From patchwork Fri Apr 10 07:04:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Wang, Jinfeng (CN)" X-Patchwork-Id: 85781 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 187B2F364AE for ; Fri, 10 Apr 2026 07:05:23 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.150881.1775804712932937908 for ; Fri, 10 Apr 2026 00:05:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=ZxC/+pqj; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=8560f54642=jinfeng.wang.cn@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63A3mnF11774203 for ; Fri, 10 Apr 2026 07:05:11 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=A9Ms0tQdkb6ZnKHb5zf4nsTuc9oNwvKPNoJBreSK7+Y=; b=ZxC/+pqjT0qJ CajEq5pT7hfMNTPn9kbbfRvsFXkIOb+1+mkHA/rPXJfdocjozqE0suK9QY7p6bsF FxgKYbeSbuCdbn3W9GRIw7qLeFol/CR/quvFeMWfZAU4LMeNdpN11+kOKv4CNcTn giYbfwYzb8mq0jkpdGQgYHLo5OizfkJHWvKC06wcnPzSgw7uI4sYLSMM1zUA8pid aySu0VXzHciM8+WGBTSMNbKFKjHNhwGQ9ntRbTCkQ/g9mXuYAKnxYTDgj88zLlIf 7KPex6hruhFk9+sS4nkM5/uwKaqu/VZod8ISZsht2F2DFhLms1cnqHFNgGpmoP6x jyAt5X4zEA== Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [128.224.246.36]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4dcmrqn77y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 07:05:11 +0000 (GMT) Received: from ala-exchng01.corp.ad.wrs.com (10.11.224.121) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.61; Fri, 10 Apr 2026 00:05:10 -0700 Received: from pek-lpg-core4.wrs.com (10.11.232.110) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server id 15.1.2507.61 via Frontend Transport; Fri, 10 Apr 2026 00:05:09 -0700 From: To: Subject: [meta-oe][scarthgap][PATCH v2 01/11] yasm: fix CVE-2021-33454 Date: Fri, 10 Apr 2026 15:04:58 +0800 Message-ID: <20260410070508.1104455-2-jinfeng.wang.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> References: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> MIME-Version: 1.0 X-Authority-Analysis: v=2.4 cv=RPCD2Yi+ c=1 sm=1 tr=0 ts=69d8a127 cx=c_pps a=AbJuCvi4Y3V6hpbCNWx0WA==:117 a=AbJuCvi4Y3V6hpbCNWx0WA==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=klDOsUkWDRETUCZYPvoE:22 a=xNf9USuDAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=UqCG9HQmAAAA:8 a=uXtSGE2kdRKVYVFo3EAA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-ORIG-GUID: cv7KwWqgNaIcLU5nVAIj-Di4ZqlrB4ca X-Proofpoint-GUID: cv7KwWqgNaIcLU5nVAIj-Di4ZqlrB4ca X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDA2MyBTYWx0ZWRfX/1N3Ru7khVYK c3PMbjEbBq3P0buc2xm6ZgrzCHEu2e3htce4ObiBICHHm77y48xt5Qzdpj+j+UHEa1RBO50RMan OG2MEnr0BUJflFcm7Xq14uz3hYJDWOdOK15+dX22E6XiUb/RbnTBNpDbpjP0o6m1f1udTigx6eC sPcope7uEFbrPvM8fZqZIewmzS23qxXfOTFbUZP4RIxlJRpdlZp5aUoqFwiSngcq5/fO7KZIE6z lgwBVLegEMq19VWQg/32asuc91Cc5wImzDQlHWzoejt5Yyi/bpdaI4GdbPPzJAZX+eMYSXdSprn ypCHxK9gS6XqrOEDLtedITY3n5Rxr/pFMJqoEY5B2xfxfxUudizvGJ5T+A6YXuS/4xFzIBBNUZA iIl2I/KgjeJftbT2LlgGFtKqEcmiJfBkTHRTmZAh76gjtQiYty6rWxz8mIXT9kqGY1Chglrw8yb PYEcLOPUK89ieB6+fhA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_02,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 malwarescore=0 phishscore=0 adultscore=0 spamscore=0 clxscore=1015 bulkscore=0 impostorscore=0 priorityscore=1501 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100063 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 10 Apr 2026 07:05:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126223 From: Guocai He An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. Backport patch to fix CVE-2021-33454 per reference [1]. [1]: https://security-tracker.debian.org/tracker/CVE-2021-33454 Signed-off-by: Guocai He Signed-off-by: Jinfeng Wang --- .../yasm/yasm/CVE-2021-33454.patch | 29 +++++++++++++++++++ meta-oe/recipes-devtools/yasm/yasm_git.bb | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33454.patch diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33454.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33454.patch new file mode 100644 index 0000000000..735be93a3f --- /dev/null +++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33454.patch @@ -0,0 +1,29 @@ +From 9defefae9fbcb6958cddbfa778c1ea8605da8b8b Mon Sep 17 00:00:00 2001 +From: dataisland +Date: Fri, 22 Sep 2023 00:21:20 -0500 +Subject: [PATCH] Fix null-pointer-dereference in yasm_expr_get_intnum (#244) + +CVE: CVE-2021-33454 +Upstream-Status: Backport [https://github.com/yasm/yasm/commit/9defefae9f] + +Signed-off-by: Guocai He +--- + libyasm/expr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libyasm/expr.c b/libyasm/expr.c +index 5b0c418b..09ae1121 100644 +--- a/libyasm/expr.c ++++ b/libyasm/expr.c +@@ -1264,7 +1264,7 @@ yasm_expr_get_intnum(yasm_expr **ep, int calc_bc_dist) + { + *ep = yasm_expr_simplify(*ep, calc_bc_dist); + +- if ((*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT) ++ if (*ep && (*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT) + return (*ep)->terms[0].data.intn; + else + return (yasm_intnum *)NULL; +-- +2.34.1 + diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb index 5ba4f67628..84503e9a8a 100644 --- a/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \ file://CVE-2023-29579.patch \ file://CVE-2021-33464.patch \ file://CVE-2021-33456.patch \ + file://CVE-2021-33454.patch \ " S = "${WORKDIR}/git" From patchwork Fri Apr 10 07:04:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Wang, Jinfeng (CN)" X-Patchwork-Id: 85785 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A919FB518A for ; Fri, 10 Apr 2026 07:05:24 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.150882.1775804713198968534 for ; Fri, 10 Apr 2026 00:05:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=WgCgFjOb; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=8560f54642=jinfeng.wang.cn@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63A3mnF21774203 for ; Fri, 10 Apr 2026 07:05:12 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=gHnXYOvRyGgHFmT2ezap0Bm919NJUxJTEpMcoGGOxFU=; b=WgCgFjObILcW 8sb3t1tkplurFFZt8eiilLc/xlTqWbSxFR1uuYHcV52h82NllFf4ak3ta0Qc26aL ZJroLfYk0IbkiKNKPiNFHfhpGgD5pdL6OUbYWupCkDfUsMb3jt9bSPU2GhkK7x2B aH9w67D4xGSx+VcNYuTY01sEh0rC0/vHVK3pyU4t/IqRLfSJNptil82LWsZ0Glb+ U+P1CK5R3yEOj2GrD4Gh2ap/k25tlkIGY2r0miBFLwFQ4zTMqPltKs+qISTTH7m1 kuxB2k/KV+gUQlMOB1bqvBKh+Y32HcTGlZaO70bHhNuJuCOXPzK/3iCVZc0YyLmG FuB2gs3yOQ== Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [128.224.246.36]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4dcmrqn77y-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 07:05:12 +0000 (GMT) Received: from ala-exchng01.corp.ad.wrs.com (10.11.224.121) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.61; Fri, 10 Apr 2026 00:05:11 -0700 Received: from pek-lpg-core4.wrs.com (10.11.232.110) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server id 15.1.2507.61 via Frontend Transport; Fri, 10 Apr 2026 00:05:10 -0700 From: To: Subject: [meta-python][scarthgap][PATCH v2 02/11] python3-django: fix CVE-2025-64459 Date: Fri, 10 Apr 2026 15:04:59 +0800 Message-ID: <20260410070508.1104455-3-jinfeng.wang.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> References: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> MIME-Version: 1.0 X-Authority-Analysis: v=2.4 cv=RPCD2Yi+ c=1 sm=1 tr=0 ts=69d8a128 cx=c_pps a=AbJuCvi4Y3V6hpbCNWx0WA==:117 a=AbJuCvi4Y3V6hpbCNWx0WA==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=klDOsUkWDRETUCZYPvoE:22 a=PYnjg3YJAAAA:8 a=is1M7v0WAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=pGLkceISAAAA:8 a=avUYmXgeZf36Ky6ssdIA:9 a=43mYI5ShwYkO3IWxqTDg:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-ORIG-GUID: QL91rr-2tEUrXNYzPg3REuSGpmn5Eq97 X-Proofpoint-GUID: QL91rr-2tEUrXNYzPg3REuSGpmn5Eq97 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDA2MyBTYWx0ZWRfX4SBXm2WKKjG+ Vp13QZEr/cF7hl2sKKTP88F1diFSU6AGV4IcB/X85Rrhq8K8oPadh/dm0Auirh3rxPjjsug8tUN 5++VUpBfvYC3B5nl2Yu3xzr9wJE9hMXL8WA+E8/6Y2OUhvFWdLAfztUJ5Jt3rXWLN4nbbznvmiS e2Bpn+JtOWK78NWbl7IPGVe7sJRnc3dBvmhF5sisaAMnYG0NoV/rdr+DubWONNNaYqWr/2axVef PPnB3F/0rRqdSSN5F+CtstT0iJyS+/LFG6wUGtPdX6/dfB5KWtjmagx0IinC5uCjec8o1bKdkEu B6iSfHBWdkWEgdteoN9jN9SElflsU2B1ln5AfWEur0EoyTA/F+pWF6HvwEqe8SivvnNtQvOUIAU LahlTQMLn0YMnAKtx78EyRH9nvZFg6mJ6aBXx6nYqo+GeOsgI50uswt4jeVQ1uL6QTw/uaF1BU5 24U0m2yxiR5/qpKTIOA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_02,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 malwarescore=0 phishscore=0 adultscore=0 spamscore=0 clxscore=1015 bulkscore=0 impostorscore=0 priorityscore=1501 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100063 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 10 Apr 2026 07:05:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126224 From: Haixiao Yan The methods QuerySet.filter(), QuerySet.exclude(), and QuerySet.get(), and the class Q() were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the _connector argument. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-64459 https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html Upstream-patch: https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241 https://github.com/django/django/commit/4624ed769c0f7caea0d48ac824a75fa6b6f17671 Signed-off-by: Haixiao Yan Signed-off-by: Jinfeng Wang --- .../CVE-2025-64459-1.patch | 57 +++++++++++++++++ .../CVE-2025-64459-2.patch | 63 +++++++++++++++++++ .../python/python3-django_5.0.14.bb | 5 +- 3 files changed, 124 insertions(+), 1 deletion(-) create mode 100644 meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-64459-1.patch create mode 100644 meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-64459-2.patch diff --git a/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-64459-1.patch b/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-64459-1.patch new file mode 100644 index 0000000000..6c42adfa42 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-64459-1.patch @@ -0,0 +1,57 @@ +From 45f5d17986f70f0aaf4a666b2d71ae6750beeb88 Mon Sep 17 00:00:00 2001 +From: Jacob Walls +Date: Wed, 24 Sep 2025 15:54:51 -0400 +Subject: [PATCH] [5.1.x] Fixed CVE-2025-64459 -- Prevented SQL injections + in Q/QuerySet via the _connector kwarg. + +Thanks cyberstan for the report, Sarah Boyce, Adam Johnson, Simon +Charette, and Jake Howard for the reviews. + +Backport of c880530ddd4fabd5939bab0e148bebe36699432a from main. + +CVE: CVE-2025-64459 + +Upstream-Status: Backport [https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241] + +Signed-off-by: Haixiao Yan +--- + django/db/models/query_utils.py | 4 ++++ + tests/queries/test_q.py | 5 +++++ + 2 files changed, 9 insertions(+) + +diff --git a/django/db/models/query_utils.py b/django/db/models/query_utils.py +index a04bbad5e7f8..d8610bc54d46 100644 +--- a/django/db/models/query_utils.py ++++ b/django/db/models/query_utils.py +@@ -47,8 +47,12 @@ class Q(tree.Node): + XOR = "XOR" + default = AND + conditional = True ++ connectors = (None, AND, OR, XOR) + + def __init__(self, *args, _connector=None, _negated=False, **kwargs): ++ if _connector not in self.connectors: ++ connector_reprs = ", ".join(f"{conn!r}" for conn in self.connectors[1:]) ++ raise ValueError(f"_connector must be one of {connector_reprs}, or None.") + super().__init__( + children=[*args, *sorted(kwargs.items())], + connector=_connector, +diff --git a/tests/queries/test_q.py b/tests/queries/test_q.py +index f7192a430a12..b21ec929a2ec 100644 +--- a/tests/queries/test_q.py ++++ b/tests/queries/test_q.py +@@ -264,6 +264,11 @@ class QTests(SimpleTestCase): + Q(*items, _connector=connector), + ) + ++ def test_connector_validation(self): ++ msg = f"_connector must be one of {Q.AND!r}, {Q.OR!r}, {Q.XOR!r}, or None." ++ with self.assertRaisesMessage(ValueError, msg): ++ Q(_connector="evil") ++ + def test_referenced_base_fields(self): + # Make sure Q.referenced_base_fields retrieves all base fields from + # both filters and F expressions. +-- +2.34.1 + diff --git a/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-64459-2.patch b/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-64459-2.patch new file mode 100644 index 0000000000..5a207f8f11 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-64459-2.patch @@ -0,0 +1,63 @@ +From 415912be531179e90e69f0be2e8bca301de53765 Mon Sep 17 00:00:00 2001 +From: Jacob Walls +Date: Wed, 24 Sep 2025 15:56:03 -0400 +Subject: [PATCH] [5.1.x] Refs CVE-2025-64459 -- Avoided propagating + invalid arguments to Q on dictionary expansion. + +Backport of 3c3f46357718166069948625354b8315a8505262 from main. + +CVE: CVE-2025-64459 + +Upstream-Status: Backport [https://github.com/django/django/commit/4624ed769c0f7caea0d48ac824a75fa6b6f17671] + +Signed-off-by: Haixiao Yan +--- + django/db/models/query.py | 5 +++++ + tests/queries/tests.py | 8 ++++++++ + 2 files changed, 13 insertions(+) + +diff --git a/django/db/models/query.py b/django/db/models/query.py +index 153fb1193ebf..3308cd48db00 100644 +--- a/django/db/models/query.py ++++ b/django/db/models/query.py +@@ -42,6 +42,8 @@ MAX_GET_RESULTS = 21 + # The maximum number of items to display in a QuerySet.__repr__ + REPR_OUTPUT_SIZE = 20 + ++PROHIBITED_FILTER_KWARGS = frozenset(["_connector", "_negated"]) ++ + + class BaseIterable: + def __init__( +@@ -1495,6 +1497,9 @@ class QuerySet(AltersData): + return clone + + def _filter_or_exclude_inplace(self, negate, args, kwargs): ++ if invalid_kwargs := PROHIBITED_FILTER_KWARGS.intersection(kwargs): ++ invalid_kwargs_str = ", ".join(f"'{k}'" for k in sorted(invalid_kwargs)) ++ raise TypeError(f"The following kwargs are invalid: {invalid_kwargs_str}") + if negate: + self._query.add_q(~Q(*args, **kwargs)) + else: +diff --git a/tests/queries/tests.py b/tests/queries/tests.py +index 20665ab2cda3..5df231949194 100644 +--- a/tests/queries/tests.py ++++ b/tests/queries/tests.py +@@ -4481,6 +4481,14 @@ class TestInvalidValuesRelation(SimpleTestCase): + Annotation.objects.filter(tag__in=[123, "abc"]) + + ++class TestInvalidFilterArguments(TestCase): ++ def test_filter_rejects_invalid_arguments(self): ++ school = School.objects.create() ++ msg = "The following kwargs are invalid: '_connector', '_negated'" ++ with self.assertRaisesMessage(TypeError, msg): ++ School.objects.filter(pk=school.pk, _negated=True, _connector="evil") ++ ++ + class TestTicket24605(TestCase): + def test_ticket_24605(self): + """ +-- +2.34.1 + diff --git a/meta-python/recipes-devtools/python/python3-django_5.0.14.bb b/meta-python/recipes-devtools/python/python3-django_5.0.14.bb index c2c44b4cc7..84dd9dd5f4 100644 --- a/meta-python/recipes-devtools/python/python3-django_5.0.14.bb +++ b/meta-python/recipes-devtools/python/python3-django_5.0.14.bb @@ -4,7 +4,10 @@ inherit setuptools3 # Windows-specific DoS via NFKC normalization, not applicable to Linux CVE_STATUS[CVE-2025-27556] = "not-applicable-platform: Issue only applies on Windows" -SRC_URI += "file://CVE-2025-64460.patch" +SRC_URI += "file://CVE-2025-64460.patch \ + file://CVE-2025-64459-1.patch \ + file://CVE-2025-64459-2.patch \ + " SRC_URI[sha256sum] = "29019a5763dbd48da1720d687c3522ef40d1c61be6fb2fad27ed79e9f655bc11" RDEPENDS:${PN} += "\ From patchwork Fri Apr 10 07:05:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Wang, Jinfeng (CN)" X-Patchwork-Id: 85786 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF963E99042 for ; Fri, 10 Apr 2026 07:05:24 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.150883.1775804714118433982 for ; Fri, 10 Apr 2026 00:05:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=ho1vWCgl; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=8560f54642=jinfeng.wang.cn@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63A502Pp2703639 for ; Fri, 10 Apr 2026 00:05:13 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=O+Wzmce37w6AKQgYXRbD1Ag6dk9X1K/obxO//Op7vwc=; b=ho1vWCgl0qMx V3pohJMbO8cWtk5lcMomQaawQ05b51TnKjhbQD/BA/qmE8RstRF47tgSuQKD7oC6 QN1Z1yl7VZOhQPbJQMCzUEhBd4Jzrc/Oozb4Vm+/s3Ke6i+I5fdFoQ/cb7Pv3dVE anbzZ+tbiHjFPVUEwJM2TlC9i63/fZmSUzC23ip+cOJ2mhdPVogKUMhuCfNgdZYr J7qRYvckfF5CNz9kdsQrbtw/pOqHTixke+jInlmxfVJNW88b2dArb7VrOdZ5Pu1o nqHyP96a3SXyFz14a4EXpPZm4mkZtf9F4sy4NdxgCJTZm5xyrw3skLXULFgNuKkC wyT4uCZtGw== Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [128.224.246.36]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4dcmryn4ed-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 00:05:13 -0700 (PDT) Received: from ala-exchng01.corp.ad.wrs.com (10.11.224.121) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.61; Fri, 10 Apr 2026 00:05:12 -0700 Received: from pek-lpg-core4.wrs.com (10.11.232.110) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server id 15.1.2507.61 via Frontend Transport; Fri, 10 Apr 2026 00:05:11 -0700 From: To: Subject: [meta-oe][scarthgap][PATCH v2 03/11] hdf5: fix CVE-2025-6857 Date: Fri, 10 Apr 2026 15:05:00 +0800 Message-ID: <20260410070508.1104455-4-jinfeng.wang.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> References: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 7kC7rV_C2zcpSv8c7p0sHYinu-bJ7xxl X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDA2MyBTYWx0ZWRfX/egE9PEF+OM7 nP6BFGIpD9fBXv0V38pN4YDDqCmNJPrMBVw+fI283HmoOzGLUmeyhRbIsrpfCCwEvasmw5jsOj2 gYSJzL2Khmi1OkicKXdB9J0yGIQIpOJgjiPtkdRp2HM0WKw1yFMhW9SPJB+RsTU5V7AA2cy25j9 cXV0v5gHAAt/PNm/kdypqypFGxJ3/TdANRZYsNMq0/oSWPT7nuzUT2azMTH3hAClu5/M7JZehqs 1FBJuNNjBfDn15D1T1vhRoGIYO6RJ+bJP4D0VdbhhhXgdJ8X+red6mgAEi3l8nXxz3wqDENaT9k zQMWlPBySYnps9PW67E7mEnRsnvHAilmvkhwrQdUqk9wNAvL7QYApEmzIJRnnYeRQmH7YEJJ+05 rLPgo6n4kqQ6uLgKGmYGtXi5+q3dXh1aKN4sSq6Y/zxggejFjH98yKXnbckDEdlKVZzLfw/b6I7 8x1vSL46hsCLDRygcFA== X-Proofpoint-GUID: 7kC7rV_C2zcpSv8c7p0sHYinu-bJ7xxl X-Authority-Analysis: v=2.4 cv=Wcg8rUhX c=1 sm=1 tr=0 ts=69d8a129 cx=c_pps a=AbJuCvi4Y3V6hpbCNWx0WA==:117 a=AbJuCvi4Y3V6hpbCNWx0WA==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=HK-ge7EqtdluswH-FwHe:22 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=fM0o_JtyA1Roca-_o2UA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_02,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 clxscore=1015 lowpriorityscore=0 priorityscore=1501 impostorscore=0 suspectscore=0 malwarescore=0 bulkscore=0 spamscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100063 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 10 Apr 2026 07:05:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126225 From: Libo Chen According to [1], A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Backport patch [2] from upstream to fix CVE-2025-6857 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-6857 [2] https://github.com/HDFGroup/hdf5/commit/a8ceb1d95bb997f548c1129363dad53c18540096 Signed-off-by: Libo Chen Signed-off-by: Jinfeng Wang --- .../hdf5/files/CVE-2025-6857.patch | 248 ++++++++++++++++++ meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb | 1 + 2 files changed, 249 insertions(+) create mode 100644 meta-oe/recipes-support/hdf5/files/CVE-2025-6857.patch diff --git a/meta-oe/recipes-support/hdf5/files/CVE-2025-6857.patch b/meta-oe/recipes-support/hdf5/files/CVE-2025-6857.patch new file mode 100644 index 0000000000..8b40d0e946 --- /dev/null +++ b/meta-oe/recipes-support/hdf5/files/CVE-2025-6857.patch @@ -0,0 +1,248 @@ +From eb3af284cc0ac8c758c65f492fc693ed50539592 Mon Sep 17 00:00:00 2001 +From: Libo Chen +Date: Thu, 29 Jan 2026 13:59:39 +0800 +Subject: [PATCH] Fix CVE-2025-6857 + +Add additional checks for v1 B-tree corruption + +An HDF5 file had a corrupted v1 B-tree that would result in a stack overflow when performing a lookup on it. This has been fixed with additional integrity checks. + +CVE: CVE-2025-6857 + +Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/a8ceb1d95bb997f548c1129363dad53c18540096] + +Signed-off-by: Libo Chen +--- + src/H5B.c | 92 +++++++++++++++++++++++++++++++++++++++++++--------- + src/H5Bpkg.h | 6 ++++ + 2 files changed, 83 insertions(+), 15 deletions(-) + +diff --git a/src/H5B.c b/src/H5B.c +index 5a7a238..4efa679 100644 +--- a/src/H5B.c ++++ b/src/H5B.c +@@ -140,6 +140,8 @@ typedef struct H5B_ins_ud_t { + /********************/ + /* Local Prototypes */ + /********************/ ++static herr_t H5B_find_helper(H5F_t *f, const H5B_class_t *type, haddr_t addr, int exp_level, bool *found, ++ void *udata); + static H5B_ins_t H5B__insert_helper(H5F_t *f, H5B_ins_ud_t *bt_ud, const H5B_class_t *type, uint8_t *lt_key, + bool *lt_key_changed, uint8_t *md_key, void *udata, uint8_t *rt_key, + bool *rt_key_changed, H5B_ins_ud_t *split_bt_ud /*out*/); +@@ -252,26 +254,67 @@ done: + } /* end H5B_create() */ + + /*------------------------------------------------------------------------- +- * Function: H5B_find ++ * Function: H5B_find + * +- * Purpose: Locate the specified information in a B-tree and return +- * that information by filling in fields of the caller-supplied +- * UDATA pointer depending on the type of leaf node +- * requested. The UDATA can point to additional data passed +- * to the key comparison function. ++ * Purpose: Locate the specified information in a B-tree and return ++ * that information by filling in fields of the ++ * caller-supplied UDATA pointer depending on the type of leaf ++ * node requested. The UDATA can point to additional data ++ * passed to the key comparison function. + * +- * Note: This function does not follow the left/right sibling +- * pointers since it assumes that all nodes can be reached +- * from the parent node. ++ * Note: This function does not follow the left/right sibling ++ * pointers since it assumes that all nodes can be reached ++ * from the parent node. + * +- * Return: Non-negative (true/false) on success (if found, values returned +- * through the UDATA argument). Negative on failure (if not found, +- * UDATA is undefined). ++ * Return: Non-negative (true/false) on success (if found, values ++ * returned through the UDATA argument). Negative on failure ++ * (if not found, UDATA is undefined). + * + *------------------------------------------------------------------------- + */ + herr_t + H5B_find(H5F_t *f, const H5B_class_t *type, haddr_t addr, bool *found, void *udata) ++{ ++ herr_t ret_value = SUCCEED; ++ ++ FUNC_ENTER_NOAPI(FAIL) ++ ++ /* ++ * Check arguments. ++ */ ++ assert(f); ++ assert(type); ++ assert(type->decode); ++ assert(type->cmp3); ++ assert(type->found); ++ assert(H5_addr_defined(addr)); ++ ++ if ((ret_value = H5B_find_helper(f, type, addr, H5B_UNKNOWN_NODELEVEL, found, udata)) < 0) ++ HGOTO_ERROR(H5E_BTREE, H5E_NOTFOUND, FAIL, "can't lookup key"); ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) ++} /* end H5B_find() */ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5B_find_helper ++ * ++ * Purpose: Recursive helper routine for H5B_find used to track node ++ * levels and attempt to detect B-tree corruption during ++ * lookups. ++ * ++ * Note: This function does not follow the left/right sibling ++ * pointers since it assumes that all nodes can be reached ++ * from the parent node. ++ * ++ * Return: Non-negative on success (if found, values returned through ++ * the UDATA argument). Negative on failure (if not found, ++ * UDATA is undefined). ++ * ++ *------------------------------------------------------------------------- ++ */ ++static herr_t ++H5B_find_helper(H5F_t *f, const H5B_class_t *type, haddr_t addr, int exp_level, bool *found, void *udata) + { + H5B_t *bt = NULL; + H5UC_t *rc_shared; /* Ref-counted shared info */ +@@ -281,7 +324,7 @@ H5B_find(H5F_t *f, const H5B_class_t *type, haddr_t addr, bool *found, void *uda + int cmp = 1; /* Key comparison value */ + herr_t ret_value = SUCCEED; /* Return value */ + +- FUNC_ENTER_NOAPI(FAIL) ++ FUNC_ENTER_NOAPI_NOINIT + + /* + * Check arguments. +@@ -306,6 +349,7 @@ H5B_find(H5F_t *f, const H5B_class_t *type, haddr_t addr, bool *found, void *uda + cache_udata.f = f; + cache_udata.type = type; + cache_udata.rc_shared = rc_shared; ++ cache_udata.exp_level = exp_level; + if (NULL == (bt = (H5B_t *)H5AC_protect(f, H5AC_BT, addr, &cache_udata, H5AC__READ_ONLY_FLAG))) + HGOTO_ERROR(H5E_BTREE, H5E_CANTPROTECT, FAIL, "unable to load B-tree node"); + +@@ -329,7 +373,17 @@ H5B_find(H5F_t *f, const H5B_class_t *type, haddr_t addr, bool *found, void *uda + assert(idx < bt->nchildren); + + if (bt->level > 0) { +- if ((ret_value = H5B_find(f, type, bt->child[idx], found, udata)) < 0) ++ /* Sanity check to catch the case where the current node points to ++ * itself and the current node was loaded with an expected node level ++ * of H5B_UNKNOWN_NODELEVEL, thus bypassing the expected node level ++ * check during deserialization and in the future if the node was ++ * cached. ++ */ ++ if (bt->child[idx] == addr) ++ HGOTO_ERROR(H5E_BTREE, H5E_BADVALUE, FAIL, "cyclic B-tree detected"); ++ ++ if ((ret_value = H5B_find_helper(f, type, bt->child[idx], (int)(bt->level - 1), found, udata)) < ++ 0) + HGOTO_ERROR(H5E_BTREE, H5E_NOTFOUND, FAIL, "can't lookup key in subtree"); + } /* end if */ + else { +@@ -343,7 +397,7 @@ done: + HDONE_ERROR(H5E_BTREE, H5E_CANTUNPROTECT, FAIL, "unable to release node"); + + FUNC_LEAVE_NOAPI(ret_value) +-} /* end H5B_find() */ ++} /* end H5B_find_helper() */ + + /*------------------------------------------------------------------------- + * Function: H5B__split +@@ -425,6 +479,7 @@ H5B__split(H5F_t *f, H5B_ins_ud_t *bt_ud, unsigned idx, void *udata, H5B_ins_ud_ + cache_udata.f = f; + cache_udata.type = shared->type; + cache_udata.rc_shared = bt_ud->bt->rc_shared; ++ cache_udata.exp_level = H5B_UNKNOWN_NODELEVEL; + if (NULL == (split_bt_ud->bt = + (H5B_t *)H5AC_protect(f, H5AC_BT, split_bt_ud->addr, &cache_udata, H5AC__NO_FLAGS_SET))) + HGOTO_ERROR(H5E_BTREE, H5E_CANTPROTECT, FAIL, "unable to protect B-tree"); +@@ -532,6 +587,7 @@ H5B_insert(H5F_t *f, const H5B_class_t *type, haddr_t addr, void *udata) + cache_udata.f = f; + cache_udata.type = type; + cache_udata.rc_shared = rc_shared; ++ cache_udata.exp_level = H5B_UNKNOWN_NODELEVEL; + bt_ud.addr = addr; + if (NULL == (bt_ud.bt = (H5B_t *)H5AC_protect(f, H5AC_BT, addr, &cache_udata, H5AC__NO_FLAGS_SET))) + HGOTO_ERROR(H5E_BTREE, H5E_CANTPROTECT, FAIL, "unable to locate root of B-tree"); +@@ -789,6 +845,7 @@ H5B__insert_helper(H5F_t *f, H5B_ins_ud_t *bt_ud, const H5B_class_t *type, uint8 + cache_udata.f = f; + cache_udata.type = type; + cache_udata.rc_shared = rc_shared; ++ cache_udata.exp_level = H5B_UNKNOWN_NODELEVEL; + + if (0 == bt->nchildren) { + /* +@@ -1077,6 +1134,7 @@ H5B__iterate_helper(H5F_t *f, const H5B_class_t *type, haddr_t addr, H5B_operato + cache_udata.f = f; + cache_udata.type = type; + cache_udata.rc_shared = rc_shared; ++ cache_udata.exp_level = H5B_UNKNOWN_NODELEVEL; + if (NULL == (bt = (H5B_t *)H5AC_protect(f, H5AC_BT, addr, &cache_udata, H5AC__READ_ONLY_FLAG))) + HGOTO_ERROR(H5E_BTREE, H5E_CANTPROTECT, H5_ITER_ERROR, "unable to load B-tree node"); + +@@ -1190,6 +1248,7 @@ H5B__remove_helper(H5F_t *f, haddr_t addr, const H5B_class_t *type, int level, u + cache_udata.f = f; + cache_udata.type = type; + cache_udata.rc_shared = rc_shared; ++ cache_udata.exp_level = H5B_UNKNOWN_NODELEVEL; + if (NULL == (bt = (H5B_t *)H5AC_protect(f, H5AC_BT, addr, &cache_udata, H5AC__NO_FLAGS_SET))) + HGOTO_ERROR(H5E_BTREE, H5E_CANTPROTECT, H5B_INS_ERROR, "unable to load B-tree node"); + +@@ -1542,6 +1601,7 @@ H5B_delete(H5F_t *f, const H5B_class_t *type, haddr_t addr, void *udata) + cache_udata.f = f; + cache_udata.type = type; + cache_udata.rc_shared = rc_shared; ++ cache_udata.exp_level = H5B_UNKNOWN_NODELEVEL; + if (NULL == (bt = (H5B_t *)H5AC_protect(f, H5AC_BT, addr, &cache_udata, H5AC__NO_FLAGS_SET))) + HGOTO_ERROR(H5E_BTREE, H5E_CANTPROTECT, FAIL, "unable to load B-tree node"); + +@@ -1782,6 +1842,7 @@ H5B__get_info_helper(H5F_t *f, const H5B_class_t *type, haddr_t addr, const H5B_ + cache_udata.f = f; + cache_udata.type = type; + cache_udata.rc_shared = rc_shared; ++ cache_udata.exp_level = H5B_UNKNOWN_NODELEVEL; + if (NULL == (bt = (H5B_t *)H5AC_protect(f, H5AC_BT, addr, &cache_udata, H5AC__READ_ONLY_FLAG))) + HGOTO_ERROR(H5E_BTREE, H5E_CANTPROTECT, FAIL, "unable to load B-tree node"); + +@@ -1923,6 +1984,7 @@ H5B_valid(H5F_t *f, const H5B_class_t *type, haddr_t addr) + cache_udata.f = f; + cache_udata.type = type; + cache_udata.rc_shared = rc_shared; ++ cache_udata.exp_level = H5B_UNKNOWN_NODELEVEL; + if (NULL == (bt = (H5B_t *)H5AC_protect(f, H5AC_BT, addr, &cache_udata, H5AC__READ_ONLY_FLAG))) + HGOTO_ERROR(H5E_BTREE, H5E_CANTPROTECT, FAIL, "unable to protect B-tree node"); + +diff --git a/src/H5Bpkg.h b/src/H5Bpkg.h +index d1ad647..f75e857 100644 +--- a/src/H5Bpkg.h ++++ b/src/H5Bpkg.h +@@ -39,6 +39,11 @@ + /* # of bits for node level: 1 byte */ + #define LEVEL_BITS 8 + ++/* Indicates that the level of the current node is unknown. When the level ++ * is known, it can be used to detect corrupted level during decoding ++ */ ++#define H5B_UNKNOWN_NODELEVEL -1 ++ + /****************************/ + /* Package Private Typedefs */ + /****************************/ +@@ -60,6 +65,7 @@ typedef struct H5B_t { + typedef struct H5B_cache_ud_t { + H5F_t *f; /* File that B-tree node is within */ + const struct H5B_class_t *type; /* Type of tree */ ++ int exp_level; /* Expected level of the current node */ + H5UC_t *rc_shared; /* Ref-counted shared info */ + } H5B_cache_ud_t; + +-- +2.34.1 + diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb index e8432f0d6b..1b9f0fcfa8 100644 --- a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb +++ b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb @@ -24,6 +24,7 @@ SRC_URI = " \ file://CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_01.patch \ file://CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_02.patch \ file://CVE-2025-2926.patch \ + file://CVE-2025-6857.patch \ " SRC_URI[sha256sum] = "019ac451d9e1cf89c0482ba2a06f07a46166caf23f60fea5ef3c37724a318e03" From patchwork Fri Apr 10 07:05:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Wang, Jinfeng (CN)" X-Patchwork-Id: 85787 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B5D8E99040 for ; Fri, 10 Apr 2026 07:05:25 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.150884.1775804714465485307 for ; Fri, 10 Apr 2026 00:05:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=fWOgN1bT; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=8560f54642=jinfeng.wang.cn@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63A502Pq2703639 for ; Fri, 10 Apr 2026 00:05:14 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=ua+CkW458HQZY8VuSYFTbHrKWh2p0K8bPi7y0en36EM=; b=fWOgN1bTE7gL iFVLoZNpFqjgXSKXb9ABdHvVKB23Yddmp+OG+vX1WvD5hbGKTL0MaXFKew49EU1x 3vO78lmjMr/IeMhgMOBZ9HuANEZeu3R0zJFzu+xUr7/BGiLR8K54CGbk0QIys5Uc lCVnkEVnmo/NWbISdHcE4sFaJv7dPwXoU2Chle1TU9dPBGM3386I2pbSFMJGdqp7 ae67RJLwLA2H9JsinGFoNDYWdjc5K0g2TskdSKB1UdPIoPOTS1J9tfPGJ6sx4mEI uDJcDeSZRxup3bT+NGcFu528gmBY0hn9EHC/10+VzbnYgmSywsp55047Pad8e/ui bL9zUiWpjg== Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [128.224.246.36]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4dcmryn4ed-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 00:05:13 -0700 (PDT) Received: from ala-exchng01.corp.ad.wrs.com (10.11.224.121) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.61; Fri, 10 Apr 2026 00:05:13 -0700 Received: from pek-lpg-core4.wrs.com (10.11.232.110) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server id 15.1.2507.61 via Frontend Transport; Fri, 10 Apr 2026 00:05:12 -0700 From: To: Subject: [meta-oe][scarthgap][PATCH v2 04/11] hdf5: fix CVE-2025-2153 Date: Fri, 10 Apr 2026 15:05:01 +0800 Message-ID: <20260410070508.1104455-5-jinfeng.wang.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> References: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: bETLQf0u91QccDePPkKJhzWPMi1KOW5J X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDA2MyBTYWx0ZWRfX64dMz+hiT6a0 yqO/kBKVftT04WmbxuMhL766D0NORz6YTZzt+TLVSx5QPE6vG6lsQ1E+q3zE+oulWGT1QlIk/xb E2ytUjRsLv7IQdpZSE4+49YV1MwDiVH2qkjWuqqbeeWxX01zuQwXqhlwk8PzOjcnebVUprGC+GB Vaz67a12FLB7gHiLYd8TjzABSJCnSODtKgwhIQ8+cpGlTwBY7lcROYvzA+1Kvux9ktKSJcQQndx EhJMdjJc7/gLLGzomEOpmSyUXZL9IjK7fOcBZERSfI3p6ckY85gNkTDN/0ywlomt0Fsp61+otmn rIZ7hbl58DvmBWBBnLyJ/UZ+pxIWIpokeRowrsGMFHcl/udTWwWk32UJya5WXwWIYLVo/r3ICJa /amwJR4LuYqfsmfMzgb3LgTIT48VUCtgHUmXNsnxviL6WtXL/B7CMsoMY3m/+rrsnl8qcPN/DAw EqFXHvXli4LHhXlezTg== X-Proofpoint-GUID: bETLQf0u91QccDePPkKJhzWPMi1KOW5J X-Authority-Analysis: v=2.4 cv=Wcg8rUhX c=1 sm=1 tr=0 ts=69d8a129 cx=c_pps a=AbJuCvi4Y3V6hpbCNWx0WA==:117 a=AbJuCvi4Y3V6hpbCNWx0WA==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=HK-ge7EqtdluswH-FwHe:22 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=1UTvrjLGKP7plThKwisA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_02,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 clxscore=1015 lowpriorityscore=0 priorityscore=1501 impostorscore=0 suspectscore=0 malwarescore=0 bulkscore=0 spamscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100063 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 10 Apr 2026 07:05:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126226 From: Libo Chen According to [1], A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Backport patch [2] from upstream to fix CVE-2025-2153 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-2153 [2] https://github.com/HDFGroup/hdf5/commit/38954615fc079538aa45d48097625a6d76aceef0 Signed-off-by: Libo Chen Signed-off-by: Jinfeng Wang --- .../hdf5/files/CVE-2025-2153.patch | 51 +++++++++++++++++++ meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb | 1 + 2 files changed, 52 insertions(+) create mode 100644 meta-oe/recipes-support/hdf5/files/CVE-2025-2153.patch diff --git a/meta-oe/recipes-support/hdf5/files/CVE-2025-2153.patch b/meta-oe/recipes-support/hdf5/files/CVE-2025-2153.patch new file mode 100644 index 0000000000..6f77ad330b --- /dev/null +++ b/meta-oe/recipes-support/hdf5/files/CVE-2025-2153.patch @@ -0,0 +1,51 @@ +From 586f01d74f23dabcd733c82a05cf26bf123a91dc Mon Sep 17 00:00:00 2001 +From: Libo Chen +Date: Fri, 30 Jan 2026 11:42:10 +0800 +Subject: [PATCH] Fix CVE-2025-2153 + +This PR fixes #5329. Previously, the message flags field was able to be modified such that a message that is not sharable according to the share_flags field in H5O_msg_class_t could be treated as sharable. A check has been added to make sure messages that are not sharable can't be modified so that they indicate they can be shared. + +The bug was first reproduced using the fuzzer and the POC file from #5329. With this change, the heap based buffer overflow no longer occurs. + +CVE: CVE-2025-2153 + +Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/38954615fc079538aa45d48097625a6d76aceef0] + +Signed-off-by: Libo Chen +--- + src/H5Ocache.c | 4 ++-- + src/H5Omessage.c | 3 +++ + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/H5Ocache.c b/src/H5Ocache.c +index 9b82509..7203490 100644 +--- a/src/H5Ocache.c ++++ b/src/H5Ocache.c +@@ -1422,8 +1422,8 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t chunk_size, const uint8_t + else { + /* Check for message of unshareable class marked as "shareable" + */ +- if ((flags & H5O_MSG_FLAG_SHAREABLE) && H5O_msg_class_g[id] && +- !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE)) ++ if (((flags & H5O_MSG_FLAG_SHARED) || (flags & H5O_MSG_FLAG_SHAREABLE)) && ++ H5O_msg_class_g[id] && !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE)) + HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, + "message of unshareable class flagged as shareable"); + +diff --git a/src/H5Omessage.c b/src/H5Omessage.c +index 7190e46..fb9006c 100644 +--- a/src/H5Omessage.c ++++ b/src/H5Omessage.c +@@ -354,6 +354,9 @@ H5O__msg_write_real(H5F_t *f, H5O_t *oh, const H5O_msg_class_t *type, unsigned m + */ + assert(!(mesg_flags & H5O_MSG_FLAG_DONTSHARE)); + ++ /* Sanity check to see if the type is not sharable */ ++ assert(type->share_flags & H5O_SHARE_IS_SHARABLE); ++ + /* Remove the old message from the SOHM index */ + /* (It would be more efficient to try to share the message first, then + * delete it (avoiding thrashing the index in the case the ref. +-- +2.34.1 + diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb index 1b9f0fcfa8..715f14ccae 100644 --- a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb +++ b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb @@ -25,6 +25,7 @@ SRC_URI = " \ file://CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_02.patch \ file://CVE-2025-2926.patch \ file://CVE-2025-6857.patch \ + file://CVE-2025-2153.patch \ " SRC_URI[sha256sum] = "019ac451d9e1cf89c0482ba2a06f07a46166caf23f60fea5ef3c37724a318e03" From patchwork Fri Apr 10 07:05:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Wang, Jinfeng (CN)" X-Patchwork-Id: 85788 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 377ADE99046 for ; Fri, 10 Apr 2026 07:05:25 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.150633.1775804716748567033 for ; Fri, 10 Apr 2026 00:05:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=WU6B1le7; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=8560f54642=jinfeng.wang.cn@windriver.com) Received: from pps.filterd (m0250812.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63A5erng103534 for ; Fri, 10 Apr 2026 07:05:15 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=qrrX5DpF/lOFIlU9urPQp5tVk+L4kwwZQfw6mtxRKSE=; b=WU6B1le71jd1 2E7mKwjA1aXWG2ooD9A+jFPwURPPECYPgwhhLsQ7cNewZrvwyMBMRkNVGqRRkEEm 81UMiSeAH2ngeVoenDko8J24rI6oAvgrJ/g7NouCi5nUWqPbYqpRIC8EHJyBwanC CsHSTRjlvu6wmDAbLnZLRto9BSGZ+ymblIf8ZcoqRDlsH55mq/vmguFCeM2swWGD lOMKwnEL6hgMWj9vi7X6/SEz9b3Ol3KBGNntwXAw4e3Qj95YkmYtJfVssrane45+ 3AoG99Kp+uYCKARydK92VSSscdnffS5ZphqbTDNY/HYFwfTldd0vvUGD2cJd7m0L J4WOT+p3Rg== Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [128.224.246.36]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4dcmryd78t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 07:05:15 +0000 (GMT) Received: from ala-exchng01.corp.ad.wrs.com (10.11.224.121) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.61; Fri, 10 Apr 2026 00:05:14 -0700 Received: from pek-lpg-core4.wrs.com (10.11.232.110) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server id 15.1.2507.61 via Frontend Transport; Fri, 10 Apr 2026 00:05:13 -0700 From: To: Subject: [meta-oe][scarthgap][PATCH v2 05/11] hdf5: fix CVE-2025-2310 Date: Fri, 10 Apr 2026 15:05:02 +0800 Message-ID: <20260410070508.1104455-6-jinfeng.wang.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> References: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> MIME-Version: 1.0 X-Authority-Analysis: v=2.4 cv=QoduG1yd c=1 sm=1 tr=0 ts=69d8a12b cx=c_pps a=AbJuCvi4Y3V6hpbCNWx0WA==:117 a=AbJuCvi4Y3V6hpbCNWx0WA==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=fTW__CHxibyLmBMfj2wP:22 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=yGWg0Mz01TQhIeDDkRoA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: Q8WXZoLuhsRv4Yoqd8-9bIkG_9kx1NJp X-Proofpoint-ORIG-GUID: Q8WXZoLuhsRv4Yoqd8-9bIkG_9kx1NJp X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDA2MyBTYWx0ZWRfX1DdB4NJZyJhy wVgULF1sI93MNJw7RC3+Kt2/mXDuFcPjw+FJ9J3ISBBxb97cTP5lnZ0JloqtihX4mcYOUgKOgUb p7kUdHMfxEd0ukstttS2iUfpz1dk/i/BOMmtvMoP2Clv39rakj5ouDunge8yqSqRNkeBUc3ZbfR Mc1z+MEFf7cuDEPdPqZx6dOYqWzWMpN6UGmzkjYxMpRQJuF9yA4wCb6iMfWMctqV4wHfm9uMa61 p0jAcIO3+HQOWhV+H8SlkqoknlUZfjZVEfvgPaxYDT/PTu06aptMq0yxJy2o1DJ6POcswtJEUn6 bpFjWeq6s1aWtcgSXDJgNabyAiT5c5L5Y2ukRkJEzmoDgoum5s9tOEnMHb3h9A7+4qQDdigyoM4 YqorH7hzLtFvq3yhNv9/2gKiwWetlG1VTkrxbttUe6fdoelThWuwYaIpiK1+iR8EiCk+iCtqZn8 X6O5yfNNGlaUQVURPSA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_02,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 spamscore=0 impostorscore=0 bulkscore=0 adultscore=0 priorityscore=1501 phishscore=0 suspectscore=0 lowpriorityscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100063 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 10 Apr 2026 07:05:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126227 From: Libo Chen According to [1], A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Backport patch [2] from upstream to fix CVE-2025-2310 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-2310 [2] https://github.com/HDFGroup/hdf5/commit/6c86f97e03c6dc7d7bd2bae9acc422bdc3438ff4 Signed-off-by: Libo Chen Signed-off-by: Jinfeng Wang --- .../hdf5/files/CVE-2025-2310.patch | 37 +++++++++++++++++++ meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb | 1 + 2 files changed, 38 insertions(+) create mode 100644 meta-oe/recipes-support/hdf5/files/CVE-2025-2310.patch diff --git a/meta-oe/recipes-support/hdf5/files/CVE-2025-2310.patch b/meta-oe/recipes-support/hdf5/files/CVE-2025-2310.patch new file mode 100644 index 0000000000..8ac74737d8 --- /dev/null +++ b/meta-oe/recipes-support/hdf5/files/CVE-2025-2310.patch @@ -0,0 +1,37 @@ +From 89a4466d72f688f4da6521e82a466c183ebe1d08 Mon Sep 17 00:00:00 2001 +From: Libo Chen +Date: Fri, 30 Jan 2026 14:05:54 +0800 +Subject: [PATCH] Fix CVE-2025-2310 + +Malformed files can have a zero name-length, which when subtracted lead to an overflow and an out-of-bounds read. + +Check that name length is not too small in addition to checking for an overflow directly. + +CVE: CVE-2025-2310 + +Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/6c86f97e03c6dc7d7bd2bae9acc422bdc3438ff4] + +Signed-off-by: Libo Chen +--- + src/H5Oattr.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/H5Oattr.c b/src/H5Oattr.c +index 6d1d237..7b7ebb0 100644 +--- a/src/H5Oattr.c ++++ b/src/H5Oattr.c +@@ -167,6 +167,11 @@ H5O__attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, u + if (H5_IS_BUFFER_OVERFLOW(p, 2, p_end)) + HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding"); + UINT16DECODE(p, name_len); /* Including null */ ++ ++ /* Verify that retrieved name length (including null byte) is valid */ ++ if (name_len <= 1) ++ HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "decoded name length is invalid"); ++ + if (H5_IS_BUFFER_OVERFLOW(p, 2, p_end)) + HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding"); + UINT16DECODE(p, attr->shared->dt_size); +-- +2.34.1 + diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb index 715f14ccae..653c32ab4a 100644 --- a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb +++ b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb @@ -26,6 +26,7 @@ SRC_URI = " \ file://CVE-2025-2926.patch \ file://CVE-2025-6857.patch \ file://CVE-2025-2153.patch \ + file://CVE-2025-2310.patch \ " SRC_URI[sha256sum] = "019ac451d9e1cf89c0482ba2a06f07a46166caf23f60fea5ef3c37724a318e03" From patchwork Fri Apr 10 07:05:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Wang, Jinfeng (CN)" X-Patchwork-Id: 85784 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62E60F364D6 for ; Fri, 10 Apr 2026 07:05:23 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.150885.1775804717430268164 for ; Fri, 10 Apr 2026 00:05:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=azHxEVS1; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=8560f54642=jinfeng.wang.cn@windriver.com) Received: from pps.filterd (m0250812.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63A5erni103534 for ; Fri, 10 Apr 2026 07:05:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=J4uYXMpBnzj58QDXST8FPxT7FWu9WR/1+iVC/0XgAtI=; b=azHxEVS1l2W8 0guy1rDYt+d9NbSYTbhrcm0On44Us11voEuQ8n1WT/AgqpPGPDJfdKeOzluFlDDc CzYX8/AADA0qxiwvFEbI32Saobm6eTJI0kcG7xXOxemuS62Vv2/LBySIAEiz8w0b s+T1zows2MARkqn6PVuLkyE1HF/OjkctZyb4iwGrqbpQgrByI6FnvDNAro1sZlbr LJn2sVyBLFVhfHyKowwe4Nd8tOYtTVyr2VVGSJnMh6TZggFpTpGM7Ge+NWvCXBNl 8n9/dfxSC9gNsFK/tUsLF3FxtuFa7uTICjiPmRvzhyH4qRyqLiqTDiX5KFHt3tFh SEKyh9xO6g== Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [128.224.246.36]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4dcmryd78t-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 07:05:16 +0000 (GMT) Received: from ala-exchng01.corp.ad.wrs.com (10.11.224.121) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.61; Fri, 10 Apr 2026 00:05:15 -0700 Received: from pek-lpg-core4.wrs.com (10.11.232.110) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server id 15.1.2507.61 via Frontend Transport; Fri, 10 Apr 2026 00:05:14 -0700 From: To: Subject: [meta-oe][scarthgap][PATCH v2 06/11] hdf5: fix CVE-2025-44905 Date: Fri, 10 Apr 2026 15:05:03 +0800 Message-ID: <20260410070508.1104455-7-jinfeng.wang.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> References: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> MIME-Version: 1.0 X-Authority-Analysis: v=2.4 cv=QoduG1yd c=1 sm=1 tr=0 ts=69d8a12c cx=c_pps a=AbJuCvi4Y3V6hpbCNWx0WA==:117 a=AbJuCvi4Y3V6hpbCNWx0WA==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=fTW__CHxibyLmBMfj2wP:22 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=fsqS_kxPcqjdks22YjMA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: cwM8OdEdqaP7WBnGWM6OI7CcI_7rOEz6 X-Proofpoint-ORIG-GUID: cwM8OdEdqaP7WBnGWM6OI7CcI_7rOEz6 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDA2MyBTYWx0ZWRfXw0uJIn8UOMKL 9luvp47D3PeYPGe2h+HUOOSqnF6WrWytwGVKs/nZqK1kbqK1WBD2np0rdNMnWap61U+2xK02uhv T+BEdgU8Y0tFLpZcuFi5OSM64g8GFBniYc5Sp0yp6vga/ZJ4Cus+LgMP8nF8pbenkVnQfqaHt+m GO4CCzCDjHhKfZnhhGU6OGVE08lPQFsudwrjSgRNOoEvlYgjLFAPmxvVaSv5AOADimnss+Y5kPo qWxeSmBg6+bf+PXlsjXBCXDGxnLdgy5VO+X0M5egd34hMnTeEzNAM8SHCcDdjc0gfLI4bqV7Bbe dV2B3uYBgO8uNF1HWlVvu8muaD6zok/+xTa9LDUOdmw4jt4zIJqsm1FECPKk8Ghtexns1sMSRuC wf/3yrsUh1X05tRq59OiIaCl1HZjdF+z6hfqkSKydz/EHSdFhoi0M/FQyB+eguz5bnmO9/IRcfj VMwjhy5Ct5VE0oCGIjg== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_02,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 spamscore=0 impostorscore=0 bulkscore=0 adultscore=0 priorityscore=1501 phishscore=0 suspectscore=0 lowpriorityscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100063 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 10 Apr 2026 07:05:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126229 From: Libo Chen According to [1], hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function. Backport patch [2] from upstream to fix CVE-2025-44905 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-44905 [2] https://github.com/HDFGroup/hdf5/commit/42588aeba786a121fec1fbad72cf39d8f60a4983 Signed-off-by: Libo Chen Signed-off-by: Jinfeng Wang --- .../hdf5/files/CVE-2025-44905.patch | 46 +++++++++++++++++++ meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb | 1 + 2 files changed, 47 insertions(+) create mode 100644 meta-oe/recipes-support/hdf5/files/CVE-2025-44905.patch diff --git a/meta-oe/recipes-support/hdf5/files/CVE-2025-44905.patch b/meta-oe/recipes-support/hdf5/files/CVE-2025-44905.patch new file mode 100644 index 0000000000..91ad655760 --- /dev/null +++ b/meta-oe/recipes-support/hdf5/files/CVE-2025-44905.patch @@ -0,0 +1,46 @@ +From d7ed737287ef2ecc6efd006fa11c3f784cdbdba6 Mon Sep 17 00:00:00 2001 +From: Libo Chen +Date: Fri, 30 Jan 2026 14:37:09 +0800 +Subject: [PATCH] H5Zscaleoffset: add buffer size check to prevent + out-of-bounds reads + +Adds a buffer size check in H5Z__filter_scaleoffset to prevent out-of-bounds reads with malformed HDF5 files. + +Fixes CVE-2025-44905. + +CVE: CVE-2025-44905 + +Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/42588aeba786a121fec1fbad72cf39d8f60a4983] + +Signed-off-by: Libo Chen +--- + src/H5Zscaleoffset.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/H5Zscaleoffset.c b/src/H5Zscaleoffset.c +index 048344b..fbf12d6 100644 +--- a/src/H5Zscaleoffset.c ++++ b/src/H5Zscaleoffset.c +@@ -1205,6 +1205,9 @@ H5Z__filter_scaleoffset(unsigned flags, size_t cd_nelmts, const unsigned cd_valu + unsigned minval_size = 0; + + minbits = 0; ++ if (H5_IS_BUFFER_OVERFLOW((unsigned char *)*buf, 5, (unsigned char *)*buf + *buf_size - 1)) ++ HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, 0, "buffer too short"); ++ + for (i = 0; i < 4; i++) { + minbits_mask = ((unsigned char *)*buf)[i]; + minbits_mask <<= i * 8; +@@ -1220,6 +1223,9 @@ H5Z__filter_scaleoffset(unsigned flags, size_t cd_nelmts, const unsigned cd_valu + minval_size = sizeof(unsigned long long) <= ((unsigned char *)*buf)[4] ? sizeof(unsigned long long) + : ((unsigned char *)*buf)[4]; + minval = 0; ++ if (H5_IS_BUFFER_OVERFLOW((unsigned char *)*buf, 5 + minval_size, ++ (unsigned char *)*buf + *buf_size - 1)) ++ HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, 0, "buffer too short"); + for (i = 0; i < minval_size; i++) { + minval_mask = ((unsigned char *)*buf)[5 + i]; + minval_mask <<= i * 8; +-- +2.34.1 + diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb index 653c32ab4a..9cf3f98fe3 100644 --- a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb +++ b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb @@ -27,6 +27,7 @@ SRC_URI = " \ file://CVE-2025-6857.patch \ file://CVE-2025-2153.patch \ file://CVE-2025-2310.patch \ + file://CVE-2025-44905.patch \ " SRC_URI[sha256sum] = "019ac451d9e1cf89c0482ba2a06f07a46166caf23f60fea5ef3c37724a318e03" From patchwork Fri Apr 10 07:05:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Wang, Jinfeng (CN)" X-Patchwork-Id: 85783 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3456FF364CD for ; Fri, 10 Apr 2026 07:05:23 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.150635.1775804717393383633 for ; Fri, 10 Apr 2026 00:05:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=UTihND15; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=8560f54642=jinfeng.wang.cn@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63A4tQZd2694910 for ; Fri, 10 Apr 2026 00:05:17 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=bn3Xx66lhWaVT66wufHLO2BOPXpThGfCYH7envO5SuE=; b=UTihND15NRm/ mmlfl24jK86cf/Evvw8aHIhz8g5pZ1zKY36iVnNhXUj1/x+q0FOkLb9LIXfmXuO9 ItO6LWMMblgropqRSMWMUtzseq1x4TEjQkr7PIqAOTx90BNtNUcSxhhjNtbMp7zZ WjiczmjttR9YfvQVNShZMC3gkLsjcBIVZwXWrNtonuUC9thr93jCeRsGtBsCxGEJ Nb+p5Mjl0QiBpUoZ1FgU+2fh1redgQUCvKIIPVjmd/n+IOQGD3CaI88lHMG9cfoo dDi0Z+2EXlW1Jbc/XWYXloANPIKpl3ir3ZknFnh7LR4iIT9wQWO/zPQinZ7ak51z NfseNXSFCQ== Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [128.224.246.36]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4dcmryn4eg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 00:05:16 -0700 (PDT) Received: from ala-exchng01.corp.ad.wrs.com (10.11.224.121) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.61; Fri, 10 Apr 2026 00:05:16 -0700 Received: from pek-lpg-core4.wrs.com (10.11.232.110) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server id 15.1.2507.61 via Frontend Transport; Fri, 10 Apr 2026 00:05:15 -0700 From: To: Subject: [meta-oe][scarthgap][PATCH v2 07/11] hdf5: fix CVE-2025-2309 Date: Fri, 10 Apr 2026 15:05:04 +0800 Message-ID: <20260410070508.1104455-8-jinfeng.wang.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> References: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: OFxxmzyX6SW26ipgl0FQme3zoAR-yGWq X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDA2MyBTYWx0ZWRfX1waCKIchrNYk /qJMQFGjO1LfdnjpkOkiUN14HcQ29f0LNDEu9OiypJJId25jynYKXZrIxOkS9WUY0UhvljD/nRU SCaIZUGL9P8dPBZ4R6LIIbhpdq6iygtfzEn/b7DV84KhoFknkLSIgI6hD6N716OM2sMl0eVqsgl 7IngR9bvtzxAVhZtylwbKN3eciCb4jfI1CWYciFQXLuhvlTk+lMNB8Lihb9nxjmFXrW5JYNulIi bESU8hQnxrkQxhIqe8ewtOMqCdJrb58Vo+pL6WTN4urc3cgcjpgclv7FVTaQtISFbtX/gRbWcTl tk3tzfsY63M186l8GF76GbRZwmRul0gE3tAXDuouHZ1cpM2TOyDvFgpKIE5WfGx6mpgPArxmwsf tQJlSO0K54LL9/uH4MdSVWT7n4PFsvGwuEAf+Gsjp6TkZP2GpSCxF5v1u/GldfkvT+i8Lx1sq/C rifwlPr0E4TThGKawWQ== X-Proofpoint-GUID: OFxxmzyX6SW26ipgl0FQme3zoAR-yGWq X-Authority-Analysis: v=2.4 cv=Wcg8rUhX c=1 sm=1 tr=0 ts=69d8a12c cx=c_pps a=AbJuCvi4Y3V6hpbCNWx0WA==:117 a=AbJuCvi4Y3V6hpbCNWx0WA==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=HK-ge7EqtdluswH-FwHe:22 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=nkXCzIGPx5NjI-_UGwcA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_02,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 clxscore=1015 lowpriorityscore=0 priorityscore=1501 impostorscore=0 suspectscore=0 malwarescore=0 bulkscore=0 spamscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100063 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 10 Apr 2026 07:05:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126228 From: Libo Chen According to [1], A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor plans to fix this issue in an upcoming release. Backport patch [2] from upstream to fix CVE-2025-2309 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-2309 [2] https://github.com/HDFGroup/hdf5/commit/9d90b21ef5c5373978014f1a711795aa653bd9a1 Signed-off-by: Libo Chen Signed-off-by: Jinfeng Wang --- .../hdf5/files/CVE-2025-2309.patch | 41 +++++++++++++++++++ meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-oe/recipes-support/hdf5/files/CVE-2025-2309.patch diff --git a/meta-oe/recipes-support/hdf5/files/CVE-2025-2309.patch b/meta-oe/recipes-support/hdf5/files/CVE-2025-2309.patch new file mode 100644 index 0000000000..d14cb2589f --- /dev/null +++ b/meta-oe/recipes-support/hdf5/files/CVE-2025-2309.patch @@ -0,0 +1,41 @@ +From 6b24925c5fae3e2d7f47e9e7c879816673a48cd5 Mon Sep 17 00:00:00 2001 +From: Libo Chen +Date: Fri, 30 Jan 2026 15:04:26 +0800 +Subject: [PATCH] Fix CVE-2025-2309 + +A malformed file can trigger bit field type conversions that can (due to missing boundary checks in the conversion step) cause a heap buffer overflow. This PR adds a check on the defined conversion to ensure it does not read beyond the size of a single bit field element. Thus, H5T__bit_copy does not result in a buffer overflow. There are several other calls to H5T__bit_copy which might be subject to a similar issue. + +This PR fixes CVE-2025-2309. + +CVE: CVE-2025-2309 + +Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/9d90b21ef5c5373978014f1a711795aa653bd9a1] + +Signed-off-by: Libo Chen +--- + src/H5Odtype.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/H5Odtype.c b/src/H5Odtype.c +index 24671b0..085ce24 100644 +--- a/src/H5Odtype.c ++++ b/src/H5Odtype.c +@@ -307,6 +307,15 @@ H5O__dtype_decode_helper(unsigned *ioflags /*in,out*/, const uint8_t **pp, H5T_t + HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, FAIL, "ran off end of input buffer while decoding"); + UINT16DECODE(*pp, dt->shared->u.atomic.offset); + UINT16DECODE(*pp, dt->shared->u.atomic.prec); ++ ++ /* Sanity checks */ ++ if (dt->shared->u.atomic.offset >= (dt->shared->size * 8)) ++ HGOTO_ERROR(H5E_DATATYPE, H5E_BADRANGE, FAIL, "bitfield offset out of bounds"); ++ if (0 == dt->shared->u.atomic.prec) ++ HGOTO_ERROR(H5E_DATATYPE, H5E_BADVALUE, FAIL, "bitfield precision is zero"); ++ if (((dt->shared->u.atomic.offset + dt->shared->u.atomic.prec) - 1) >= (dt->shared->size * 8)) ++ HGOTO_ERROR(H5E_DATATYPE, H5E_BADRANGE, FAIL, "bitfield offset+precision out of bounds"); ++ + break; + + case H5T_OPAQUE: { +-- +2.34.1 + diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb index 9cf3f98fe3..d821fb8f34 100644 --- a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb +++ b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb @@ -28,6 +28,7 @@ SRC_URI = " \ file://CVE-2025-2153.patch \ file://CVE-2025-2310.patch \ file://CVE-2025-44905.patch \ + file://CVE-2025-2309.patch \ " SRC_URI[sha256sum] = "019ac451d9e1cf89c0482ba2a06f07a46166caf23f60fea5ef3c37724a318e03" From patchwork Fri Apr 10 07:05:05 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Wang, Jinfeng (CN)" X-Patchwork-Id: 85791 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DBF1F364DB for ; Fri, 10 Apr 2026 07:05:24 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.150636.1775804720184849362 for ; Fri, 10 Apr 2026 00:05:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=s0P43rxN; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=8560f54642=jinfeng.wang.cn@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63A4uSWg1889323 for ; Fri, 10 Apr 2026 07:05:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=wOkthnVHnTDHtB58hgBx7pAEdmREM0mtNAXdguxoqKc=; b=s0P43rxNzPtA AIWAUznodXz5NBYj3Gb5v3zCd2+vk66bBwT1pq3tGuShwed8YMpSsDbUdRz8zWvc /EkXO+ndnmc2uCEWvH/ZexskZQvFbHzwndLLvsG4+DikZC0IiE+OEtz8HYzAnoDs gsjEFOc8b0dBH0D+7aCJy8kZZOaFFl+BnAiNXKprLmnEJBjaK2bRIJIQl/gUqWkR JDuEC7mvIqse6cqlCs2EWKJTipHhcqOLlGWLTD/aGn0RPWTfzQ+DEG+C0D7VXBnP jtJVOsOXS5JnI5e5ZSFi3L9JxgSwdyL1hrcY1kPU7RoZGfBRRr9MF3oPWPw7e8DW PLsHGYrctg== Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [128.224.246.36]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4dcmrqn78a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 07:05:18 +0000 (GMT) Received: from ala-exchng01.corp.ad.wrs.com (10.11.224.121) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.61; Fri, 10 Apr 2026 00:05:17 -0700 Received: from pek-lpg-core4.wrs.com (10.11.232.110) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server id 15.1.2507.61 via Frontend Transport; Fri, 10 Apr 2026 00:05:16 -0700 From: To: Subject: [meta-oe][scarthgap][PATCH v2 08/11] hdf5: fix CVE-2025-2308 Date: Fri, 10 Apr 2026 15:05:05 +0800 Message-ID: <20260410070508.1104455-9-jinfeng.wang.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> References: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> MIME-Version: 1.0 X-Authority-Analysis: v=2.4 cv=RPCD2Yi+ c=1 sm=1 tr=0 ts=69d8a12f cx=c_pps a=AbJuCvi4Y3V6hpbCNWx0WA==:117 a=AbJuCvi4Y3V6hpbCNWx0WA==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=klDOsUkWDRETUCZYPvoE:22 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=a4ZxNzwYAAAA:8 a=t7CeM3EgAAAA:8 a=lhiV5AYGl4gicwPNKAwA:9 a=ye-Csp9iz97B4shCVKju:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-ORIG-GUID: AW6N_lFv5yjDm_BTBptre-5fOHYtG7UR X-Proofpoint-GUID: AW6N_lFv5yjDm_BTBptre-5fOHYtG7UR X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDA2MyBTYWx0ZWRfXxj6CsSSQ4Ner 1YzLQKnahNetCfHnlaStnZTbCznDyaMq9XdrLiUNSMrUOtc57wd35sxJPkgk0wFMOUfB66x03la JNFvJEKaYZbtuW/OwQ5DAtpiMlc7WyLumn7wLpD7A/USMcrn6IfPtiYaVlKyAUxw3Y/FpzyOKwZ yKmjyWOd2I1HXwrSO1SSMKXWrC8iOnTEJc5xWhwU4PeJ3tRK6w018oCvUZUS3ucQGEEpEfe7VtW bbl07ZdAvuEHA1Ujp/1rg/vxlEzbPFShRuKyCKkye3c0z3IC5kGDpfGqa0KZixp+pBSWFge+Cx9 iQXWcLVHjeRSmLoF/ry+pTqaeyDO6LLu0wKEy7O6XaKdup11qIgOeOt09wx5apbN2uzGE8iOpVM JDDkpgcHSKQIaoc4sJUdAZ/TqsSHqGTtQo6rNWPVLpogTHcDOHDFexYEHqWfUGsM7+ep/sbE58e gwikv49WYYJRUzfkXFg== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_02,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 malwarescore=0 phishscore=0 adultscore=0 spamscore=0 clxscore=1015 bulkscore=0 impostorscore=0 priorityscore=1501 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100063 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 10 Apr 2026 07:05:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126230 From: Libo Chen According to [1], A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release. Backport patch [2] from upstream to fix CVE-2025-2308 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-2308 [2] https://github.com/HDFGroup/hdf5/commit/2ce7fdc4cf147d280aa6d49686297faacc250e40 Signed-off-by: Libo Chen Signed-off-by: Jinfeng Wang --- .../hdf5/files/CVE-2025-2308.patch | 2120 +++++++++++++++++ meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb | 1 + 2 files changed, 2121 insertions(+) create mode 100644 meta-oe/recipes-support/hdf5/files/CVE-2025-2308.patch diff --git a/meta-oe/recipes-support/hdf5/files/CVE-2025-2308.patch b/meta-oe/recipes-support/hdf5/files/CVE-2025-2308.patch new file mode 100644 index 0000000000..13b04bf8a1 --- /dev/null +++ b/meta-oe/recipes-support/hdf5/files/CVE-2025-2308.patch @@ -0,0 +1,2120 @@ +From cbce4c2ecf6f5557605890eec125ecfaa4371131 Mon Sep 17 00:00:00 2001 +From: Libo Chen +Date: Fri, 30 Jan 2026 16:43:04 +0800 +Subject: [PATCH] Fix CVE-2025-2308 (#5960) + +A malformed file can cause the scale-offset filter to have too little input data causing a heap buffer overflow. Additional checks on the maximum buffer length are required during the decompression. + +This PR fixes CVE-2025-2308. + +CVE: CVE-2025-2308 + +Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/2ce7fdc4cf147d280aa6d49686297faacc250e40] + +Signed-off-by: Libo Chen +--- + src/H5Zscaleoffset.c | 177 ++-- + src/H5Zscaleoffset.c.orig | 1781 +++++++++++++++++++++++++++++++++++++ + 2 files changed, 1886 insertions(+), 72 deletions(-) + create mode 100644 src/H5Zscaleoffset.c.orig + +diff --git a/src/H5Zscaleoffset.c b/src/H5Zscaleoffset.c +index fbf12d6..8355b13 100644 +--- a/src/H5Zscaleoffset.c ++++ b/src/H5Zscaleoffset.c +@@ -69,21 +69,22 @@ static herr_t H5Z__scaleoffset_precompress_fd(void *data, unsigned d_nelmts, enu + static herr_t H5Z__scaleoffset_postdecompress_fd(void *data, unsigned d_nelmts, enum H5Z_scaleoffset_t type, + unsigned filavail, const unsigned cd_values[], + uint32_t minbits, unsigned long long minval, double D_val); +-static void H5Z__scaleoffset_next_byte(size_t *j, unsigned *buf_len); +-static void H5Z__scaleoffset_decompress_one_byte(unsigned char *data, size_t data_offset, unsigned k, +- unsigned begin_i, const unsigned char *buffer, size_t *j, +- unsigned *buf_len, parms_atomic p, unsigned dtype_len); ++static void H5Z__scaleoffset_next_byte(size_t *j, unsigned *bits_to_fill); ++static herr_t H5Z__scaleoffset_decompress_one_byte(unsigned char *data, size_t data_offset, unsigned k, ++ unsigned begin_i, const unsigned char *buffer, ++ size_t buf_size, size_t *j, unsigned *bits_to_fill, ++ parms_atomic p, unsigned dtype_len); + static void H5Z__scaleoffset_compress_one_byte(const unsigned char *data, size_t data_offset, unsigned k, + unsigned begin_i, unsigned char *buffer, size_t *j, +- unsigned *buf_len, parms_atomic p, unsigned dtype_len); +-static void H5Z__scaleoffset_decompress_one_atomic(unsigned char *data, size_t data_offset, +- unsigned char *buffer, size_t *j, unsigned *buf_len, +- parms_atomic p); ++ unsigned *bits_to_fill, parms_atomic p, unsigned dtype_len); ++static herr_t H5Z__scaleoffset_decompress_one_atomic(unsigned char *data, size_t data_offset, ++ unsigned char *buffer, size_t buf_size, size_t *j, ++ unsigned *bits_to_fill, parms_atomic p); + static void H5Z__scaleoffset_compress_one_atomic(unsigned char *data, size_t data_offset, +- unsigned char *buffer, size_t *j, unsigned *buf_len, ++ unsigned char *buffer, size_t *j, unsigned *bits_to_fill, + parms_atomic p); +-static void H5Z__scaleoffset_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer, +- parms_atomic p); ++static herr_t H5Z__scaleoffset_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer, ++ size_t buf_size, parms_atomic p); + static void H5Z__scaleoffset_compress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer, + size_t buffer_size, parms_atomic p); + +@@ -1261,8 +1262,11 @@ H5Z__filter_scaleoffset(unsigned flags, size_t cd_nelmts, const unsigned cd_valu + } + + /* decompress the buffer if minbits not equal to zero */ +- if (minbits != 0) +- H5Z__scaleoffset_decompress(outbuf, d_nelmts, (unsigned char *)(*buf) + buf_offset, p); ++ if (minbits != 0) { ++ if (H5Z__scaleoffset_decompress(outbuf, d_nelmts, (unsigned char *)(*buf) + buf_offset, ++ *buf_size - buf_offset, p)) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADVALUE, 0, "Scaleoffset decompression failed"); ++ } + else { + /* fill value is not defined and all data elements have the same value */ + for (i = 0; i < size_out; i++) +@@ -1603,55 +1607,69 @@ done: + } + + static void +-H5Z__scaleoffset_next_byte(size_t *j, unsigned *buf_len) ++H5Z__scaleoffset_next_byte(size_t *j, unsigned *bits_to_fill) + { + ++(*j); +- *buf_len = 8 * sizeof(unsigned char); ++ *bits_to_fill = 8 * sizeof(unsigned char); + } + +-static void ++static herr_t + H5Z__scaleoffset_decompress_one_byte(unsigned char *data, size_t data_offset, unsigned k, unsigned begin_i, +- const unsigned char *buffer, size_t *j, unsigned *buf_len, +- parms_atomic p, unsigned dtype_len) ++ const unsigned char *buffer, size_t buf_size, size_t *j, ++ unsigned *bits_to_fill, parms_atomic p, unsigned dtype_len) + { +- unsigned dat_len; /* dat_len is the number of bits to be copied in each data byte */ +- unsigned char val; /* value to be copied in each data byte */ ++ unsigned bits_to_copy; /* bits_to_copy is the number of bits to be copied in each data byte */ ++ unsigned char val; /* value to be copied in each data byte */ ++ herr_t ret_value = SUCCEED; /* Return value */ ++ ++ FUNC_ENTER_PACKAGE ++ ++ if (*j >= buf_size) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADVALUE, 0, "Buffer too short"); + + /* initialize value and bits of unsigned char to be copied */ + val = buffer[*j]; + if (k == begin_i) +- dat_len = 8 - (dtype_len - p.minbits) % 8; ++ bits_to_copy = 8 - (dtype_len - p.minbits) % 8; + else +- dat_len = 8; ++ bits_to_copy = 8; + +- if (*buf_len > dat_len) { +- data[data_offset + k] = +- (unsigned char)((unsigned)(val >> (*buf_len - dat_len)) & (unsigned)(~((unsigned)~0 << dat_len))); +- *buf_len -= dat_len; ++ if (*bits_to_fill > bits_to_copy) { ++ data[data_offset + k] = (unsigned char)((unsigned)(val >> (*bits_to_fill - bits_to_copy)) & ++ (unsigned)(~((unsigned)~0 << bits_to_copy))); ++ *bits_to_fill -= bits_to_copy; + } /* end if */ + else { + data[data_offset + k] = +- (unsigned char)((val & ~((unsigned)(~0) << *buf_len)) << (dat_len - *buf_len)); +- dat_len -= *buf_len; +- H5Z__scaleoffset_next_byte(j, buf_len); +- if (dat_len == 0) +- return; ++ (unsigned char)((val & ~((unsigned)(~0) << *bits_to_fill)) << (bits_to_copy - *bits_to_fill)); ++ bits_to_copy -= *bits_to_fill; ++ H5Z__scaleoffset_next_byte(j, bits_to_fill); ++ if (bits_to_copy == 0) ++ goto done; ++ else if (*j >= buf_size) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADVALUE, 0, "Buffer too short"); + + val = buffer[*j]; +- data[data_offset + k] |= +- (unsigned char)((unsigned)(val >> (*buf_len - dat_len)) & ~((unsigned)(~0) << dat_len)); +- *buf_len -= dat_len; ++ data[data_offset + k] |= (unsigned char)((unsigned)(val >> (*bits_to_fill - bits_to_copy)) & ++ ~((unsigned)(~0) << bits_to_copy)); ++ *bits_to_fill -= bits_to_copy; + } /* end else */ ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) + } + +-static void ++static herr_t + H5Z__scaleoffset_decompress_one_atomic(unsigned char *data, size_t data_offset, unsigned char *buffer, +- size_t *j, unsigned *buf_len, parms_atomic p) ++ size_t buf_size, size_t *j, unsigned *bits_to_fill, parms_atomic p) + { + /* begin_i: the index of byte having first significant bit */ + unsigned begin_i; + unsigned dtype_len; + int k; ++ herr_t ret_value = SUCCEED; /* Return value */ ++ ++ FUNC_ENTER_PACKAGE + + assert(p.minbits > 0); + +@@ -1661,8 +1679,9 @@ H5Z__scaleoffset_decompress_one_atomic(unsigned char *data, size_t data_offset, + begin_i = p.size - 1 - (dtype_len - p.minbits) / 8; + + for (k = (int)begin_i; k >= 0; k--) +- H5Z__scaleoffset_decompress_one_byte(data, data_offset, (unsigned)k, begin_i, buffer, j, buf_len, +- p, dtype_len); ++ if (H5Z__scaleoffset_decompress_one_byte(data, data_offset, (unsigned)k, begin_i, buffer, ++ buf_size, j, bits_to_fill, p, dtype_len)) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADVALUE, 0, "Atomic decompression failed"); + } + else { /* big endian */ + assert(p.mem_order == H5Z_SCALEOFFSET_ORDER_BE); +@@ -1670,67 +1689,81 @@ H5Z__scaleoffset_decompress_one_atomic(unsigned char *data, size_t data_offset, + begin_i = (dtype_len - p.minbits) / 8; + + for (k = (int)begin_i; k <= (int)(p.size - 1); k++) +- H5Z__scaleoffset_decompress_one_byte(data, data_offset, (unsigned)k, begin_i, buffer, j, buf_len, +- p, dtype_len); ++ if (H5Z__scaleoffset_decompress_one_byte(data, data_offset, (unsigned)k, begin_i, buffer, ++ buf_size, j, bits_to_fill, p, dtype_len)) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADVALUE, 0, "Atomic decompression failed"); + } ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) + } + +-static void +-H5Z__scaleoffset_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer, parms_atomic p) ++static herr_t ++H5Z__scaleoffset_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer, size_t buf_size, ++ parms_atomic p) + { + /* i: index of data, j: index of buffer, +- buf_len: number of bits to be filled in current byte */ ++ bits_to_fill: number of bits to be filled in current byte */ + size_t i, j; +- unsigned buf_len; ++ unsigned bits_to_fill; ++ herr_t ret_value = SUCCEED; /* Return value */ ++ ++ FUNC_ENTER_PACKAGE + + /* must initialize to zeros */ + for (i = 0; i < d_nelmts * (size_t)p.size; i++) + data[i] = 0; + + /* initialization before the loop */ +- j = 0; +- buf_len = sizeof(unsigned char) * 8; ++ j = 0; ++ bits_to_fill = sizeof(unsigned char) * 8; + + /* decompress */ + for (i = 0; i < d_nelmts; i++) +- H5Z__scaleoffset_decompress_one_atomic(data, i * p.size, buffer, &j, &buf_len, p); ++ if (H5Z__scaleoffset_decompress_one_atomic(data, i * p.size, buffer, buf_size, &j, &bits_to_fill, p)) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADVALUE, 0, "Scaleoffset decompression failed"); ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) + } + + static void + H5Z__scaleoffset_compress_one_byte(const unsigned char *data, size_t data_offset, unsigned k, +- unsigned begin_i, unsigned char *buffer, size_t *j, unsigned *buf_len, ++ unsigned begin_i, unsigned char *buffer, size_t *j, unsigned *bits_to_fill, + parms_atomic p, unsigned dtype_len) + { +- unsigned dat_len; /* dat_len is the number of bits to be copied in each data byte */ +- unsigned char val; /* value to be copied in each data byte */ ++ unsigned bits_to_copy; /* bits_to_copy is the number of bits to be copied in each data byte */ ++ unsigned char val; /* value to be copied in each data byte */ + + /* initialize value and bits of unsigned char to be copied */ + val = data[data_offset + k]; + if (k == begin_i) +- dat_len = 8 - (dtype_len - p.minbits) % 8; ++ bits_to_copy = 8 - (dtype_len - p.minbits) % 8; + else +- dat_len = 8; ++ bits_to_copy = 8; + +- if (*buf_len > dat_len) { +- buffer[*j] |= (unsigned char)((val & ~((unsigned)(~0) << dat_len)) << (*buf_len - dat_len)); +- *buf_len -= dat_len; ++ if (*bits_to_fill > bits_to_copy) { ++ buffer[*j] |= ++ (unsigned char)((val & ~((unsigned)(~0) << bits_to_copy)) << (*bits_to_fill - bits_to_copy)); ++ *bits_to_fill -= bits_to_copy; + } + else { +- buffer[*j] |= +- (unsigned char)((unsigned)(val >> (dat_len - *buf_len)) & ~((unsigned)(~0) << *buf_len)); +- dat_len -= *buf_len; +- H5Z__scaleoffset_next_byte(j, buf_len); +- if (dat_len == 0) ++ buffer[*j] |= (unsigned char)((unsigned)(val >> (bits_to_copy - *bits_to_fill)) & ++ ~((unsigned)(~0) << *bits_to_fill)); ++ bits_to_copy -= *bits_to_fill; ++ H5Z__scaleoffset_next_byte(j, bits_to_fill); ++ if (bits_to_copy == 0) + return; + +- buffer[*j] = (unsigned char)((val & ~((unsigned)(~0) << dat_len)) << (*buf_len - dat_len)); +- *buf_len -= dat_len; ++ buffer[*j] = ++ (unsigned char)((val & ~((unsigned)(~0) << bits_to_copy)) << (*bits_to_fill - bits_to_copy)); ++ *bits_to_fill -= bits_to_copy; + } /* end else */ + } + + static void + H5Z__scaleoffset_compress_one_atomic(unsigned char *data, size_t data_offset, unsigned char *buffer, +- size_t *j, unsigned *buf_len, parms_atomic p) ++ size_t *j, unsigned *bits_to_fill, parms_atomic p) + { + /* begin_i: the index of byte having first significant bit */ + unsigned begin_i; +@@ -1745,16 +1778,16 @@ H5Z__scaleoffset_compress_one_atomic(unsigned char *data, size_t data_offset, un + begin_i = p.size - 1 - (dtype_len - p.minbits) / 8; + + for (k = (int)begin_i; k >= 0; k--) +- H5Z__scaleoffset_compress_one_byte(data, data_offset, (unsigned)k, begin_i, buffer, j, buf_len, p, +- dtype_len); ++ H5Z__scaleoffset_compress_one_byte(data, data_offset, (unsigned)k, begin_i, buffer, j, ++ bits_to_fill, p, dtype_len); + } + else { /* big endian */ + assert(p.mem_order == H5Z_SCALEOFFSET_ORDER_BE); + begin_i = (dtype_len - p.minbits) / 8; + + for (k = (int)begin_i; k <= (int)(p.size - 1); k++) +- H5Z__scaleoffset_compress_one_byte(data, data_offset, (unsigned)k, begin_i, buffer, j, buf_len, p, +- dtype_len); ++ H5Z__scaleoffset_compress_one_byte(data, data_offset, (unsigned)k, begin_i, buffer, j, ++ bits_to_fill, p, dtype_len); + } + } + +@@ -1763,19 +1796,19 @@ H5Z__scaleoffset_compress(unsigned char *data, unsigned d_nelmts, unsigned char + parms_atomic p) + { + /* i: index of data, j: index of buffer, +- buf_len: number of bits to be filled in current byte */ ++ bits_to_fill: number of bits to be filled in current byte */ + size_t i, j; +- unsigned buf_len; ++ unsigned bits_to_fill; + + /* must initialize buffer to be zeros */ + for (j = 0; j < buffer_size; j++) + buffer[j] = 0; + + /* initialization before the loop */ +- j = 0; +- buf_len = sizeof(unsigned char) * 8; ++ j = 0; ++ bits_to_fill = sizeof(unsigned char) * 8; + + /* compress */ + for (i = 0; i < d_nelmts; i++) +- H5Z__scaleoffset_compress_one_atomic(data, i * p.size, buffer, &j, &buf_len, p); ++ H5Z__scaleoffset_compress_one_atomic(data, i * p.size, buffer, &j, &bits_to_fill, p); + } +diff --git a/src/H5Zscaleoffset.c.orig b/src/H5Zscaleoffset.c.orig +new file mode 100644 +index 0000000..fbf12d6 +--- /dev/null ++++ b/src/H5Zscaleoffset.c.orig +@@ -0,0 +1,1781 @@ ++/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ++ * Copyright by The HDF Group. * ++ * All rights reserved. * ++ * * ++ * This file is part of HDF5. The full HDF5 copyright notice, including * ++ * terms governing use, modification, and redistribution, is contained in * ++ * the COPYING file, which can be found at the root of the source code * ++ * distribution tree, or in https://www.hdfgroup.org/licenses. * ++ * If you do not have access to either file, you may request a copy from * ++ * help@hdfgroup.org. * ++ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ ++ ++#include "H5Zmodule.h" /* This source code file is part of the H5Z module */ ++ ++#include "H5private.h" /* Generic Functions */ ++#include "H5Eprivate.h" /* Error handling */ ++#include "H5Iprivate.h" /* IDs */ ++#include "H5MMprivate.h" /* Memory management */ ++#include "H5Pprivate.h" /* Property lists */ ++#include "H5Oprivate.h" /* Object headers */ ++#include "H5Sprivate.h" /* Dataspaces */ ++#include "H5Tprivate.h" /* Datatypes */ ++#include "H5Zpkg.h" /* Data filters */ ++ ++/* Struct of parameters needed for compressing/decompressing one atomic datatype */ ++typedef struct { ++ unsigned size; /* datatype size */ ++ uint32_t minbits; /* minimum bits to compress one value of such datatype */ ++ unsigned mem_order; /* current memory endianness order */ ++} parms_atomic; ++ ++enum H5Z_scaleoffset_t { ++ t_bad = 0, ++ t_uchar = 1, ++ t_ushort, ++ t_uint, ++ t_ulong, ++ t_ulong_long, ++ t_schar, ++ t_short, ++ t_int, ++ t_long, ++ t_long_long, ++ t_float, ++ t_double ++}; ++ ++/* Local function prototypes */ ++static htri_t H5Z__can_apply_scaleoffset(hid_t dcpl_id, hid_t type_id, hid_t space_id); ++static enum H5Z_scaleoffset_t H5Z__scaleoffset_get_type(unsigned dtype_class, unsigned dtype_size, ++ unsigned dtype_sign); ++static herr_t H5Z__scaleoffset_set_parms_fillval(H5P_genplist_t *dcpl_plist, H5T_t *type, ++ enum H5Z_scaleoffset_t scale_type, unsigned cd_values[], ++ int need_convert); ++static herr_t H5Z__set_local_scaleoffset(hid_t dcpl_id, hid_t type_id, hid_t space_id); ++static size_t H5Z__filter_scaleoffset(unsigned flags, size_t cd_nelmts, const unsigned cd_values[], ++ size_t nbytes, size_t *buf_size, void **buf); ++static void H5Z__scaleoffset_convert(void *buf, unsigned d_nelmts, unsigned dtype_size); ++static H5_ATTR_CONST unsigned H5Z__scaleoffset_log2(unsigned long long num); ++static void H5Z__scaleoffset_precompress_i(void *data, unsigned d_nelmts, enum H5Z_scaleoffset_t type, ++ unsigned filavail, const unsigned cd_values[], uint32_t *minbits, ++ unsigned long long *minval); ++static void H5Z__scaleoffset_postdecompress_i(void *data, unsigned d_nelmts, enum H5Z_scaleoffset_t type, ++ unsigned filavail, const unsigned cd_values[], uint32_t minbits, ++ unsigned long long minval); ++static herr_t H5Z__scaleoffset_precompress_fd(void *data, unsigned d_nelmts, enum H5Z_scaleoffset_t type, ++ unsigned filavail, const unsigned cd_values[], ++ uint32_t *minbits, unsigned long long *minval, double D_val); ++static herr_t H5Z__scaleoffset_postdecompress_fd(void *data, unsigned d_nelmts, enum H5Z_scaleoffset_t type, ++ unsigned filavail, const unsigned cd_values[], ++ uint32_t minbits, unsigned long long minval, double D_val); ++static void H5Z__scaleoffset_next_byte(size_t *j, unsigned *buf_len); ++static void H5Z__scaleoffset_decompress_one_byte(unsigned char *data, size_t data_offset, unsigned k, ++ unsigned begin_i, const unsigned char *buffer, size_t *j, ++ unsigned *buf_len, parms_atomic p, unsigned dtype_len); ++static void H5Z__scaleoffset_compress_one_byte(const unsigned char *data, size_t data_offset, unsigned k, ++ unsigned begin_i, unsigned char *buffer, size_t *j, ++ unsigned *buf_len, parms_atomic p, unsigned dtype_len); ++static void H5Z__scaleoffset_decompress_one_atomic(unsigned char *data, size_t data_offset, ++ unsigned char *buffer, size_t *j, unsigned *buf_len, ++ parms_atomic p); ++static void H5Z__scaleoffset_compress_one_atomic(unsigned char *data, size_t data_offset, ++ unsigned char *buffer, size_t *j, unsigned *buf_len, ++ parms_atomic p); ++static void H5Z__scaleoffset_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer, ++ parms_atomic p); ++static void H5Z__scaleoffset_compress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer, ++ size_t buffer_size, parms_atomic p); ++ ++/* This message derives from H5Z */ ++H5Z_class2_t H5Z_SCALEOFFSET[1] = {{ ++ H5Z_CLASS_T_VERS, /* H5Z_class_t version */ ++ H5Z_FILTER_SCALEOFFSET, /* Filter id number */ ++ 1, /* Assume encoder present: check before registering */ ++ 1, /* decoder_present flag (set to true) */ ++ "scaleoffset", /* Filter name for debugging */ ++ H5Z__can_apply_scaleoffset, /* The "can apply" callback */ ++ H5Z__set_local_scaleoffset, /* The "set local" callback */ ++ H5Z__filter_scaleoffset, /* The actual filter function */ ++}}; ++ ++/* Local macros */ ++#define H5Z_SCALEOFFSET_TOTAL_NPARMS 20 /* Total number of parameters for filter */ ++#define H5Z_SCALEOFFSET_PARM_SCALETYPE 0 /* "User" parameter for scale type */ ++#define H5Z_SCALEOFFSET_PARM_SCALEFACTOR 1 /* "User" parameter for scale factor */ ++#define H5Z_SCALEOFFSET_PARM_NELMTS 2 /* "Local" parameter for number of elements in the chunk */ ++#define H5Z_SCALEOFFSET_PARM_CLASS 3 /* "Local" parameter for datatype class */ ++#define H5Z_SCALEOFFSET_PARM_SIZE 4 /* "Local" parameter for datatype size */ ++#define H5Z_SCALEOFFSET_PARM_SIGN 5 /* "Local" parameter for integer datatype sign */ ++#define H5Z_SCALEOFFSET_PARM_ORDER 6 /* "Local" parameter for datatype byte order */ ++#define H5Z_SCALEOFFSET_PARM_FILAVAIL 7 /* "Local" parameter for dataset fill value existence */ ++#define H5Z_SCALEOFFSET_PARM_FILVAL 8 /* "Local" parameter for start location to store dataset fill value */ ++ ++#define H5Z_SCALEOFFSET_CLS_INTEGER 0 /* Integer (datatype class) */ ++#define H5Z_SCALEOFFSET_CLS_FLOAT 1 /* Floatig-point (datatype class) */ ++ ++#define H5Z_SCALEOFFSET_SGN_NONE 0 /* Unsigned integer type */ ++#define H5Z_SCALEOFFSET_SGN_2 1 /* Two's complement signed integer type */ ++ ++#define H5Z_SCALEOFFSET_ORDER_LE 0 /* Little endian (datatype byte order) */ ++#define H5Z_SCALEOFFSET_ORDER_BE 1 /* Big endian (datatype byte order) */ ++ ++#define H5Z_SCALEOFFSET_FILL_UNDEFINED 0 /* Fill value is not defined */ ++#define H5Z_SCALEOFFSET_FILL_DEFINED 1 /* Fill value is defined */ ++ ++/* Store fill value in cd_values[] */ ++#define H5Z_scaleoffset_save_filval(type, cd_values, fill_val) \ ++ { \ ++ unsigned _i = H5Z_SCALEOFFSET_PARM_FILVAL; /* index into cd_values */ \ ++ uint32_t _cd_value; /* Current cd_value */ \ ++ char *_fv_p; /* Pointer to current byte in fill_val */ \ ++ size_t _copy_size = 4; /* # of bytes to copy this iteration */ \ ++ size_t _size_rem = sizeof(type); /* # of bytes left to copy to cd_values */ \ ++ \ ++ /* Store the fill value as the last entry in cd_values[] \ ++ * Store byte by byte from least significant byte to most significant byte \ ++ * Plenty of space left for the fill value (from index 8 to 19) \ ++ * H5O_pline_encode will byte-swap each individual cd value, but we still \ ++ * need to swap the cd values as a whole if we are on a BE machine. Note \ ++ * that we need to make sure to put the data only in the lowest 4 bytes of \ ++ * each, if sizeof(unsigned) > 4. \ ++ */ \ ++ if (H5T_native_order_g == H5T_ORDER_LE) { \ ++ _fv_p = (char *)&(fill_val); \ ++ /* Copy 4 bytes at a time to each cd value */ \ ++ do { \ ++ if (_size_rem < 4) { \ ++ /* Amount left to copy is smaller than a cd_value, adjust copy \ ++ * size and initialize cd_value as it will not be fully \ ++ * overwritten */ \ ++ _copy_size = _size_rem; \ ++ _cd_value = (uint32_t)0; \ ++ } /* end if */ \ ++ \ ++ /* Copy the value */ \ ++ H5MM_memcpy(&_cd_value, _fv_p, _copy_size); \ ++ (cd_values)[_i] = (unsigned)_cd_value; \ ++ \ ++ /* Next field */ \ ++ _i++; \ ++ _fv_p += _copy_size; \ ++ _size_rem -= _copy_size; \ ++ } while (_size_rem); \ ++ } /* end if */ \ ++ else { \ ++ assert(H5T_native_order_g == H5T_ORDER_BE); \ ++ \ ++ /* Copy 4 bytes at a time to each cd value, but start at the end \ ++ * (highest address) of fill_val */ \ ++ _fv_p = ((char *)&(fill_val)) + sizeof(type) - MIN(4, _size_rem); \ ++ while (_size_rem >= 4) { \ ++ /* Copy the value */ \ ++ H5MM_memcpy(&_cd_value, _fv_p, _copy_size); \ ++ (cd_values)[_i] = (unsigned)_cd_value; \ ++ \ ++ /* Next field */ \ ++ _i++; \ ++ _size_rem -= 4; \ ++ if (_size_rem >= 4) \ ++ _fv_p -= 4; \ ++ else \ ++ _fv_p -= _size_rem; \ ++ } /* end while */ \ ++ \ ++ assert(_fv_p == (char *)&(fill_val)); \ ++ if (_size_rem) { \ ++ /* Amount left to copy is smaller than a cd_value, initialize \ ++ * _cd_value as it will not be fully overwritten and copy to the end \ ++ * of _cd value as it is BE. */ \ ++ _cd_value = (uint32_t)0; \ ++ H5MM_memcpy((char *)&_cd_value + 4 - _size_rem, _fv_p, _size_rem); \ ++ (cd_values)[_i] = (unsigned)_cd_value; \ ++ } /* end if */ \ ++ } /* end else */ \ ++ } ++ ++/* Set the fill value parameter in cd_values[] for unsigned integer type */ ++#define H5Z_scaleoffset_set_filval_1(type, dcpl_plist, dt, cd_values, need_convert) \ ++ do { \ ++ type fill_val; \ ++ \ ++ /* Get dataset fill value */ \ ++ if (H5P_get_fill_value(dcpl_plist, dt, &fill_val) < 0) \ ++ HGOTO_ERROR(H5E_PLINE, H5E_CANTGET, FAIL, "unable to get fill value"); \ ++ \ ++ if (need_convert) \ ++ H5Z__scaleoffset_convert(&fill_val, 1, sizeof(type)); \ ++ \ ++ H5Z_scaleoffset_save_filval(type, cd_values, fill_val) \ ++ } while (0) ++ ++/* Set the fill value parameter in cd_values[] for signed integer type */ ++#define H5Z_scaleoffset_set_filval_2(type, dcpl_plist, dt, cd_values, need_convert) \ ++ do { \ ++ type fill_val; \ ++ \ ++ /* Get dataset fill value */ \ ++ if (H5P_get_fill_value(dcpl_plist, dt, &fill_val) < 0) \ ++ HGOTO_ERROR(H5E_PLINE, H5E_CANTGET, FAIL, "unable to get fill value"); \ ++ \ ++ if (need_convert) \ ++ H5Z__scaleoffset_convert(&fill_val, 1, sizeof(type)); \ ++ \ ++ H5Z_scaleoffset_save_filval(unsigned type, cd_values, fill_val) \ ++ } while (0) ++ ++/* Set the fill value parameter in cd_values[] for character integer type */ ++#define H5Z_scaleoffset_set_filval_3(type, dcpl_plist, dt, cd_values, need_convert) \ ++ do { \ ++ type fill_val; \ ++ \ ++ /* Get dataset fill value */ \ ++ if (H5P_get_fill_value(dcpl_plist, dt, &fill_val) < 0) \ ++ HGOTO_ERROR(H5E_PLINE, H5E_CANTGET, FAIL, "unable to get fill value"); \ ++ \ ++ /* Store the fill value as the last entry in cd_values[] */ \ ++ (cd_values)[H5Z_SCALEOFFSET_PARM_FILVAL] = (unsigned)((unsigned char)fill_val); \ ++ } while (0) ++ ++/* Set the fill value parameter in cd_values[] for floating-point type */ ++#define H5Z_scaleoffset_set_filval_4(type, dcpl_plist, dt, cd_values, need_convert) \ ++ do { \ ++ type fill_val; \ ++ \ ++ /* Get dataset fill value */ \ ++ if (H5P_get_fill_value(dcpl_plist, dt, &fill_val) < 0) \ ++ HGOTO_ERROR(H5E_PLINE, H5E_CANTGET, FAIL, "unable to get fill value"); \ ++ \ ++ if (need_convert) \ ++ H5Z__scaleoffset_convert(&fill_val, 1, sizeof(type)); \ ++ \ ++ H5Z_scaleoffset_save_filval(type, cd_values, fill_val) \ ++ } while (0) ++ ++/* Get the fill value for integer type */ ++#define H5Z_scaleoffset_get_filval_1(type, cd_values, fill_val) \ ++ do { \ ++ unsigned _i = H5Z_SCALEOFFSET_PARM_FILVAL; /* index into cd_values */ \ ++ uint32_t _cd_value; /* Current cd_value */ \ ++ char *_fv_p; /* Pointer to current byte in fill_val */ \ ++ size_t _copy_size = 4; /* # of bytes to copy this iteration */ \ ++ size_t _size_rem = sizeof(type); /* # of bytes left to copy to filval */ \ ++ \ ++ /* Retrieve the fill value from the last entry in cd_values[] \ ++ * Store byte by byte from least significant byte to most significant byte \ ++ * Plenty of space left for the fill value (from index 8 to 19) \ ++ * H5O_pline_encode will byte-swap each individual cd value, but we still \ ++ * need to swap the cd values as a whole if we are on a BE machine. Note \ ++ * that we need to make sure to put the data only in the lowest 4 bytes of \ ++ * each, if sizeof(unsigned) > 4. \ ++ */ \ ++ if (H5T_native_order_g == H5T_ORDER_LE) { \ ++ _fv_p = (char *)&(fill_val); \ ++ /* Copy 4 bytes at a time to each cd value */ \ ++ do { \ ++ if (_size_rem < 4) \ ++ /* Amount left to copy is smaller than a cd_value, adjust copy \ ++ * size and initialize cd_value as it will not be fully \ ++ * overwritten */ \ ++ _copy_size = _size_rem; \ ++ \ ++ /* Copy the value */ \ ++ _cd_value = (uint32_t)(cd_values)[_i]; \ ++ H5MM_memcpy(_fv_p, &_cd_value, _copy_size); \ ++ \ ++ /* Next field */ \ ++ _i++; \ ++ _fv_p += _copy_size; \ ++ _size_rem -= _copy_size; \ ++ } while (_size_rem); \ ++ } /* end if */ \ ++ else { \ ++ assert(H5T_native_order_g == H5T_ORDER_BE); \ ++ \ ++ /* Copy 4 bytes at a time to each cd value, but start at the end \ ++ * (highest address) of fill_val */ \ ++ _fv_p = ((char *)&(fill_val)) + sizeof(type) - MIN(4, _size_rem); \ ++ while (_size_rem >= 4) { \ ++ /* Copy the value */ \ ++ _cd_value = (uint32_t)(cd_values)[_i]; \ ++ H5MM_memcpy(_fv_p, &_cd_value, _copy_size); \ ++ \ ++ /* Next field */ \ ++ _i++; \ ++ _size_rem -= 4; \ ++ if (_size_rem >= 4) \ ++ _fv_p -= 4; \ ++ else \ ++ _fv_p -= _size_rem; \ ++ } /* end while */ \ ++ \ ++ assert(_fv_p == (char *)&(fill_val)); \ ++ if (_size_rem) { \ ++ /* Amount left to copy is smaller than a cd_value, initialize \ ++ * _cd_value as it will not be fully overwritten and copy to the end \ ++ * of _cd value as it is BE. */ \ ++ _cd_value = (uint32_t)(cd_values)[_i]; \ ++ H5MM_memcpy(_fv_p, (char *)&_cd_value + 4 - _size_rem, _size_rem); \ ++ } /* end if */ \ ++ } /* end else */ \ ++ } while (0) ++ ++/* Get the fill value for floating-point type */ ++#define H5Z_scaleoffset_get_filval_2(type, cd_values, filval) \ ++ do { \ ++ if (sizeof(type) <= sizeof(long long)) \ ++ H5Z_scaleoffset_get_filval_1(type, cd_values, filval); \ ++ else \ ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "cannot find matched integer datatype"); \ ++ } while (0) ++ ++/* Find maximum and minimum values of a buffer with fill value defined for integer type */ ++#define H5Z_scaleoffset_max_min_1(i, d_nelmts, buf, filval, max, min) \ ++ { \ ++ i = 0; \ ++ while (i < d_nelmts && buf[i] == filval) \ ++ i++; \ ++ if (i < d_nelmts) \ ++ min = max = buf[i]; \ ++ for (; i < d_nelmts; i++) { \ ++ if (buf[i] == filval) \ ++ continue; /* ignore fill value */ \ ++ if (buf[i] > max) \ ++ max = buf[i]; \ ++ if (buf[i] < min) \ ++ min = buf[i]; \ ++ } \ ++ } ++ ++/* Find maximum and minimum values of a buffer with fill value undefined */ ++#define H5Z_scaleoffset_max_min_2(i, d_nelmts, buf, max, min) \ ++ { \ ++ min = max = buf[0]; \ ++ for (i = 0; i < d_nelmts; i++) { \ ++ if (buf[i] > max) \ ++ max = buf[i]; \ ++ if (buf[i] < min) \ ++ min = buf[i]; \ ++ } \ ++ } ++ ++/* Find maximum and minimum values of a buffer with fill value defined for floating-point type */ ++#define H5Z_scaleoffset_max_min_3(i, d_nelmts, buf, filval, max, min, D_val) \ ++ { \ ++ i = 0; \ ++ while (i < d_nelmts && fabs((double)(buf[i] - filval)) < pow(10.0, -D_val)) \ ++ i++; \ ++ if (i < d_nelmts) \ ++ min = max = buf[i]; \ ++ for (; i < d_nelmts; i++) { \ ++ if (fabs((double)(buf[i] - filval)) < pow(10.0, -D_val)) \ ++ continue; /* ignore fill value */ \ ++ if (buf[i] > max) \ ++ max = buf[i]; \ ++ if (buf[i] < min) \ ++ min = buf[i]; \ ++ } \ ++ } ++ ++/* Find minimum value of a buffer with fill value defined for integer type */ ++#define H5Z_scaleoffset_min_1(i, d_nelmts, buf, filval, min) \ ++ { \ ++ i = 0; \ ++ while (i < d_nelmts && buf[i] == filval) \ ++ i++; \ ++ if (i < d_nelmts) \ ++ min = buf[i]; \ ++ for (; i < d_nelmts; i++) { \ ++ if (buf[i] == filval) \ ++ continue; /* ignore fill value */ \ ++ if (buf[i] < min) \ ++ min = buf[i]; \ ++ } \ ++ } ++ ++/* Find minimum value of a buffer with fill value undefined */ ++#define H5Z_scaleoffset_min_2(i, d_nelmts, buf, min) \ ++ { \ ++ min = buf[0]; \ ++ for (i = 0; i < d_nelmts; i++) \ ++ if (buf[i] < min) \ ++ min = buf[i]; \ ++ } ++ ++/* Check and handle special situation for unsigned integer type */ ++#define H5Z_scaleoffset_check_1(type, max, min, minbits) \ ++ { \ ++ if (max - min > (type)(~(type)0 - 2)) { \ ++ *minbits = sizeof(type) * 8; \ ++ return; \ ++ } \ ++ } ++ ++/* Check and handle special situation for signed integer type */ ++#define H5Z_scaleoffset_check_2(type, max, min, minbits) \ ++ { \ ++ if ((unsigned type)(max - min) > (unsigned type)(~(unsigned type)0 - 2)) { \ ++ *minbits = sizeof(type) * 8; \ ++ return; \ ++ } \ ++ } ++ ++/* Check and handle special situation for floating-point type */ ++#define H5Z_scaleoffset_check_3(i, type, pow_fun, round_fun, max, min, minbits, D_val) \ ++ { \ ++ if (sizeof(type) == sizeof(int)) { \ ++ if (round_fun(max * pow_fun((type)10, (type)D_val) - min * pow_fun((type)10, (type)D_val)) > \ ++ pow_fun((type)2, (type)(sizeof(int) * 8 - 1))) { \ ++ *minbits = sizeof(int) * 8; \ ++ goto done; \ ++ } \ ++ } \ ++ else if (sizeof(type) == sizeof(long)) { \ ++ if (round_fun(max * pow_fun((type)10, (type)D_val) - min * pow_fun((type)10, (type)D_val)) > \ ++ pow_fun((type)2, (type)(sizeof(long) * 8 - 1))) { \ ++ *minbits = sizeof(long) * 8; \ ++ goto done; \ ++ } \ ++ } \ ++ else if (sizeof(type) == sizeof(long long)) { \ ++ if (round_fun(max * pow_fun((type)10, (type)D_val) - min * pow_fun((type)10, (type)D_val)) > \ ++ pow_fun((type)2, (type)(sizeof(long long) * 8 - 1))) { \ ++ *minbits = sizeof(long long) * 8; \ ++ goto done; \ ++ } \ ++ } \ ++ else \ ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "cannot find matched integer datatype"); \ ++ } ++ ++/* Precompress for unsigned integer type */ ++#define H5Z_scaleoffset_precompress_1(type, data, d_nelmts, filavail, cd_values, minbits, minval) \ ++ do { \ ++ type *buf = (type *)data, min = 0, max = 0, span, filval = 0; \ ++ unsigned i; \ ++ \ ++ if (filavail == H5Z_SCALEOFFSET_FILL_DEFINED) { /* fill value defined */ \ ++ H5Z_scaleoffset_get_filval_1(type, cd_values, filval); \ ++ if (*minbits == \ ++ H5Z_SO_INT_MINBITS_DEFAULT) { /* minbits not set yet, calculate max, min, and minbits */ \ ++ H5Z_scaleoffset_max_min_1(i, d_nelmts, buf, filval, max, min) \ ++ H5Z_scaleoffset_check_1(type, max, min, minbits) span = (type)(max - min + 1); \ ++ *minbits = H5Z__scaleoffset_log2((unsigned long long)(span + 1)); \ ++ } \ ++ else /* minbits already set, only calculate min */ \ ++ H5Z_scaleoffset_min_1(i, d_nelmts, buf, filval, min); \ ++ if (*minbits != sizeof(type) * 8) /* change values if minbits != full precision */ \ ++ for (i = 0; i < d_nelmts; i++) \ ++ buf[i] = (type)((buf[i] == filval) ? (((type)1 << *minbits) - 1) : (buf[i] - min)); \ ++ } \ ++ else { /* fill value undefined */ \ ++ if (*minbits == \ ++ H5Z_SO_INT_MINBITS_DEFAULT) { /* minbits not set yet, calculate max, min, and minbits */ \ ++ H5Z_scaleoffset_max_min_2(i, d_nelmts, buf, max, min); \ ++ H5Z_scaleoffset_check_1(type, max, min, minbits); \ ++ span = (type)(max - min + 1); \ ++ *minbits = H5Z__scaleoffset_log2((unsigned long long)span); \ ++ } \ ++ else /* minbits already set, only calculate min */ \ ++ H5Z_scaleoffset_min_2(i, d_nelmts, buf, min); \ ++ if (*minbits != sizeof(type) * 8) /* change values if minbits != full precision */ \ ++ for (i = 0; i < d_nelmts; i++) \ ++ buf[i] = (type)(buf[i] - min); \ ++ } \ ++ *minval = min; \ ++ } while (0) ++ ++/* Precompress for signed integer type */ ++#define H5Z_scaleoffset_precompress_2(type, data, d_nelmts, filavail, cd_values, minbits, minval) \ ++ do { \ ++ type *buf = (type *)data, min = 0, max = 0, filval = 0; \ ++ unsigned type span; \ ++ unsigned i; \ ++ \ ++ if (filavail == H5Z_SCALEOFFSET_FILL_DEFINED) { /* fill value defined */ \ ++ H5Z_scaleoffset_get_filval_1(type, cd_values, filval); \ ++ if (*minbits == \ ++ H5Z_SO_INT_MINBITS_DEFAULT) { /* minbits not set yet, calculate max, min, and minbits */ \ ++ H5Z_scaleoffset_max_min_1(i, d_nelmts, buf, filval, max, min) \ ++ H5Z_scaleoffset_check_2(type, max, min, minbits) span = (unsigned type)(max - min + 1); \ ++ *minbits = H5Z__scaleoffset_log2((unsigned long long)(span + 1)); \ ++ } \ ++ else /* minbits already set, only calculate min */ \ ++ H5Z_scaleoffset_min_1(i, d_nelmts, buf, filval, min); \ ++ if (*minbits != sizeof(type) * 8) /* change values if minbits != full precision */ \ ++ for (i = 0; i < d_nelmts; i++) \ ++ buf[i] = (type)((buf[i] == filval) ? (type)(((unsigned type)1 << *minbits) - 1) \ ++ : (buf[i] - min)); \ ++ } \ ++ else { /* fill value undefined */ \ ++ if (*minbits == \ ++ H5Z_SO_INT_MINBITS_DEFAULT) { /* minbits not set yet, calculate max, min, and minbits */ \ ++ H5Z_scaleoffset_max_min_2(i, d_nelmts, buf, max, min) \ ++ H5Z_scaleoffset_check_2(type, max, min, minbits) span = (unsigned type)(max - min + 1); \ ++ *minbits = H5Z__scaleoffset_log2((unsigned long long)span); \ ++ } \ ++ else /* minbits already set, only calculate min */ \ ++ H5Z_scaleoffset_min_2( \ ++ i, d_nelmts, buf, \ ++ min) if (*minbits != sizeof(type) * 8) /* change values if minbits != full precision */ \ ++ for (i = 0; i < d_nelmts; i++) buf[i] = (type)(buf[i] - min); \ ++ } \ ++ *minval = (unsigned long long)min; \ ++ } while (0) ++ ++/* Modify values of data in precompression if fill value defined for floating-point type */ ++#define H5Z_scaleoffset_modify_1(i, type, pow_fun, abs_fun, lround_fun, llround_fun, buf, d_nelmts, filval, \ ++ minbits, min, D_val) \ ++ { \ ++ if (sizeof(type) == sizeof(int)) \ ++ for (i = 0; i < d_nelmts; i++) { \ ++ if (abs_fun(buf[i] - filval) < pow_fun((type)10, (type)-D_val)) \ ++ *(int *)((void *)&buf[i]) = (int)(((unsigned int)1 << *minbits) - 1); \ ++ else \ ++ *(int *)((void *)&buf[i]) = (int)lround_fun(buf[i] * pow_fun((type)10, (type)D_val) - \ ++ min * pow_fun((type)10, (type)D_val)); \ ++ } \ ++ else if (sizeof(type) == sizeof(long)) \ ++ for (i = 0; i < d_nelmts; i++) { \ ++ if (abs_fun(buf[i] - filval) < pow_fun((type)10, (type)-D_val)) \ ++ *(long *)((void *)&buf[i]) = (long)(((unsigned long)1 << *minbits) - 1); \ ++ else \ ++ *(long *)((void *)&buf[i]) = lround_fun(buf[i] * pow_fun((type)10, (type)D_val) - \ ++ min * pow_fun((type)10, (type)D_val)); \ ++ } \ ++ else if (sizeof(type) == sizeof(long long)) \ ++ for (i = 0; i < d_nelmts; i++) { \ ++ if (abs_fun(buf[i] - filval) < pow_fun((type)10, (type)-D_val)) \ ++ *(long long *)((void *)&buf[i]) = (long long)(((unsigned long long)1 << *minbits) - 1); \ ++ else \ ++ *(long long *)((void *)&buf[i]) = llround_fun(buf[i] * pow_fun((type)10, (type)D_val) - \ ++ min * pow_fun((type)10, (type)D_val)); \ ++ } \ ++ else \ ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "cannot find matched integer datatype"); \ ++ } ++ ++/* Modify values of data in precompression if fill value undefined for floating-point type */ ++#define H5Z_scaleoffset_modify_2(i, type, pow_fun, lround_fun, llround_fun, buf, d_nelmts, min, D_val) \ ++ { \ ++ if (sizeof(type) == sizeof(int)) \ ++ for (i = 0; i < d_nelmts; i++) \ ++ *(int *)((void *)&buf[i]) = (int)lround_fun(buf[i] * pow_fun((type)10, (type)D_val) - \ ++ min * pow_fun((type)10, (type)D_val)); \ ++ else if (sizeof(type) == sizeof(long)) \ ++ for (i = 0; i < d_nelmts; i++) \ ++ *(long *)((void *)&buf[i]) = lround_fun(buf[i] * pow_fun((type)10, (type)D_val) - \ ++ min * pow_fun((type)10, (type)D_val)); \ ++ else if (sizeof(type) == sizeof(long long)) \ ++ for (i = 0; i < d_nelmts; i++) \ ++ *(long long *)((void *)&buf[i]) = llround_fun(buf[i] * pow_fun((type)10, (type)D_val) - \ ++ min * pow_fun((type)10, (type)D_val)); \ ++ else \ ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "cannot find matched integer datatype"); \ ++ } ++ ++/* Save the minimum value for floating-point type */ ++#define H5Z_scaleoffset_save_min(i, type, minval, min) \ ++ { \ ++ if (sizeof(type) <= sizeof(long long)) \ ++ /* Save min value to corresponding position \ ++ * byte-order will be swapped as appropriate, but be sure to \ ++ * account for offset in BE if sizes differ \ ++ */ \ ++ if (H5T_native_order_g == H5T_ORDER_LE) \ ++ H5MM_memcpy(minval, &min, sizeof(type)); \ ++ else { \ ++ assert(H5T_native_order_g == H5T_ORDER_BE); \ ++ H5MM_memcpy(((char *)minval) + (sizeof(long long) - sizeof(type)), &min, sizeof(type)); \ ++ } /* end else */ \ ++ else \ ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "cannot find matched integer datatype"); \ ++ } ++ ++/* Precompress for floating-point type using variable-minimum-bits method */ ++#define H5Z_scaleoffset_precompress_3(type, pow_fun, abs_fun, round_fun, lround_fun, llround_fun, data, \ ++ d_nelmts, filavail, cd_values, minbits, minval, D_val) \ ++ do { \ ++ type *buf = (type *)data, min = 0, max = 0, filval = 0; \ ++ unsigned long long span; \ ++ unsigned i; \ ++ \ ++ *minval = 0; \ ++ if (filavail == H5Z_SCALEOFFSET_FILL_DEFINED) { /* fill value defined */ \ ++ H5Z_scaleoffset_get_filval_2(type, cd_values, filval); \ ++ H5Z_scaleoffset_max_min_3(i, d_nelmts, buf, filval, max, min, D_val); \ ++ H5Z_scaleoffset_check_3(i, type, pow_fun, round_fun, max, min, minbits, D_val); \ ++ span = (unsigned long long)(llround_fun(max * pow_fun((type)10, (type)D_val) - \ ++ min * pow_fun((type)10, (type)D_val)) + \ ++ 1); \ ++ *minbits = H5Z__scaleoffset_log2(span + 1); \ ++ if (*minbits != sizeof(type) * 8) /* change values if minbits != full precision */ \ ++ H5Z_scaleoffset_modify_1(i, type, pow_fun, abs_fun, lround_fun, llround_fun, buf, d_nelmts, \ ++ filval, minbits, min, D_val); \ ++ } \ ++ else { /* fill value undefined */ \ ++ H5Z_scaleoffset_max_min_2(i, d_nelmts, buf, max, min); \ ++ H5Z_scaleoffset_check_3(i, type, pow_fun, round_fun, max, min, minbits, D_val); \ ++ span = (unsigned long long)(llround_fun(max * pow_fun((type)10, (type)D_val) - \ ++ min * pow_fun((type)10, (type)D_val)) + \ ++ 1); \ ++ *minbits = H5Z__scaleoffset_log2(span); \ ++ if (*minbits != sizeof(type) * 8) /* change values if minbits != full precision */ \ ++ H5Z_scaleoffset_modify_2(i, type, pow_fun, lround_fun, llround_fun, buf, d_nelmts, min, \ ++ D_val); \ ++ } \ ++ H5Z_scaleoffset_save_min(i, type, minval, min); \ ++ } while (0) ++ ++/* Postdecompress for unsigned integer type */ ++#define H5Z_scaleoffset_postdecompress_1(type, data, d_nelmts, filavail, cd_values, minbits, minval) \ ++ do { \ ++ type *buf = (type *)data, filval = 0; \ ++ unsigned i; \ ++ \ ++ if (filavail == H5Z_SCALEOFFSET_FILL_DEFINED) { /* fill value defined */ \ ++ H5Z_scaleoffset_get_filval_1(type, cd_values, filval); \ ++ for (i = 0; i < d_nelmts; i++) \ ++ buf[i] = (type)((buf[i] == (((type)1 << minbits) - 1)) ? filval : (buf[i] + minval)); \ ++ } \ ++ else /* fill value undefined */ \ ++ for (i = 0; i < d_nelmts; i++) \ ++ buf[i] = (type)(buf[i] + (type)(minval)); \ ++ } while (0) ++ ++/* Postdecompress for signed integer type */ ++#define H5Z_scaleoffset_postdecompress_2(type, data, d_nelmts, filavail, cd_values, minbits, minval) \ ++ do { \ ++ type *buf = (type *)data, filval = 0; \ ++ unsigned i; \ ++ \ ++ if (filavail == H5Z_SCALEOFFSET_FILL_DEFINED) { /* fill value defined */ \ ++ H5Z_scaleoffset_get_filval_1(type, cd_values, filval); \ ++ for (i = 0; i < d_nelmts; i++) \ ++ buf[i] = (type)(((unsigned type)buf[i] == (((unsigned type)1 << minbits) - 1)) \ ++ ? filval \ ++ : (buf[i] + minval)); \ ++ } \ ++ else /* fill value undefined */ \ ++ for (i = 0; i < d_nelmts; i++) \ ++ buf[i] = (type)(buf[i] + (type)(minval)); \ ++ } while (0) ++ ++/* Retrieve minimum value of floating-point type */ ++#define H5Z_scaleoffset_get_min(type, minval, min) \ ++ do { \ ++ if (sizeof(type) <= sizeof(long long)) \ ++ /* retrieve min value from corresponding position \ ++ * byte-order has already been swapped as appropriate, but be sure to \ ++ * account for offset in BE if sizes differ \ ++ */ \ ++ if (H5T_native_order_g == H5T_ORDER_LE) \ ++ H5MM_memcpy(&min, &minval, sizeof(type)); \ ++ else { \ ++ assert(H5T_native_order_g == H5T_ORDER_BE); \ ++ H5MM_memcpy(&min, ((char *)&minval) + (sizeof(long long) - sizeof(type)), sizeof(type)); \ ++ } /* end else */ \ ++ else \ ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "cannot find matched integer datatype"); \ ++ } while (0) ++ ++/* Modify values of data in postdecompression if fill value defined for floating-point type */ ++#define H5Z_scaleoffset_modify_3(i, type, pow_fun, buf, d_nelmts, filval, minbits, min, D_val) \ ++ do { \ ++ if (sizeof(type) == sizeof(int)) \ ++ for (i = 0; i < d_nelmts; i++) \ ++ buf[i] = \ ++ (type)((*(int *)((void *)&buf[i]) == (int)(((unsigned int)1 << minbits) - 1)) \ ++ ? filval \ ++ : (type)(*(int *)((void *)&buf[i])) / pow_fun((type)10, (type)D_val) + min); \ ++ else if (sizeof(type) == sizeof(long)) \ ++ for (i = 0; i < d_nelmts; i++) \ ++ buf[i] = \ ++ (type)((*(long *)((void *)&buf[i]) == (long)(((unsigned long)1 << minbits) - 1)) \ ++ ? filval \ ++ : (type)(*(long *)((void *)&buf[i])) / pow_fun((type)10, (type)D_val) + min); \ ++ else if (sizeof(type) == sizeof(long long)) \ ++ for (i = 0; i < d_nelmts; i++) \ ++ buf[i] = \ ++ (type)((*(long long *)((void *)&buf[i]) == \ ++ (long long)(((unsigned long long)1 << minbits) - 1)) \ ++ ? filval \ ++ : (type)(*(long long *)((void *)&buf[i])) / pow_fun((type)10, (type)D_val) + \ ++ min); \ ++ else \ ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "cannot find matched integer datatype"); \ ++ } while (0) ++ ++/* Modify values of data in postdecompression if fill value undefined for floating-point type */ ++#define H5Z_scaleoffset_modify_4(i, type, pow_fun, buf, d_nelmts, min, D_val) \ ++ do { \ ++ if (sizeof(type) == sizeof(int)) \ ++ for (i = 0; i < d_nelmts; i++) \ ++ buf[i] = ((type)(*(int *)((void *)&buf[i])) / pow_fun((type)10, (type)D_val) + min); \ ++ else if (sizeof(type) == sizeof(long)) \ ++ for (i = 0; i < d_nelmts; i++) \ ++ buf[i] = ((type)(*(long *)((void *)&buf[i])) / pow_fun((type)10, (type)D_val) + min); \ ++ else if (sizeof(type) == sizeof(long long)) \ ++ for (i = 0; i < d_nelmts; i++) \ ++ buf[i] = ((type)(*(long long *)((void *)&buf[i])) / pow_fun((type)10, (type)D_val) + min); \ ++ else \ ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "cannot find matched integer datatype"); \ ++ } while (0) ++ ++/* Postdecompress for floating-point type using variable-minimum-bits method */ ++#define H5Z_scaleoffset_postdecompress_3(type, pow_fun, data, d_nelmts, filavail, cd_values, minbits, \ ++ minval, D_val) \ ++ do { \ ++ type *buf = (type *)data, filval = 0, min = 0; \ ++ unsigned i; \ ++ \ ++ H5Z_scaleoffset_get_min(type, minval, min); \ ++ \ ++ if (filavail == H5Z_SCALEOFFSET_FILL_DEFINED) { /* fill value defined */ \ ++ H5Z_scaleoffset_get_filval_2(type, cd_values, filval); \ ++ H5Z_scaleoffset_modify_3(i, type, pow_fun, buf, d_nelmts, filval, minbits, min, D_val); \ ++ } \ ++ else /* fill value undefined */ \ ++ H5Z_scaleoffset_modify_4(i, type, pow_fun, buf, d_nelmts, min, D_val); \ ++ } while (0) ++ ++/*------------------------------------------------------------------------- ++ * Function: H5Z__can_apply_scaleoffset ++ * ++ * Purpose: Check the parameters for scaleoffset compression for ++ * validity and whether they fit a particular dataset. ++ * ++ * Return: Success: Non-negative ++ * Failure: Negative ++ * ++ *------------------------------------------------------------------------- ++ */ ++static htri_t ++H5Z__can_apply_scaleoffset(hid_t H5_ATTR_UNUSED dcpl_id, hid_t type_id, hid_t H5_ATTR_UNUSED space_id) ++{ ++ const H5T_t *type; /* Datatype */ ++ H5T_class_t dtype_class; /* Datatype's class */ ++ H5T_order_t dtype_order; /* Datatype's endianness order */ ++ htri_t ret_value = true; /* Return value */ ++ ++ FUNC_ENTER_PACKAGE ++ ++ /* Get datatype */ ++ if (NULL == (type = (H5T_t *)H5I_object_verify(type_id, H5I_DATATYPE))) ++ HGOTO_ERROR(H5E_ARGS, H5E_BADTYPE, FAIL, "not a datatype"); ++ ++ /* Get datatype's class, for checking the "datatype class" */ ++ if ((dtype_class = H5T_get_class(type, true)) == H5T_NO_CLASS) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "bad datatype class"); ++ ++ /* Get datatype's size, for checking the "datatype size" */ ++ if (H5T_get_size(type) == 0) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "bad datatype size"); ++ ++ if (dtype_class == H5T_INTEGER || dtype_class == H5T_FLOAT) { ++ /* Get datatype's endianness order */ ++ if ((dtype_order = H5T_get_order(type)) == H5T_ORDER_ERROR) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "can't retrieve datatype endianness order"); ++ ++ /* Range check datatype's endianness order */ ++ if (dtype_order != H5T_ORDER_LE && dtype_order != H5T_ORDER_BE) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, false, "bad datatype endianness order"); ++ } ++ else ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, false, "datatype class not supported by scaleoffset"); ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) ++} /* end H5Z__can_apply_scaleoffset() */ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5Z__scaleoffset_get_type ++ * ++ * Purpose: Get the specific integer type based on datatype size and sign ++ * or floating-point type based on size ++ * ++ * Return: Success: id number of integer type ++ * Failure: 0 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static enum H5Z_scaleoffset_t ++H5Z__scaleoffset_get_type(unsigned dtype_class, unsigned dtype_size, unsigned dtype_sign) ++{ ++ enum H5Z_scaleoffset_t type = t_bad; /* integer type */ ++ enum H5Z_scaleoffset_t ret_value = t_bad; /* Return value */ ++ ++ FUNC_ENTER_PACKAGE ++ ++ if (dtype_class == H5Z_SCALEOFFSET_CLS_INTEGER) { ++ if (dtype_sign == H5Z_SCALEOFFSET_SGN_NONE) { /* unsigned integer */ ++ if (dtype_size == sizeof(unsigned char)) ++ type = t_uchar; ++ else if (dtype_size == sizeof(unsigned short)) ++ type = t_ushort; ++ else if (dtype_size == sizeof(unsigned int)) ++ type = t_uint; ++ else if (dtype_size == sizeof(unsigned long)) ++ type = t_ulong; ++#if H5_SIZEOF_LONG != H5_SIZEOF_LONG_LONG ++ else if (dtype_size == sizeof(unsigned long long)) ++ type = t_ulong_long; ++#endif /* H5_SIZEOF_LONG != H5_SIZEOF_LONG_LONG */ ++ else ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, t_bad, "cannot find matched memory datatype"); ++ } ++ ++ if (dtype_sign == H5Z_SCALEOFFSET_SGN_2) { /* signed integer */ ++ if (dtype_size == sizeof(signed char)) ++ type = t_schar; ++ else if (dtype_size == sizeof(short)) ++ type = t_short; ++ else if (dtype_size == sizeof(int)) ++ type = t_int; ++ else if (dtype_size == sizeof(long)) ++ type = t_long; ++#if H5_SIZEOF_LONG != H5_SIZEOF_LONG_LONG ++ else if (dtype_size == sizeof(long long)) ++ type = t_long_long; ++#endif /* H5_SIZEOF_LONG != H5_SIZEOF_LONG_LONG */ ++ else ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, t_bad, "cannot find matched memory datatype"); ++ } ++ } ++ ++ if (dtype_class == H5Z_SCALEOFFSET_CLS_FLOAT) { ++ if (dtype_size == sizeof(float)) ++ type = t_float; ++ else if (dtype_size == sizeof(double)) ++ type = t_double; ++ else ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, t_bad, "cannot find matched memory datatype"); ++ } ++ ++ /* Set return value */ ++ ret_value = type; ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) ++} ++ ++/*------------------------------------------------------------------------- ++ * Function: H5Z__scaleoffset_set_parms_fillval ++ * ++ * Purpose: Get the fill value of the dataset and store in cd_values[] ++ * ++ * Return: Success: Non-negative ++ * Failure: Negative ++ * ++ *------------------------------------------------------------------------- ++ */ ++static herr_t ++H5Z__scaleoffset_set_parms_fillval(H5P_genplist_t *dcpl_plist, H5T_t *type, enum H5Z_scaleoffset_t scale_type, ++ unsigned cd_values[], int need_convert) ++{ ++ herr_t ret_value = SUCCEED; /* Return value */ ++ ++ FUNC_ENTER_PACKAGE ++ ++ if (scale_type == t_uchar) ++ H5Z_scaleoffset_set_filval_3(unsigned char, dcpl_plist, type, cd_values, need_convert); ++ else if (scale_type == t_ushort) ++ H5Z_scaleoffset_set_filval_1(unsigned short, dcpl_plist, type, cd_values, need_convert); ++ else if (scale_type == t_uint) ++ H5Z_scaleoffset_set_filval_1(unsigned int, dcpl_plist, type, cd_values, need_convert); ++ else if (scale_type == t_ulong) ++ H5Z_scaleoffset_set_filval_1(unsigned long, dcpl_plist, type, cd_values, need_convert); ++ else if (scale_type == t_ulong_long) ++ H5Z_scaleoffset_set_filval_1(unsigned long long, dcpl_plist, type, cd_values, need_convert); ++ else if (scale_type == t_schar) ++ H5Z_scaleoffset_set_filval_3(signed char, dcpl_plist, type, cd_values, need_convertd); ++ else if (scale_type == t_short) ++ H5Z_scaleoffset_set_filval_2(short, dcpl_plist, type, cd_values, need_convert); ++ else if (scale_type == t_int) ++ H5Z_scaleoffset_set_filval_2(int, dcpl_plist, type, cd_values, need_convert); ++ else if (scale_type == t_long) ++ H5Z_scaleoffset_set_filval_2(long, dcpl_plist, type, cd_values, need_convert); ++ else if (scale_type == t_long_long) ++ H5Z_scaleoffset_set_filval_2(long long, dcpl_plist, type, cd_values, need_convert); ++ else if (scale_type == t_float) ++ H5Z_scaleoffset_set_filval_4(float, dcpl_plist, type, cd_values, need_convert); ++ else if (scale_type == t_double) ++ H5Z_scaleoffset_set_filval_4(double, dcpl_plist, type, cd_values, need_convert); ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) ++} /* end H5Z__scaleoffset_set_parms_fillval() */ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5Z__set_local_scaleoffset ++ * ++ * Purpose: Set the "local" dataset parameters for scaleoffset ++ * compression. ++ * ++ * Return: Success: Non-negative ++ * Failure: Negative ++ * ++ *------------------------------------------------------------------------- ++ */ ++static herr_t ++H5Z__set_local_scaleoffset(hid_t dcpl_id, hid_t type_id, hid_t space_id) ++{ ++ H5P_genplist_t *dcpl_plist; /* Property list pointer */ ++ H5T_t *type; /* Datatype */ ++ const H5S_t *ds; /* Dataspace */ ++ unsigned flags; /* Filter flags */ ++ size_t cd_nelmts = H5Z_SCALEOFFSET_USER_NPARMS; /* Number of filter parameters */ ++ unsigned cd_values[H5Z_SCALEOFFSET_TOTAL_NPARMS]; /* Filter parameters */ ++ hssize_t npoints; /* Number of points in the dataspace */ ++ H5T_class_t dtype_class; /* Datatype's class */ ++ H5T_order_t dtype_order; /* Datatype's endianness order */ ++ size_t dtype_size; /* Datatype's size (in bytes) */ ++ H5T_sign_t dtype_sign; /* Datatype's sign */ ++ enum H5Z_scaleoffset_t scale_type; /* Specific datatype */ ++ H5D_fill_value_t status; /* Status of fill value in property list */ ++ herr_t ret_value = SUCCEED; /* Return value */ ++ ++ FUNC_ENTER_PACKAGE ++ ++ /* Get the plist structure */ ++ if (NULL == (dcpl_plist = H5P_object_verify(dcpl_id, H5P_DATASET_CREATE))) ++ HGOTO_ERROR(H5E_ID, H5E_BADID, FAIL, "can't find object for ID"); ++ ++ /* Get datatype */ ++ if (NULL == (type = (H5T_t *)H5I_object_verify(type_id, H5I_DATATYPE))) ++ HGOTO_ERROR(H5E_ARGS, H5E_BADTYPE, FAIL, "not a datatype"); ++ ++ /* Initialize the parameters to a known state */ ++ memset(cd_values, 0, sizeof(cd_values)); ++ ++ /* Get the filter's current parameters */ ++ if (H5P_get_filter_by_id(dcpl_plist, H5Z_FILTER_SCALEOFFSET, &flags, &cd_nelmts, cd_values, (size_t)0, ++ NULL, NULL) < 0) ++ HGOTO_ERROR(H5E_PLINE, H5E_CANTGET, FAIL, "can't get scaleoffset parameters"); ++ ++ /* Get dataspace */ ++ if (NULL == (ds = (H5S_t *)H5I_object_verify(space_id, H5I_DATASPACE))) ++ HGOTO_ERROR(H5E_ARGS, H5E_BADTYPE, FAIL, "not a dataspace"); ++ ++ /* Get total number of elements in the chunk */ ++ if ((npoints = H5S_GET_EXTENT_NPOINTS(ds)) < 0) ++ HGOTO_ERROR(H5E_PLINE, H5E_CANTGET, FAIL, "unable to get number of points in the dataspace"); ++ ++ /* Set "local" parameter for this dataset's number of elements */ ++ H5_CHECKED_ASSIGN(cd_values[H5Z_SCALEOFFSET_PARM_NELMTS], unsigned, npoints, hssize_t); ++ ++ /* Get datatype's class */ ++ if ((dtype_class = H5T_get_class(type, true)) == H5T_NO_CLASS) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "bad datatype class"); ++ ++ /* Set "local" parameter for datatype's class */ ++ switch (dtype_class) { ++ case H5T_INTEGER: ++ cd_values[H5Z_SCALEOFFSET_PARM_CLASS] = H5Z_SCALEOFFSET_CLS_INTEGER; ++ break; ++ ++ case H5T_FLOAT: ++ cd_values[H5Z_SCALEOFFSET_PARM_CLASS] = H5Z_SCALEOFFSET_CLS_FLOAT; ++ break; ++ ++ case H5T_NO_CLASS: ++ case H5T_TIME: ++ case H5T_STRING: ++ case H5T_BITFIELD: ++ case H5T_OPAQUE: ++ case H5T_COMPOUND: ++ case H5T_REFERENCE: ++ case H5T_ENUM: ++ case H5T_VLEN: ++ case H5T_ARRAY: ++ case H5T_NCLASSES: ++ default: ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "datatype class not supported by scaleoffset"); ++ } /* end switch */ ++ ++ /* Get datatype's size */ ++ if ((dtype_size = H5T_get_size(type)) == 0) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "bad datatype size"); ++ ++ /* Set "local" parameter for datatype size */ ++ H5_CHECK_OVERFLOW(dtype_size, size_t, unsigned); ++ cd_values[H5Z_SCALEOFFSET_PARM_SIZE] = (unsigned)dtype_size; ++ ++ if (dtype_class == H5T_INTEGER) { ++ /* Get datatype's sign */ ++ if ((dtype_sign = H5T_get_sign(type)) == H5T_SGN_ERROR) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "bad datatype sign"); ++ ++ /* Set "local" parameter for integer datatype sign */ ++ switch (dtype_sign) { ++ case H5T_SGN_NONE: ++ cd_values[H5Z_SCALEOFFSET_PARM_SIGN] = H5Z_SCALEOFFSET_SGN_NONE; ++ break; ++ ++ case H5T_SGN_2: ++ cd_values[H5Z_SCALEOFFSET_PARM_SIGN] = H5Z_SCALEOFFSET_SGN_2; ++ break; ++ ++ case H5T_SGN_ERROR: ++ case H5T_NSGN: ++ default: ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "bad integer sign"); ++ } /* end switch */ ++ } /* end if */ ++ ++ /* Get datatype's endianness order */ ++ if ((dtype_order = H5T_get_order(type)) == H5T_ORDER_ERROR) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "bad datatype endianness order"); ++ ++ /* Set "local" parameter for datatype endianness */ ++ switch (dtype_order) { ++ case H5T_ORDER_LE: /* Little-endian byte order */ ++ cd_values[H5Z_SCALEOFFSET_PARM_ORDER] = H5Z_SCALEOFFSET_ORDER_LE; ++ break; ++ ++ case H5T_ORDER_BE: /* Big-endian byte order */ ++ cd_values[H5Z_SCALEOFFSET_PARM_ORDER] = H5Z_SCALEOFFSET_ORDER_BE; ++ break; ++ ++ case H5T_ORDER_ERROR: ++ case H5T_ORDER_VAX: ++ case H5T_ORDER_MIXED: ++ case H5T_ORDER_NONE: ++ default: ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "bad datatype endianness order"); ++ } /* end switch */ ++ ++ /* Check whether fill value is defined for dataset */ ++ if (H5P_fill_value_defined(dcpl_plist, &status) < 0) ++ HGOTO_ERROR(H5E_PLINE, H5E_CANTGET, FAIL, "unable to determine if fill value is defined"); ++ ++ /* Set local parameter for availability of fill value */ ++ if (status == H5D_FILL_VALUE_UNDEFINED) ++ cd_values[H5Z_SCALEOFFSET_PARM_FILAVAIL] = H5Z_SCALEOFFSET_FILL_UNDEFINED; ++ else { ++ int need_convert = false; /* Flag indicating conversion of byte order */ ++ ++ cd_values[H5Z_SCALEOFFSET_PARM_FILAVAIL] = H5Z_SCALEOFFSET_FILL_DEFINED; ++ ++ /* Check if memory byte order matches dataset datatype byte order */ ++ if (H5T_native_order_g != dtype_order) ++ need_convert = true; ++ ++ /* Before getting fill value, get its type */ ++ if ((scale_type = H5Z__scaleoffset_get_type(cd_values[H5Z_SCALEOFFSET_PARM_CLASS], ++ cd_values[H5Z_SCALEOFFSET_PARM_SIZE], ++ cd_values[H5Z_SCALEOFFSET_PARM_SIGN])) == 0) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "cannot use C integer datatype for cast"); ++ ++ /* Get dataset fill value and store in cd_values[] */ ++ if (H5Z__scaleoffset_set_parms_fillval(dcpl_plist, type, scale_type, cd_values, need_convert) < 0) ++ HGOTO_ERROR(H5E_PLINE, H5E_CANTSET, FAIL, "unable to set fill value"); ++ } /* end else */ ++ ++ /* Modify the filter's parameters for this dataset */ ++ if (H5P_modify_filter(dcpl_plist, H5Z_FILTER_SCALEOFFSET, flags, (size_t)H5Z_SCALEOFFSET_TOTAL_NPARMS, ++ cd_values) < 0) ++ HGOTO_ERROR(H5E_PLINE, H5E_CANTSET, FAIL, "can't set local scaleoffset parameters"); ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) ++} /* end H5Z__set_local_scaleoffset() */ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5Z__filter_scaleoffset ++ * ++ * Purpose: Implement an I/O filter for storing packed integer ++ * data using scale and offset method. ++ * ++ * Return: Success: Size of buffer filtered ++ * Failure: 0 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static size_t ++H5Z__filter_scaleoffset(unsigned flags, size_t cd_nelmts, const unsigned cd_values[], size_t nbytes, ++ size_t *buf_size, void **buf) ++{ ++ size_t ret_value = 0; /* return value */ ++ size_t size_out = 0; /* size of output buffer */ ++ unsigned d_nelmts = 0; /* number of data elements in the chunk */ ++ unsigned dtype_class; /* datatype class */ ++ unsigned dtype_sign; /* integer datatype sign */ ++ unsigned filavail; /* flag indicating if fill value is defined or not */ ++ H5Z_SO_scale_type_t scale_type = H5Z_SO_FLOAT_DSCALE; /* scale type */ ++ int scale_factor = 0; /* scale factor */ ++ double D_val = 0.0; /* decimal scale factor */ ++ uint32_t minbits = 0; /* minimum number of bits to store values */ ++ unsigned long long minval = 0; /* minimum value of input buffer */ ++ enum H5Z_scaleoffset_t type; /* memory type corresponding to dataset datatype */ ++ int need_convert = false; /* flag indicating conversion of byte order */ ++ unsigned char *outbuf = NULL; /* pointer to new output buffer */ ++ unsigned buf_offset = 21; /* buffer offset because of parameters stored in file */ ++ unsigned i; /* index */ ++ parms_atomic p; /* parameters needed for compress/decompress functions */ ++ ++ FUNC_ENTER_PACKAGE ++ ++ /* check arguments */ ++ if (cd_nelmts != H5Z_SCALEOFFSET_TOTAL_NPARMS) ++ HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, 0, "invalid scaleoffset number of parameters"); ++ ++ /* Check if memory byte order matches dataset datatype byte order */ ++ switch (H5T_native_order_g) { ++ case H5T_ORDER_LE: /* memory is little-endian byte order */ ++ if (cd_values[H5Z_SCALEOFFSET_PARM_ORDER] == H5Z_SCALEOFFSET_ORDER_BE) ++ need_convert = true; ++ break; ++ ++ case H5T_ORDER_BE: /* memory is big-endian byte order */ ++ if (cd_values[H5Z_SCALEOFFSET_PARM_ORDER] == H5Z_SCALEOFFSET_ORDER_LE) ++ need_convert = true; ++ break; ++ ++ case H5T_ORDER_ERROR: ++ case H5T_ORDER_VAX: ++ case H5T_ORDER_MIXED: ++ case H5T_ORDER_NONE: ++ default: ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, 0, "bad H5T_NATIVE_INT endianness order"); ++ } /* end switch */ ++ ++ /* copy filter parameters to local variables */ ++ d_nelmts = cd_values[H5Z_SCALEOFFSET_PARM_NELMTS]; ++ dtype_class = cd_values[H5Z_SCALEOFFSET_PARM_CLASS]; ++ dtype_sign = cd_values[H5Z_SCALEOFFSET_PARM_SIGN]; ++ filavail = cd_values[H5Z_SCALEOFFSET_PARM_FILAVAIL]; ++ scale_factor = (int)cd_values[H5Z_SCALEOFFSET_PARM_SCALEFACTOR]; ++ scale_type = (H5Z_SO_scale_type_t)cd_values[H5Z_SCALEOFFSET_PARM_SCALETYPE]; ++ ++ /* check and assign proper values set by user to related parameters ++ * scale type can be H5Z_SO_FLOAT_DSCALE (0), H5Z_SO_FLOAT_ESCALE (1) or H5Z_SO_INT (other) ++ * H5Z_SO_FLOAT_DSCALE : floating-point type, variable-minimum-bits method, ++ * scale factor is decimal scale factor ++ * H5Z_SO_FLOAT_ESCALE : floating-point type, fixed-minimum-bits method, ++ * scale factor is the fixed minimum number of bits ++ * H5Z_SO_INT : integer type, scale_factor is minimum number of bits ++ */ ++ if (dtype_class == H5Z_SCALEOFFSET_CLS_FLOAT) { /* floating-point type */ ++ if (scale_type != H5Z_SO_FLOAT_DSCALE && scale_type != H5Z_SO_FLOAT_ESCALE) ++ HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, 0, "invalid scale type"); ++ } ++ ++ if (dtype_class == H5Z_SCALEOFFSET_CLS_INTEGER) { /* integer type */ ++ if (scale_type != H5Z_SO_INT) ++ HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, 0, "invalid scale type"); ++ ++ /* if scale_factor is less than 0 for integer, library will reset it to 0 ++ * in this case, library will calculate the minimum-bits ++ */ ++ if (scale_factor < 0) ++ scale_factor = 0; ++ } ++ ++ /* fixed-minimum-bits method is not implemented and is forbidden */ ++ if (scale_type == H5Z_SO_FLOAT_ESCALE) ++ HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, 0, "E-scaling method not supported"); ++ ++ if (scale_type == H5Z_SO_FLOAT_DSCALE) { /* floating-point type, variable-minimum-bits */ ++ D_val = (double)scale_factor; ++ } ++ else { /* integer type, or floating-point type with fixed-minimum-bits method */ ++ if (scale_factor > (int)(cd_values[H5Z_SCALEOFFSET_PARM_SIZE] * 8)) ++ HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, 0, "minimum number of bits exceeds maximum"); ++ ++ /* no need to process data */ ++ if (scale_factor == (int)(cd_values[H5Z_SCALEOFFSET_PARM_SIZE] * 8)) { ++ ret_value = *buf_size; ++ goto done; ++ } ++ minbits = (uint32_t)scale_factor; ++ } ++ ++ /* prepare parameters to pass to compress/decompress functions */ ++ p.size = cd_values[H5Z_SCALEOFFSET_PARM_SIZE]; ++ p.mem_order = (unsigned)H5T_native_order_g; ++ ++ /* input; decompress */ ++ if (flags & H5Z_FLAG_REVERSE) { ++ /* retrieve values of minbits and minval from input compressed buffer ++ * retrieve them corresponding to how they are stored during compression ++ */ ++ uint32_t minbits_mask = 0; ++ unsigned long long minval_mask = 0; ++ unsigned minval_size = 0; ++ ++ minbits = 0; ++ if (H5_IS_BUFFER_OVERFLOW((unsigned char *)*buf, 5, (unsigned char *)*buf + *buf_size - 1)) ++ HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, 0, "buffer too short"); ++ ++ for (i = 0; i < 4; i++) { ++ minbits_mask = ((unsigned char *)*buf)[i]; ++ minbits_mask <<= i * 8; ++ minbits |= minbits_mask; ++ } ++ if (minbits >= p.size * 8) ++ HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, 0, "minimum number of bits exceeds size of type"); ++ ++ /* retrieval of minval takes into consideration situation where sizeof ++ * unsigned long long (datatype of minval) may change from compression ++ * to decompression, only smaller size is used ++ */ ++ minval_size = sizeof(unsigned long long) <= ((unsigned char *)*buf)[4] ? sizeof(unsigned long long) ++ : ((unsigned char *)*buf)[4]; ++ minval = 0; ++ if (H5_IS_BUFFER_OVERFLOW((unsigned char *)*buf, 5 + minval_size, ++ (unsigned char *)*buf + *buf_size - 1)) ++ HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, 0, "buffer too short"); ++ for (i = 0; i < minval_size; i++) { ++ minval_mask = ((unsigned char *)*buf)[5 + i]; ++ minval_mask <<= i * 8; ++ minval |= minval_mask; ++ } ++ ++ assert(minbits <= p.size * 8); ++ p.minbits = minbits; ++ ++ /* calculate size of output buffer after decompression */ ++ size_out = d_nelmts * (size_t)p.size; ++ ++ /* allocate memory space for decompressed buffer */ ++ if (NULL == (outbuf = (unsigned char *)H5MM_malloc(size_out))) ++ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, 0, ++ "memory allocation failed for scaleoffset decompression"); ++ ++ /* special case: minbits equal to full precision */ ++ if (minbits == p.size * 8) { ++ H5MM_memcpy(outbuf, (unsigned char *)(*buf) + buf_offset, size_out); ++ /* free the original buffer */ ++ H5MM_xfree(*buf); ++ ++ /* convert to dataset datatype endianness order if needed */ ++ if (need_convert) ++ H5Z__scaleoffset_convert(outbuf, d_nelmts, p.size); ++ ++ *buf = outbuf; ++ outbuf = NULL; ++ *buf_size = size_out; ++ ret_value = size_out; ++ goto done; ++ } ++ ++ /* decompress the buffer if minbits not equal to zero */ ++ if (minbits != 0) ++ H5Z__scaleoffset_decompress(outbuf, d_nelmts, (unsigned char *)(*buf) + buf_offset, p); ++ else { ++ /* fill value is not defined and all data elements have the same value */ ++ for (i = 0; i < size_out; i++) ++ outbuf[i] = 0; ++ } ++ ++ /* before postprocess, get memory type */ ++ if ((type = H5Z__scaleoffset_get_type(dtype_class, p.size, dtype_sign)) == 0) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, 0, "cannot use C integer datatype for cast"); ++ ++ /* postprocess after decompression */ ++ if (dtype_class == H5Z_SCALEOFFSET_CLS_INTEGER) ++ H5Z__scaleoffset_postdecompress_i(outbuf, d_nelmts, type, filavail, cd_values, minbits, minval); ++ ++ if (dtype_class == H5Z_SCALEOFFSET_CLS_FLOAT) ++ if (scale_type == 0) { /* variable-minimum-bits method */ ++ if (H5Z__scaleoffset_postdecompress_fd(outbuf, d_nelmts, type, filavail, cd_values, minbits, ++ minval, D_val) == FAIL) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, 0, "post-decompression failed"); ++ } ++ ++ /* after postprocess, convert to dataset datatype endianness order if needed */ ++ if (need_convert) ++ H5Z__scaleoffset_convert(outbuf, d_nelmts, p.size); ++ } ++ /* output; compress */ ++ else { ++ size_t used_bytes; ++ size_t unused_bytes; ++ ++ assert(nbytes == d_nelmts * p.size); ++ ++ /* before preprocess, convert to memory endianness order if needed */ ++ if (need_convert) ++ H5Z__scaleoffset_convert(*buf, d_nelmts, p.size); ++ ++ /* before preprocess, get memory type */ ++ if ((type = H5Z__scaleoffset_get_type(dtype_class, p.size, dtype_sign)) == 0) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, 0, "cannot use C integer datatype for cast"); ++ ++ /* preprocess before compression */ ++ if (dtype_class == H5Z_SCALEOFFSET_CLS_INTEGER) ++ H5Z__scaleoffset_precompress_i(*buf, d_nelmts, type, filavail, cd_values, &minbits, &minval); ++ ++ if (dtype_class == H5Z_SCALEOFFSET_CLS_FLOAT) ++ if (scale_type == 0) { /* variable-minimum-bits method */ ++ if (H5Z__scaleoffset_precompress_fd(*buf, d_nelmts, type, filavail, cd_values, &minbits, ++ &minval, D_val) == FAIL) ++ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, 0, "pre-compression failed"); ++ } ++ ++ assert(minbits <= p.size * 8); ++ ++ /* calculate buffer size after compression ++ * minbits and minval are stored in the front of the compressed buffer ++ */ ++ p.minbits = minbits; ++ size_out = buf_offset + nbytes * p.minbits / (p.size * 8) + 1; /* may be 1 larger */ ++ ++ /* allocate memory space for compressed buffer */ ++ if (NULL == (outbuf = (unsigned char *)H5MM_malloc(size_out))) ++ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, 0, "memory allocation failed for scaleoffset compression"); ++ ++ /* store minbits and minval in the front of output compressed buffer ++ * store byte by byte from least significant byte to most significant byte ++ * constant buffer size (21 bytes) is left for these two parameters ++ * 4 bytes for minbits, 1 byte for size of minval, 16 bytes for minval ++ */ ++ for (i = 0; i < 4; i++) ++ ((unsigned char *)outbuf)[i] = (unsigned char)((minbits & ((uint32_t)0xff << i * 8)) >> i * 8); ++ ++ ((unsigned char *)outbuf)[4] = sizeof(unsigned long long); ++ ++ for (i = 0; i < sizeof(unsigned long long); i++) ++ ((unsigned char *)outbuf)[5 + i] = ++ (unsigned char)((minval & ((unsigned long long)0xff << i * 8)) >> i * 8); ++ ++ /* Zero out remaining, unused bytes */ ++ /* (Looks like an error in the original determination of how many ++ * bytes would be needed for parameters. - QAK, 2010/08/19) ++ */ ++ used_bytes = 4 + 1 + sizeof(unsigned long long); ++ assert(used_bytes <= size_out); ++ unused_bytes = size_out - used_bytes; ++ memset(outbuf + 13, 0, unused_bytes); ++ ++ /* special case: minbits equal to full precision */ ++ if (minbits == p.size * 8) { ++ H5MM_memcpy(outbuf + buf_offset, *buf, nbytes); ++ /* free the original buffer */ ++ H5MM_xfree(*buf); ++ ++ *buf = outbuf; ++ outbuf = NULL; ++ *buf_size = size_out; ++ ret_value = buf_offset + nbytes; ++ goto done; ++ } ++ ++ /* compress the buffer if minbits not equal to zero ++ * minbits equal to zero only when fill value is not defined and ++ * all data elements have the same value ++ */ ++ if (minbits != 0) ++ H5Z__scaleoffset_compress((unsigned char *)*buf, d_nelmts, outbuf + buf_offset, ++ size_out - buf_offset, p); ++ } ++ ++ /* free the input buffer */ ++ H5MM_xfree(*buf); ++ ++ /* set return values */ ++ *buf = outbuf; ++ outbuf = NULL; ++ *buf_size = size_out; ++ ret_value = size_out; ++ ++done: ++ if (outbuf) ++ H5MM_xfree(outbuf); ++ FUNC_LEAVE_NOAPI(ret_value) ++} ++ ++/* ============ Scaleoffset Algorithm =============================================== ++ * assume one byte has 8 bit ++ * assume padding bit is 0 ++ * assume size of unsigned char is one byte ++ * assume one data item of certain datatype is stored continuously in bytes ++ * atomic datatype is treated on byte basis ++ */ ++ ++/* change byte order of input buffer either from little-endian to big-endian ++ * or from big-endian to little-endian 2/21/2005 ++ */ ++static void ++H5Z__scaleoffset_convert(void *buf, unsigned d_nelmts, unsigned dtype_size) ++{ ++ if (dtype_size > 1) { ++ size_t i, j; ++ unsigned char *buffer, temp; ++ ++ buffer = (unsigned char *)buf; ++ for (i = 0; i < d_nelmts * (size_t)dtype_size; i += dtype_size) ++ for (j = 0; j < dtype_size / 2; j++) { ++ /* swap pair of bytes */ ++ temp = buffer[i + j]; ++ buffer[i + j] = buffer[i + dtype_size - 1 - j]; ++ buffer[i + dtype_size - 1 - j] = temp; ++ } /* end for */ ++ } /* end if */ ++} /* end H5Z__scaleoffset_convert() */ ++ ++/* return ceiling of floating-point log2 function ++ * receive unsigned integer as argument 3/10/2005 ++ */ ++static unsigned ++H5Z__scaleoffset_log2(unsigned long long num) ++{ ++ unsigned v = 0; ++ unsigned long long lower_bound = 1; /* is power of 2, largest value <= num */ ++ unsigned long long val = num; ++ ++ while (val >>= 1) { ++ v++; ++ lower_bound <<= 1; ++ } ++ ++ if (num == lower_bound) ++ return v; ++ else ++ return v + 1; ++} ++ ++/* precompress for integer type */ ++static void ++H5Z__scaleoffset_precompress_i(void *data, unsigned d_nelmts, enum H5Z_scaleoffset_t type, unsigned filavail, ++ const unsigned cd_values[], uint32_t *minbits, unsigned long long *minval) ++{ ++ if (type == t_uchar) ++ H5Z_scaleoffset_precompress_1(unsigned char, data, d_nelmts, filavail, cd_values, minbits, minval); ++ else if (type == t_ushort) ++ H5Z_scaleoffset_precompress_1(unsigned short, data, d_nelmts, filavail, cd_values, minbits, minval); ++ else if (type == t_uint) ++ H5Z_scaleoffset_precompress_1(unsigned int, data, d_nelmts, filavail, cd_values, minbits, minval); ++ else if (type == t_ulong) ++ H5Z_scaleoffset_precompress_1(unsigned long, data, d_nelmts, filavail, cd_values, minbits, minval); ++ else if (type == t_ulong_long) ++ H5Z_scaleoffset_precompress_1(unsigned long long, data, d_nelmts, filavail, cd_values, minbits, ++ minval); ++ else if (type == t_schar) { ++ signed char *buf = (signed char *)data, min = 0, max = 0, filval = 0; ++ unsigned char span; ++ unsigned i; ++ ++ if (filavail == H5Z_SCALEOFFSET_FILL_DEFINED) { /* fill value defined */ ++ H5Z_scaleoffset_get_filval_1(signed char, cd_values, filval); ++ if (*minbits == ++ H5Z_SO_INT_MINBITS_DEFAULT) { /* minbits not set yet, calculate max, min, and minbits */ ++ H5Z_scaleoffset_max_min_1(i, d_nelmts, buf, filval, max, ++ min) if ((unsigned char)(max - min) > ++ (unsigned char)(~(unsigned char)0 - 2)) ++ { ++ *minbits = sizeof(signed char) * 8; ++ return; ++ } ++ span = (unsigned char)(max - min + 1); ++ *minbits = H5Z__scaleoffset_log2((unsigned long long)(span + 1)); ++ } ++ else /* minbits already set, only calculate min */ ++ H5Z_scaleoffset_min_1(i, d_nelmts, buf, filval, ++ min) if (*minbits != ++ sizeof(signed char) * ++ 8) /* change values if minbits != full precision */ ++ for (i = 0; i < d_nelmts; i++) buf[i] = ++ (signed char)((buf[i] == filval) ? (((unsigned char)1 << *minbits) - 1) ++ : (buf[i] - min)); ++ } ++ else { /* fill value undefined */ ++ if (*minbits == ++ H5Z_SO_INT_MINBITS_DEFAULT) { /* minbits not set yet, calculate max, min, and minbits */ ++ H5Z_scaleoffset_max_min_2(i, d_nelmts, buf, max, ++ min) if ((unsigned char)(max - min) > ++ (unsigned char)(~(unsigned char)0 - 2)) ++ { ++ *minbits = sizeof(signed char) * 8; ++ *minval = (unsigned long long)min; ++ return; ++ } ++ span = (unsigned char)(max - min + 1); ++ *minbits = H5Z__scaleoffset_log2((unsigned long long)span); ++ } ++ else /* minbits already set, only calculate min */ ++ H5Z_scaleoffset_min_2(i, d_nelmts, buf, ++ min) if (*minbits != ++ sizeof(signed char) * ++ 8) /* change values if minbits != full precision */ ++ for (i = 0; i < d_nelmts; i++) buf[i] = (signed char)(buf[i] - min); ++ } ++ *minval = (unsigned long long)min; ++ } ++ else if (type == t_short) ++ H5Z_scaleoffset_precompress_2(short, data, d_nelmts, filavail, cd_values, minbits, minval); ++ else if (type == t_int) ++ H5Z_scaleoffset_precompress_2(int, data, d_nelmts, filavail, cd_values, minbits, minval); ++ else if (type == t_long) ++ H5Z_scaleoffset_precompress_2(long, data, d_nelmts, filavail, cd_values, minbits, minval); ++ else if (type == t_long_long) ++ H5Z_scaleoffset_precompress_2(long long, data, d_nelmts, filavail, cd_values, minbits, minval); ++} ++ ++/* postdecompress for integer type */ ++static void ++H5Z__scaleoffset_postdecompress_i(void *data, unsigned d_nelmts, enum H5Z_scaleoffset_t type, ++ unsigned filavail, const unsigned cd_values[], uint32_t minbits, ++ unsigned long long minval) ++{ ++ long long sminval = *(long long *)&minval; /* for signed integer types */ ++ ++ if (type == t_uchar) ++ H5Z_scaleoffset_postdecompress_1(unsigned char, data, d_nelmts, filavail, cd_values, minbits, minval); ++ else if (type == t_ushort) ++ H5Z_scaleoffset_postdecompress_1(unsigned short, data, d_nelmts, filavail, cd_values, minbits, ++ minval); ++ else if (type == t_uint) ++ H5Z_scaleoffset_postdecompress_1(unsigned int, data, d_nelmts, filavail, cd_values, minbits, minval); ++ else if (type == t_ulong) ++ H5Z_scaleoffset_postdecompress_1(unsigned long, data, d_nelmts, filavail, cd_values, minbits, minval); ++ else if (type == t_ulong_long) ++ H5Z_scaleoffset_postdecompress_1(unsigned long long, data, d_nelmts, filavail, cd_values, minbits, ++ minval); ++ else if (type == t_schar) { ++ signed char *buf = (signed char *)data, filval = 0; ++ unsigned i; ++ ++ if (filavail == H5Z_SCALEOFFSET_FILL_DEFINED) { /* fill value defined */ ++ H5Z_scaleoffset_get_filval_1(signed char, cd_values, filval); ++ for (i = 0; i < d_nelmts; i++) ++ buf[i] = (signed char)((buf[i] == (((unsigned char)1 << minbits) - 1)) ? filval ++ : (buf[i] + sminval)); ++ } ++ else /* fill value undefined */ ++ for (i = 0; i < d_nelmts; i++) ++ buf[i] = (signed char)(buf[i] + sminval); ++ } ++ else if (type == t_short) ++ H5Z_scaleoffset_postdecompress_2(short, data, d_nelmts, filavail, cd_values, minbits, sminval); ++ else if (type == t_int) ++ H5Z_scaleoffset_postdecompress_2(int, data, d_nelmts, filavail, cd_values, minbits, sminval); ++ else if (type == t_long) ++ H5Z_scaleoffset_postdecompress_2(long, data, d_nelmts, filavail, cd_values, minbits, sminval); ++ else if (type == t_long_long) ++ H5Z_scaleoffset_postdecompress_2(long long, data, d_nelmts, filavail, cd_values, minbits, sminval); ++} ++ ++/* precompress for floating-point type, variable-minimum-bits method ++ success: non-negative, failure: negative 4/15/05 */ ++static herr_t ++H5Z__scaleoffset_precompress_fd(void *data, unsigned d_nelmts, enum H5Z_scaleoffset_t type, unsigned filavail, ++ const unsigned cd_values[], uint32_t *minbits, unsigned long long *minval, ++ double D_val) ++{ ++ herr_t ret_value = SUCCEED; /* Return value */ ++ ++ FUNC_ENTER_PACKAGE ++ ++ if (type == t_float) ++ H5Z_scaleoffset_precompress_3(float, powf, fabsf, roundf, lroundf, llroundf, data, d_nelmts, filavail, ++ cd_values, minbits, minval, D_val); ++ else if (type == t_double) ++ H5Z_scaleoffset_precompress_3(double, pow, fabs, round, lround, llround, data, d_nelmts, filavail, ++ cd_values, minbits, minval, D_val); ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) ++} ++ ++/* postdecompress for floating-point type, variable-minimum-bits method ++ success: non-negative, failure: negative 4/15/05 */ ++static herr_t ++H5Z__scaleoffset_postdecompress_fd(void *data, unsigned d_nelmts, enum H5Z_scaleoffset_t type, ++ unsigned filavail, const unsigned cd_values[], uint32_t minbits, ++ unsigned long long minval, double D_val) ++{ ++ long long sminval = (long long)minval; /* for signed integer types */ ++ herr_t ret_value = SUCCEED; /* Return value */ ++ ++ FUNC_ENTER_PACKAGE ++ ++ if (type == t_float) ++ H5Z_scaleoffset_postdecompress_3(float, powf, data, d_nelmts, filavail, cd_values, minbits, sminval, ++ D_val); ++ else if (type == t_double) ++ H5Z_scaleoffset_postdecompress_3(double, pow, data, d_nelmts, filavail, cd_values, minbits, sminval, ++ D_val); ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) ++} ++ ++static void ++H5Z__scaleoffset_next_byte(size_t *j, unsigned *buf_len) ++{ ++ ++(*j); ++ *buf_len = 8 * sizeof(unsigned char); ++} ++ ++static void ++H5Z__scaleoffset_decompress_one_byte(unsigned char *data, size_t data_offset, unsigned k, unsigned begin_i, ++ const unsigned char *buffer, size_t *j, unsigned *buf_len, ++ parms_atomic p, unsigned dtype_len) ++{ ++ unsigned dat_len; /* dat_len is the number of bits to be copied in each data byte */ ++ unsigned char val; /* value to be copied in each data byte */ ++ ++ /* initialize value and bits of unsigned char to be copied */ ++ val = buffer[*j]; ++ if (k == begin_i) ++ dat_len = 8 - (dtype_len - p.minbits) % 8; ++ else ++ dat_len = 8; ++ ++ if (*buf_len > dat_len) { ++ data[data_offset + k] = ++ (unsigned char)((unsigned)(val >> (*buf_len - dat_len)) & (unsigned)(~((unsigned)~0 << dat_len))); ++ *buf_len -= dat_len; ++ } /* end if */ ++ else { ++ data[data_offset + k] = ++ (unsigned char)((val & ~((unsigned)(~0) << *buf_len)) << (dat_len - *buf_len)); ++ dat_len -= *buf_len; ++ H5Z__scaleoffset_next_byte(j, buf_len); ++ if (dat_len == 0) ++ return; ++ ++ val = buffer[*j]; ++ data[data_offset + k] |= ++ (unsigned char)((unsigned)(val >> (*buf_len - dat_len)) & ~((unsigned)(~0) << dat_len)); ++ *buf_len -= dat_len; ++ } /* end else */ ++} ++ ++static void ++H5Z__scaleoffset_decompress_one_atomic(unsigned char *data, size_t data_offset, unsigned char *buffer, ++ size_t *j, unsigned *buf_len, parms_atomic p) ++{ ++ /* begin_i: the index of byte having first significant bit */ ++ unsigned begin_i; ++ unsigned dtype_len; ++ int k; ++ ++ assert(p.minbits > 0); ++ ++ dtype_len = p.size * 8; ++ ++ if (p.mem_order == H5Z_SCALEOFFSET_ORDER_LE) { /* little endian */ ++ begin_i = p.size - 1 - (dtype_len - p.minbits) / 8; ++ ++ for (k = (int)begin_i; k >= 0; k--) ++ H5Z__scaleoffset_decompress_one_byte(data, data_offset, (unsigned)k, begin_i, buffer, j, buf_len, ++ p, dtype_len); ++ } ++ else { /* big endian */ ++ assert(p.mem_order == H5Z_SCALEOFFSET_ORDER_BE); ++ ++ begin_i = (dtype_len - p.minbits) / 8; ++ ++ for (k = (int)begin_i; k <= (int)(p.size - 1); k++) ++ H5Z__scaleoffset_decompress_one_byte(data, data_offset, (unsigned)k, begin_i, buffer, j, buf_len, ++ p, dtype_len); ++ } ++} ++ ++static void ++H5Z__scaleoffset_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer, parms_atomic p) ++{ ++ /* i: index of data, j: index of buffer, ++ buf_len: number of bits to be filled in current byte */ ++ size_t i, j; ++ unsigned buf_len; ++ ++ /* must initialize to zeros */ ++ for (i = 0; i < d_nelmts * (size_t)p.size; i++) ++ data[i] = 0; ++ ++ /* initialization before the loop */ ++ j = 0; ++ buf_len = sizeof(unsigned char) * 8; ++ ++ /* decompress */ ++ for (i = 0; i < d_nelmts; i++) ++ H5Z__scaleoffset_decompress_one_atomic(data, i * p.size, buffer, &j, &buf_len, p); ++} ++ ++static void ++H5Z__scaleoffset_compress_one_byte(const unsigned char *data, size_t data_offset, unsigned k, ++ unsigned begin_i, unsigned char *buffer, size_t *j, unsigned *buf_len, ++ parms_atomic p, unsigned dtype_len) ++{ ++ unsigned dat_len; /* dat_len is the number of bits to be copied in each data byte */ ++ unsigned char val; /* value to be copied in each data byte */ ++ ++ /* initialize value and bits of unsigned char to be copied */ ++ val = data[data_offset + k]; ++ if (k == begin_i) ++ dat_len = 8 - (dtype_len - p.minbits) % 8; ++ else ++ dat_len = 8; ++ ++ if (*buf_len > dat_len) { ++ buffer[*j] |= (unsigned char)((val & ~((unsigned)(~0) << dat_len)) << (*buf_len - dat_len)); ++ *buf_len -= dat_len; ++ } ++ else { ++ buffer[*j] |= ++ (unsigned char)((unsigned)(val >> (dat_len - *buf_len)) & ~((unsigned)(~0) << *buf_len)); ++ dat_len -= *buf_len; ++ H5Z__scaleoffset_next_byte(j, buf_len); ++ if (dat_len == 0) ++ return; ++ ++ buffer[*j] = (unsigned char)((val & ~((unsigned)(~0) << dat_len)) << (*buf_len - dat_len)); ++ *buf_len -= dat_len; ++ } /* end else */ ++} ++ ++static void ++H5Z__scaleoffset_compress_one_atomic(unsigned char *data, size_t data_offset, unsigned char *buffer, ++ size_t *j, unsigned *buf_len, parms_atomic p) ++{ ++ /* begin_i: the index of byte having first significant bit */ ++ unsigned begin_i; ++ unsigned dtype_len; ++ int k; ++ ++ assert(p.minbits > 0); ++ ++ dtype_len = p.size * 8; ++ ++ if (p.mem_order == H5Z_SCALEOFFSET_ORDER_LE) { /* little endian */ ++ begin_i = p.size - 1 - (dtype_len - p.minbits) / 8; ++ ++ for (k = (int)begin_i; k >= 0; k--) ++ H5Z__scaleoffset_compress_one_byte(data, data_offset, (unsigned)k, begin_i, buffer, j, buf_len, p, ++ dtype_len); ++ } ++ else { /* big endian */ ++ assert(p.mem_order == H5Z_SCALEOFFSET_ORDER_BE); ++ begin_i = (dtype_len - p.minbits) / 8; ++ ++ for (k = (int)begin_i; k <= (int)(p.size - 1); k++) ++ H5Z__scaleoffset_compress_one_byte(data, data_offset, (unsigned)k, begin_i, buffer, j, buf_len, p, ++ dtype_len); ++ } ++} ++ ++static void ++H5Z__scaleoffset_compress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer, size_t buffer_size, ++ parms_atomic p) ++{ ++ /* i: index of data, j: index of buffer, ++ buf_len: number of bits to be filled in current byte */ ++ size_t i, j; ++ unsigned buf_len; ++ ++ /* must initialize buffer to be zeros */ ++ for (j = 0; j < buffer_size; j++) ++ buffer[j] = 0; ++ ++ /* initialization before the loop */ ++ j = 0; ++ buf_len = sizeof(unsigned char) * 8; ++ ++ /* compress */ ++ for (i = 0; i < d_nelmts; i++) ++ H5Z__scaleoffset_compress_one_atomic(data, i * p.size, buffer, &j, &buf_len, p); ++} +-- +2.34.1 + diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb index d821fb8f34..47955c876e 100644 --- a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb +++ b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb @@ -29,6 +29,7 @@ SRC_URI = " \ file://CVE-2025-2310.patch \ file://CVE-2025-44905.patch \ file://CVE-2025-2309.patch \ + file://CVE-2025-2308.patch \ " SRC_URI[sha256sum] = "019ac451d9e1cf89c0482ba2a06f07a46166caf23f60fea5ef3c37724a318e03" From patchwork Fri Apr 10 07:05:06 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Wang, Jinfeng (CN)" X-Patchwork-Id: 85782 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1953CF364B0 for ; Fri, 10 Apr 2026 07:05:23 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.150637.1775804720759816398 for ; Fri, 10 Apr 2026 00:05:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=IIlz/Iff; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=8560f54642=jinfeng.wang.cn@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63A4uSWh1889323 for ; Fri, 10 Apr 2026 07:05:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=bpZFYDAKrOmQyrTfJT6mxbr/Eo9DxwxKOoH7gN78aow=; b=IIlz/IffThl1 qD6nRvG+D18+xxHFSUWm6ay4Bkt+hED4zCOupDIYyI6qRK1/VjeGcPl6UOvRy4JW +pjTPCtdY61Vdw2bzidW8so8ID6wcTiQzMbR/BTN2YrxTMWV2uRpBNaURumSuB8z 66CCOgMX49uQF1O9P40y1M3yAq/2/VxIRohZJoT/lDAdQ3pMFC1zMYilpqiJBkjn UMX455J4+NNY2VOo0aXNSV7U2P+71+RZhRiBLW4L9oj0jlmStYUzZ9IrmjwFPErl 4CzGZHZw9MB3CWqQ4dZDzddyqnoALA78ZYGiZReNy/cwpQnvCTu1UgCFdAmXIbLE 9ujsHG1vdA== Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [128.224.246.36]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4dcmrqn78a-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 07:05:19 +0000 (GMT) Received: from ala-exchng01.corp.ad.wrs.com (10.11.224.121) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.61; Fri, 10 Apr 2026 00:05:18 -0700 Received: from pek-lpg-core4.wrs.com (10.11.232.110) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server id 15.1.2507.61 via Frontend Transport; Fri, 10 Apr 2026 00:05:17 -0700 From: To: Subject: [meta-python][scarthgap][PATCH v2 09/11] python3-django: fix CVE-2025-57833 Date: Fri, 10 Apr 2026 15:05:06 +0800 Message-ID: <20260410070508.1104455-10-jinfeng.wang.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> References: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> MIME-Version: 1.0 X-Authority-Analysis: v=2.4 cv=RPCD2Yi+ c=1 sm=1 tr=0 ts=69d8a12f cx=c_pps a=AbJuCvi4Y3V6hpbCNWx0WA==:117 a=AbJuCvi4Y3V6hpbCNWx0WA==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=klDOsUkWDRETUCZYPvoE:22 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=VWcOui0qAAAA:8 a=QVxT2wuq3_Tkpv4swMoA:9 a=FdTzh2GWekK77mhwV6Dw:22 a=QrT887owLcKFfbcY6Lji:22 X-Proofpoint-ORIG-GUID: DtVpMmXNKl73gBoGaUcorFh_Mwxoo-Qn X-Proofpoint-GUID: DtVpMmXNKl73gBoGaUcorFh_Mwxoo-Qn X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDA2MyBTYWx0ZWRfX0LrJLwzoy7V8 nI0jMJRHY34rcovvJCYliaB5ZOHD77JGZADF/yUmoR2v+Y8JNAw5BR1qu9o1hihUdaw8Uwu0dsF qq4ynpdz5XwIy5lI755FJ7leVi3cTFNI+v+4QTd+JEsAeYxbXj5Q5ZE56jkdj/L4ENwn60GDj/x iemkWkyluZ8gzWOvH8FifGS+J0QflGH29hPirvMCPC6nWw2fnJ+blsGnlmujDA2ZgDRATkh6v12 lQEyzF+MzwDB5vIUXjjBu2oSaFh5MryA9AirA7aXbOGOx1IIGcoRfXouTw4swQValQvPjFJzz8I ocZmxvuNMzaq+wZVW0a4HUSSK+zvnhZTlMi+lVRFdde1u2mPJyt5ylU5lNHlZR58uh6yFACsAMN bei8cGvyQEX4CakcAfd0mI90QOEwfWf4PKKfMUbjZ2oM8IOR1dHRfMGDlrcFv6S9wsCjW7i0+qR QW+cX773u6Rs7ZS1IXw== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_02,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 malwarescore=0 phishscore=0 adultscore=0 spamscore=0 clxscore=1015 bulkscore=0 impostorscore=0 priorityscore=1501 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100063 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 10 Apr 2026 07:05:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126231 From: Haixiao Yan FilteredRelation was subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-57833 Upstream-patch: https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92 Signed-off-by: Haixiao Yan Signed-off-by: Jinfeng Wang --- .../CVE-2025-57833.patch | 88 +++++++++++++++++++ .../python/python3-django_5.0.14.bb | 1 + 2 files changed, 89 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-57833.patch diff --git a/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-57833.patch b/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-57833.patch new file mode 100644 index 0000000000..cef0b30a59 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-57833.patch @@ -0,0 +1,88 @@ +From 61b7449dc4ed51ce1fecd7b5a22b52fbc961c5bf Mon Sep 17 00:00:00 2001 +From: Jake Howard +Date: Wed, 13 Aug 2025 14:13:42 +0200 +Subject: [PATCH 1/2] [4.2.x] Fixed CVE-2025-57833 -- Protected + FilteredRelation against SQL injection in column aliases. + +Thanks Eyal Gabay (EyalSec) for the report. + +Backport of 51711717098d3f469f795dfa6bc3758b24f69ef7 from main. + +CVE: CVE-2025-57833 + +Upstream-Status: Backport [https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92] + +Signed-off-by: Haixiao Yan +--- + django/db/models/sql/query.py | 1 + + tests/annotations/tests.py | 24 ++++++++++++++++++++++++ + 2 files changed, 25 insertions(+) + +diff --git a/django/db/models/sql/query.py b/django/db/models/sql/query.py +index fe6baca607a9..6a86a184d8b4 100644 +--- a/django/db/models/sql/query.py ++++ b/django/db/models/sql/query.py +@@ -1663,6 +1663,7 @@ class Query(BaseExpression): + return target_clause, needed_inner + + def add_filtered_relation(self, filtered_relation, alias): ++ self.check_alias(alias) + filtered_relation.alias = alias + relation_lookup_parts, relation_field_parts, _ = self.solve_lookup_type( + filtered_relation.relation_name +diff --git a/tests/annotations/tests.py b/tests/annotations/tests.py +index f1260b41926b..01fa6958db7b 100644 +--- a/tests/annotations/tests.py ++++ b/tests/annotations/tests.py +@@ -12,6 +12,7 @@ from django.db.models import ( + Exists, + ExpressionWrapper, + F, ++ FilteredRelation, + FloatField, + Func, + IntegerField, +@@ -1132,6 +1133,15 @@ class NonAggregateAnnotationTestCase(TestCase): + with self.assertRaisesMessage(ValueError, msg): + Book.objects.annotate(**{crafted_alias: Value(1)}) + ++ def test_alias_filtered_relation_sql_injection(self): ++ crafted_alias = """injected_name" from "annotations_book"; --""" ++ msg = ( ++ "Column aliases cannot contain whitespace characters, quotation marks, " ++ "semicolons, or SQL comments." ++ ) ++ with self.assertRaisesMessage(ValueError, msg): ++ Book.objects.annotate(**{crafted_alias: FilteredRelation("author")}) ++ + def test_alias_forbidden_chars(self): + tests = [ + 'al"ias', +@@ -1157,6 +1167,11 @@ class NonAggregateAnnotationTestCase(TestCase): + with self.assertRaisesMessage(ValueError, msg): + Book.objects.annotate(**{crafted_alias: Value(1)}) + ++ with self.assertRaisesMessage(ValueError, msg): ++ Book.objects.annotate( ++ **{crafted_alias: FilteredRelation("authors")} ++ ) ++ + + class AliasTests(TestCase): + @classmethod +@@ -1429,3 +1444,12 @@ class AliasTests(TestCase): + ) + with self.assertRaisesMessage(ValueError, msg): + Book.objects.alias(**{crafted_alias: Value(1)}) ++ ++ def test_alias_filtered_relation_sql_injection(self): ++ crafted_alias = """injected_name" from "annotations_book"; --""" ++ msg = ( ++ "Column aliases cannot contain whitespace characters, quotation marks, " ++ "semicolons, or SQL comments." ++ ) ++ with self.assertRaisesMessage(ValueError, msg): ++ Book.objects.alias(**{crafted_alias: FilteredRelation("authors")}) +-- +2.34.1 + diff --git a/meta-python/recipes-devtools/python/python3-django_5.0.14.bb b/meta-python/recipes-devtools/python/python3-django_5.0.14.bb index 84dd9dd5f4..0f6a55a0b3 100644 --- a/meta-python/recipes-devtools/python/python3-django_5.0.14.bb +++ b/meta-python/recipes-devtools/python/python3-django_5.0.14.bb @@ -7,6 +7,7 @@ CVE_STATUS[CVE-2025-27556] = "not-applicable-platform: Issue only applies on Win SRC_URI += "file://CVE-2025-64460.patch \ file://CVE-2025-64459-1.patch \ file://CVE-2025-64459-2.patch \ + file://CVE-2025-57833.patch \ " SRC_URI[sha256sum] = "29019a5763dbd48da1720d687c3522ef40d1c61be6fb2fad27ed79e9f655bc11" From patchwork Fri Apr 10 07:05:07 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Wang, Jinfeng (CN)" X-Patchwork-Id: 85790 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6179CE99048 for ; Fri, 10 Apr 2026 07:05:25 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.150887.1775804723015854611 for ; Fri, 10 Apr 2026 00:05:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=C843k6rN; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=8560f54642=jinfeng.wang.cn@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63A4uSWl1889323 for ; Fri, 10 Apr 2026 07:05:22 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=S6cEZu8OnH8CASPsmIJ4Z91GuNJHYBJmPx2/xN4LNV0=; b=C843k6rNTyGz pTo0pL6P8wgT9b8dLA5it3ZnINGSivkcHTsNJ7FD4OW8ixMD5K9XWhF4NDm6igsP laPTaG9ErlntN7VOHthUBWulzoK21faHzzu2OzKYMyQ3zuQ2T3+b1Wp4Ry++cf4Q ipaUJkm//nJ+gjWaV+5U1ggfjJAWP7v/thbf5ChoEr4s+GG946+W0uUGzkopHp1T eM6z82iGq5C5lywZ12hB1cXMZ+GlEsVWuN2EVNvC+b1Rml3pi0QCmbRa4jZVG41Z uhGtf58dmpAeJbDAGH3M37/V1QnNTj+myY6Dch4nVgHehPcHNL37pzTzKMUpBr0A geds3bei8A== Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [128.224.246.36]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4dcmrqn78a-6 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 07:05:21 +0000 (GMT) Received: from ala-exchng01.corp.ad.wrs.com (10.11.224.121) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.61; Fri, 10 Apr 2026 00:05:19 -0700 Received: from pek-lpg-core4.wrs.com (10.11.232.110) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server id 15.1.2507.61 via Frontend Transport; Fri, 10 Apr 2026 00:05:18 -0700 From: To: Subject: [meta-python][scarthgap][PATCH v2 10/11] python3-django: fix CVE-2025-59681 Date: Fri, 10 Apr 2026 15:05:07 +0800 Message-ID: <20260410070508.1104455-11-jinfeng.wang.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> References: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> MIME-Version: 1.0 X-Authority-Analysis: v=2.4 cv=RPCD2Yi+ c=1 sm=1 tr=0 ts=69d8a131 cx=c_pps a=AbJuCvi4Y3V6hpbCNWx0WA==:117 a=AbJuCvi4Y3V6hpbCNWx0WA==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=klDOsUkWDRETUCZYPvoE:22 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=epTmVMiNAAAA:8 a=t7CeM3EgAAAA:8 a=pGLkceISAAAA:8 a=4iZjGnfvTQSL3jFuhDIA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-ORIG-GUID: NB9-BllVB2XPphXIPQOwOnbSUmND-MD7 X-Proofpoint-GUID: NB9-BllVB2XPphXIPQOwOnbSUmND-MD7 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDA2MyBTYWx0ZWRfXwhDz08Wo+wz5 9lejOrV0nncluF3HM5MuQwoBBq0UY0to63XFkuh6pjMZ8jlgb67jOeyZ6ypqHJ31H5VrQz7PAEq DhEI7yi4qwe9ExJ+yBLbhGM/aYWJ0Qf4ICd5AoZcal3uwVjqUD2dsYdgpInf6FYRpo6v85LPz/n ARTJHjF72shdGA58JH3zAiA/SrbmJINrJeFCI5sCBAFWYEPE0u1atvRAUQugO0JdmVUiUSRl4xo bnTD1fxywmnPK1ojQ4r03W84qUMPgdmKqVrc/lTiiiG3dHXff8i3P6vpftYeCqNAh9ImwRCcnPv 4mpf/Oafwgx/xL1JQ9jibpNVM4eWi8h/cWQ7e3PAp5YdXsWXrpI1IV0NzbPAHL+re+MlJgY3XJj 2bIKxwJBS/IphowHZXj7eFZo71FDUErB5O+lryy7TuhMw6JxHsTdGTPwCPKHmYUTtJOfXgyFk+X cplXxuGP6DBXURpphUw== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_02,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 malwarescore=0 phishscore=0 adultscore=0 spamscore=0 clxscore=1015 bulkscore=0 impostorscore=0 priorityscore=1501 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100063 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 10 Apr 2026 07:05:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126232 From: Haixiao Yan QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() methods were subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods on MySQL and MariaDB. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-59681 Upstream-patch: https://github.com/django/django/commit/38d9ef8c7b5cb6ef51b933e51a20e0e0063f33d5 Signed-off-by: Haixiao Yan Signed-off-by: Jinfeng Wang --- .../CVE-2025-59681.patch | 179 ++++++++++++++++++ .../python/python3-django_5.0.14.bb | 1 + 2 files changed, 180 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-59681.patch diff --git a/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-59681.patch b/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-59681.patch new file mode 100644 index 0000000000..c62a848aa7 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-59681.patch @@ -0,0 +1,179 @@ +From 3626cf164dd785625a5f8402c621019707094782 Mon Sep 17 00:00:00 2001 +From: Mariusz Felisiak +Date: Wed, 10 Sep 2025 09:53:52 +0200 +Subject: [PATCH 2/2] [4.2.x] Fixed CVE-2025-59681 -- Protected + QuerySet.annotate(), alias(), aggregate(), and extra() against SQL injection + in column aliases on MySQL/MariaDB. + +Thanks sw0rd1ight for the report. + +Follow up to 93cae5cb2f9a4ef1514cf1a41f714fef08005200. + +Backport of 41b43c74bda19753c757036673ea9db74acf494a from main. + +CVE: CVE-2025-59681 + +Upstream-Status: Backport [https://github.com/django/django/commit/38d9ef8c7b5cb6ef51b933e51a20e0e +0063f33d5] + +Signed-off-by: Haixiao Yan +--- + django/db/models/sql/query.py | 8 ++++---- + tests/aggregation/tests.py | 4 ++-- + tests/annotations/tests.py | 23 ++++++++++++----------- + tests/expressions/test_queryset_values.py | 8 ++++---- + tests/queries/tests.py | 4 ++-- + 5 files changed, 24 insertions(+), 23 deletions(-) + +diff --git a/django/db/models/sql/query.py b/django/db/models/sql/query.py +index 6a86a184d8b4..aa348ddf5ff8 100644 +--- a/django/db/models/sql/query.py ++++ b/django/db/models/sql/query.py +@@ -47,9 +47,9 @@ from django.utils.tree import Node + + __all__ = ["Query", "RawQuery"] + +-# Quotation marks ('"`[]), whitespace characters, semicolons, or inline ++# Quotation marks ('"`[]), whitespace characters, semicolons, hashes, or inline + # SQL comments are forbidden in column aliases. +-FORBIDDEN_ALIAS_PATTERN = _lazy_re_compile(r"['`\"\]\[;\s]|--|/\*|\*/") ++FORBIDDEN_ALIAS_PATTERN = _lazy_re_compile(r"['`\"\]\[;\s]|#|--|/\*|\*/") + + # Inspired from + # https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-IDENTIFIERS +@@ -1188,8 +1188,8 @@ class Query(BaseExpression): + def check_alias(self, alias): + if FORBIDDEN_ALIAS_PATTERN.search(alias): + raise ValueError( +- "Column aliases cannot contain whitespace characters, quotation marks, " +- "semicolons, or SQL comments." ++ "Column aliases cannot contain whitespace characters, hashes, " ++ "quotation marks, semicolons, or SQL comments." + ) + + def add_annotation(self, annotation, alias, select=True): +diff --git a/tests/aggregation/tests.py b/tests/aggregation/tests.py +index 48266d97746b..277c0507f7d9 100644 +--- a/tests/aggregation/tests.py ++++ b/tests/aggregation/tests.py +@@ -2090,8 +2090,8 @@ class AggregateTestCase(TestCase): + def test_alias_sql_injection(self): + crafted_alias = """injected_name" from "aggregation_author"; --""" + msg = ( +- "Column aliases cannot contain whitespace characters, quotation marks, " +- "semicolons, or SQL comments." ++ "Column aliases cannot contain whitespace characters, hashes, quotation " ++ "marks, semicolons, or SQL comments." + ) + with self.assertRaisesMessage(ValueError, msg): + Author.objects.aggregate(**{crafted_alias: Avg("age")}) +diff --git a/tests/annotations/tests.py b/tests/annotations/tests.py +index 01fa6958db7b..ac40408977ae 100644 +--- a/tests/annotations/tests.py ++++ b/tests/annotations/tests.py +@@ -1127,8 +1127,8 @@ class NonAggregateAnnotationTestCase(TestCase): + def test_alias_sql_injection(self): + crafted_alias = """injected_name" from "annotations_book"; --""" + msg = ( +- "Column aliases cannot contain whitespace characters, quotation marks, " +- "semicolons, or SQL comments." ++ "Column aliases cannot contain whitespace characters, hashes, quotation " ++ "marks, semicolons, or SQL comments." + ) + with self.assertRaisesMessage(ValueError, msg): + Book.objects.annotate(**{crafted_alias: Value(1)}) +@@ -1136,8 +1136,8 @@ class NonAggregateAnnotationTestCase(TestCase): + def test_alias_filtered_relation_sql_injection(self): + crafted_alias = """injected_name" from "annotations_book"; --""" + msg = ( +- "Column aliases cannot contain whitespace characters, quotation marks, " +- "semicolons, or SQL comments." ++ "Column aliases cannot contain whitespace characters, hashes, quotation " ++ "marks, semicolons, or SQL comments." + ) + with self.assertRaisesMessage(ValueError, msg): + Book.objects.annotate(**{crafted_alias: FilteredRelation("author")}) +@@ -1154,13 +1154,14 @@ class NonAggregateAnnotationTestCase(TestCase): + "ali/*as", + "alias*/", + "alias;", +- # [] are used by MSSQL. ++ # [] and # are used by MSSQL. + "alias[", + "alias]", ++ "ali#as", + ] + msg = ( +- "Column aliases cannot contain whitespace characters, quotation marks, " +- "semicolons, or SQL comments." ++ "Column aliases cannot contain whitespace characters, hashes, quotation " ++ "marks, semicolons, or SQL comments." + ) + for crafted_alias in tests: + with self.subTest(crafted_alias): +@@ -1439,8 +1440,8 @@ class AliasTests(TestCase): + def test_alias_sql_injection(self): + crafted_alias = """injected_name" from "annotations_book"; --""" + msg = ( +- "Column aliases cannot contain whitespace characters, quotation marks, " +- "semicolons, or SQL comments." ++ "Column aliases cannot contain whitespace characters, hashes, quotation " ++ "marks, semicolons, or SQL comments." + ) + with self.assertRaisesMessage(ValueError, msg): + Book.objects.alias(**{crafted_alias: Value(1)}) +@@ -1448,8 +1449,8 @@ class AliasTests(TestCase): + def test_alias_filtered_relation_sql_injection(self): + crafted_alias = """injected_name" from "annotations_book"; --""" + msg = ( +- "Column aliases cannot contain whitespace characters, quotation marks, " +- "semicolons, or SQL comments." ++ "Column aliases cannot contain whitespace characters, hashes, quotation " ++ "marks, semicolons, or SQL comments." + ) + with self.assertRaisesMessage(ValueError, msg): + Book.objects.alias(**{crafted_alias: FilteredRelation("authors")}) +diff --git a/tests/expressions/test_queryset_values.py b/tests/expressions/test_queryset_values.py +index 47bd1358de54..080ee06183dc 100644 +--- a/tests/expressions/test_queryset_values.py ++++ b/tests/expressions/test_queryset_values.py +@@ -37,8 +37,8 @@ class ValuesExpressionsTests(TestCase): + def test_values_expression_alias_sql_injection(self): + crafted_alias = """injected_name" from "expressions_company"; --""" + msg = ( +- "Column aliases cannot contain whitespace characters, quotation marks, " +- "semicolons, or SQL comments." ++ "Column aliases cannot contain whitespace characters, hashes, quotation " ++ "marks, semicolons, or SQL comments." + ) + with self.assertRaisesMessage(ValueError, msg): + Company.objects.values(**{crafted_alias: F("ceo__salary")}) +@@ -47,8 +47,8 @@ class ValuesExpressionsTests(TestCase): + def test_values_expression_alias_sql_injection_json_field(self): + crafted_alias = """injected_name" from "expressions_company"; --""" + msg = ( +- "Column aliases cannot contain whitespace characters, quotation marks, " +- "semicolons, or SQL comments." ++ "Column aliases cannot contain whitespace characters, hashes, quotation " ++ "marks, semicolons, or SQL comments." + ) + with self.assertRaisesMessage(ValueError, msg): + JSONFieldModel.objects.values(f"data__{crafted_alias}") +diff --git a/tests/queries/tests.py b/tests/queries/tests.py +index 5df231949194..91dce6170361 100644 +--- a/tests/queries/tests.py ++++ b/tests/queries/tests.py +@@ -1942,8 +1942,8 @@ class Queries5Tests(TestCase): + def test_extra_select_alias_sql_injection(self): + crafted_alias = """injected_name" from "queries_note"; --""" + msg = ( +- "Column aliases cannot contain whitespace characters, quotation marks, " +- "semicolons, or SQL comments." ++ "Column aliases cannot contain whitespace characters, hashes, quotation " ++ "marks, semicolons, or SQL comments." + ) + with self.assertRaisesMessage(ValueError, msg): + Note.objects.extra(select={crafted_alias: "1"}) +-- +2.34.1 + diff --git a/meta-python/recipes-devtools/python/python3-django_5.0.14.bb b/meta-python/recipes-devtools/python/python3-django_5.0.14.bb index 0f6a55a0b3..8a7cd2be16 100644 --- a/meta-python/recipes-devtools/python/python3-django_5.0.14.bb +++ b/meta-python/recipes-devtools/python/python3-django_5.0.14.bb @@ -8,6 +8,7 @@ SRC_URI += "file://CVE-2025-64460.patch \ file://CVE-2025-64459-1.patch \ file://CVE-2025-64459-2.patch \ file://CVE-2025-57833.patch \ + file://CVE-2025-59681.patch \ " SRC_URI[sha256sum] = "29019a5763dbd48da1720d687c3522ef40d1c61be6fb2fad27ed79e9f655bc11" From patchwork Fri Apr 10 07:05:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Wang, Jinfeng (CN)" X-Patchwork-Id: 85789 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 77C4AE9904A for ; Fri, 10 Apr 2026 07:05:25 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.150889.1775804723598013049 for ; Fri, 10 Apr 2026 00:05:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=cGRFaGV+; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=8560f54642=jinfeng.wang.cn@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63A4uSWm1889323 for ; Fri, 10 Apr 2026 07:05:22 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=LFCobzcU3Zxx1N7Oca2Wn0Wtti5vq2dhMIBGbgmOhKs=; b=cGRFaGV+5E79 xAc/t9ENZgizVQ7i0r0WOUBfk83gW8JFlhY5xGYU+I6xYPZ6/AkfgEfYtcoaS57U CGZ71aTQ134eXv7XnEqm447+k8S/5aIXgjNEw381X9Tn0CfyI5zkfBMqYhcJluTn JmOO858jG/dRe2xpjZn4jDqmnbjQfsMh5dTTf51TH+yygvO04tqKGrfyAPrivhvu f7+9wl19060cRBWu3jnG4ZyP+e6JjUcT5p69uind+Rxo4Y1iJ0aJfhE7RV/Qif0r WDv/utc4WCLWW8Es7i8ShWG3g9KHWNLTEzUG3VaU5qse5fa30gtFgSo3dclGoLm9 6zMnvwj4pg== Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [128.224.246.36]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4dcmrqn78a-7 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 10 Apr 2026 07:05:22 +0000 (GMT) Received: from ala-exchng01.corp.ad.wrs.com (10.11.224.121) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.61; Fri, 10 Apr 2026 00:05:20 -0700 Received: from pek-lpg-core4.wrs.com (10.11.232.110) by ala-exchng01.corp.ad.wrs.com (10.11.224.121) with Microsoft SMTP Server id 15.1.2507.61 via Frontend Transport; Fri, 10 Apr 2026 00:05:19 -0700 From: To: Subject: [meta-oe][scarthgap][PATCH v2 11/11] nmap: rename enum PCAP_SOCKET Date: Fri, 10 Apr 2026 15:05:08 +0800 Message-ID: <20260410070508.1104455-12-jinfeng.wang.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> References: <20260410070508.1104455-1-jinfeng.wang.cn@windriver.com> MIME-Version: 1.0 X-Authority-Analysis: v=2.4 cv=RPCD2Yi+ c=1 sm=1 tr=0 ts=69d8a132 cx=c_pps a=AbJuCvi4Y3V6hpbCNWx0WA==:117 a=AbJuCvi4Y3V6hpbCNWx0WA==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=klDOsUkWDRETUCZYPvoE:22 a=auHYCxwYAAAA:8 a=t7CeM3EgAAAA:8 a=KyFNLv5clugHamg7ulAA:9 a=67XU6oJk2Lrwzah0vfu5:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-ORIG-GUID: TYKHmNFRba3OwS2ekVBrAQ-od1gBPj75 X-Proofpoint-GUID: TYKHmNFRba3OwS2ekVBrAQ-od1gBPj75 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDEwMDA2MyBTYWx0ZWRfX9Th9Hp5rJJWH chOeBP8u/okzIzW1IFu9txp4dSdIMEzLGUbUOTGUmrT/B3rna9i+PwCYOmjsou4RUpjD+5oTPbD 7eFR9jKcOfEpU7iO/+It25Ss/6FusCDNf3gpWXQQdTLESAwa6NYX3EXgjU3wHYduGO3W/ULh10h JLwUP/pz8CWdU0qxsoGCCsk9DxadUaBCXGk3lt9zagUOa6byb7dS5T46VzN951qhBRfUGTEeWXs MfxMUTmL0SS8G30GqI6rsNJcaRuAz2P+h1ASV/fM1sXycGonKPWta31Z/PC4uhLMmdbP8z9gMeG oj0ZY9dKTYUzqPraORCknvjyR2Wg1i2bu8ORIzFmc7kpd5hpar5cRqC+iu9cjlSITzygYIoRdFA RtbP+gwBgwM24I74xulmksYAmuogtNSvVqz+qakHTOObHRrbrrexe3DIK5nJ+ThZb/YABHuFXnT 3oazYgiBltZqiMvTlOA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-10_02,2026-04-09_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 malwarescore=0 phishscore=0 adultscore=0 spamscore=0 clxscore=1015 bulkscore=0 impostorscore=0 priorityscore=1501 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000 definitions=main-2604100063 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 10 Apr 2026 07:05:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126233 From: Jinfeng Wang The enum PCAP_SOCKET conflicts with the PCAP_SOCKET macro introduced in libpcap 1.10.5. Use ifdefs to handle both old and new libpcap versions, renaming the enum to NM_PCAP_SOCKET when the PCAP_SOCKET macro is defined. Signed-off-by: Jinfeng Wang --- .../files/nmap-rename-enum-PCAP_SOCKET.patch | 81 +++++++++++++++++++ meta-oe/recipes-security/nmap/nmap_7.80.bb | 1 + 2 files changed, 82 insertions(+) create mode 100644 meta-oe/recipes-security/nmap/files/nmap-rename-enum-PCAP_SOCKET.patch diff --git a/meta-oe/recipes-security/nmap/files/nmap-rename-enum-PCAP_SOCKET.patch b/meta-oe/recipes-security/nmap/files/nmap-rename-enum-PCAP_SOCKET.patch new file mode 100644 index 0000000000..fd10f21a8f --- /dev/null +++ b/meta-oe/recipes-security/nmap/files/nmap-rename-enum-PCAP_SOCKET.patch @@ -0,0 +1,81 @@ +From 4b0a7a2ca9fb9019327f61da1e0ca5e72aec89e4 Mon Sep 17 00:00:00 2001 +From: Jinfeng Wang +Date: Fri, 10 Apr 2026 11:08:48 +0800 +Subject: [PATCH] nmap: fix PCAP_SOCKET enum conflict with libpcap >= 1.10.5 + +The enum PCAP_SOCKET conflicts with the PCAP_SOCKET macro introduced in +libpcap 1.10.5 and fails to compile: + +In file included from /path_to/tmp-glibc/work/corei7-64-wrs-linux/nmap/7.80/recipe-sysroot/usr/include/pcap/pcap.h:130, + from /path_to/tmp-glibc/work/corei7-64-wrs-linux/nmap/7.80/recipe-sysroot/usr/include/pcap.h:43, + from tcpip.h:140, + from nse_nsock.cc:4: +nse_nsock.cc:36:3: error: expected identifier before 'int' + 36 | PCAP_SOCKET = lua_upvalueindex(3), /* pcap socket metatable */ + | ^~~~~~~~~~~ + +The enum PCAP_SOCKET is removed in nmap later version. But the removal commit +involves extra logic change, so just rename the enum PCAP_SOCKET to +NM_PCAP_SOCKET to make it work with libpcap >= 1.10.5. + +Upstream-Status: Inappropriate [fix to work with libpcap >= 1.10.5] + +Signed-off-by: Jinfeng Wang +--- + nse_nsock.cc | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/nse_nsock.cc b/nse_nsock.cc +index df98666..db942e1 100644 +--- a/nse_nsock.cc ++++ b/nse_nsock.cc +@@ -33,7 +33,11 @@ + enum { + NSOCK_POOL = lua_upvalueindex(1), + NSOCK_SOCKET = lua_upvalueindex(2), /* nsock socket metatable */ ++#ifdef PCAP_SOCKET ++ NM_PCAP_SOCKET = lua_upvalueindex(3), /* pcap socket metatable */ ++#else + PCAP_SOCKET = lua_upvalueindex(3), /* pcap socket metatable */ ++#endif + THREAD_SOCKETS = lua_upvalueindex(4), /* */ + CONNECT_WAITING = lua_upvalueindex(5), /* Threads waiting to lock */ + KEY_PCAP = lua_upvalueindex(6) /* Keys to pcap sockets */ +@@ -1026,7 +1030,11 @@ static int l_pcap_open (lua_State *L) + nsock_iod_delete(*nsiod, NSOCK_PENDING_ERROR); + luaL_error(L, "can't open pcap reader on %s", device); + } ++#ifdef PCAP_SOCKET ++ lua_pushvalue(L, NM_PCAP_SOCKET); ++#else + lua_pushvalue(L, PCAP_SOCKET); ++#endif + lua_setmetatable(L, -2); + lua_pushvalue(L, 7); /* the pcap socket key */ + lua_pushvalue(L, -2); /* the pcap socket nsiod */ +@@ -1134,7 +1142,7 @@ LUALIB_API int luaopen_nsock (lua_State *L) + /* library upvalues */ + nsock_pool nsp = new_pool(L); /* NSOCK_POOL */ + lua_newtable(L); /* NSOCK_SOCKET */ +- lua_newtable(L); /* PCAP_SOCKET */ ++ lua_newtable(L); /* NM_PCAP_SOCKET or PCAP_SOCKET depending on libpcap version */ + nseU_weaktable(L, 0, MAX_PARALLELISM, "k"); /* THREAD_SOCKETS */ + nseU_weaktable(L, 0, 1000, "k"); /* CONNECT_WAITING */ + nseU_weaktable(L, 0, 0, "v"); /* KEY_PCAP */ +@@ -1154,11 +1162,11 @@ LUALIB_API int luaopen_nsock (lua_State *L) + lua_pop(L, 1); /* NSOCK_SOCKET */ + + /* Create the nsock pcap metatable */ +- lua_pushvalue(L, top+3); /* PCAP_SOCKET */ ++ lua_pushvalue(L, top+3); /* NM_PCAP_SOCKET or PCAP_SOCKET depending on libpcap version */ + for (i = top+1; i <= top+nupvals; i++) lua_pushvalue(L, i); + lua_pushcclosure(L, pcap_gc, nupvals); + lua_setfield(L, top+3, "__gc"); +- lua_pop(L, 1); /* PCAP_SOCKET */ ++ lua_pop(L, 1); /* NM_PCAP_SOCKET or PCAP_SOCKET depending on libpcap version */ + + #if HAVE_OPENSSL + /* Set up the SSL certificate userdata code in nse_ssl_cert.cc. */ +-- +2.34.1 + diff --git a/meta-oe/recipes-security/nmap/nmap_7.80.bb b/meta-oe/recipes-security/nmap/nmap_7.80.bb index f9fe82a91d..18b1a50246 100644 --- a/meta-oe/recipes-security/nmap/nmap_7.80.bb +++ b/meta-oe/recipes-security/nmap/nmap_7.80.bb @@ -12,6 +12,7 @@ SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \ file://0002-Fix-building-with-libc.patch \ file://0001-Make-ndiff-support-python3.patch \ file://0001-configure.ac-make-ndiff-depend-on-python3.patch \ + file://nmap-rename-enum-PCAP_SOCKET.patch \ " SRC_URI[md5sum] = "d37b75b06d1d40f27b76d60db420a1f5"