[staging PATCH 0/4] Update hdf5.

  • Done
  • quality assurance status badge
Details
2 participants
  • Greg Hogan
  • Maxim Cournoyer
Owner
unassigned
Submitted by
Greg Hogan
Severity
normal
G
G
Greg Hogan wrote on 22 Mar 2023 14:55
(address . guix-patches@gnu.org)(name . Greg Hogan)(address . code@greghogan.com)
20230322135514.169558-1-code@greghogan.com
Greg Hogan (4):
gnu: hdf5@1.8: Update to 1.8.23.
gnu: hdf5@1.10: Update to 1.10.9.
gnu: hdf5@1.12: Update to 1.12.2.
gnu: Add hdf5@1.14.

gnu/packages/maths.scm | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)

--
2.40.0
G
G
Greg Hogan wrote on 22 Mar 2023 14:57
[staging PATCH 1/4] gnu: hdf5@1.8: Update to 1.8.23.
(address . 62380@debbugs.gnu.org)(name . Greg Hogan)(address . code@greghogan.com)
20230322135711.181552-1-code@greghogan.com
* gnu/packages/maths.scm (hdf5-1.8): Update to 1.8.23.
---
gnu/packages/maths.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 1492753223..512a9d7be2 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -1389,7 +1389,7 @@ (define-public hdf4-alt
(define-public hdf5-1.8
(package
(name "hdf5")
- (version "1.8.22")
+ (version "1.8.23")
(source
(origin
(method url-fetch)
@@ -1404,7 +1404,7 @@ (define-public hdf5-1.8
(string-append major minor)))
"/src/hdf5-" version ".tar.bz2")))
(sha256
- (base32 "194ki2s5jrgl4czkvy5nc9nwjyapah0fj72l0gb0aysplp38i6v8"))
+ (base32 "0km65mr6dgk4ia2dqr1b9dzw9qg15j5z35ymbys9cnny51z1zb39"))
(patches (search-patches "hdf5-config-date.patch"))))
(build-system gnu-build-system)
(inputs
--
2.40.0
G
G
Greg Hogan wrote on 22 Mar 2023 14:57
[staging PATCH 2/4] gnu: hdf5@1.10: Update to 1.10.9.
(address . 62380@debbugs.gnu.org)(name . Greg Hogan)(address . code@greghogan.com)
20230322135711.181552-2-code@greghogan.com
* gnu/packages/maths.scm (hdf5-1.10): Update to 1.10.9.
---
gnu/packages/maths.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 512a9d7be2..e6ce7ee045 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -1514,7 +1514,7 @@ (define-public hdf5-1.8
(define-public hdf5-1.10
(package
(inherit hdf5-1.8)
- (version "1.10.7")
+ (version "1.10.9")
(source
(origin
(method url-fetch)
@@ -1528,7 +1528,7 @@ (define-public hdf5-1.10
(take (string-split version #\.) 2))
"/src/hdf5-" version ".tar.bz2")))
(sha256
- (base32 "0pm5xxry55i0h7wmvc7svzdaa90rnk7h78rrjmnlkz2ygsn8y082"))
+ (base32 "14gih7kmjx4h3lc7pg4fwcl28hf1qqkf2x7rljpxqvzkjrqbxi00"))
(patches (search-patches "hdf5-config-date.patch"))))))
(define-public hdf5-1.12
--
2.40.0
G
G
Greg Hogan wrote on 22 Mar 2023 14:57
[staging PATCH 3/4] gnu: hdf5@1.12: Update to 1.12.2.
(address . 62380@debbugs.gnu.org)(name . Greg Hogan)(address . code@greghogan.com)
20230322135711.181552-3-code@greghogan.com
* gnu/packages/maths.scm (hdf5-1.12): Update to 1.12.2.
---
gnu/packages/maths.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index e6ce7ee045..451a861e95 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -1534,7 +1534,7 @@ (define-public hdf5-1.10
(define-public hdf5-1.12
(package
(inherit hdf5-1.8)
- (version "1.12.1")
+ (version "1.12.2")
(source
(origin
(method url-fetch)
@@ -1548,7 +1548,7 @@ (define-public hdf5-1.12
(take (string-split version #\.) 2))
"/src/hdf5-" version ".tar.bz2")))
(sha256
- (base32 "074g3z504xf77ff38igs30i1aqxpm508p7yw78ykva7dncrgbyda"))
+ (base32 "1zlawdzb0gsvcxif14fwr5ap2gk4b6j02wirr2hcx8hkcbivp20s"))
(patches (search-patches "hdf5-config-date.patch"))))))
(define-public hdf5
--
2.40.0
G
G
Greg Hogan wrote on 22 Mar 2023 14:57
[staging PATCH 4/4] gnu: Add hdf5@1.14.
(address . 62380@debbugs.gnu.org)(name . Greg Hogan)(address . code@greghogan.com)
20230322135711.181552-4-code@greghogan.com
* gnu/packages/maths.scm (hdf5-1.14): New variable.
---
gnu/packages/maths.scm | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)

Toggle diff (33 lines)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 451a861e95..d6d3658445 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -1551,6 +1551,26 @@ (define-public hdf5-1.12
(base32 "1zlawdzb0gsvcxif14fwr5ap2gk4b6j02wirr2hcx8hkcbivp20s"))
(patches (search-patches "hdf5-config-date.patch"))))))
+(define-public hdf5-1.14
+ (package
+ (inherit hdf5-1.8)
+ (version "1.14.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (list (string-append "https://support.hdfgroup.org/ftp/HDF5/releases/"
+ "hdf5-" (version-major+minor version)
+ "/hdf5-" version "/src/hdf5-"
+ version ".tar.bz2")
+ (string-append "https://support.hdfgroup.org/ftp/HDF5/"
+ "current"
+ (apply string-append
+ (take (string-split version #\.) 2))
+ "/src/hdf5-" version ".tar.bz2")))
+ (sha256
+ (base32 "181bdh8hp7v9xqwcby3lknr92lxlicc2hqscba3f5nhf8lrr9rz4"))
+ (patches (search-patches "hdf5-config-date.patch"))))))
+
(define-public hdf5
;; Default version of HDF5.
hdf5-1.10)
--
2.40.0
M
M
Maxim Cournoyer wrote on 31 Mar 2023 05:27
Re: bug#62380: [staging PATCH 0/4] Update hdf5.
(name . Greg Hogan)(address . code@greghogan.com)(address . 62380-done@debbugs.gnu.org)
87fs9ly516.fsf_-_@gmail.com
Hello,

I've installed the series to staging. It seems it could have also been
on the limit to go to master, so in the future feel free to submit for
master.

Something we should look into is hide the (false positive, I assume?)
CVEs reported by guix lint:

Toggle snippet (5 lines)
gnu/packages/maths.scm:1390:2: hdf5@1.8.23: probably vulnerable to CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812
gnu/packages/maths.scm:1515:2: hdf5@1.10.9: probably vulnerable to CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812
gnu/packages/maths.scm:1535:2: hdf5@1.12.2: probably vulnerable to CVE-2021-37501

This can be done by adding lint-hidden-cve properties, with explanatory comments.

--
Thanks,
Maxim
Closed
?