| 13 Nov 2025 |
 K900 | But if it doesn't trivially work I have no idea what to do | 11:22:11 |
 Grimmauld (any/all) | My bet is you'll at least have to pull out the mergiraf and stuff won't just cleanly apply | 11:22:39 |
| Grimmauld (any/all) | but do try! | 11:22:50 |
| K900 | No I mean like | 11:23:21 |
| K900 | Try updating it | 11:23:27 |
| Grimmauld (any/all) | oh | 11:23:31 |
| K900 | I am not backporting things in a codebase I don't understand and if I break it then science explodes | 11:23:45 |
| Grimmauld (any/all) | actually hold on, hdf5 is only 1200 rebuilds | 11:24:56 |
| Grimmauld (any/all) | reverting that in a staging cycle wouldn't be that bad | 11:25:05 |
| Grimmauld (any/all) | i guess we gamble | 11:25:16 |
| Grimmauld (any/all) | Science is one thing. CAD and computer vision also uses hdf5 | 11:26:04 |
 leona | ok, then I would also try to update | 11:26:21 |
| Grimmauld (any/all) | if vtk keeps building, i call the update worth | 11:27:09 |
| Grimmauld (any/all) | thats all i care about, though i guess the opencv people want opencv to work too | 11:27:23 |
 vcunat | Are you sure that the CVEs are serious? | 11:30:28 |
| vcunat | I mean, they seem to have been publicly open for months. | 11:30:39 |
| vcunat | And they're not even mentioned in the release announcement. | 11:30:48 |
| vcunat | So do we now need to patch them within days? | 11:31:08 |
| K900 | Well netcdf is immediately bork | 11:31:43 |
| K900 | configure: error: HDF5 was not built with zlib, which is required. Rebuild HDF5 with zlib | 11:31:53 |
| Grimmauld (any/all) | Its file (de-)serialization, it is potentially thinkable someone sends a specially crafted malicious cad file. I don't like having these vulnerabilities around. But there certainly are worse CVEs out there. | 11:32:38 |
| Grimmauld (any/all) | its all memory safety issues | 11:33:38 |
| vcunat | Alternate route is: lots of distros use hdf5 1.x. If it's serious, someone should have backports soon. | 11:34:16 |
| vcunat | (even if upstream didn't provide them now) | 11:34:30 |
| Grimmauld (any/all) | it probably is not that serious, other than all those 3d printing model bazaars you find | 11:34:48 |
| Grimmauld (any/all) | like, clearly some browser issue is worse, but i still don't like this | 11:35:31 |
| K900 | -DHDF5_ENABLE_ZLIB_SUPPORT=ON got that working | 11:36:09 |
| K900 | And then | 11:36:27 |
| K900 | > H5FDhttp.c:57:2: error: #error "Cannot determine version of H5FD_class_t"
┃ > 57 | #error "Cannot determine version of H5FD_class_t"
┃ > | ^~~~~
┃ > In file included from H5FDhttp.c:75:
┃ > H5FDhttp.c: In function 'H5Pset_fapl_http':
┃ > H5FDhttp.h:34:26: error: implicit declaration of function 'H5FDperform_init' [-Wimplicit-function-declaration]
┃ > 34 | #define H5FD_HTTP (H5FDperform_init(H5FD_http_init))
┃ > | ^~~~~~~~~~~~~~~~
| 11:36:30 |
| Grimmauld (any/all) | Amazing | 11:37:14 |
