[Bug 2096669] [NEW] Sync hdf5 1.14.5+repack-3 (universe) from Debian unstable (main)
Miriam España Acebal
2096669 at bugs.launchpad.net
Fri Jan 24 16:31:04 UTC 2025
Public bug reported:
Please sync hdf5 1.14.5+repack-3 (universe) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
hdf5 (1.10.10+repack-5ubuntu1) plucky; urgency=medium
* Merge with Debian: remaining changes:
- Avoid out of bounds write when signed_headers_dest is empty,
fixes FTBFS on s390x
- Fix ftbfs with ELF_PACKAGE_METADATA set during configure calls.
hdf5 (1.10.10+repack-5) unstable; urgency=medium
* Build-Depends: libopenmpi-dev: explicitly exclude all 32bit archs
instead of relying on an an alternative with architecture-is-32-bit
(closes: #1087988)
hdf5 (1.10.10+repack-4ubuntu3) oracular; urgency=medium
* Build again with mpich on i386.
-- Matthias Klose <doko at ubuntu.com> Sat, 30 Nov 2024 15:12:05 +0100
We can drop the following change:
- d/p/fix-signed_headers_dest.patch : Avoid out of bounds write
when signed_headers_dest is empty,fixes FTBFS on s390x.
Because it was fixed in upstream (#3681 - https://github.com/HDFGroup/hdf5/pull/3681 )
in version 1.14.4.
To check if we can also drop the d/rules change [1], I built the
package as-is from Debian targeting Plucky [2] , and it went OK.
[1] https://git.launchpad.net/~mirespace/ubuntu/+source/hdf5/commit/?id=e24d9d2c09b9ad1101b27041158248cb63fde437
[2] https://launchpad.net/~mirespace/+archive/ubuntu/hdf5-2/+sourcepub/16932655/+listing-archive-extra
Changelog entries since current plucky version 1.10.10+repack-5ubuntu1:
hdf5 (1.14.5+repack-3) unstable; urgency=medium
* New patch fortran_gmtime64.patch: fix fortran gmtime related
failures on big-endian 32-bit architectures (closes: #1091911)
* Update symbols files for alpha hppa hurd-i386 m68k powerpc sh4
-- Gilles Filippini <pini at debian.org> Sun, 05 Jan 2025 16:14:18 +0100
hdf5 (1.14.5+repack-2) unstable; urgency=medium
* Acknoledge previously fixed CVE:
CVE-2017-17507 CVE-2018-11205 CVE-2018-14034 CVE-2018-14035
CVE-2018-15671 CVE-2018-17433 CVE-2018-17436 CVE-2019-8396
CVE-2019-8397 CVE-2019-8398 CVE-2019-9151 CVE-2019-9152
CVE-2020-10809 CVE-2020-10812 CVE-2021-45829 CVE-2021-46243
CVE-2022-25942 CVE-2022-25972 CVE-2022-26061
* Fixed typo in changelog for 1.10.10+repack-1
* Add nojava build profile (closes: #1067758)
* Add missing #MINVER# to .symbols files for libhdf5-fortran,
libhdf5-hl, and libhdf5-hl-fortran (closes: #1023820)
-- Gilles Filippini <pini at debian.org> Mon, 30 Dec 2024 20:18:56 +0100
hdf5 (1.14.5+repack-1) unstable; urgency=medium
* New major upstream release
* Fixed CVE-2024-33877 CVE-2024-33876 CVE-2024-33875 CVE-2024-33874
CVE-2024-33873 CVE-2024-32624 CVE-2024-32623 CVE-2024-32622
CVE-2024-32621 CVE-2024-32620 CVE-2024-32619 CVE-2024-32618
CVE-2024-32617 CVE-2024-32616 CVE-2024-32615 CVE-2024-32614
CVE-2024-32613 CVE-2024-32612 CVE-2024-32611 CVE-2024-32610
CVE-2024-32609 CVE-2024-32607 CVE-2024-32606 CVE-2024-32605
CVE-2024-29166 CVE-2024-29165 CVE-2024-29164 CVE-2024-29163
CVE-2024-29162 CVE-2024-29161 CVE-2024-29160 CVE-2024-29159
CVE-2024-29158 CVE-2024-29157 (closes: #1070861)
* Fix CVE-2018-11202 CVE-2018-11206 CVE-2018-13867 CVE-2018-13867
CVE-2018-13869 CVE-2018-13870 CVE-2018-14031 CVE-2018-14033
CVE-2018-14460 CVE-2018-16438 CVE-2018-17432 CVE-2018-17435
CVE-2018-17439 CVE-2019-8396 CVE-2020-10810 CVE-2020-10810
CVE-2021-37501 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242
CVE-2021-46244
* Update d/copyright
* Rename and update symbols files
* Refresh patches
* Drop patches:
- relax-version-check.patch: now useless
- fix-unaligned-accesses.patch: source code was refactored
and this patch doesn't apply anymore
* New patches:
- float128.patch: backported from upstream to fix an FTBFS on i386
- cheat-fortranlib_test.patch: temporry patch to workaround an issue
in the fortranlib test for 32 bit architectures
* Bump default API version from 1.8 to 1.14
* htdf5-tools: install new tools: h5delete, h5format_convert, h5fuse
h5watch
* Docs: no more html folder
-- Gilles Filippini <pini at debian.org> Tue, 10 Dec 2024 21:12:10 +0100
** Affects: hdf5 (Ubuntu)
Importance: Wishlist
Assignee: Graham Inggs (ginggs)
Status: In Progress
** Changed in: hdf5 (Ubuntu)
Importance: Undecided => Wishlist
** Description changed:
Please sync hdf5 1.14.5+repack-3 (universe) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
hdf5 (1.10.10+repack-5ubuntu1) plucky; urgency=medium
- * Merge with Debian: remaining changes:
- - Avoid out of bounds write when signed_headers_dest is empty,
- fixes FTBFS on s390x
- - Fix ftbfs with ELF_PACKAGE_METADATA set during configure calls.
+ * Merge with Debian: remaining changes:
+ - Avoid out of bounds write when signed_headers_dest is empty,
+ fixes FTBFS on s390x
+ - Fix ftbfs with ELF_PACKAGE_METADATA set during configure calls.
hdf5 (1.10.10+repack-5) unstable; urgency=medium
- * Build-Depends: libopenmpi-dev: explicitly exclude all 32bit archs
- instead of relying on an an alternative with architecture-is-32-bit
- (closes: #1087988)
+ * Build-Depends: libopenmpi-dev: explicitly exclude all 32bit archs
+ instead of relying on an an alternative with architecture-is-32-bit
+ (closes: #1087988)
hdf5 (1.10.10+repack-4ubuntu3) oracular; urgency=medium
- * Build again with mpich on i386.
+ * Build again with mpich on i386.
- -- Matthias Klose <doko at ubuntu.com> Sat, 30 Nov 2024 15:12:05 +0100
+ -- Matthias Klose <doko at ubuntu.com> Sat, 30 Nov 2024 15:12:05 +0100
- We can drop the following change:
- - d/p/fix-signed_headers_dest.patch : Avoid out of bounds write
- when signed_headers_dest is empty,fixes FTBFS on s390x.
+ We can drop the following change:
+ - d/p/fix-signed_headers_dest.patch : Avoid out of bounds write
+ when signed_headers_dest is empty,fixes FTBFS on s390x.
- Because it was fixed in upstream (#3681 - https://github.com/HDFGroup/hdf5/pull/3681 )
- in version 1.14.4.
+ Because it was fixed in upstream (#3681 - https://github.com/HDFGroup/hdf5/pull/3681 )
+ in version 1.14.4.
- To check the d/rules change [1], I built the package as-is form debian targeting plucky [2] , and it went OK.
-
-
- [1] https://git.launchpad.net/~mirespace/ubuntu/+source/hdf5/commit/?id=e24d9d2c09b9ad1101b27041158248cb63fde437
- [2] https://launchpad.net/~mirespace/+archive/ubuntu/hdf5-2/+sourcepub/16932655/+listing-archive-extra
+ To check if we can also drop the d/rules change [1], I built the
+ package as-is from Debian targeting Plucky [2] , and it went OK.
+
+ [1] https://git.launchpad.net/~mirespace/ubuntu/+source/hdf5/commit/?id=e24d9d2c09b9ad1101b27041158248cb63fde437
+ [2] https://launchpad.net/~mirespace/+archive/ubuntu/hdf5-2/+sourcepub/16932655/+listing-archive-extra
Changelog entries since current plucky version 1.10.10+repack-5ubuntu1:
hdf5 (1.14.5+repack-3) unstable; urgency=medium
- * New patch fortran_gmtime64.patch: fix fortran gmtime related
- failures on big-endian 32-bit architectures (closes: #1091911)
- * Update symbols files for alpha hppa hurd-i386 m68k powerpc sh4
+ * New patch fortran_gmtime64.patch: fix fortran gmtime related
+ failures on big-endian 32-bit architectures (closes: #1091911)
+ * Update symbols files for alpha hppa hurd-i386 m68k powerpc sh4
- -- Gilles Filippini <pini at debian.org> Sun, 05 Jan 2025 16:14:18 +0100
+ -- Gilles Filippini <pini at debian.org> Sun, 05 Jan 2025 16:14:18 +0100
hdf5 (1.14.5+repack-2) unstable; urgency=medium
- * Acknoledge previously fixed CVE:
- CVE-2017-17507 CVE-2018-11205 CVE-2018-14034 CVE-2018-14035
- CVE-2018-15671 CVE-2018-17433 CVE-2018-17436 CVE-2019-8396
- CVE-2019-8397 CVE-2019-8398 CVE-2019-9151 CVE-2019-9152
- CVE-2020-10809 CVE-2020-10812 CVE-2021-45829 CVE-2021-46243
- CVE-2022-25942 CVE-2022-25972 CVE-2022-26061
- * Fixed typo in changelog for 1.10.10+repack-1
- * Add nojava build profile (closes: #1067758)
- * Add missing #MINVER# to .symbols files for libhdf5-fortran,
- libhdf5-hl, and libhdf5-hl-fortran (closes: #1023820)
+ * Acknoledge previously fixed CVE:
+ CVE-2017-17507 CVE-2018-11205 CVE-2018-14034 CVE-2018-14035
+ CVE-2018-15671 CVE-2018-17433 CVE-2018-17436 CVE-2019-8396
+ CVE-2019-8397 CVE-2019-8398 CVE-2019-9151 CVE-2019-9152
+ CVE-2020-10809 CVE-2020-10812 CVE-2021-45829 CVE-2021-46243
+ CVE-2022-25942 CVE-2022-25972 CVE-2022-26061
+ * Fixed typo in changelog for 1.10.10+repack-1
+ * Add nojava build profile (closes: #1067758)
+ * Add missing #MINVER# to .symbols files for libhdf5-fortran,
+ libhdf5-hl, and libhdf5-hl-fortran (closes: #1023820)
- -- Gilles Filippini <pini at debian.org> Mon, 30 Dec 2024 20:18:56 +0100
+ -- Gilles Filippini <pini at debian.org> Mon, 30 Dec 2024 20:18:56 +0100
hdf5 (1.14.5+repack-1) unstable; urgency=medium
- * New major upstream release
- * Fixed CVE-2024-33877 CVE-2024-33876 CVE-2024-33875 CVE-2024-33874
- CVE-2024-33873 CVE-2024-32624 CVE-2024-32623 CVE-2024-32622
- CVE-2024-32621 CVE-2024-32620 CVE-2024-32619 CVE-2024-32618
- CVE-2024-32617 CVE-2024-32616 CVE-2024-32615 CVE-2024-32614
- CVE-2024-32613 CVE-2024-32612 CVE-2024-32611 CVE-2024-32610
- CVE-2024-32609 CVE-2024-32607 CVE-2024-32606 CVE-2024-32605
- CVE-2024-29166 CVE-2024-29165 CVE-2024-29164 CVE-2024-29163
- CVE-2024-29162 CVE-2024-29161 CVE-2024-29160 CVE-2024-29159
- CVE-2024-29158 CVE-2024-29157 (closes: #1070861)
- * Fix CVE-2018-11202 CVE-2018-11206 CVE-2018-13867 CVE-2018-13867
- CVE-2018-13869 CVE-2018-13870 CVE-2018-14031 CVE-2018-14033
- CVE-2018-14460 CVE-2018-16438 CVE-2018-17432 CVE-2018-17435
- CVE-2018-17439 CVE-2019-8396 CVE-2020-10810 CVE-2020-10810
- CVE-2021-37501 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242
- CVE-2021-46244
- * Update d/copyright
- * Rename and update symbols files
- * Refresh patches
- * Drop patches:
- - relax-version-check.patch: now useless
- - fix-unaligned-accesses.patch: source code was refactored
- and this patch doesn't apply anymore
- * New patches:
- - float128.patch: backported from upstream to fix an FTBFS on i386
- - cheat-fortranlib_test.patch: temporry patch to workaround an issue
- in the fortranlib test for 32 bit architectures
- * Bump default API version from 1.8 to 1.14
- * htdf5-tools: install new tools: h5delete, h5format_convert, h5fuse
- h5watch
- * Docs: no more html folder
+ * New major upstream release
+ * Fixed CVE-2024-33877 CVE-2024-33876 CVE-2024-33875 CVE-2024-33874
+ CVE-2024-33873 CVE-2024-32624 CVE-2024-32623 CVE-2024-32622
+ CVE-2024-32621 CVE-2024-32620 CVE-2024-32619 CVE-2024-32618
+ CVE-2024-32617 CVE-2024-32616 CVE-2024-32615 CVE-2024-32614
+ CVE-2024-32613 CVE-2024-32612 CVE-2024-32611 CVE-2024-32610
+ CVE-2024-32609 CVE-2024-32607 CVE-2024-32606 CVE-2024-32605
+ CVE-2024-29166 CVE-2024-29165 CVE-2024-29164 CVE-2024-29163
+ CVE-2024-29162 CVE-2024-29161 CVE-2024-29160 CVE-2024-29159
+ CVE-2024-29158 CVE-2024-29157 (closes: #1070861)
+ * Fix CVE-2018-11202 CVE-2018-11206 CVE-2018-13867 CVE-2018-13867
+ CVE-2018-13869 CVE-2018-13870 CVE-2018-14031 CVE-2018-14033
+ CVE-2018-14460 CVE-2018-16438 CVE-2018-17432 CVE-2018-17435
+ CVE-2018-17439 CVE-2019-8396 CVE-2020-10810 CVE-2020-10810
+ CVE-2021-37501 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242
+ CVE-2021-46244
+ * Update d/copyright
+ * Rename and update symbols files
+ * Refresh patches
+ * Drop patches:
+ - relax-version-check.patch: now useless
+ - fix-unaligned-accesses.patch: source code was refactored
+ and this patch doesn't apply anymore
+ * New patches:
+ - float128.patch: backported from upstream to fix an FTBFS on i386
+ - cheat-fortranlib_test.patch: temporry patch to workaround an issue
+ in the fortranlib test for 32 bit architectures
+ * Bump default API version from 1.8 to 1.14
+ * htdf5-tools: install new tools: h5delete, h5format_convert, h5fuse
+ h5watch
+ * Docs: no more html folder
- -- Gilles Filippini <pini at debian.org> Tue, 10 Dec 2024 21:12:10 +0100
+ -- Gilles Filippini <pini at debian.org> Tue, 10 Dec 2024 21:12:10 +0100
--
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2096669
Title:
Sync hdf5 1.14.5+repack-3 (universe) from Debian unstable (main)
Status in hdf5 package in Ubuntu:
In Progress
Bug description:
Please sync hdf5 1.14.5+repack-3 (universe) from Debian unstable
(main)
Explanation of the Ubuntu delta and why it can be dropped:
hdf5 (1.10.10+repack-5ubuntu1) plucky; urgency=medium
* Merge with Debian: remaining changes:
- Avoid out of bounds write when signed_headers_dest is empty,
fixes FTBFS on s390x
- Fix ftbfs with ELF_PACKAGE_METADATA set during configure calls.
hdf5 (1.10.10+repack-5) unstable; urgency=medium
* Build-Depends: libopenmpi-dev: explicitly exclude all 32bit archs
instead of relying on an an alternative with architecture-is-32-bit
(closes: #1087988)
hdf5 (1.10.10+repack-4ubuntu3) oracular; urgency=medium
* Build again with mpich on i386.
-- Matthias Klose <doko at ubuntu.com> Sat, 30 Nov 2024 15:12:05 +0100
We can drop the following change:
- d/p/fix-signed_headers_dest.patch : Avoid out of bounds write
when signed_headers_dest is empty,fixes FTBFS on s390x.
Because it was fixed in upstream (#3681 - https://github.com/HDFGroup/hdf5/pull/3681 )
in version 1.14.4.
To check if we can also drop the d/rules change [1], I built the
package as-is from Debian targeting Plucky [2] , and it went OK.
[1] https://git.launchpad.net/~mirespace/ubuntu/+source/hdf5/commit/?id=e24d9d2c09b9ad1101b27041158248cb63fde437
[2] https://launchpad.net/~mirespace/+archive/ubuntu/hdf5-2/+sourcepub/16932655/+listing-archive-extra
Changelog entries since current plucky version
1.10.10+repack-5ubuntu1:
hdf5 (1.14.5+repack-3) unstable; urgency=medium
* New patch fortran_gmtime64.patch: fix fortran gmtime related
failures on big-endian 32-bit architectures (closes: #1091911)
* Update symbols files for alpha hppa hurd-i386 m68k powerpc sh4
-- Gilles Filippini <pini at debian.org> Sun, 05 Jan 2025 16:14:18
+0100
hdf5 (1.14.5+repack-2) unstable; urgency=medium
* Acknoledge previously fixed CVE:
CVE-2017-17507 CVE-2018-11205 CVE-2018-14034 CVE-2018-14035
CVE-2018-15671 CVE-2018-17433 CVE-2018-17436 CVE-2019-8396
CVE-2019-8397 CVE-2019-8398 CVE-2019-9151 CVE-2019-9152
CVE-2020-10809 CVE-2020-10812 CVE-2021-45829 CVE-2021-46243
CVE-2022-25942 CVE-2022-25972 CVE-2022-26061
* Fixed typo in changelog for 1.10.10+repack-1
* Add nojava build profile (closes: #1067758)
* Add missing #MINVER# to .symbols files for libhdf5-fortran,
libhdf5-hl, and libhdf5-hl-fortran (closes: #1023820)
-- Gilles Filippini <pini at debian.org> Mon, 30 Dec 2024 20:18:56
+0100
hdf5 (1.14.5+repack-1) unstable; urgency=medium
* New major upstream release
* Fixed CVE-2024-33877 CVE-2024-33876 CVE-2024-33875 CVE-2024-33874
CVE-2024-33873 CVE-2024-32624 CVE-2024-32623 CVE-2024-32622
CVE-2024-32621 CVE-2024-32620 CVE-2024-32619 CVE-2024-32618
CVE-2024-32617 CVE-2024-32616 CVE-2024-32615 CVE-2024-32614
CVE-2024-32613 CVE-2024-32612 CVE-2024-32611 CVE-2024-32610
CVE-2024-32609 CVE-2024-32607 CVE-2024-32606 CVE-2024-32605
CVE-2024-29166 CVE-2024-29165 CVE-2024-29164 CVE-2024-29163
CVE-2024-29162 CVE-2024-29161 CVE-2024-29160 CVE-2024-29159
CVE-2024-29158 CVE-2024-29157 (closes: #1070861)
* Fix CVE-2018-11202 CVE-2018-11206 CVE-2018-13867 CVE-2018-13867
CVE-2018-13869 CVE-2018-13870 CVE-2018-14031 CVE-2018-14033
CVE-2018-14460 CVE-2018-16438 CVE-2018-17432 CVE-2018-17435
CVE-2018-17439 CVE-2019-8396 CVE-2020-10810 CVE-2020-10810
CVE-2021-37501 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242
CVE-2021-46244
* Update d/copyright
* Rename and update symbols files
* Refresh patches
* Drop patches:
- relax-version-check.patch: now useless
- fix-unaligned-accesses.patch: source code was refactored
and this patch doesn't apply anymore
* New patches:
- float128.patch: backported from upstream to fix an FTBFS on i386
- cheat-fortranlib_test.patch: temporry patch to workaround an issue
in the fortranlib test for 32 bit architectures
* Bump default API version from 1.8 to 1.14
* htdf5-tools: install new tools: h5delete, h5format_convert, h5fuse
h5watch
* Docs: no more html folder
-- Gilles Filippini <pini at debian.org> Tue, 10 Dec 2024 21:12:10
+0100
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/hdf5/+bug/2096669/+subscriptions
More information about the Ubuntu-sponsors
mailing list