diff options
| author | Thomas Gerbet <thomas@gerbet.me> | 2021-04-11 19:25:05 +0200 |
|---|---|---|
| committer | Thomas Gerbet <thomas@gerbet.me> | 2021-04-11 19:27:28 +0200 |
| commit | 33a3715a5ec07443ed6fef3afd369edc5074b115 (patch) | |
| tree | db7a7874c1ef3e379262eb384fad1e5a450d3f24 | |
| parent | d6f881c82d35e82a006c4c2262f169b6fb88fe2b (diff) | |
| download | nixpkgs-33a3715a5ec07443ed6fef3afd369edc5074b115.tar nixpkgs-33a3715a5ec07443ed6fef3afd369edc5074b115.tar.gz nixpkgs-33a3715a5ec07443ed6fef3afd369edc5074b115.tar.bz2 nixpkgs-33a3715a5ec07443ed6fef3afd369edc5074b115.tar.lz nixpkgs-33a3715a5ec07443ed6fef3afd369edc5074b115.tar.xz nixpkgs-33a3715a5ec07443ed6fef3afd369edc5074b115.tar.zst nixpkgs-33a3715a5ec07443ed6fef3afd369edc5074b115.zip | |
medfile: use HDF5 1.12
HDF5 1.10 has known security issues (CVE-2020-10809, CVE-2020-10810, CVE-2020-10811 and CVE-2020-10812).
| -rw-r--r-- | pkgs/development/libraries/medfile/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/development/libraries/medfile/hdf5-1.12.patch | 86 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 2 |
3 files changed, 91 insertions, 1 deletions
diff --git a/pkgs/development/libraries/medfile/default.nix b/pkgs/development/libraries/medfile/default.nix index a89cb43d261..c8ff0c05ade 100644 --- a/pkgs/development/libraries/medfile/default.nix +++ b/pkgs/development/libraries/medfile/default.nix @@ -9,6 +9,10 @@ stdenv.mkDerivation rec { sha256 = "1khzclkrd1yn9mz3g14ndgpsbj8j50v8dsjarcj6kkn9zgbbazc4"; }; + patches = [ + ./hdf5-1.12.patch + ]; + nativeBuildInputs = [ cmake ]; buildInputs = [ hdf5 ]; diff --git a/pkgs/development/libraries/medfile/hdf5-1.12.patch b/pkgs/development/libraries/medfile/hdf5-1.12.patch new file mode 100644 index 00000000000..ab73e00487c --- /dev/null +++ b/pkgs/development/libraries/medfile/hdf5-1.12.patch @@ -0,0 +1,86 @@ +--- a/config/cmake_files/medMacros.cmake ++++ b/config/cmake_files/medMacros.cmake +@@ -447,7 +447,7 @@ MACRO(MED_FIND_HDF5) + ## + ## Requires 1.10.x version + ## +- IF (NOT HDF_VERSION_MAJOR_REF EQUAL 1 OR NOT HDF_VERSION_MINOR_REF EQUAL 10 OR NOT HDF_VERSION_RELEASE_REF GREATER 1) ++ IF (HDF5_VERSION VERSION_LESS 1.10.2) + MESSAGE(FATAL_ERROR "HDF5 version is ${HDF_VERSION_REF}. Only versions >= 1.10.2 are supported.") + ENDIF() + ## +--- a/src/ci/MEDfileCompatibility.c ++++ b/src/ci/MEDfileCompatibility.c +@@ -71,7 +71,7 @@ MEDfileCompatibility(const char* const filename, + _hversionMMR=10000*_hmajeur+100*_hmineur+_hrelease; + /* ISCRUTE(_hversionMMR); */ + /* ISCRUTE(HDF_VERSION_NUM_REF); */ +- if ( (_hversionMMR >= HDF_VERSION_NUM_REF) && (_hmineur == HDF_VERSION_MINOR_REF) ) *hdfok = MED_TRUE; ++ if ( ((_hversionMMR >= HDF_VERSION_NUM_REF) && (_hmineur == HDF_VERSION_MINOR_REF)) || _hversionMMR > HDF_VERSION_NUM_REF ) *hdfok = MED_TRUE; + + /* TODO : Vérifier si la version mineure HDF du fichier est supérieure + à la version mineure de la bibliothèque HDF utilisée : +@@ -113,7 +113,7 @@ MEDfileCompatibility(const char* const filename, + #if MED_NUM_MAJEUR != 4 + #error "Don't forget to update the test version here when you change the major version of the library !" + #endif +-#if H5_VERS_MINOR > 10 ++#if H5_VERS_MINOR > 12 + #error "Don't forget to check the compatibility version of the library, depending on the internal hdf model choice !" + #error "Cf. _MEDfileCreate ..." + #endif +--- a/src/hdfi/_MEDfileCreate.c ++++ b/src/hdfi/_MEDfileCreate.c +@@ -159,7 +159,7 @@ med_idt _MEDfileCreate(const char * const filename, const med_access_mode access + * En HDF5-1.10.0p1 cela n'a aucun effet ! + * Un test autoconf permet de fixer un intervalle de version HDF à MED. + */ +-#if H5_VERS_MINOR > 10 ++#if H5_VERS_MINOR > 12 + #error "Don't forget to change the compatibility version of the library !" + #endif + +--- a/src/hdfi/_MEDfileOpen.c ++++ b/src/hdfi/_MEDfileOpen.c +@@ -72,7 +72,7 @@ med_idt _MEDfileOpen(const char * const filename,const med_access_mode accessmod + + • The creation order tracking property, H5P_CRT_ORDER_TRACKED, has been set in the group creation property list (see H5Pset_link_creation_order). + */ +-#if H5_VERS_MINOR > 10 ++#if H5_VERS_MINOR > 12 + #error "Don't forget to change the compatibility version of the library !" + #endif + /* L'avantage de bloquer le modèle interne HDF5 +--- a/src/hdfi/_MEDmemFileOpen.c ++++ b/src/hdfi/_MEDmemFileOpen.c +@@ -434,7 +434,7 @@ med_idt _MEDmemFileOpen(const char * const filename, med_memfile * const memfile + goto ERROR; + } + +-#if H5_VERS_MINOR > 10 ++#if H5_VERS_MINOR > 12 + #error "Don't forget to change the compatibility version of the library !" + #endif + if ( H5Pset_libver_bounds( _fapl, H5F_LIBVER_18, H5F_LIBVER_18) ) { +--- a/src/hdfi/_MEDparFileCreate.c ++++ b/src/hdfi/_MEDparFileCreate.c +@@ -64,7 +64,7 @@ med_idt _MEDparFileCreate(const char * const filename, const med_access_mode acc + * En HDF5-1.10.0p1 cela n'a aucun effet ! + * Un test autoconf permet de fixer un intervalle de version HDF à MED. + */ +-#if H5_VERS_MINOR > 10 ++#if H5_VERS_MINOR > 12 + #error "Don't forget to change the compatibility version of the library !" + #endif + +--- a/src/hdfi/_MEDparFileOpen.c ++++ b/src/hdfi/_MEDparFileOpen.c +@@ -55,7 +55,7 @@ med_idt _MEDparFileOpen(const char * const filename,const med_access_mode access + MED_ERR_(_fid,MED_ERR_INIT,MED_ERR_PROPERTY,MED_ERR_PARALLEL_MSG); + goto ERROR; + } +-#if H5_VERS_MINOR > 10 ++#if H5_VERS_MINOR > 12 + #error "Don't forget to change the compatibility version of the library !" + #endif + if ( H5Pset_libver_bounds( _fapl, H5F_LIBVER_18, H5F_LIBVER_18 ) ) { diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 669ef839722..7f395b81856 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6032,7 +6032,7 @@ in }; medfile = callPackage ../development/libraries/medfile { - hdf5 = hdf5_1_10; + hdf5 = hdf5.override { usev110Api = true; }; }; meilisearch = callPackage ../servers/search/meilisearch { |