import openblas-0.3.15-4.el8

SOURCES/openblas-CVE-2021-4048.patch

@@ -0,0 +1,107 @@
+From 2be5ee3cca97a597f2ee2118808a2d5eacea050c Mon Sep 17 00:00:00 2001
+From: Martin Kroeker <martin@ruby.chemie.uni-freiburg.de>
+Date: Fri, 1 Oct 2021 11:17:21 +0200
+Subject: [PATCH 1/4] Fix out of bounds read in ?llarv (Reference-LAPACK PR
+ 625)
+
+---
+ lapack-netlib/SRC/clarrv.f | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lapack-netlib/SRC/clarrv.f b/lapack-netlib/SRC/clarrv.f
+index a45f55ac..26a9febc 100644
+--- a/lapack-netlib/SRC/clarrv.f
++++ b/lapack-netlib/SRC/clarrv.f
+@@ -351,7 +351,7 @@
+ *
+ *     Quick return if possible
+ *
+-      IF( N.LE.0 ) THEN
++      IF( (N.LE.0) .OR. (M.LE.0) ) THEN
+          RETURN
+       END IF
+ *
+-- 
+2.34.1
+
+
+From fe497efa0510466fd93578aaf9da1ad8ed4edbe7 Mon Sep 17 00:00:00 2001
+From: Martin Kroeker <martin@ruby.chemie.uni-freiburg.de>
+Date: Fri, 1 Oct 2021 11:18:20 +0200
+Subject: [PATCH 2/4] Fix out of bounds read in ?llarv (Reference-LAPACK PR
+ 625)
+
+---
+ lapack-netlib/SRC/dlarrv.f | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lapack-netlib/SRC/dlarrv.f b/lapack-netlib/SRC/dlarrv.f
+index 4a59a2bb..a1c6e9c9 100644
+--- a/lapack-netlib/SRC/dlarrv.f
++++ b/lapack-netlib/SRC/dlarrv.f
+@@ -353,7 +353,7 @@
+ *
+ *     Quick return if possible
+ *
+-      IF( N.LE.0 ) THEN
++      IF( (N.LE.0).OR.(M.LE.0) ) THEN
+          RETURN
+       END IF
+ *
+-- 
+2.34.1
+
+
+From ddb0ff5353637bb5f5ad060c9620e334c143e3d7 Mon Sep 17 00:00:00 2001
+From: Martin Kroeker <martin@ruby.chemie.uni-freiburg.de>
+Date: Fri, 1 Oct 2021 11:19:07 +0200
+Subject: [PATCH 3/4] Fix out of bounds read in ?llarv (Reference-LAPACK PR
+ 625)
+
+---
+ lapack-netlib/SRC/slarrv.f | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lapack-netlib/SRC/slarrv.f b/lapack-netlib/SRC/slarrv.f
+index 04519fde..9448b2fd 100644
+--- a/lapack-netlib/SRC/slarrv.f
++++ b/lapack-netlib/SRC/slarrv.f
+@@ -353,7 +353,7 @@
+ *
+ *     Quick return if possible
+ *
+-      IF( N.LE.0 ) THEN
++      IF( (N.LE.0).OR.(M.LE.0) ) THEN
+          RETURN
+       END IF
+ *
+-- 
+2.34.1
+
+
+From 337b65133df174796794871b3988cd03426e6d41 Mon Sep 17 00:00:00 2001
+From: Martin Kroeker <martin@ruby.chemie.uni-freiburg.de>
+Date: Fri, 1 Oct 2021 11:19:53 +0200
+Subject: [PATCH 4/4] Fix out of bounds read in ?llarv (Reference-LAPACK PR
+ 625)
+
+---
+ lapack-netlib/SRC/zlarrv.f | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lapack-netlib/SRC/zlarrv.f b/lapack-netlib/SRC/zlarrv.f
+index 23976dbe..8d10e3c2 100644
+--- a/lapack-netlib/SRC/zlarrv.f
++++ b/lapack-netlib/SRC/zlarrv.f
+@@ -351,7 +351,7 @@
+ *
+ *     Quick return if possible
+ *
+-      IF( N.LE.0 ) THEN
++      IF( (N.LE.0).OR.(M.LE.0) ) THEN
+          RETURN
+       END IF
+ *
+-- 
+2.34.1
+

SPECS/openblas.spec

@@ -18,7 +18,7 @@
 
 Name:           openblas
 Version:        0.3.15
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        An optimized BLAS library based on GotoBLAS2
 Group:          Development/Libraries
 License:        BSD
@@ -37,6 +37,8 @@ Patch4:         openblas-0.3.15-asmflags.patch
 # Remove optimization pragmas on ppc64le
 Patch5:         openblas-0.3.15-power-optimize.patch
 
+Patch6:         openblas-CVE-2021-4048.patch
+
 BuildRequires:  scl-utils
 BuildRequires:  gcc-toolset-11-gcc
 BuildRequires:  gcc-toolset-11-gcc-gfortran
@@ -238,6 +240,7 @@ cd OpenBLAS-%{version}
 %patch3 -p1 -b .noopt
 %patch4 -p1 -b .asmflags
 %patch5 -p1 -b .power-optimize
+%patch6 -p1 -b .cve-2021-4048
 
 # Fix source permissions
 find -name \*.f -exec chmod 644 {} \;
@@ -677,6 +680,10 @@ rm -rf %{buildroot}%{_libdir}/pkgconfig
 %endif
 
 %changelog
+* Wed Jun 15 2022 Matej Mužila <mmuzila@redhat.com> - 0.3.15-4
+- Fix out-of-bounds read in *larrv
+- Resolves: CVE-2021-4048
+
 * Fri Nov 12 2021 Nikola Forró <nforro@redhat.com> - 0.3.15-3
 - Fix missing header files in openblas-devel subpackage by enabling
   gcc-toolset-11 in %%install as well