diff --git a/0001-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch b/0001-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch new file mode 100644 index 0000000000000000000000000000000000000000..c7dc615817e897127845350ff593e1bf2d06b45d --- /dev/null +++ b/0001-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch @@ -0,0 +1,26 @@ +From 2be5ee3cca97a597f2ee2118808a2d5eacea050c Mon Sep 17 00:00:00 2001 +From: Martin Kroeker +Date: Fri, 1 Oct 2021 11:17:21 +0200 +Subject: [PATCH 1/4] Fix out of bounds read in ?llarv (Reference-LAPACK PR + 625) + +--- + lapack-netlib/SRC/clarrv.f | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lapack-netlib/SRC/clarrv.f b/lapack-netlib/SRC/clarrv.f +index a45f55ac..26a9febc 100644 +--- a/lapack-netlib/SRC/clarrv.f ++++ b/lapack-netlib/SRC/clarrv.f +@@ -351,7 +351,7 @@ + * + * Quick return if possible + * +- IF( N.LE.0 ) THEN ++ IF( (N.LE.0) .OR. (M.LE.0) ) THEN + RETURN + END IF + * +-- +2.27.0 + diff --git a/0002-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch b/0002-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch new file mode 100644 index 0000000000000000000000000000000000000000..339714d020e2e2b405dcdf59a29242166e920633 --- /dev/null +++ b/0002-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch @@ -0,0 +1,26 @@ +From fe497efa0510466fd93578aaf9da1ad8ed4edbe7 Mon Sep 17 00:00:00 2001 +From: Martin Kroeker +Date: Fri, 1 Oct 2021 11:18:20 +0200 +Subject: [PATCH 2/4] Fix out of bounds read in ?llarv (Reference-LAPACK PR + 625) + +--- + lapack-netlib/SRC/dlarrv.f | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lapack-netlib/SRC/dlarrv.f b/lapack-netlib/SRC/dlarrv.f +index 4a59a2bb..a1c6e9c9 100644 +--- a/lapack-netlib/SRC/dlarrv.f ++++ b/lapack-netlib/SRC/dlarrv.f +@@ -353,7 +353,7 @@ + * + * Quick return if possible + * +- IF( N.LE.0 ) THEN ++ IF( (N.LE.0).OR.(M.LE.0) ) THEN + RETURN + END IF + * +-- +2.27.0 + diff --git a/0003-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch b/0003-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch new file mode 100644 index 0000000000000000000000000000000000000000..88581cdeb059edefe7674eaa89da0afec375f61d --- /dev/null +++ b/0003-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch @@ -0,0 +1,26 @@ +From ddb0ff5353637bb5f5ad060c9620e334c143e3d7 Mon Sep 17 00:00:00 2001 +From: Martin Kroeker +Date: Fri, 1 Oct 2021 11:19:07 +0200 +Subject: [PATCH 3/4] Fix out of bounds read in ?llarv (Reference-LAPACK PR + 625) + +--- + lapack-netlib/SRC/slarrv.f | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lapack-netlib/SRC/slarrv.f b/lapack-netlib/SRC/slarrv.f +index 04519fde..9448b2fd 100644 +--- a/lapack-netlib/SRC/slarrv.f ++++ b/lapack-netlib/SRC/slarrv.f +@@ -353,7 +353,7 @@ + * + * Quick return if possible + * +- IF( N.LE.0 ) THEN ++ IF( (N.LE.0).OR.(M.LE.0) ) THEN + RETURN + END IF + * +-- +2.27.0 + diff --git a/0004-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch b/0004-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch new file mode 100644 index 0000000000000000000000000000000000000000..40c00c637823a18f108a653947eab2dd8ad99166 --- /dev/null +++ b/0004-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch @@ -0,0 +1,27 @@ +From 337b65133df174796794871b3988cd03426e6d41 Mon Sep 17 00:00:00 2001 +From: Martin Kroeker +Date: Fri, 1 Oct 2021 11:19:53 +0200 +Subject: [PATCH 4/4] Fix out of bounds read in ?llarv (Reference-LAPACK PR + 625) + + +--- + lapack-netlib/SRC/zlarrv.f | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lapack-netlib/SRC/zlarrv.f b/lapack-netlib/SRC/zlarrv.f +index 23976dbe..8d10e3c2 100644 +--- a/lapack-netlib/SRC/zlarrv.f ++++ b/lapack-netlib/SRC/zlarrv.f +@@ -351,7 +351,7 @@ + * + * Quick return if possible + * +- IF( N.LE.0 ) THEN ++ IF( (N.LE.0).OR.(M.LE.0) ) THEN + RETURN + END IF + * +-- +2.27.0 + diff --git a/openblas.spec b/openblas.spec index 40e192686d1b1c43a52f691e45b535a52f6b757c..55bcbc75ce9956ebafcfb354da7a8c114711ea43 100644 --- a/openblas.spec +++ b/openblas.spec @@ -2,7 +2,7 @@ Name: openblas Version: 0.3.13 -Release: 2 +Release: 3 Summary: An optimized BLAS library based on GotoBLAS2 1.13 BSD version License: BSD URL: https://github.com/xianyi/OpenBLAS/ @@ -10,6 +10,10 @@ Source0: https://github.com/xianyi/OpenBLAS/archive/v%{version}/openblas- Patch0000: openblas-0.2.15-system_lapack.patch Patch0001: openblas-0.2.5-libname.patch Patch0002: openblas-0.3.7-tests.patch +Patch0003: 0001-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch +Patch0004: 0002-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch +Patch0005: 0003-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch +Patch0006: 0004-Fix-out-of-bounds-read-in-llarv-Reference-LAPACK-PR-.patch Requires: %{name}-devel = %{version}-%{release} BuildRequires: gcc gcc-gfortran perl-devel gcc-c++ @@ -57,6 +61,10 @@ cd OpenBLAS-%{version} %endif %patch0001 -p1 -b .libname %patch0002 -p1 -b .tests +%patch0003 -p1 +%patch0004 -p1 +%patch0005 -p1 +%patch0006 -p1 # Set source permissions find -name \*.f -exec chmod 644 {} \; @@ -350,6 +358,9 @@ rm -rf %{buildroot}%{_libdir}/pkgconfig %{_libdir}/lib%{name}*64_.so %changelog +* Mon Dec 20 2021 zhouwenpei -0.3.13-3 +- fix CVE-2021-4048 + * Wed Jun 30 2021 zhouwenpei -0.3.13-2 - add buildrequire gcc-c++