Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package hdf5 for openSUSE:Factory checked in at 2022-05-05 23:06:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hdf5 (Old) and /work/SRC/openSUSE:Factory/.hdf5.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hdf5" Thu May 5 23:06:06 2022 rev:76 rq:975082 version:1.10.8 Changes: -------- --- /work/SRC/openSUSE:Factory/hdf5/hdf5.changes 2022-04-11 23:50:34.010164646 +0200 +++ /work/SRC/openSUSE:Factory/.hdf5.new.1538/hdf5.changes 2022-05-05 23:06:47.649587317 +0200 @@ -1,0 +2,10 @@ +Wed May 4 06:39:53 UTC 2022 - Egbert Eich <e...@suse.com> + +- Security Fix: + Add configure option --disable-hltools to disable GIF tools as + recommended in the 1.10.8 release: + CVE-2018-17433 (bsc#1109565), + CVE-2018-17436 (bsc#1109568), + CVE-2020-10809 (bsc#1167404). + +------------------------------------------------------------------- @@ -61 +71 @@ - * Fixed CVE-2018-17432 + * Fixed CVE-2018-17432 (bsc#1109564) @@ -65,4 +75,6 @@ - parsing - * Fixed CVE-2018-14460 - * Fixed CVE-2018-11206 - * Fixed CVE-2018-14033 (same issue as CVE-2020-10811) + parsing (bsc#1167401) + * Fixed CVE-2018-14460 (bsc#1102175) + * Fixed CVE-2018-11206 (bsc#1093657) + (same issue as CVE-2018-14032 (bsc#1101474)) + * Fixed CVE-2018-14033 (bsc#1101471) + (same issue as CVE-2020-10811 (bsc#1167405)) @@ -204,0 +217 @@ + (bsc#1109570) @@ -290 +303 @@ - * CVE-2018-17434: Memory leak in the H5O__chunk_deserialize() + * CVE-2018-17234: Memory leak in the H5O__chunk_deserialize() @@ -292,2 +305,6 @@ - * CVE-2018-17437: A SIGFPE signal is raised in the function - H5D__chunk_set_info_real. (bsc#1109168) + * CVE-2018-17434: A SIGFPE signal is raised in function apply_filters() + of h5repack_filters.c (bsc#1109566) + * CVE-2018-17437: Memory leak in the H5O_dtype_decode_helper() function + in H5Odtype.c. (bsc#1109569) + * CVE-2018-17237: A SIGFPE signal is raised in the function + H5D__chunk_set_info_real (bsc#1109168) (commit 4e31361d). ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hdf5.spec ++++++ --- /var/tmp/diff_new_pack.lahSNZ/_old 2022-05-05 23:06:48.365588210 +0200 +++ /var/tmp/diff_new_pack.lahSNZ/_new 2022-05-05 23:06:48.369588216 +0200 @@ -760,6 +760,7 @@ %hpc_configure \ %define hpc_exec_prefix %{expand:%_hpc_exec_prefix} %endif # ?hpc + --disable-hltools \ --disable-dependency-tracking \ --enable-fortran \ --enable-unsupported \