[Buildroot] [PATCH 1/1] package/lapack: security bump to version 3.10.0
Arnout Vandecappelle
arnout at mind.be
Thu Dec 16 20:14:33 UTC 2021
On 16/12/2021 08:02, Fabrice Fontaine wrote:
> - Fix CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV,
> DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0,
> as also used in OpenBLAS before version 0.3.18. Specially crafted
> inputs passed to these functions could cause an application using
> lapack to crash or possibly disclose portions of its memory.
> - Update license hash, year changed:
> https://github.com/Reference-LAPACK/lapack/commit/f67034373ee2972b4ea5de5a3d635b30ad3026c2
> - Update indentation in hash file (two spaces)
>
> http://netlib.org/lapack/lapack-3.10.0.html
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Applied to master, thanks.
Regards,
Arnout
> ---
> package/lapack/lapack.hash | 4 ++--
> package/lapack/lapack.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/package/lapack/lapack.hash b/package/lapack/lapack.hash
> index bac7210c29..6f6dbff1a6 100644
> --- a/package/lapack/lapack.hash
> +++ b/package/lapack/lapack.hash
> @@ -1,3 +1,3 @@
> # Locally computed:
> -sha256 106087f1bb5f46afdfba7f569d0cbe23dacb9a07cd24733765a0e89dbe1ad573 lapack-3.9.0.tar.gz
> -sha256 d56bd4441b999b80c88df04faf0d8b3d7d3b2bd781cf91242c4188e8a6d0f8be LICENSE
> +sha256 328c1bea493a32cac5257d84157dc686cc3ab0b004e2bea22044e0a59f6f8a19 lapack-3.10.0.tar.gz
> +sha256 66246b7d3e6736aea46e63fd5e087659474d07edfe2f9b051d085d9b42aaac61 LICENSE
> diff --git a/package/lapack/lapack.mk b/package/lapack/lapack.mk
> index 41774f6167..f34f685ae2 100644
> --- a/package/lapack/lapack.mk
> +++ b/package/lapack/lapack.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -LAPACK_VERSION = 3.9.0
> +LAPACK_VERSION = 3.10.0
> LAPACK_LICENSE = BSD-3-Clause
> LAPACK_LICENSE_FILES = LICENSE
> LAPACK_SITE = $(call github,Reference-LAPACK,lapack,v$(LAPACK_VERSION))
>
More information about the buildroot
mailing list