Release?

[limburgher]

Hi! I maintain matio packages for Fedora and EPEL. I see that a few CVEs are fixed in master; is a release forthcoming or should I just ship a snapshot to address these? Thanks!

[tbeu]

Thank you for reminding me. Ususally I had two maintenance releases per year, one in early spring and one in winter. But this time I was distracted by oss-fuzzing, CI (IBM Z, MinGW, Cygwin), and of course other projects

I also wonder why some issues get CVEs assigned, others don't. Thus, only counting the CVEs is a totally misleading measure.

There are already a lot of fixes in master, even for file reading performance. However, before releasing I wanted to

• properly fix #120, which also addresses several open oss-fuzzing defects
• attract at least one sponsor
• get the stale CMake PR #107 done (but the authors or reviewers are silent, too)

I think I can release a new version in about two months time, not sure what will happen till then.

[limburgher]

Thank you. I'm trying to package a snapshot, and all the tests are failing. Should I be concerned, or possibly just wait for the release?

[Nelson-numerical-software]

an official release 1.5.18 will be welcome with official support of hdf5 1.12

Currently on macos, libmatio 1.5.17 segfault (libmatio 1.5.17 + hdf5 1.12 packaged with brew) But libmatio current master works with hdf5 1.12 :(

see: https://travis-ci.org/github/Nelson-numerical-software/nelson/jobs/676873956

 14/29 - [matio] test_savemat_cell                                          Fail
    run('/Users/travis/build/Nelson-numerical-software/nelson/modules/matio/tests/test_savemat_cell.nls')
    Error:
      /Users/travis/build/Nelson-numerical-software/nelson/bin/macosx64/nelson-cli: line 33: 85346 Abort trap: 6           $SCRIPT_DIRECTORY/nelson-cli-exec "$@"
 15/29 - [matio] test_savemat_char                                          Fail
    run('/Users/travis/build/Nelson-numerical-software/nelson/modules/matio/tests/test_savemat_char.nls')
    Error:
      /Users/travis/build/Nelson-numerical-software/nelson/bin/macosx64/nelson-cli: line 33: 85352 Abort trap: 6           $SCRIPT_DIRECTORY/nelson-cli-exec "$@"
 16/29 - [matio] test_savemat_double                                        Fail
    run('/Users/travis/build/Nelson-numerical-software/nelson/modules/matio/tests/test_savemat_double.nls')
    Error:
      /Users/travis/build/Nelson-numerical-software/nelson/bin/macosx64/nelson-cli: line 33: 85358 Abort trap: 6           $SCRIPT_DIRECTORY/nelson-cli-exec "$@"

[tbeu]

I am trying my best to file a new release in May.

[rafal-c]

Hi, any updates on the expected release date?

[tbeu]

Version 1.5.18 was released today.

[limburgher]

Is there a collection of patches that could be applied to 1.5.17 that would address the security fixes without incrementing the soname?

[tbeu]

No, there is not. There have been too many fixes (addressing the issues detected by fuzzing) even if there was no CVE number assigned.

I increased the so version because I changed some C types in mat_sparse_t, removed strdup_vprintf and strdup_printf from the public API and added new error constants MATIO_E_ABC to matio.h with functions returning different error codes.

[limburgher]

Ok, thank you.