diff --git a/package/lapack/0001-Fix-out-of-bounds-read-in-slarrv.patch b/package/lapack/0001-Fix-out-of-bounds-read-in-slarrv.patch deleted file mode 100644 index 43c6444b02..0000000000 --- a/package/lapack/0001-Fix-out-of-bounds-read-in-slarrv.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 0631b6beaed60ba118b0b027c0f8d35397bf5df0 Mon Sep 17 00:00:00 2001 -From: Keno Fischer -Date: Thu, 30 Sep 2021 03:51:23 -0400 -Subject: [PATCH] Fix out of bounds read in slarrv - -This was originally reported as https://github.com/JuliaLang/julia/issues/42415. -I've tracked this down to an our of bounds read on the following line: - -https://github.com/Reference-LAPACK/lapack/blob/44ecb6a5ff821b1cbb39f8cc2166cb098e060b4d/SRC/slarrv.f#L423 - -In the crashing example, `M` is `0`, causing `slarrv` to read uninitialized -memory from the work array. I believe the `0` for `M` is correct and indeed, -the documentation above supports that `M` may be zero: - -https://github.com/Reference-LAPACK/lapack/blob/44ecb6a5ff821b1cbb39f8cc2166cb098e060b4d/SRC/slarrv.f#L113-L116 - -I believe it may be sufficient to early-out this function as suggested -in this PR. However, I have limited context for the full routine here, -so I would appreciate a sanity check. - -[Retrieved from: -https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781] -Signed-off-by: Fabrice Fontaine ---- - SRC/clarrv.f | 2 +- - SRC/dlarrv.f | 2 +- - SRC/slarrv.f | 2 +- - SRC/zlarrv.f | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/SRC/clarrv.f b/SRC/clarrv.f -index 1f09e4da6..42f710757 100644 ---- a/SRC/clarrv.f -+++ b/SRC/clarrv.f -@@ -348,7 +348,7 @@ SUBROUTINE CLARRV( N, VL, VU, D, L, PIVMIN, - * - * Quick return if possible - * -- IF( N.LE.0 ) THEN -+ IF( (N.LE.0).OR.(M.LE.0) ) THEN - RETURN - END IF - * -diff --git a/SRC/dlarrv.f b/SRC/dlarrv.f -index b036c1e66..299430361 100644 ---- a/SRC/dlarrv.f -+++ b/SRC/dlarrv.f -@@ -350,7 +350,7 @@ SUBROUTINE DLARRV( N, VL, VU, D, L, PIVMIN, - * - * Quick return if possible - * -- IF( N.LE.0 ) THEN -+ IF( (N.LE.0).OR.(M.LE.0) ) THEN - RETURN - END IF - * -diff --git a/SRC/slarrv.f b/SRC/slarrv.f -index 9d72b339a..95f94fd1b 100644 ---- a/SRC/slarrv.f -+++ b/SRC/slarrv.f -@@ -350,7 +350,7 @@ SUBROUTINE SLARRV( N, VL, VU, D, L, PIVMIN, - * - * Quick return if possible - * -- IF( N.LE.0 ) THEN -+ IF( (N.LE.0).OR.(M.LE.0) ) THEN - RETURN - END IF - * -diff --git a/SRC/zlarrv.f b/SRC/zlarrv.f -index 51ec558f5..e4be63e0d 100644 ---- a/SRC/zlarrv.f -+++ b/SRC/zlarrv.f -@@ -348,7 +348,7 @@ SUBROUTINE ZLARRV( N, VL, VU, D, L, PIVMIN, - * - * Quick return if possible - * -- IF( N.LE.0 ) THEN -+ IF( (N.LE.0).OR.(M.LE.0) ) THEN - RETURN - END IF - * diff --git a/package/lapack/lapack.hash b/package/lapack/lapack.hash index 6f6dbff1a6..4d4d2c0596 100644 --- a/package/lapack/lapack.hash +++ b/package/lapack/lapack.hash @@ -1,3 +1,3 @@ # Locally computed: -sha256 328c1bea493a32cac5257d84157dc686cc3ab0b004e2bea22044e0a59f6f8a19 lapack-3.10.0.tar.gz -sha256 66246b7d3e6736aea46e63fd5e087659474d07edfe2f9b051d085d9b42aaac61 LICENSE +sha256 cd005cd021f144d7d5f7f33c943942db9f03a28d110d6a3b80d718a295f7f714 lapack-3.10.1.tar.gz +sha256 44f7c08ab11e40b21d8bf8220712929ba8d0204645d2174869acf915562d0969 LICENSE diff --git a/package/lapack/lapack.mk b/package/lapack/lapack.mk index 609075842d..2d069c1c93 100644 --- a/package/lapack/lapack.mk +++ b/package/lapack/lapack.mk @@ -4,7 +4,7 @@ # ################################################################################ -LAPACK_VERSION = 3.10.0 +LAPACK_VERSION = 3.10.1 LAPACK_LICENSE = BSD-3-Clause LAPACK_LICENSE_FILES = LICENSE LAPACK_SITE = $(call github,Reference-LAPACK,lapack,v$(LAPACK_VERSION)) @@ -13,9 +13,6 @@ LAPACK_INSTALL_STAGING = YES LAPACK_SUPPORTS_IN_SOURCE_BUILD = NO LAPACK_CONF_OPTS = -DLAPACKE=ON -DCBLAS=ON -# 0001-Fix-out-of-bounds-read-in-slarrv.patch -LAPACK_IGNORE_CVES += CVE-2021-4048 - ifeq ($(BR2_PACKAGE_LAPACK_COMPLEX),y) LAPACK_CONF_OPTS += -DBUILD_COMPLEX=ON -DBUILD_COMPLEX16=ON else