Package: hnswlib / 0.6.2-2+deb12u1

Metadata

Package Version Patches format
hnswlib 0.6.2-2+deb12u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
cassert.patch | (download)

hnswlib/hnswalg.h | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
 add missing "#include <cassert>"
noTwine.patch | (download)

Makefile | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 
 prevent execution of upstream makefile in python_bindings dir
use shared while linking.patch | (download)

setup.py | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 enable "-shared" while linking
Last-Changed: September 7, 2020
do not use native flags.patch | (download)

CMakeLists.txt | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 
 disable -march=native which is a baseline violation
cve 2023 37365.patch | (download)

hnswlib/hnswalg.h | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

 
 hnswalg.h: cap m to 10000 (cve-2023-37365)
 This patch works around issue nmslib#467, also referenced as CVE-2023-37365,
 by implementing Yury Malkov's suggestion about capping the M value,
 coding the maximum number of outgoing connections in the graph, to a
 reasonable enough value of the order of 10000.  For the record, the
 documentation indicates reasonable values for M range from 2 to 100,
 which are well within the cap; see ALGO_PARAMS.md.
 .
 The reproducer shown in issue nmslib#467 doesn't trigger the double free
 condition anymore after this change is applied, but completes
 successfully, although with the below warning popping up on purpose:
 .
  warning: M parameter exceeds 10000 which may lead to adverse effects.
           Cap to 10000 will be applied for the rest of the processing.