Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to hdf5 1.8.18 #5

Merged
merged 1 commit into from
Jun 6, 2017
Merged

Upgrade to hdf5 1.8.18 #5

merged 1 commit into from
Jun 6, 2017

Conversation

qwhelan
Copy link
Contributor

@qwhelan qwhelan commented Jun 2, 2017

A few CVEs were reported and fixed in hdf5 back in November 2016: http://blog.talosintelligence.com/2016/11/hdf5-vulns.html

The hdf5 release notes for that release are available here: https://support.hdfgroup.org/ftp/HDF5/current18/src/hdf5-1.8.18-RELEASE.txt

For additional info, please see: conda-forge/hdf5-feedstock#68 and conda-forge/hdf5-feedstock#71

@conda-forge-linter
Copy link

Hi! This is the friendly automated conda-forge-linting service.

I just wanted to let you know that I linted all conda-recipes in your PR (recipe) and found it was in an excellent condition.

@qwhelan qwhelan mentioned this pull request Jun 2, 2017
Closed
35 tasks
@blowekamp
Copy link
Contributor

Thank you for the pull request.

My expectation for HDF5 was that minor release have runtime libraries that are compatible. For example if my library was compile against 1.8.17, then HDF5 could be updated to the next patch release 1.8.18 and it would not require me to recompile my library.

Judging by the reference issue, it sounds like that is not the case, and the the patch version must be pinned. Is my understand correct?

@qwhelan
Copy link
Contributor Author

qwhelan commented Jun 6, 2017

@blowekamp That's correct, hdf5 is pretty aggressive about ensuring headers and libraries are of the same version to rule out errors resulting from data format changes. Here's what it looks like if you don't compile a library that depends on hdf5:

The HDF5 header files used to compile this application do not match
the version used by the HDF5 library to which this application is linked.
Data corruption or segmentation faults may occur if the application continues.
This can happen when an application was compiled by one version of HDF5 but
linked with a different version of static or shared HDF5 library.
You should recompile the application or check your shared library related
settings such as 'LD_LIBRARY_PATH'.
'HDF5_DISABLE_VERSION_CHECK' environment variable is set to 1, application will
continue at your own risk.
Headers are 1.8.16, library is 1.8.15

Additionally, conda itself requires an explicit build due to the version pin in recipe/meta.yaml - it won't be able to find a SAT solution that allows the upgraded hdf5 to live alongside a non-upgraded itk.

Apologies for the hassle.

@blowekamp
Copy link
Contributor

Thanks for the pull request and follow up!

@blowekamp blowekamp merged commit ac9f725 into conda-forge:master Jun 6, 2017
@blowekamp blowekamp mentioned this pull request Feb 5, 2018
Closed
blowekamp added a commit to blowekamp/libitk-feedstock that referenced this pull request Dec 7, 2022
@blowekamp
Merge pull request conda-forge#5 from blowekamp/1.2.4
dd6491b 
1.2.4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@qwhelan @conda-forge-linter @blowekamp