[AUTO-CHERRYPICK] Upgrade hdf5 to 1.14.4. to under several CVEs. - branch main (#9182)

Co-authored-by: George Mileka <gmileka@users.noreply.github.com>
2024-05-22 10:02:40 -07:00 · 2024-05-22 10:02:40 -07:00 · 08a425ff5f
--- a/SPECS-EXTENDED/gdal/gdal.spec
+++ b/SPECS-EXTENDED/gdal/gdal.spec
@ -15,7 +15,7 @@ Summary:        GIS file format library
 #global pre rc1
 Name:           gdal
 Version:        3.6.3
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@ -41,7 +41,7 @@ BuildRequires:  geos-devel
 BuildRequires:  giflib-devel
 BuildRequires:  gtest-devel
 BuildRequires:  hdf-devel
-BuildRequires:  hdf5-devel
+BuildRequires:  hdf5-devel >= 1.14.4
 BuildRequires:  json-c-devel
 BuildRequires:  libdap-devel
 BuildRequires:  libgeotiff-devel
@ -97,6 +97,7 @@ BuildRequires:  java-devel >= 1:1.6.0
 BuildRequires:  javapackages-local
 BuildRequires:  jpackage-utils
 %endif
+Requires:       hdf5 >= 1.14.4

 %description
 Geospatial Data Abstraction Library (GDAL/OGR) is a cross platform
@ -315,6 +316,10 @@ ctest -E "autotest_osr|autotest_alg|autotest_gdrivers|autotest_gcore"


 %changelog
+- Bumping the release version so that this package is re-built with the newer
+  1.14.4 hdf5 libraries. This ensures that the matching 1.14.4 .so files Will
+  be used at run time.
+
 * Thu Aug 17 2023 Archana Choudhary <archana1@microsoft.com> - 3.6.3-2
 - Initial CBL-Mariner import from Fedora 38 (license: MIT).
 - License verified.
--- a/SPECS-EXTENDED/netcdf/netcdf.spec
+++ b/SPECS-EXTENDED/netcdf/netcdf.spec
@ -12,7 +12,7 @@
 Summary:        Libraries for the Unidata network Common Data Form
 Name:           netcdf
 Version:        4.9.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        NetCDF
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@ -27,7 +27,7 @@ BuildRequires:  curl-devel
 BuildRequires:  doxygen
 BuildRequires:  gawk
 BuildRequires:  hdf-static
-BuildRequires:  hdf5-devel
+BuildRequires:  hdf5-devel = %{_hdf5_version}
 BuildRequires:  libtool
 BuildRequires:  libxml2-devel
 BuildRequires:  libzstd-devel
@ -77,7 +77,7 @@ NetCDF data is:
 Summary:        Development files for netcdf
 Requires:       %{name}%{?_isa} = %{version}-%{release}
 Requires:       curl-devel%{?_isa}
-Requires:       hdf5-devel%{?_isa}
+Requires:       hdf5-devel%{?_isa} >= 1.14.4
 Requires:       pkgconfig%{?_isa}

 %description devel
@ -398,6 +398,10 @@ done


 %changelog
+- Bumping the release version so that this package is re-built with the newer
+  1.14.4 hdf5 libraries. This ensures that the matching 1.14.4 .so files Will
+  be used at run time.
+
 * Thu Aug 10 2023 Archana Choudhary <archana1@microsoft.com> - 4.9.0-4
 - Initial CBL-Mariner import from Fedora 37 (license: MIT).
 - License verified.
--- a/SPECS/hdf5/CVE-2021-37501.patch
+++ b/SPECS/hdf5/CVE-2021-37501.patch
@ -1,134 +0,0 @@
-From 22917cd03c688a2810adc8571fcf1285a4d23d68 Mon Sep 17 00:00:00 2001
-From: Egbert Eich <eich@suse.com>
-Date: Thu, 2 Mar 2023 18:17:49 +0100
-Subject: [PATCH] Check for overflow when calculating on-disk attribute data
- size (#2459)
-
-* Remove duplicate code
-
-Signed-off-by: Egbert Eich <eich@suse.com>
-
-* Add test case for CVE-2021-37501
-
-Bogus sizes in this test case causes the on-disk data size
-calculation in H5O__attr_decode() to overflow so that the
-calculated size becomes 0. This causes the read to overflow
-and h5dump to segfault.
-This test case was crafted, the test file was not directly
-generated by HDF5.
-Test case from:
-https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md
---
- release_docs/RELEASE.txt                       |  13 +++++++++++++
- src/H5Oattr.c                                  |   7 +++----
- tools/test/h5dump/CMakeTests.cmake             |   5 +++++
- tools/test/h5dump/testh5dump.sh.in             |  14 ++++++++++++++
- tools/testfiles/tCVE-2021-37501_attr_decode.h5 | Bin 0 -> 48544 bytes
- 5 files changed, 35 insertions(+), 4 deletions(-)
- create mode 100644 tools/testfiles/tCVE-2021-37501_attr_decode.h5
-
-diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
-index 1a93f89307..3d9336dc4b 100644
--- a/release_docs/RELEASE.txt
-+++ b/release_docs/RELEASE.txt
-@@ -635,6 +635,19 @@ Bug Fixes since HDF5-1.12.0 release
- 
-     Library
-     -------
-+    - Fix CVE-2021-37501 / GHSA-rfgw-5vq3-wrjf
-+
-+      Check for overflow when calculating on-disk attribute data size.
-+
-+      A bogus hdf5 file may contain dataspace messages with sizes
-+      which lead to the on-disk data sizes to exceed what is addressable.
-+      When calculating the size, make sure, the multiplication does not
-+      overflow.
-+      The test case was crafted in a way that the overflow caused the
-+      size to be 0.
-+
-+      (EFE - 2023/02/11 GH-2458)
-+
-     - Fixed CVE-2018-14460
- 
-       The tool h5repack produced a segfault when the rank in dataspace
-diff --git a/src/H5Oattr.c b/src/H5Oattr.c
-index ac643eafac0..cb06f25a725 100644
--- a/src/H5Oattr.c
-+++ b/src/H5Oattr.c
-@@ -221,10 +221,6 @@ H5O__attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, u
-     else
-         p += attr->shared->ds_size;
- 
-    /* Get the datatype's size */
-    if (0 == (dt_size = H5T_get_size(attr->shared->dt)))
-        HGOTO_ERROR(H5E_ATTR, H5E_CANTGET, NULL, "unable to get datatype size")
-
-     /* Get the datatype & dataspace sizes */
-     if (0 == (dt_size = H5T_get_size(attr->shared->dt)))
-         HGOTO_ERROR(H5E_ATTR, H5E_CANTGET, NULL, "unable to get datatype size")
-@@ -234,6 +230,9 @@ H5O__attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, u
- 
-     /* Compute the size of the data */
-     H5_CHECKED_ASSIGN(attr->shared->data_size, size_t, ds_size * (hsize_t)dt_size, hsize_t);
-+    /* Check if multiplication has overflown */
-+    if ((attr->shared->data_size / dt_size) != ds_size)
-+        HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL, "data size exceeds addressable range")
- 
-     /* Go get the data */
-     if (attr->shared->data_size) {
-diff --git a/tools/test/h5dump/CMakeTests.cmake b/tools/test/h5dump/CMakeTests.cmake
-index 2505e847bc6..be1a414fce7 100644
--- a/tools/test/h5dump/CMakeTests.cmake
-+++ b/tools/test/h5dump/CMakeTests.cmake
-@@ -339,6 +339,7 @@
-       ${HDF5_TOOLS_DIR}/testfiles/tCVE_2018_11206_fill_old.h5
-       ${HDF5_TOOLS_DIR}/testfiles/tCVE_2018_11206_fill_new.h5
-       ${HDF5_TOOLS_DIR}/testfiles/zerodim.h5
-+      ${HDF5_TOOLS_DIR}/testfiles/tCVE-2021-37501_attr_decode.h5
-       #STD_REF_OBJ files
-       ${HDF5_TOOLS_DIR}/testfiles/trefer_attr.h5
-       ${HDF5_TOOLS_DIR}/testfiles/trefer_compat.h5
-@@ -1187,6 +1188,10 @@
-   ADD_H5_TEST (tCVE_2018_11206_fill_old 1 tCVE_2018_11206_fill_old.h5)
-   ADD_H5_TEST (tCVE_2018_11206_fill_new 1 tCVE_2018_11206_fill_new.h5)
- 
-+  # test to verify fix for CVE-2021-37501: multiplication overflow in H5O__attr_decode()
-+  # https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.assets/poc
-+  ADD_H5_TEST (tCVE-2021-37501_attr_decode 1 tCVE-2021-37501_attr_decode.h5)
-+
- ##############################################################################
- ###    P L U G I N  T E S T S
- ##############################################################################
-diff --git a/tools/test/h5dump/testh5dump.sh.in b/tools/test/h5dump/testh5dump.sh.in
-index 5d7ff8828a1..899bd33db75 100644
--- a/tools/test/h5dump/testh5dump.sh.in
-+++ b/tools/test/h5dump/testh5dump.sh.in
-@@ -183,6 +183,16 @@ $SRC_H5DUMP_TESTFILES/tvms.h5
- $SRC_H5DUMP_TESTFILES/err_attr_dspace.h5
- $SRC_H5DUMP_TESTFILES/tCVE_2018_11206_fill_old.h5
- $SRC_H5DUMP_TESTFILES/tCVE_2018_11206_fill_new.h5
-+<<<<<<< HEAD
-+=======
-+$SRC_H5DUMP_TESTFILES/tCVE-2021-37501_attr_decode.h5
-+$SRC_H5DUMP_TESTFILES/tst_onion_objs.h5
-+$SRC_H5DUMP_TESTFILES/tst_onion_objs.h5.onion
-+$SRC_H5DUMP_TESTFILES/tst_onion_dset_ext.h5
-+$SRC_H5DUMP_TESTFILES/tst_onion_dset_ext.h5.onion
-+$SRC_H5DUMP_TESTFILES/tst_onion_dset_1d.h5
-+$SRC_H5DUMP_TESTFILES/tst_onion_dset_1d.h5.onion
-+>>>>>>> b16ec83... Check for overflow when calculating on-disk attribute data size (#2459)
- "
- 
- LIST_OTHER_TEST_FILES="
-@@ -1485,6 +1495,10 @@ TOOLTEST err_attr_dspace.ddl err_attr_dspace.h5
- TOOLTEST_FAIL tCVE_2018_11206_fill_old.h5
- TOOLTEST_FAIL tCVE_2018_11206_fill_new.h5
- 
-+# test to verify fix for CVE-2021-37501: multiplication overflow in H5O__attr_decode()
-+# https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.assets/poc
-+TOOLTEST_FAIL tCVE-2021-37501_attr_decode.h5
-+
- # Clean up temporary files/directories
- CLEAN_TESTFILES_AND_TESTDIR
- 
-
--- a/SPECS/hdf5/hdf5-LD_LIBRARY_PATH.patch
+++ b/SPECS/hdf5/hdf5-LD_LIBRARY_PATH.patch
@ -1,20 +0,0 @@
--- hdf5-1.12.0/src/Makefile.am~	2020-02-29 00:29:58.000000000 +0100
-+++ hdf5-1.12.0/src/Makefile.am	2021-02-26 16:10:03.612252484 +0100
-@@ -156,8 +156,6 @@
- # Remove the generated .c file if errors occur unless HDF5_Make_Ignore
- # is set to ignore the error.
- H5Tinit.c: H5detect$(EXEEXT)
-	LD_LIBRARY_PATH="$$LD_LIBRARY_PATH`echo $(LDFLAGS) |                  \
-		sed -e 's/-L/:/g' -e 's/ //g'`"                               \
- 	$(RUNSERIAL) ./H5detect$(EXEEXT)  $@  ||                               \
- 	    (test $$HDF5_Make_Ignore && echo "*** Error ignored") ||          \
- 	    ($(RM) $@ ; exit 1)
-@@ -168,8 +166,6 @@
- # Remove the generated .c file if errors occur unless HDF5_Make_Ignore
- # is set to ignore the error.
- H5lib_settings.c: H5make_libsettings$(EXEEXT) libhdf5.settings
-	LD_LIBRARY_PATH="$$LD_LIBRARY_PATH`echo $(LDFLAGS) |                  \
-		sed -e 's/-L/:/g' -e 's/ //g'`"                               \
- 	$(RUNSERIAL) ./H5make_libsettings$(EXEEXT)  $@  ||                               \
- 	    (test $$HDF5_Make_Ignore && echo "*** Error ignored") ||          \
- 	    ($(RM) $@ ; exit 1)
--- a/SPECS/hdf5/hdf5-build.patch
+++ b/SPECS/hdf5/hdf5-build.patch
@ -1,8 +1,7 @@
-diff --git a/java/examples/datasets/JavaDatasetExample.sh.in b/java/examples/datasets/JavaDatasetExample.sh.in
-index f29739a..fc9cddb 100644
--- a/java/examples/datasets/JavaDatasetExample.sh.in
-+++ b/java/examples/datasets/JavaDatasetExample.sh.in
-@@ -39,7 +39,7 @@ HDFLIB_HOME="$top_srcdir/java/lib"
+diff -ruN a/HDF5Examples/JAVA/H5D/JavaDatasetExample.sh.in b/HDF5Examples/JAVA/H5D/JavaDatasetExample.sh.in
+--- a/HDF5Examples/JAVA/H5D/JavaDatasetExample.sh.in
+++ b/HDF5Examples/JAVA/H5D/JavaDatasetExample.sh.in
+@@ -40,7 +40,7 @@
 BLDDIR="."
 BLDLIBDIR="$BLDDIR/testlibs"
 HDFTEST_HOME="$top_srcdir/java/examples/datasets"
@ -11,50 +10,22 @@ index f29739a..fc9cddb 100644
 TESTJARFILE=jar@PACKAGE_TARNAME@datasets.jar
 test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR
 
-diff --git a/java/examples/datasets/Makefile.am b/java/examples/datasets/Makefile.am
-index 41a914b..195201a 100644
--- a/java/examples/datasets/Makefile.am
-+++ b/java/examples/datasets/Makefile.am
-@@ -26,7 +26,7 @@ classes:
+diff -ruN a/HDF5Examples/JAVA/H5D/Makefile.am b/HDF5Examples/JAVA/H5D/Makefile.am
+--- a/HDF5Examples/JAVA/H5D/Makefile.am
+++ b/HDF5Examples/JAVA/H5D/Makefile.am
+@@ -26,7 +26,7 @@
 	test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT)
 
 pkgpath = examples/datasets
 -hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
 +hdfjarfile = $(PACKAGE_TARNAME).jar
- CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH
+ CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$$CLASSPATH
 
 jarfile = jar$(PACKAGE_TARNAME)datasets.jar
-diff --git a/java/examples/datatypes/JavaDatatypeExample.sh.in b/java/examples/datatypes/JavaDatatypeExample.sh.in
-index e26d8c0..f6a9d87 100644
--- a/java/examples/datatypes/JavaDatatypeExample.sh.in
-+++ b/java/examples/datatypes/JavaDatatypeExample.sh.in
-@@ -36,7 +36,7 @@ HDFLIB_HOME="$top_srcdir/java/lib"
- BLDDIR="."
- BLDLIBDIR="$BLDDIR/testlibs"
- HDFTEST_HOME="$top_srcdir/java/examples/datatypes"
-JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar
-+JARFILE=@PACKAGE_TARNAME@.jar
- TESTJARFILE=jar@PACKAGE_TARNAME@datatypes.jar
- test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR
- 
-diff --git a/java/examples/datatypes/Makefile.am b/java/examples/datatypes/Makefile.am
-index 90790f7..450edef 100644
--- a/java/examples/datatypes/Makefile.am
-+++ b/java/examples/datatypes/Makefile.am
-@@ -26,7 +26,7 @@ classes:
- 	test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT)
- 
- pkgpath = examples/datatypes
-hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
-+hdfjarfile = $(PACKAGE_TARNAME).jar
- CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH
- 
- jarfile = jar$(PACKAGE_TARNAME)datatypes.jar
-diff --git a/java/examples/groups/JavaGroupExample.sh.in b/java/examples/groups/JavaGroupExample.sh.in
-index 3b0e9d1..416c69f 100644
--- a/java/examples/groups/JavaGroupExample.sh.in
-+++ b/java/examples/groups/JavaGroupExample.sh.in
-@@ -37,7 +37,7 @@ BLDDIR="."
+diff -ruN a/HDF5Examples/JAVA/H5G/JavaGroupExample.sh.in b/HDF5Examples/JAVA/H5G/JavaGroupExample.sh.in
+--- a/HDF5Examples/JAVA/H5G/JavaGroupExample.sh.in
+++ b/HDF5Examples/JAVA/H5G/JavaGroupExample.sh.in
+@@ -38,7 +38,7 @@
 BLDLIBDIR="$BLDDIR/testlibs"
 BLDITERDIR="./groups"
 HDFTEST_HOME="$top_srcdir/java/examples/groups"
@ -63,83 +34,123 @@ index 3b0e9d1..416c69f 100644
 TESTJARFILE=jar@PACKAGE_TARNAME@groups.jar
 test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR
 test -d $BLDITERDIR || mkdir -p $BLDITERDIR
-diff --git a/java/examples/groups/Makefile.am b/java/examples/groups/Makefile.am
-index bfde9ae..f48a5b9 100644
--- a/java/examples/groups/Makefile.am
-+++ b/java/examples/groups/Makefile.am
-@@ -26,7 +26,7 @@ classes:
+diff -ruN a/HDF5Examples/JAVA/H5G/Makefile.am b/HDF5Examples/JAVA/H5G/Makefile.am
+--- a/HDF5Examples/JAVA/H5G/Makefile.am
+++ b/HDF5Examples/JAVA/H5G/Makefile.am
+@@ -26,7 +26,7 @@
 	test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT)
 
 pkgpath = examples/groups
 -hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
 +hdfjarfile = $(PACKAGE_TARNAME).jar
- CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH
+ CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$$CLASSPATH
 
 jarfile = jar$(PACKAGE_TARNAME)groups.jar
-diff --git a/java/examples/intro/JavaIntroExample.sh.in b/java/examples/intro/JavaIntroExample.sh.in
-index db741e5..d0ba65d 100644
--- a/java/examples/intro/JavaIntroExample.sh.in
-+++ b/java/examples/intro/JavaIntroExample.sh.in
-@@ -36,7 +36,7 @@ HDFLIB_HOME="$top_srcdir/java/lib"
+diff -ruN a/HDF5Examples/JAVA/H5J/Makefile.am b/HDF5Examples/JAVA/H5J/Makefile.am
+--- a/HDF5Examples/JAVA/H5J/Makefile.am
+++ b/HDF5Examples/JAVA/H5J/Makefile.am
+@@ -20,7 +20,7 @@
+   $(MKDIR_P) $(@D)/$(JAVAROOT)
+ 
+ pkgpath = examples/intro
+-hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
+hdfjarfile = $(PACKAGE_TARNAME).jar
+ CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$$CLASSPATH
+ 
+ jarfile = jar$(PACKAGE_TARNAME)intro.jar
+diff -ruN a/HDF5Examples/JAVA/H5J/runExample.sh.in b/HDF5Examples/JAVA/H5J/runExample.sh.in
+--- a/HDF5Examples/JAVA/H5J/runExample.sh.in
+++ b/HDF5Examples/JAVA/H5J/runExample.sh.in
+@@ -35,7 +35,7 @@
+ BLDLIBDIR="./lib"
 BLDDIR="."
- BLDLIBDIR="$BLDDIR/testlibs"
- HDFTEST_HOME="$top_srcdir/java/examples/intro"
+ HDFTEST_HOME="$top_srcdir/JAVA/intro"
 -JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar
 +JARFILE=@PACKAGE_TARNAME@.jar
 TESTJARFILE=jar@PACKAGE_TARNAME@intro.jar
 test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR
 
-diff --git a/java/examples/intro/Makefile.am b/java/examples/intro/Makefile.am
-index 7d1aeab..01a10c9 100644
--- a/java/examples/intro/Makefile.am
-+++ b/java/examples/intro/Makefile.am
-@@ -26,7 +26,7 @@ classes:
+diff -ruN a/HDF5Examples/JAVA/H5T/JavaDatatypeExample.sh.in b/HDF5Examples/JAVA/H5T/JavaDatatypeExample.sh.in
+--- a/HDF5Examples/JAVA/H5T/JavaDatatypeExample.sh.in
+++ b/HDF5Examples/JAVA/H5T/JavaDatatypeExample.sh.in
+@@ -37,7 +37,7 @@
+ BLDDIR="."
+ BLDLIBDIR="$BLDDIR/testlibs"
+ HDFTEST_HOME="$top_srcdir/java/examples/datatypes"
+-JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar
+JARFILE=@PACKAGE_TARNAME@.jar
+ TESTJARFILE=jar@PACKAGE_TARNAME@datatypes.jar
+ test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR
+ 
+diff -ruN a/HDF5Examples/JAVA/H5T/Makefile.am b/HDF5Examples/JAVA/H5T/Makefile.am
+--- a/HDF5Examples/JAVA/H5T/Makefile.am
+++ b/HDF5Examples/JAVA/H5T/Makefile.am
+@@ -26,7 +26,7 @@
 	test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT)
 
- pkgpath = examples/intro
+ pkgpath = examples/datatypes
 -hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
 +hdfjarfile = $(PACKAGE_TARNAME).jar
- CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH
+ CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$$CLASSPATH
 
- jarfile = jar$(PACKAGE_TARNAME)intro.jar
-diff --git a/java/src/Makefile.am b/java/src/Makefile.am
-index 98630e6..fd8d057 100644
+ jarfile = jar$(PACKAGE_TARNAME)datatypes.jar
+diff -ruN a/java/src/Makefile.am b/java/src/Makefile.am
 --- a/java/src/Makefile.am
 +++ b/java/src/Makefile.am
-@@ -32,8 +32,8 @@ JAVAROOT = .classes
+@@ -32,7 +32,7 @@
 classes:
 	test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT)
 
 -jarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
-hdf5_javadir = $(libdir)
 +jarfile = $(PACKAGE_TARNAME).jar
-+hdf5_javadir = $(prefix)/lib/java
+ hdf5_javadir = $(libdir)
 
 pkgpath = hdf/hdf5lib
- CLASSPATH_ENV=CLASSPATH=.:$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$$CLASSPATH
-diff --git a/java/test/Makefile.am b/java/test/Makefile.am
-index 08e79e3..b336c2f 100644
--- a/java/test/Makefile.am
-+++ b/java/test/Makefile.am
-@@ -26,7 +26,7 @@ classes:
- 	test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT)
- 
- pkgpath = test
-hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
-+hdfjarfile = $(PACKAGE_TARNAME).jar
- CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/junit.jar:$(top_srcdir)/java/lib/hamcrest-core.jar:$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH
- 
- jarfile = jar$(PACKAGE_TARNAME)test.jar
-diff --git a/java/test/junit.sh.in b/java/test/junit.sh.in
-index 39db296..83d6c7c 100644
+diff -ruN a/java/src/Makefile.in b/java/src/Makefile.in
+--- a/java/src/Makefile.in
+++ b/java/src/Makefile.in
+@@ -647,7 +647,7 @@
+ JAVA_API = yes
+ SUBDIRS = jni
+ JAVAROOT = .classes
+-jarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
+jarfile = $(PACKAGE_TARNAME).jar
+ hdf5_javadir = $(libdir)
+ pkgpath = hdf/hdf5lib
+ CLASSPATH_ENV = CLASSPATH=.:$(top_srcdir)/java/lib/slf4j-api-2.0.6.jar:$$CLASSPATH
+diff -ruN a/java/test/junit.sh.in b/java/test/junit.sh.in
 --- a/java/test/junit.sh.in
 +++ b/java/test/junit.sh.in
-@@ -47,7 +47,7 @@ BLDLIBDIR="$BLDDIR/testlibs"
+@@ -48,7 +48,7 @@
 HDFTEST_HOME="$top_srcdir/java/test"
- TOOLS_TESTFILES="$top_srcdir/tools/testfiles"
+ DUMP_TESTFILES="$top_srcdir/tools/test/h5dump/testfiles"
 
 -JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar
 +JARFILE=@PACKAGE_TARNAME@.jar
 TESTJARFILE=jar@PACKAGE_TARNAME@test.jar
 test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR
 
+diff -ruN a/java/test/Makefile.am b/java/test/Makefile.am
+--- a/java/test/Makefile.am
+++ b/java/test/Makefile.am
+@@ -26,7 +26,7 @@
+ 	test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT)
+ 
+ pkgpath = test
+-hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
+hdfjarfile = $(PACKAGE_TARNAME).jar
+ CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/junit.jar:$(top_srcdir)/java/lib/hamcrest-core.jar:$(top_srcdir)/java/lib/slf4j-api-2.0.6.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-2.0.6.jar:$$CLASSPATH
+ 
+ jarfile = jar$(PACKAGE_TARNAME)test.jar
+diff -ruN a/java/test/Makefile.in b/java/test/Makefile.in
+--- a/java/test/Makefile.in
+++ b/java/test/Makefile.in
+@@ -769,7 +769,7 @@
+ JAVA_API = yes
+ JAVAROOT = .classes
+ pkgpath = test
+-hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar
+hdfjarfile = $(PACKAGE_TARNAME).jar
+ CLASSPATH_ENV = CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/junit.jar:$(top_srcdir)/java/lib/hamcrest-core.jar:$(top_srcdir)/java/lib/slf4j-api-2.0.6.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-2.0.6.jar:$$CLASSPATH
+ jarfile = jar$(PACKAGE_TARNAME)test.jar
+ TESTPACKAGE = 
--- a/SPECS/hdf5/hdf5-gfortran12.patch
+++ b/SPECS/hdf5/hdf5-gfortran12.patch
@ -1,37 +0,0 @@
-commit 3ea6f8c17228d2629e419563138a6180bc4a5a6a
-Author: Orion Poplawski <orion@nwra.com>
-Date:   Sun Jan 30 15:21:08 2022 -0700
-
-    Mark minusone as a PARAMETER in tH5A_1_8.F90.
-
-diff --git a/fortran/test/tH5A_1_8.F90 b/fortran/test/tH5A_1_8.F90
-index 4e02c58a39..c2f8e9984a 100644
--- a/fortran/test/tH5A_1_8.F90
-+++ b/fortran/test/tH5A_1_8.F90
-@@ -776,7 +776,7 @@ SUBROUTINE test_attr_info_by_idx(new_format, fcpl, fapl, total_error)
- 
-   INTEGER :: Input1
-   INTEGER(HSIZE_T) :: hzero = 0_HSIZE_T
-  INTEGER :: minusone = -1
-+  INTEGER, PARAMETER :: minusone = -1
-   INTEGER(HSIZE_T) :: htmp
- 
-   data_dims = 0
-@@ -1427,7 +1427,7 @@ SUBROUTINE test_attr_delete_by_idx(new_format, fcpl, fapl, total_error)
-   INTEGER :: u     !  Local index variable
-   INTEGER :: Input1
-   INTEGER(HSIZE_T) :: hzero = 0_HSIZE_T
-  INTEGER :: minusone = -1
-+  INTEGER, PARAMETER :: minusone = -1
- 
-   data_dims = 0
- 
-@@ -2268,7 +2268,7 @@ SUBROUTINE test_attr_corder_create_basic( fcpl, fapl, total_error )
-   INTEGER :: error
- 
-   INTEGER :: crt_order_flags
-  INTEGER :: minusone = -1
-+  INTEGER, PARAMETER :: minusone = -1
- 
-   !  Output message about test being performed
- !  WRITE(*,*) "     - Testing Basic Code for Attributes with Creation Order Info"
--- a/SPECS/hdf5/hdf5-wrappers.patch
+++ b/SPECS/hdf5/hdf5-wrappers.patch
@ -1,7 +1,7 @@
-diff -up hdf5-1.10.7/bin/h5cc.in.wrappers hdf5-1.10.7/bin/h5cc.in
--- hdf5-1.10.7/bin/h5cc.in.wrappers	2020-10-07 20:24:29.127283333 -0600
-+++ hdf5-1.10.7/bin/h5cc.in	2020-10-07 20:27:05.289536904 -0600
-@@ -89,10 +89,10 @@ CLINKERBASE="@CC@"
+diff -ruN a/bin/h5cc.in b/bin/h5cc.in
+--- a/bin/h5cc.in
+++ b/bin/h5cc.in
+@@ -87,10 +87,10 @@
 # paths and libraries from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in
 # from the hdf5 build. The order of the flags is intended to give precedence
 # to the user's flags.
@ -15,7 +15,7 @@ diff -up hdf5-1.10.7/bin/h5cc.in.wrappers hdf5-1.10.7/bin/h5cc.in
 
 CC="${HDF5_CC:-$CCBASE}"
 CLINKER="${HDF5_CLINKER:-$CLINKERBASE}"
-@@ -105,7 +105,8 @@ LIBS="${HDF5_LIBS:-$LIBSBASE}"
+@@ -103,7 +103,8 @@
 # available library is shared, it will be used by default.  The user can
 # override either default, although choosing an unavailable library will result
 # in link errors.
@ -25,7 +25,7 @@ diff -up hdf5-1.10.7/bin/h5cc.in.wrappers hdf5-1.10.7/bin/h5cc.in
 if test "${STATIC_AVAILABLE}" = "yes"; then
   USE_SHARED_LIB="${HDF5_USE_SHLIB:-no}"
 else
-@@ -385,7 +386,7 @@ if test "x$do_link" = "xyes"; then
+@@ -380,7 +381,7 @@
   # paths and libraries from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in
   # from the hdf5 build. The order of the flags is intended to give precedence
   # to the user's flags.
@ -34,10 +34,10 @@ diff -up hdf5-1.10.7/bin/h5cc.in.wrappers hdf5-1.10.7/bin/h5cc.in
   status=$?
 fi
 
-diff -up hdf5-1.10.7/c++/src/h5c++.in.wrappers hdf5-1.10.7/c++/src/h5c++.in
--- hdf5-1.10.7/c++/src/h5c++.in.wrappers	2020-08-27 21:38:23.000000000 -0600
-+++ hdf5-1.10.7/c++/src/h5c++.in	2020-10-07 20:24:29.126283325 -0600
-@@ -87,10 +87,10 @@ CXXLINKERBASE="@CXX@"
+diff -ruN a/c++/src/h5c++.in b/c++/src/h5c++.in
+--- a/c++/src/h5c++.in
+++ b/c++/src/h5c++.in
+@@ -85,10 +85,10 @@
 # paths and libraries from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in
 # from the hdf5 build. The order of the flags is intended to give precedence
 # to the user's flags.
@ -50,8 +50,8 @@ diff -up hdf5-1.10.7/c++/src/h5c++.in.wrappers hdf5-1.10.7/c++/src/h5c++.in
 +H5BLD_LIBS=
 
 CXX="${HDF5_CXX:-$CXXBASE}"
- CXXLINKER="${HDF5_CLINKER:-$CXXLINKERBASE}"
-@@ -103,7 +103,8 @@ LIBS="${HDF5_LIBS:-$LIBSBASE}"
+ CXXLINKER="${HDF5_CXXLINKER:-$CXXLINKERBASE}"
+@@ -101,7 +101,8 @@
 # available library is shared, it will be used by default.  The user can
 # override either default, although choosing an unavailable library will result
 # in link errors.
@ -61,7 +61,7 @@ diff -up hdf5-1.10.7/c++/src/h5c++.in.wrappers hdf5-1.10.7/c++/src/h5c++.in
 if test "${STATIC_AVAILABLE}" = "yes"; then
   USE_SHARED_LIB="${HDF5_USE_SHLIB:-no}"
 else
-@@ -385,7 +386,7 @@ if test "x$do_link" = "xyes"; then
+@@ -372,7 +373,7 @@
   # from the hdf5 build. The order of the flags is intended to give precedence
   # to the user's flags.
 
@ -70,16 +70,15 @@ diff -up hdf5-1.10.7/c++/src/h5c++.in.wrappers hdf5-1.10.7/c++/src/h5c++.in
 
   status=$?
 fi
-diff -up hdf5-1.10.7/fortran/src/h5fc.in.wrappers hdf5-1.10.7/fortran/src/h5fc.in
--- hdf5-1.10.7/fortran/src/h5fc.in.wrappers	2020-08-27 21:38:23.000000000 -0600
-+++ hdf5-1.10.7/fortran/src/h5fc.in	2020-10-07 20:25:53.793962985 -0600
-@@ -83,11 +83,11 @@ FLINKERBASE="@FC@"
- # libraries in $link_args, followed by any external library paths and libraries
+diff -ruN a/fortran/src/h5fc.in b/fortran/src/h5fc.in
+--- a/fortran/src/h5fc.in
+++ b/fortran/src/h5fc.in
+@@ -83,10 +83,10 @@
 # from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in from the hdf5 build.
 # The order of the flags is intended to give precedence to the user's flags.
-H5BLD_FCFLAGS="@AM_FCFLAGS@ @FCFLAGS@"
-+H5BLD_FCFLAGS=
- F9XMODFLAG="@F9XMODFLAG@"
+ H5BLD_FCFLAGS="@AM_FCFLAGS@ @FCFLAGS@"
+-F9XMODFLAG="@F9XMODFLAG@"
+F9XMODFLAG=
 F9XSUFFIXFLAG="@F9XSUFFIXFLAG@"
 -H5BLD_LDFLAGS="@AM_LDFLAGS@ @LDFLAGS@"
 -H5BLD_LIBS="@LIBS@"
@ -88,7 +87,7 @@ diff -up hdf5-1.10.7/fortran/src/h5fc.in.wrappers hdf5-1.10.7/fortran/src/h5fc.i
 
 FC="${HDF5_FC:-$FCBASE}"
 FLINKER="${HDF5_FLINKER:-$FLINKERBASE}"
-@@ -99,7 +99,8 @@ LIBS="${HDF5_LIBS:-$LIBSBASE}"
+@@ -98,7 +98,8 @@
 # available library is shared, it will be used by default.  The user can
 # override either default, although choosing an unavailable library will result
 # in link errors.
@ -98,12 +97,3 @@ diff -up hdf5-1.10.7/fortran/src/h5fc.in.wrappers hdf5-1.10.7/fortran/src/h5fc.i
 if test "${STATIC_AVAILABLE}" = "yes"; then
   USE_SHARED_LIB="${HDF5_USE_SHLIB:-no}"
 else
-@@ -363,7 +364,7 @@ if test "x$do_link" = "xyes"; then
-   # libraries in $link_args, followed by any external library paths and libraries
-   # from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in from the hdf5 build.
-   # The order of the flags is intended to give precedence to the user's flags.
-  $SHOW $FLINKER $FCFLAGS $H5BLD_FCFLAGS $F9XSUFFIXFLAG $LDFLAGS $fmodules $link_objs $LIBS $link_args $shared_link
-+  $SHOW $FLINKER $FCFLAGS $H5BLD_FCFLAGS $F9XSUFFIXFLAG $LDFLAGS $fmodules $link_objs $LIBS $link_args
-   status=$?
- fi
- 
--- a/SPECS/hdf5/hdf5.signatures.json
+++ b/SPECS/hdf5/hdf5.signatures.json
@ -1,6 +1,6 @@
 {
- "Signatures": {
-  "h5comp": "d0d40ba5b894f9fa1e230cbf123120243cb3aa58c85fa563eb88742d97744c2b",
-  "hdf5-1.12.1.tar.bz2": "aaf9f532b3eda83d3d3adc9f8b40a9b763152218fa45349c3bc77502ca1f8f1c"
- }
+  "Signatures": {
+    "h5comp": "d0d40ba5b894f9fa1e230cbf123120243cb3aa58c85fa563eb88742d97744c2b",
+    "hdf5-1.14.4-2.tar.gz": "618934b9d45e34f328393e1fde73a8a67e973f8e5a6bae8b609d098a84cb0efe"
+  }
 }
--- a/SPECS/hdf5/hdf5.spec
+++ b/SPECS/hdf5/hdf5.spec
@ -1,6 +1,7 @@
 %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
 %define version_main %(echo %{version} | cut -d. -f-2)
-%global so_version 200
+%global so_version_1 310
+%global so_version_2 311
 %global with_mpich 0
 %global with_openmpi 0
 %if %{with_mpich}
@ -11,24 +12,17 @@
 %endif
 Summary:        A general purpose library and file format for storing scientific data
 Name:           hdf5
-Version:        1.12.1
-Release:        13%{?dist}
+Version:        1.14.4
+Release:        1%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 URL:            https://portal.hdfgroup.org/display/HDF5/HDF5
-Source0:        https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-%{version_main}/hdf5-%{version}/src/hdf5-%{version}.tar.bz2
+Source0:        https://github.com/hdfgroup/hdf5/releases/download/%{name}_%{version}.2/%{name}-%{version}-2.tar.gz
 Source1:        h5comp
-Patch0:         hdf5-LD_LIBRARY_PATH.patch
-# Fix fortran build with gcc 12
-# https://github.com/HDFGroup/hdf5/pull/1412
-Patch1:         hdf5-gfortran12.patch
-Patch3:         hdf5-build.patch
-# Remove Fedora build flags from h5cc/h5c++/h5fc
-# https://bugzilla.redhat.com/show_bug.cgi?id=1794625
-Patch5:         hdf5-wrappers.patch
-Patch6:         CVE-2021-37501.patch
-# For patches/rpath
+Patch0:         hdf5-build.patch
+Patch1:         hdf5-wrappers.patch
+
 # For patches/rpath
 BuildRequires:  automake
 # Needed for mpi tests
@ -133,7 +127,7 @@ HDF5 parallel openmpi static libraries


 %prep
-%autosetup -p1
+%autosetup -p1 -n %{name}-%{version}-2

 # Force shared by default for compiler wrappers (bug #1266645)
 sed -i -e '/^STATIC_AVAILABLE=/s/=.*/=no/' */*/h5[cf]*.in
@ -150,11 +144,22 @@ sed -e 's|-O -finline-functions|-O3 -finline-functions|g' -i config/gnu-flags
  --enable-hl \\\
  --enable-shared \\\
  --with-szlib \\\
+  --enable-mirror-vfd \\\
 %{nil}
 # --enable-cxx and --enable-parallel flags are incompatible
 # --with-mpe=DIR Use MPE instrumentation [default=no]
 # --enable-cxx/fortran/parallel and --enable-threadsafe flags are incompatible

+# temporarily disable _FLOAT16 for ARM64 until a fix is checked-in.
+# See:
+# - https://github.com/HDFGroup/hdf5/pull/4495
+# - https://github.com/HDFGroup/hdf5/pull/4507
+%ifarch aarch64
+%global disable_float16 \\\
+  --disable-nonstandard-feature-float16 \\\
+%{nil}
+%endif
+
 #Serial build
 export CC=gcc
 export CXX=g++
@ -166,6 +171,8 @@ ln -s ../configure .
 %configure \
  %{configure_opts} \
  --enable-cxx \
+  --enable-hlgiftools \
+  %{disable_float16} \
  --with-default-plugindir=%{_libdir}/hdf5/plugin
 sed -i -e 's| -shared | -Wl,--as-needed\0|g' libtool
 sed -r -i 's|^prefix=/usr|prefix=%{buildroot}/usr|' java/test/junit.sh
@ -273,16 +280,18 @@ done

 %files
 %license COPYING
-%doc MANIFEST README.txt release_docs/RELEASE.txt
+%doc README.md release_docs/RELEASE.txt
 %doc release_docs/HISTORY*.txt
 %{_bindir}/gif2h5
 %{_bindir}/h52gif
 %{_bindir}/h5clear
 %{_bindir}/h5copy
 %{_bindir}/h5debug
+%{_bindir}/h5delete
 %{_bindir}/h5diff
 %{_bindir}/h5dump
 %{_bindir}/h5format_convert
+%{_bindir}/h5fuse
 %{_bindir}/h5import
 %{_bindir}/h5jam
 %{_bindir}/h5ls
@ -296,12 +305,12 @@ done
 %{_bindir}/mirror_server
 %{_bindir}/mirror_server_stop
 %{_libdir}/hdf5/
-%{_libdir}/libhdf5.so.%{so_version}*
-%{_libdir}/libhdf5_cpp.so.%{so_version}*
-%{_libdir}/libhdf5_fortran.so.%{so_version}*
-%{_libdir}/libhdf5hl_fortran.so.%{so_version}*
-%{_libdir}/libhdf5_hl.so.%{so_version}*
-%{_libdir}/libhdf5_hl_cpp.so.%{so_version}*
+%{_libdir}/libhdf5.so.%{so_version_2}*
+%{_libdir}/libhdf5_cpp.so.%{so_version_1}*
+%{_libdir}/libhdf5_fortran.so.%{so_version_2}*
+%{_libdir}/libhdf5hl_fortran.so.%{so_version_1}*
+%{_libdir}/libhdf5_hl.so.%{so_version_1}*
+%{_libdir}/libhdf5_hl_cpp.so.%{so_version_1}*

 %files devel
 %{macrosdir}/macros.hdf5
@ -310,6 +319,7 @@ done
 %{_bindir}/h5fc*
 %{_bindir}/h5redeploy
 %{_includedir}/*.h
+%{_includedir}/*.inc
 %{_libdir}/*.so
 %{_libdir}/*.settings
 %{_fmoddir}/*.mod
@ -347,7 +357,7 @@ done
 %{_libdir}/mpich/bin/mirror_server_stop
 %{_libdir}/mpich/bin/ph5diff
 %{_libdir}/mpich/hdf5/
-%{_libdir}/mpich/lib/*.so.%{so_version}*
+%{_libdir}/mpich/lib/*.so.%{so_version_1}*

 %files mpich-devel
 %{_includedir}/mpich-%{_arch}
@ -391,7 +401,7 @@ done
 %{_libdir}/openmpi/bin/mirror_server_stop
 %{_libdir}/openmpi/bin/ph5diff
 %{_libdir}/openmpi/hdf5/
-%{_libdir}/openmpi/lib/*.so.%{so_version}*
+%{_libdir}/openmpi/lib/*.so.%{so_version_1}*

 %files openmpi-devel
 %{_includedir}/openmpi-%{_arch}
@ -410,6 +420,9 @@ done


 %changelog
+* Mon May 20 2024 George Mileka <gmileka@microsoft.com> - 1.14.4-1
+- Upgrade to 1.14.4 - Fix critical CVEs
+
 * Thu Oct 19 2023 Jon Slobodzian <joslobo@microsoft.com> - 1.12.1-13
 - Patch hdf5 for CVE-2021-37501.

--- a/SPECS/python-h5py/python-h5py.spec
+++ b/SPECS/python-h5py/python-h5py.spec
@ -13,7 +13,7 @@ simplifies the process of reading and writing data from Python.
 Summary:        A Python interface to the HDF5 library
 Name:           h5py
 Version:        3.7.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@ -24,7 +24,7 @@ Source0:        https://files.pythonhosted.org/packages/source/h/h5py/h5py-%{ver
 # in F-36
 Patch0:         h5py-3.7.0-ppc-float128.patch
 BuildRequires:  gcc
-BuildRequires:  hdf5-devel
+BuildRequires:  hdf5-devel >= 1.14.4
 BuildRequires:  liblzf-devel
 BuildRequires:  python%{python3_pkgversion}-Cython >= 0.23
 BuildRequires:  python%{python3_pkgversion}-cached_property
@ -41,7 +41,7 @@ BuildRequires:  python%{python3_pkgversion}-sphinx
 %package     -n python%{python3_pkgversion}-h5py
 %{?python_provide:%python_provide python%{python3_pkgversion}-h5py}
 Summary:        %{summary}
-Requires:       hdf5
+Requires:       hdf5 >= 1.14.4
 Requires:       python%{python3_pkgversion}-cached_property
 Requires:       python%{python3_pkgversion}-numpy >= 1.7
 Requires:       python%{python3_pkgversion}-six
@ -92,6 +92,11 @@ cd -
 %{python3_sitearch}/%{name}-%{version}-*.egg-info

 %changelog
+* Mon May 20 2024 George Mileka <gmileka@microsoft.com> - 3.7.0-5
+- Bumping the release version so that this package is re-built with the newer
+  1.14.4 hdf5 libraries. This ensures that the matching 1.14.4 .so files Will
+  be used at run time.
+
 * Tue Nov 01 2022 Riken Maharjan <rmaharjan@microsoft.com> - 3.7.0-4
 - License verified
 - Initial CBL-Mariner import from Fedora 37 (license: MIT).
--- a/cgmanifest.json
+++ b/cgmanifest.json
@ -5210,8 +5210,8 @@
        "type": "other",
        "other": {
          "name": "hdf5",
-          "version": "1.12.1",
-          "downloadUrl": "https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.12/hdf5-1.12.1/src/hdf5-1.12.1.tar.bz2"
+          "version": "1.14.4",
+          "downloadUrl": "https://github.com/hdfgroup/hdf5/releases/download/hdf5_1.14.4.2/hdf5-1.14.4-2.tar.gz"
        }
      }
    },