From 59a1fcc69620da8eab1c048977fa22d297b18284 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Thu, 16 Dec 2021 08:02:01 +0100 Subject: [PATCH] package/lapack: security bump to version 3.10.0 - Fix CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. - Update license hash, year changed: https://github.com/Reference-LAPACK/lapack/commit/f67034373ee2972b4ea5de5a3d635b30ad3026c2 - Update indentation in hash file (two spaces) http://netlib.org/lapack/lapack-3.10.0.html Signed-off-by: Fabrice Fontaine Signed-off-by: Arnout Vandecappelle (Essensium/Mind) --- package/lapack/lapack.hash | 4 ++-- package/lapack/lapack.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/lapack/lapack.hash b/package/lapack/lapack.hash index bac7210c29..6f6dbff1a6 100644 --- a/package/lapack/lapack.hash +++ b/package/lapack/lapack.hash @@ -1,3 +1,3 @@ # Locally computed: -sha256 106087f1bb5f46afdfba7f569d0cbe23dacb9a07cd24733765a0e89dbe1ad573 lapack-3.9.0.tar.gz -sha256 d56bd4441b999b80c88df04faf0d8b3d7d3b2bd781cf91242c4188e8a6d0f8be LICENSE +sha256 328c1bea493a32cac5257d84157dc686cc3ab0b004e2bea22044e0a59f6f8a19 lapack-3.10.0.tar.gz +sha256 66246b7d3e6736aea46e63fd5e087659474d07edfe2f9b051d085d9b42aaac61 LICENSE diff --git a/package/lapack/lapack.mk b/package/lapack/lapack.mk index 41774f6167..f34f685ae2 100644 --- a/package/lapack/lapack.mk +++ b/package/lapack/lapack.mk @@ -4,7 +4,7 @@ # ################################################################################ -LAPACK_VERSION = 3.9.0 +LAPACK_VERSION = 3.10.0 LAPACK_LICENSE = BSD-3-Clause LAPACK_LICENSE_FILES = LICENSE LAPACK_SITE = $(call github,Reference-LAPACK,lapack,v$(LAPACK_VERSION))