From 7f186dc134b7f94d5fd43242ae4c0991e91467a8 Mon Sep 17 00:00:00 2001 From: Larry Knox Date: Wed, 10 Apr 2024 09:56:55 -0500 Subject: [PATCH] Update hdf5_1_14_4 with 3 develop branch commits (#4372) * Removed duplicate entries in compile line for h5* compiler wrappers (#4360) * h5fc remove duplicate args * h5 wrappers remove duplicate args * Fix typo VERSIO (#4363) * Added CVE info to RELEASE.txt (#4367) --- bin/h5cc.in | 32 ++--- c++/src/h5c++.in | 84 ++++++------ config/cmake/CPack.Info.plist.in | 2 +- fortran/src/h5fc.in | 94 +++++++------ release_docs/RELEASE.txt | 219 +++++++++++++++++++++++++++++++ 5 files changed, 315 insertions(+), 116 deletions(-) diff --git a/bin/h5cc.in b/bin/h5cc.in index bb290df7aa4..9938c31f098 100644 --- a/bin/h5cc.in +++ b/bin/h5cc.in @@ -62,7 +62,7 @@ host_os="@host_os@" prog_name="`basename $0`" -misc_args="" +qargs="" compile_args="" libraries="" link_args="" @@ -71,8 +71,7 @@ clibpath="" do_link="yes" do_compile="no" -dash_o="no" -dash_c="no" +dash_c="" get_output_file="no" SHOW="eval" @@ -209,12 +208,10 @@ for arg in $@ ; do fi do_link="no" - dash_c="yes" + dash_c="-c" ;; -o) - dash_o="yes" - - if test "x$dash_c" = "xyes"; then + if test "x$dash_c" = "x-c"; then compile_args="$compile_args $arg" else link_args="$link_args $arg" @@ -224,7 +221,7 @@ for arg in $@ ; do ;; -E|-M|-MT) compile_args="$compile_args $arg" - dash_c="yes" + dash_c="-c" do_link="no" ;; -l*) @@ -260,15 +257,13 @@ for arg in $@ ; do ;; *\"*) qarg="'"$arg"'" - misc_args="$misc_args $qarg" + qargs="$qargs $qarg" ;; *\'*) qarg='"'"$arg"'"' - misc_args="$misc_args $qarg" + qargs="$qargs $qarg" ;; *) - misc_args="$misc_args $qarg" - if test -s "$arg"; then ext=`expr "$arg" : '.*\(\..*\)'` @@ -278,7 +273,7 @@ for arg in $@ ; do fname=`basename $arg .c` link_objs="$link_objs $fname.o" elif test "x$ext" = "x.o"; then - if test "x$dash_c" = "xyes"; then + if test "x$dash_c" = "x-c"; then compile_args="$compile_args $arg" else do_link="yes" @@ -298,18 +293,17 @@ for arg in $@ ; do ;; esac done - -if test "$dash_c" = "yes" -a "$do_compile" = no -a "$do_link" = no ; then +link_args="$link_args $qargs" +if test "$dash_c" = "-c" -a "$do_compile" = no -a "$do_link" = no ; then # -c was specified. Force do_compile on. do_compile=yes fi if test "x$do_compile" = "xyes"; then - if test "x$dash_c" != "xyes"; then - compile_args="-c $compile_args" + if test "x$dash_c" = "x"; then + dash_c="-c" fi - - $SHOW $CC -I$includedir $H5BLD_CPPFLAGS $CPPFLAGS $H5BLD_CFLAGS $CFLAGS $misc_args $compile_args + $SHOW $CC -I$includedir $H5BLD_CPPFLAGS $CPPFLAGS $H5BLD_CFLAGS $CFLAGS $dash_c $qargs $compile_args status=$? if test "$status" != "0"; then diff --git a/c++/src/h5c++.in b/c++/src/h5c++.in index a5c584c8465..8830f3cd9a2 100644 --- a/c++/src/h5c++.in +++ b/c++/src/h5c++.in @@ -60,7 +60,7 @@ host_os="@host_os@" prog_name="`basename $0`" -misc_args="" +qargs="" compile_args="" libraries="" link_args="" @@ -69,8 +69,7 @@ clibpath="" do_link="yes" do_compile="no" -dash_o="no" -dash_c="no" +dash_c="" get_output_file="no" SHOW="eval" @@ -205,12 +204,10 @@ for arg in $@ ; do fi do_link="no" - dash_c="yes" + dash_c="-c" ;; -o) - dash_o="yes" - - if test "x$dash_c" = "xyes"; then + if test "x$dash_c" = "x-c"; then compile_args="$compile_args $arg" else link_args="$link_args $arg" @@ -220,7 +217,7 @@ for arg in $@ ; do ;; -E|-M|-MT) compile_args="$compile_args $arg" - dash_c="yes" + dash_c="-c" do_link="no" ;; -l*) @@ -250,53 +247,48 @@ for arg in $@ ; do ;; *\"*) qarg="'"$arg"'" - misc_args="$misc_args $qarg" + qargs="$qargs $qarg" ;; *\'*) qarg='"'"$arg"'"' - misc_args="$misc_args $qarg" + qargs="$qargs $qarg" ;; - *) - misc_args="$misc_args $qarg" - - if [ -s "$arg" ] ; then - ext=`expr "$arg" : '.*\(\..*\)'` - if [ "$ext" = ".C" -o "$ext" = ".cxx" -o "$ext" = ".cpp" -o \ - "$ext" = ".cc" -o "$ext" = ".c" -o "$ext" = ".CC" ] ; then - - do_compile="yes" - compile_args="$compile_args $arg" - fname=`basename $arg $ext` - link_objs="$link_objs $fname.o" - elif [ "$ext" = ".o" ] ; then - if test "x$dash_c" = "xyes" ; then - compile_args="$compile_args $arg" - else - do_link="yes" - link_objs="$link_objs $arg" - fi - elif test "x$ext" = "x.a"; then - # This is an archive that we're linking in - libraries=" $libraries $arg " - else - compile_args="$compile_args $arg" - link_args="$link_args $arg" - fi - else - compile_args="$compile_args $arg" - link_args="$link_args $arg" - fi - ;; + if [ -s "$arg" ] ; then + ext=`expr "$arg" : '.*\(\..*\)'` + if [ "$ext" = ".C" -o "$ext" = ".cxx" -o "$ext" = ".cpp" -o \ + "$ext" = ".cc" -o "$ext" = ".c" -o "$ext" = ".CC" ] ; then + do_compile="yes" + compile_args="$compile_args $arg" + fname=`basename $arg $ext` + link_objs="$link_objs $fname.o" + elif [ "$ext" = ".o" ] ; then + if test "x$dash_c" = "x-c" ; then + compile_args="$compile_args $arg" + else + do_link="yes" + link_objs="$link_objs $arg" + fi + elif test "x$ext" = "x.a"; then + # This is an archive that we're linking in + libraries=" $libraries $arg " + else + compile_args="$compile_args $arg" + link_args="$link_args $arg" + fi + else + compile_args="$compile_args $arg" + link_args="$link_args $arg" + fi + ;; esac done - +link_args="$link_args $qargs" if test "x$do_compile" = "xyes"; then - if test "x$dash_c" != "xyes"; then - compile_args="-c $compile_args" + if test "x$dash_c" = "x"; then + dash_c="-c" fi - - $SHOW $CXX -I$includedir $H5BLD_CPPFLAGS $CPPFLAGS $H5BLD_CXXFLAGS $CXXFLAGS $misc_args $compile_args + $SHOW $CXX -I$includedir $H5BLD_CPPFLAGS $CPPFLAGS $H5BLD_CXXFLAGS $CXXFLAGS $dash_c $qargs $compile_args status=$? if test "$status" != "0"; then diff --git a/config/cmake/CPack.Info.plist.in b/config/cmake/CPack.Info.plist.in index 08d371bd5d9..b936470fc29 100644 --- a/config/cmake/CPack.Info.plist.in +++ b/config/cmake/CPack.Info.plist.in @@ -17,7 +17,7 @@ CFBundleSignature ???? CFBundleVersion - @CPACK_PACKAGE_VERSIO@ + @CPACK_PACKAGE_VERSION@ CFBundleShortVersionString @CPACK_SHORT_VERSION_STRING@ CSResourcesFileMapped diff --git a/fortran/src/h5fc.in b/fortran/src/h5fc.in index f92c523aaff..3c044257a49 100644 --- a/fortran/src/h5fc.in +++ b/fortran/src/h5fc.in @@ -60,15 +60,14 @@ host_os="@host_os@" prog_name="`basename $0`" -misc_args="" +qargs="" compile_args="" link_args="" link_objs="" do_link="yes" do_compile="no" -dash_o="no" -dash_c="no" +dash_c="" get_output_file="no" SHOW="eval" @@ -183,12 +182,10 @@ for arg in $@ ; do fi do_link="no" - dash_c="yes" + dash_c="-c" ;; -o) - dash_o="yes" - - if test "x$dash_c" = "xyes"; then + if test "x$dash_c" = "x-c"; then compile_args="$compile_args $arg" else link_args="$link_args $arg" @@ -198,7 +195,7 @@ for arg in $@ ; do ;; -E|-M|-MT) compile_args="$compile_args $arg" - dash_c="yes" + dash_c="-c" do_link="no" ;; -l*) @@ -234,49 +231,48 @@ for arg in $@ ; do ;; *\"*) qarg="'"$arg"'" - misc_args="$misc_args $qarg" + qargs="$qargs $qarg" ;; *\'*) qarg='"'"$arg"'"' - misc_args="$misc_args $qarg" + qargs="$qargs $qarg" + ;; + *) + if [ -s "$arg" ] ; then + ext=`expr "$arg" : '.*\(\..*\)'` + if [ "$ext" = ".f" -o "$ext" = ".F" -o \ + "$ext" = ".for" -o "$ext" = ".FOR" -o \ + "$ext" = ".ftn" -o "$ext" = ".FTN" -o \ + "$ext" = ".f90" -o "$ext" = ".F90" -o \ + "$ext" = ".f95" -o "$ext" = ".F95" -o \ + "$ext" = ".f03" -o "$ext" = ".F03" -o \ + "$ext" = ".f08" -o "$ext" = ".F08" ] ; then + do_compile="yes" + compile_args="$compile_args $arg" + fname=`basename $arg $ext` + link_objs="$link_objs $fname.o" + elif [ "$ext" = ".o" ] ; then + if test "x$dash_c" = "x-c" ; then + compile_args="$compile_args $arg" + else + do_link="yes" + link_objs="$link_objs $arg" + fi + elif test "x$ext" = "x.a"; then + # This is an archive that we're linking in + libraries=" $libraries $arg " + else + compile_args="$compile_args $arg" + link_args="$link_args $arg" + fi + else + compile_args="$compile_args $arg" + link_args="$link_args $arg" + fi ;; - - *) misc_args="$misc_args $arg" - if [ -s "$arg" ] ; then - ext=`expr "$arg" : '.*\(\..*\)'` - if [ "$ext" = ".f" -o "$ext" = ".F" -o \ - "$ext" = ".for" -o "$ext" = ".FOR" -o \ - "$ext" = ".ftn" -o "$ext" = ".FTN" -o \ - "$ext" = ".f90" -o "$ext" = ".F90" -o \ - "$ext" = ".f95" -o "$ext" = ".F95" -o \ - "$ext" = ".f03" -o "$ext" = ".F03" -o \ - "$ext" = ".f08" -o "$ext" = ".F08" ] ; then - do_compile="yes" - compile_args="$compile_args $arg" - fname=`basename $arg $ext` - link_objs="$link_objs $fname.o" - elif [ "$ext" = ".o" ] ; then - if test "x$dash_c" = "xyes" ; then - compile_args="$compile_args $arg" - else - do_link="yes" - link_objs="$link_objs $arg" - fi - elif test "x$ext" = "x.a"; then - # This is an archive that we're linking in - libraries=" $libraries $arg " - else - compile_args="$compile_args $arg" - link_args="$link_args $arg" - fi - else - compile_args="$compile_args $arg" - link_args="$link_args $arg" - fi - ;; esac done - +link_args="$link_args $qargs" # It's possible that there isn't a modules flag... fmodules="" if test -n "$F9XMODFLAG"; then @@ -284,12 +280,10 @@ done fi if test "x$do_compile" = "xyes"; then - if test "x$dash_c" != "xyes"; then - compile_args="-c $compile_args" + if test "x$dash_c" = "x"; then + dash_c="-c" fi - - - $SHOW $FC $H5BLD_FCFLAGS $FCFLAGS ${F9XSUFFIXFLAG} ${fmodules} $misc_args $compile_args + $SHOW $FC $H5BLD_FCFLAGS $FCFLAGS ${F9XSUFFIXFLAG} ${fmodules} $dash_c $qargs $compile_args status=$? if test "$status" != "0"; then diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index c3feb74988e..2e37de6d405 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -499,6 +499,225 @@ Bug Fixes since HDF5-1.14.3 release Library ------- + - Fixed many (future) CVE issues + + A partner organization corrected many potential security issues, which + were fixed and reported to us before submission to MITRE. These do + not have formal CVE issues assigned to them yet, so the numbers assigned + here are just placeholders. We will update the HDF5 1.14 CVE list (link + below) when official MITRE CVE tracking numbers are assigned. + + These CVE issues are generally of the same form as other reported HDF5 + CVE issues, and rely on the library failing while attempting to read + a malformed file. Most of them cause the library to segfault and will + probably be assigned "medium (~5/10)" scores by NIST, like the other + HDF5 CVE issues. + + The issues that were reported to us have all been fixed in this release, + so HDF5 will continue to have no unfixed public CVE issues. + + NOTE: HDF5 versions earlier than 1.14.4 should be considered vulnerable + to these issues and users should upgrade to 1.14.4 as soon as + possible. Note that it's possible to build the 1.14 library with + HDF5 1.8, 1.10, etc. API bindings for people who wish to enjoy + the benefits of a more secure library but don't want to upgrade + to the latest API. We will not be bringing the CVE fixes to earlier + versions of the library (they are no longer supported). + + LIST OF CVE ISSUES FIXED IN THIS RELEASE: + + * CVE-2024-0116-001 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5D__scatter_mem resulting in causing denial of service or potential + code execution + + * CVE-2024-0112-001 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5S__point_deserialize resulting in the corruption of the + instruction pointer and causing denial of service or potential code + execution + + * CVE-2024-0111-001 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5T__conv_struct_opt resulting in causing denial of service or + potential code execution + + * CVE-2023-1208-002 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5O__mtime_new_encode resulting in the corruption of the instruction + pointer and causing denial of service or potential code execution + + * CVE-2023-1208-001 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5O__layout_encode resulting in the corruption of the instruction + pointer and causing denial of service or potential code execution + + * CVE-2023-1207-001 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5O__dtype_encode_helper causing denial of service or potential + code execution + + * CVE-2023-1205-001 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5VM_array_fill resulting in the corruption of the instruction + pointer and causing denial of service or potential code execution + + * CVE-2023-1202-002 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5T__get_native_type resulting in the corruption of the instruction + pointer and causing denial of service or potential code execution + + * CVE-2023-1202-001 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5T__ref_mem_setnull resulting in the corruption of the instruction + pointer and causing denial of service or potential code execution + + * CVE-2023-1130-001 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5T_copy_reopen resulting in the corruption of the instruction + pointer and causing denial of service or potential code execution + + * CVE-2023-1125-001 + HDF5 versions <= 1.14.3 contain a heap buffer overflow in + H5Z__nbit_decompress_one_byte caused by the earlier use of an + initialized pointer. This may result in Denial of Service or + potential code execution + + * CVE-2023-1114-001 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5HG_read resulting in the corruption of the instruction pointer + and causing denial of service or potential code execution + + * CVE-2023-1113-002 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5F_addr_decode_len resulting in the corruption of the instruction + pointer and causing denial of service or potential code execution + + * CVE-2023-1113-001 + HDF5 versions <= 1.14.3 contain a heap buffer overflow caused by + the unsafe use of strdup in H5MM_xstrdup, resulting in denial of + service or potential code execution + + * CVE-2023-1108-001 + HDF5 versions <= 1.14.3 contain a out-of-bounds read operation in + H5FL_arr_malloc resulting in denial of service or potential code + execution + + * CVE-2023-1104-004 + HDF5 versions <= 1.14.3 contain a out-of-bounds read operation in + H5T_close_real resulting in denial of service or potential code + execution + + * CVE-2023-1104-003 + HDF5 library versions <=1.14.3 contain a heap buffer overflow flaw + in the function H5HL__fl_deserialize resulting in denial of service + or potential code execution + + * CVE-2023-1104-002 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5HL__fl_deserialize resulting in the corruption of the instruction + pointer and causing denial of service or potential code execution + + * CVE-2023-1104-001 + HDF5 library versions <=1.14.3 contains a stack overflow in the + function H5E_printf_stack resulting in denial of service or + potential code execution + + * CVE-2023-1023-001 + HDF5 library versions <=1.14.3 heap buffer overflow in + H5VM_memcpyvv which may result in denial of service or code + execution + + * CVE-2023-1019-001 + HDF5 library versions <=1.14.3 contain a stack buffer overflow in + H5VM_memcpyvv resulting in the corruption of the instruction + pointer and causing denial of service or potential code execution + + * CVE-2023-1018-001 + HDF5 library versions <=1.14.3 contain a memory corruption in + H5A__close resulting in the corruption of the instruction pointer + and causing denial of service or potential code execution + + * CVE-2023-1017-002 + HDF5 library versions <=1.14.3 may use an uninitialized value + H5A__attr_release_table resulting in denial of service + + * CVE-2023-1017-001 + HDF5 library versions <=1.14.3 may attempt to dereference + uninitialized values in h5tools_str_sprint, which will lead to + denial of service + + * CVE-2023-1013-004 + HDF5 versions <= 1.13.3 contain a stack buffer overflow in + H5HG_read resulting in denial of service or potential code + execution + + * CVE-2023-1013-003 + HDF5 library versions <=1.14.3 contain a buffer overrun in + H5Z__filter_fletcher32 resulting in the corruption of the + instruction pointer and causing denial of service or potential + code execution + + * CVE-2023-1013-002 + HDF5 library versions <=1.14.3 contain a buffer overrun in + H5O__linfo_decode resulting in the corruption of the instruction + pointer and causing denial of service or potential code execution + + * CVE-2023-1013-001 + HDF5 library versions <=1.14.3 contain a buffer overrun in + H5Z__filter_scaleoffset resulting in the corruption of the + instruction pointer and causing denial of service or potential + code execution + + * CVE-2023-1012-001 + HDF5 library versions <=1.14.3 contain a stack buffer overflow in + H5R__decode_heap resulting in the corruption of the instruction + pointer and causing denial of service or potential code execution + + * CVE-2023-1010-001 + HDF5 library versions <=1.14.3 contain a stack buffer overflow in + H5FL_arr_malloc resulting in the corruption of the instruction + pointer and causing denial of service or potential code execution + + * CVE-2023-1009-001 + HDF5 library versions <=1.14.3 contain a stack buffer overflow in + H5FL_arr_malloc resulting in the corruption of the instruction + pointer and causing denial of service or potential code execution + + * CVE-2023-1006-004 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5A__attr_release_table resulting in the corruption of the + instruction pointer and causing denial of service or potential code + execution + + * CVE-2023-1006-003 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5T__bit_find resulting in the corruption of the instruction pointer + and causing denial of service or potential code execution. + + * CVE-2023-1006-002 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5HG_read resulting in the corruption of the instruction pointer + and causing denial of service or potential code execution + + * CVE-2023-1006-001 + HDF5 library versions <=1.14.3 contain a heap buffer overflow in + H5HG__cache_heap_deserialize resulting in the corruption of the + instruction pointer and causing denial of service or potential code + execution + + FULL OFFICIAL HDF5 CVE list (from mitre.org): + + https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=HDF5 + + 1.14.x CVE tracking list: + + https://github.com/HDFGroup/hdf5/blob/hdf5_1_14/CVE_list_1_14.md + + HDF5 CVE regression test suite (includes proof-of-concept files): + + https://github.com/HDFGroup/cve_hdf5 + - Fixed a divide-by-zero issue when a corrupt file sets the page size to 0 If a corrupt file sets the page buffer size in the superblock to zero,