member_size = parms[parms_index];
++ used_size += member_size;
++ if(used_size > size)
++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "compound member offset overflowed compound size")
+ switch(member_class) {
+ case H5Z_NBIT_ATOMIC:
+- p.size = parms[parms_index++];
++ p.size = member_size;
++ /* Advance past member size */
++ parms_index++;
+ p.order = parms[parms_index++];
+ p.precision = parms[parms_index++];
+ p.offset = parms[parms_index++];
++
++ /* Check values of precision and offset */
++ if(p.precision > p.size * 8 || (p.precision + p.offset) > p.size * 8)
++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "invalid datatype precision/offset")
++
+ H5Z_nbit_decompress_one_atomic(data, data_offset + member_offset,
+ buffer, j, buf_len, p);
+ break;
+ case H5Z_NBIT_ARRAY:
+- H5Z_nbit_decompress_one_array(data, data_offset + member_offset,
+- buffer, j, buf_len, parms);
++ if(H5Z__nbit_decompress_one_array(data, data_offset + member_offset,
++ buffer, j, buf_len, parms) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress array")
+ break;
+ case H5Z_NBIT_COMPOUND:
+- H5Z_nbit_decompress_one_compound(data, data_offset+member_offset,
+- buffer, j, buf_len, parms);
++ if(H5Z__nbit_decompress_one_compound(data, data_offset+member_offset,
++ buffer, j, buf_len, parms) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress compound")
+ break;
+ case H5Z_NBIT_NOOPTYPE:
+- size = parms[parms_index++];
++ /* Advance past member size */
++ parms_index++;
+ H5Z_nbit_decompress_one_nooptype(data, data_offset+member_offset,
+- buffer, j, buf_len, size);
++ buffer, j, buf_len, member_size);
+ break;
+ default:
+ HDassert(0 && "This Should never be executed!");
+ } /* end switch */
+ }
++
++done:
++ FUNC_LEAVE_NOAPI(ret_value)
+ }
+
+-static void
+-H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer,
++static herr_t
++H5Z__nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer,
+ const unsigned parms[])
+ {
+ /* i: index of data, j: index of buffer,
+@@ -1239,6 +1275,9 @@ H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffe
+ size_t i, j, size;
+ int buf_len;
+ parms_atomic p;
++ herr_t ret_value = SUCCEED; /* Return value */
++
++ FUNC_ENTER_STATIC
+
+ /* may not have to initialize to zeros */
+ for(i = 0; i < d_nelmts*parms[4]; i++) data[i] = 0;
+@@ -1254,6 +1293,11 @@ H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffe
+ p.order = parms[5];
+ p.precision = parms[6];
+ p.offset = parms[7];
++
++ /* Check values of precision and offset */
++ if(p.precision > p.size * 8 || (p.precision + p.offset) > p.size * 8)
++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "invalid datatype precision/offset")
++
+ for(i = 0; i < d_nelmts; i++) {
+ H5Z_nbit_decompress_one_atomic(data, i*p.size, buffer, &j, &buf_len, p);
+ }
+@@ -1262,7 +1306,8 @@ H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffe
+ size = parms[4];
+ parms_index = 4;
+ for(i = 0; i < d_nelmts; i++) {
+- H5Z_nbit_decompress_one_array(data, i*size, buffer, &j, &buf_len, parms);
++ if(H5Z__nbit_decompress_one_array(data, i*size, buffer, &j, &buf_len, parms) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress array")
+ parms_index = 4;
+ }
+ break;
+@@ -1270,13 +1315,17 @@ H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffe
+ size = parms[4];
+ parms_index = 4;
+ for(i = 0; i < d_nelmts; i++) {
+- H5Z_nbit_decompress_one_compound(data, i*size, buffer, &j, &buf_len, parms);
++ if(H5Z__nbit_decompress_one_compound(data, i*size, buffer, &j, &buf_len, parms) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress compound")
+ parms_index = 4;
+ }
+ break;
+ default:
+ HDassert(0 && "This Should never be executed!");
+ } /* end switch */
++
++done:
++ FUNC_LEAVE_NOAPI(ret_value)
+ }
+
+ static void H5Z_nbit_compress_one_byte(unsigned char *data, size_t data_offset, int k, int begin_i,
Deleted: community-x86_64/PKGBUILD
===================================================================
--- community-x86_64/PKGBUILD 2017-06-16 13:13:24 UTC (rev 237626)
+++ community-x86_64/PKGBUILD 2017-06-16 13:41:58 UTC (rev 237627)
@@ -1,43 +0,0 @@
-# $Id$
-# Maintainer: Ronald van Haren <ronald.archlinux.org>
-# Contributor: Stefan Husmann <stefan-husmann at t-online.de>
-# Contributor: damir <damir at archlinux.org>
-# Contributor: Tom K <tomk at runbox.com>
-
-pkgname=hdf5
-pkgver=1.10.0_patch1
-_pkgver=1.10.0-patch1
-pkgrel=1
-arch=('i686' 'x86_64')
-pkgdesc="General purpose library and file format for storing scientific data"
-url="http://www.hdfgroup.org/HDF5/"
-license=('custom')
-depends=('zlib' 'sh')
-makedepends=('time')
-source=(ftp://ftp.hdfgroup.org/HDF5/releases/${pkgname}-1.10/${pkgname}-${_pkgver}/src/${pkgname}-${_pkgver}.tar.bz2)
-sha1sums=('2f34251186fa9e59887d8f094bc0bc90187d0aa4')
-
-build() {
- cd "$srcdir/${pkgname}-${pkgver/_/-}"
-
- ./configure --prefix=/usr --disable-static \
- --enable-hl \
- --enable-linux-lfs \
- --enable-build-mode=production \
- --with-pic \
- --docdir=/usr/share/doc/hdf5/ \
- --with-pthread=/usr/lib/ \
- --disable-sharedlib-rpath
- make
-}
-
-package() {
- cd "$srcdir/${pkgname}-${pkgver/_/-}"
-
- make -j1 DESTDIR="${pkgdir}" install
-
- install -d -m755 "$pkgdir/usr/share/licenses/${pkgname}"
- install -m644 "$srcdir/${pkgname}-${pkgver/_/-}/COPYING" \
- "$pkgdir/usr/share/licenses/${pkgname}/LICENSE"
-}
-
Copied: hdf5/repos/community-x86_64/PKGBUILD (from rev 237626, hdf5/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD (rev 0)
+++ community-x86_64/PKGBUILD 2017-06-16 13:41:58 UTC (rev 237627)
@@ -0,0 +1,58 @@
+# $Id$
+# Maintainer: Ronald van Haren <ronald.archlinux.org>
+# Maintainer: Bruno Pagani (a.k.a. ArchangeGabriel) <archange at archlinux.org>
+# Contributor: Stefan Husmann <stefan-husmann at t-online.de>
+# Contributor: damir <damir at archlinux.org>
+# Contributor: Tom K <tomk at runbox.com>
+
+pkgname=hdf5
+_patch=patch1
+pkgver=1.10.0_${_patch}
+pkgrel=2
+pkgdesc="General purpose library and file format for storing scientific data"
+arch=('i686' 'x86_64')
+url="https://www.hdfgroup.org/hdf5/"
+license=('custom')
+depends=('zlib' 'bash')
+makedepends=('time' 'gcc-fortran')
+replaces=('hdf5-cpp-fortran')
+provides=('hdf5-cpp-fortran')
+source=("https://support.hdfgroup.org/ftp/HDF5/releases/${pkgname}-${pkgver:0:4}/${pkgname}-${pkgver/_/-}/src/${pkgname}-${pkgver/_/-}.tar.bz2"
+ 'hdf51.10-CVE2016.patch')
+# https://support.hdfgroup.org/ftp/HDF5/releases/${pkgname}-${pkgver:0:4}/${pkgname}-${pkgver/_/-}/src/${pkgname}-${pkgver/_/-}.md5
+md5sums=('f6d980febe2c35c11670a9b34fa3b487'
+ 'ebc0db3fe6d55dc39f63143ebb6327d4')
+
+prepare() {
+ cd ${pkgname}-${pkgver/_/-}
+
+ patch -p0 -i ../hdf51.10-CVE2016.patch
+}
+
+build() {
+ cd ${pkgname}-${pkgver/_/-}
+
+ ./configure \
+ --prefix=/usr \
+ --disable-static \
+ --enable-hl \
+ --enable-build-mode=production \
+ --with-pic \
+ --docdir=/usr/share/doc/hdf5/ \
+ --disable-sharedlib-rpath \
+ --enable-cxx \
+ --enable-fortran \
+ --with-zlib
+ make
+}
+
+package() {
+ cd ${pkgname}-${pkgver/_/-}
+
+ make -j1 DESTDIR="${pkgdir}" install
+
+ install -dm755 "${pkgdir}"/usr/share/${pkgname}
+ mv "${pkgdir}"/usr/share/{hdf5_examples,${pkgname}/examples}
+
+ install -Dm644 COPYING "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE
+}
Copied: hdf5/repos/community-x86_64/hdf51.10-CVE2016.patch (from rev 237626, hdf5/trunk/hdf51.10-CVE2016.patch)
===================================================================
--- community-x86_64/hdf51.10-CVE2016.patch (rev 0)
+++ community-x86_64/hdf51.10-CVE2016.patch 2017-06-16 13:41:58 UTC (rev 237627)
@@ -0,0 +1,280 @@
+diff --git src/H5Ocache.c src/H5Ocache.c
+index 831b08a..eab0fd2 100644
+--- src/H5Ocache.c
++++ src/H5Ocache.c
+@@ -1433,6 +1433,10 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image
+ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message")
+ if((flags & H5O_MSG_FLAG_WAS_UNKNOWN) && !(flags & H5O_MSG_FLAG_MARK_IF_UNKNOWN))
+ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message")
++ if((flags & H5O_MSG_FLAG_SHAREABLE)
++ && H5O_msg_class_g[id]
++ && !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE))
++ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message of unsharable class flagged as sharable")
+
+ /* Reserved bytes/creation index */
+ if(oh->version == H5O_VERSION_1)
+diff --git src/H5Odtype.c src/H5Odtype.c
+index e51d319..799f475 100644
+--- src/H5Odtype.c
++++ src/H5Odtype.c
+@@ -311,7 +311,11 @@ H5O_dtype_decode_helper(H5F_t *f, unsigned *ioflags/*in,out*/, const uint8_t **p
+ if(version == H5O_DTYPE_VERSION_1) {
+ /* Decode the number of dimensions */
+ ndims = *(*pp)++;
+- HDassert(ndims <= 4);
++
++ /* Check that ndims is valid */
++ if(ndims > 4)
++ HGOTO_ERROR(H5E_DATATYPE, H5E_BADTYPE, FAIL, "invalid number of dimensions for array")
++
+ *pp += 3; /*reserved bytes */
+
+ /* Skip dimension permutation */
+@@ -519,7 +523,8 @@ H5O_dtype_decode_helper(H5F_t *f, unsigned *ioflags/*in,out*/, const uint8_t **p
+ dt->shared->u.array.ndims = *(*pp)++;
+
+ /* Double-check the number of dimensions */
+- HDassert(dt->shared->u.array.ndims <= H5S_MAX_RANK);
++ if(dt->shared->u.array.ndims > H5S_MAX_RANK)
++ HGOTO_ERROR(H5E_DATATYPE, H5E_CANTLOAD, FAIL, "too many dimensions for array datatype")
+
+ /* Skip reserved bytes, if version has them */
+ if(version < H5O_DTYPE_VERSION_3)
+diff --git src/H5Opkg.h src/H5Opkg.h
+index 7473397..0fefa21 100644
+--- src/H5Opkg.h
++++ src/H5Opkg.h
+@@ -212,6 +212,7 @@
+ \
+ /* Set the message's "shared info", if it's shareable */ \
+ if((MSG)->flags & H5O_MSG_FLAG_SHAREABLE) { \
++ HDassert(msg_type->share_flags & H5O_SHARE_IS_SHARABLE); \
+ H5O_UPDATE_SHARED((H5O_shared_t *)(MSG)->native, H5O_SHARE_TYPE_HERE, (F), msg_type->id, (MSG)->crt_idx, (OH)->chunk[0].addr) \
+ } /* end if */ \
+ \
+diff --git src/H5Znbit.c src/H5Znbit.c
+index e2fb300..ca9f52a 100644
+--- src/H5Znbit.c
++++ src/H5Znbit.c
+@@ -60,11 +60,11 @@ static void H5Z_nbit_decompress_one_nooptype(unsigned char *data, size_t data_of
+ unsigned char *buffer, size_t *j, int *buf_len, unsigned size);
+ static void H5Z_nbit_decompress_one_atomic(unsigned char *data, size_t data_offset,
+ unsigned char *buffer, size_t *j, int *buf_len, parms_atomic p);
+-static void H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
++static herr_t H5Z__nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+ unsigned char *buffer, size_t *j, int *buf_len, const unsigned parms[]);
+-static void H5Z_nbit_decompress_one_compound(unsigned char *data, size_t data_offset,
++static herr_t H5Z__nbit_decompress_one_compound(unsigned char *data, size_t data_offset,
+ unsigned char *buffer, size_t *j, int *buf_len, const unsigned parms[]);
+-static void H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer,
++static herr_t H5Z__nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer,
+ const unsigned parms[]);
+ static void H5Z_nbit_compress_one_nooptype(unsigned char *data, size_t data_offset,
+ unsigned char *buffer, size_t *j, int *buf_len, unsigned size);
+@@ -990,7 +990,8 @@ H5Z_filter_nbit(unsigned flags, size_t cd_nelmts, const unsigned cd_values[],
+ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, 0, "memory allocation failed for nbit decompression")
+
+ /* decompress the buffer */
+- H5Z_nbit_decompress(outbuf, d_nelmts, (unsigned char *)*buf, cd_values);
++ if(H5Z__nbit_decompress(outbuf, d_nelmts, (unsigned char *)*buf, cd_values) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, 0, "can't decompress buffer")
+ } /* end if */
+ /* output; compress */
+ else {
+@@ -1139,12 +1140,15 @@ H5Z_nbit_decompress_one_atomic(unsigned char *data, size_t data_offset,
+ }
+ }
+
+-static void
+-H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
++static herr_t
++H5Z__nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+ unsigned char *buffer, size_t *j, int *buf_len, const unsigned parms[])
+ {
+ unsigned i, total_size, base_class, base_size, n, begin_index;
+ parms_atomic p;
++ herr_t ret_value = SUCCEED; /* Return value */
++
++ FUNC_ENTER_STATIC
+
+ total_size = parms[parms_index++];
+ base_class = parms[parms_index++];
+@@ -1155,7 +1159,12 @@ H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+ p.order = parms[parms_index++];
+ p.precision = parms[parms_index++];
+ p.offset = parms[parms_index++];
+- n = total_size/p.size;
++
++ /* Check values of precision and offset */
++ if(p.precision > p.size * 8 || (p.precision + p.offset) > p.size * 8)
++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "invalid datatype precision/offset")
++
++ n = total_size / p.size;
+ for(i = 0; i < n; i++)
+ H5Z_nbit_decompress_one_atomic(data, data_offset + i*p.size,
+ buffer, j, buf_len, p);
+@@ -1165,8 +1174,9 @@ H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+ n = total_size/base_size; /* number of base_type elements inside the array datatype */
+ begin_index = parms_index;
+ for(i = 0; i < n; i++) {
+- H5Z_nbit_decompress_one_array(data, data_offset + i*base_size,
+- buffer, j, buf_len, parms);
++ if(H5Z__nbit_decompress_one_array(data, data_offset + i * base_size,
++ buffer, j, buf_len, parms) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress array")
+ parms_index = begin_index;
+ }
+ break;
+@@ -1175,8 +1185,9 @@ H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+ n = total_size/base_size; /* number of base_type elements inside the array datatype */
+ begin_index = parms_index;
+ for(i = 0; i < n; i++) {
+- H5Z_nbit_decompress_one_compound(data, data_offset + i*base_size,
+- buffer, j, buf_len, parms);
++ if(H5Z__nbit_decompress_one_compound(data, data_offset + i * base_size,
++ buffer, j, buf_len, parms) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress compound")
+ parms_index = begin_index;
+ }
+ break;
+@@ -1187,51 +1198,76 @@ H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+ default:
+ HDassert(0 && "This Should never be executed!");
+ } /* end switch */
++
++done:
++ FUNC_LEAVE_NOAPI(ret_value)
+ }
+
+-static void
+-H5Z_nbit_decompress_one_compound(unsigned char *data, size_t data_offset,
++static herr_t
++H5Z__nbit_decompress_one_compound(unsigned char *data, size_t data_offset,
+ unsigned char *buffer, size_t *j, int *buf_len, const unsigned parms[])
+ {
+- unsigned i, nmembers, member_offset, member_class, size;
++ unsigned i, nmembers, member_offset, member_class, member_size, used_size = 0, size;
+ parms_atomic p;
++ herr_t ret_value = SUCCEED; /* Return value */
+
+- parms_index++; /* skip total size of compound datatype */
++ FUNC_ENTER_STATIC
++
++ size = parms[parms_index++];
+ nmembers = parms[parms_index++];
+
+ for(i = 0; i < nmembers; i++) {
+ member_offset = parms[parms_index++];
+ member_class = parms[parms_index++];
++
++ /* Check for overflow */
++ member_size = parms[parms_index];
++ used_size += member_size;
++ if(used_size > size)
++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "compound member offset overflowed compound size")
+ switch(member_class) {
+ case H5Z_NBIT_ATOMIC:
+- p.size = parms[parms_index++];
++ p.size = member_size;
++ /* Advance past member size */
++ parms_index++;
+ p.order = parms[parms_index++];
+ p.precision = parms[parms_index++];
+ p.offset = parms[parms_index++];
++
++ /* Check values of precision and offset */
++ if(p.precision > p.size * 8 || (p.precision + p.offset) > p.size * 8)
++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "invalid datatype precision/offset")
++
+ H5Z_nbit_decompress_one_atomic(data, data_offset + member_offset,
+ buffer, j, buf_len, p);
+ break;
+ case H5Z_NBIT_ARRAY:
+- H5Z_nbit_decompress_one_array(data, data_offset + member_offset,
+- buffer, j, buf_len, parms);
++ if(H5Z__nbit_decompress_one_array(data, data_offset + member_offset,
++ buffer, j, buf_len, parms) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress array")
+ break;
+ case H5Z_NBIT_COMPOUND:
+- H5Z_nbit_decompress_one_compound(data, data_offset+member_offset,
+- buffer, j, buf_len, parms);
++ if(H5Z__nbit_decompress_one_compound(data, data_offset+member_offset,
++ buffer, j, buf_len, parms) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress compound")
+ break;
+ case H5Z_NBIT_NOOPTYPE:
+- size = parms[parms_index++];
++ /* Advance past member size */
++ parms_index++;
+ H5Z_nbit_decompress_one_nooptype(data, data_offset+member_offset,
+- buffer, j, buf_len, size);
++ buffer, j, buf_len, member_size);
+ break;
+ default:
+ HDassert(0 && "This Should never be executed!");
+ } /* end switch */
+ }
++
++done:
++ FUNC_LEAVE_NOAPI(ret_value)
+ }
+
+-static void
+-H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer,
++static herr_t
++H5Z__nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer,
+ const unsigned parms[])
+ {
+ /* i: index of data, j: index of buffer,
+@@ -1239,6 +1275,9 @@ H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffe
+ size_t i, j, size;
+ int buf_len;
+ parms_atomic p;
++ herr_t ret_value = SUCCEED; /* Return value */
++
++ FUNC_ENTER_STATIC
+
+ /* may not have to initialize to zeros */
+ for(i = 0; i < d_nelmts*parms[4]; i++) data[i] = 0;
+@@ -1254,6 +1293,11 @@ H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffe
+ p.order = parms[5];
+ p.precision = parms[6];
+ p.offset = parms[7];
++
++ /* Check values of precision and offset */
++ if(p.precision > p.size * 8 || (p.precision + p.offset) > p.size * 8)
++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "invalid datatype precision/offset")
++
+ for(i = 0; i < d_nelmts; i++) {
+ H5Z_nbit_decompress_one_atomic(data, i*p.size, buffer, &j, &buf_len, p);
+ }
+@@ -1262,7 +1306,8 @@ H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffe
+ size = parms[4];
+ parms_index = 4;
+ for(i = 0; i < d_nelmts; i++) {
+- H5Z_nbit_decompress_one_array(data, i*size, buffer, &j, &buf_len, parms);
++ if(H5Z__nbit_decompress_one_array(data, i*size, buffer, &j, &buf_len, parms) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress array")
+ parms_index = 4;
+ }
+ break;
+@@ -1270,13 +1315,17 @@ H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffe
+ size = parms[4];
+ parms_index = 4;
+ for(i = 0; i < d_nelmts; i++) {
+- H5Z_nbit_decompress_one_compound(data, i*size, buffer, &j, &buf_len, parms);
++ if(H5Z__nbit_decompress_one_compound(data, i*size, buffer, &j, &buf_len, parms) < 0)
++ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress compound")
+ parms_index = 4;
+ }
+ break;
+ default:
+ HDassert(0 && "This Should never be executed!");
+ } /* end switch */
++
++done:
++ FUNC_LEAVE_NOAPI(ret_value)
+ }
+
+ static void H5Z_nbit_compress_one_byte(unsigned char *data, size_t data_offset, int k, int begin_i,
More information about the arch-commits
mailing list