[pkgsrc/trunk]: pkgsrc/devel/gmp gmp: fix CVE-2021-43618 using upstream patch

[wiz <wiz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/2bf33ca14bde
branches:  trunk
changeset: 770163:2bf33ca14bde
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Fri Nov 26 12:23:08 2021 +0000

description:
gmp: fix CVE-2021-43618 using upstream patch

Bump PKGREVISION.

diffstat:

 devel/gmp/Makefile                     |   3 ++-
 devel/gmp/distinfo                     |   3 ++-
 devel/gmp/patches/patch-mpz_inp__raw.c |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diffs (48 lines):

diff -r e1259a4c597d -r 2bf33ca14bde devel/gmp/Makefile
--- a/devel/gmp/Makefile        Fri Nov 26 12:05:32 2021 +0000
+++ b/devel/gmp/Makefile        Fri Nov 26 12:23:08 2021 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.88 2020/11/16 13:12:41 wiz Exp $
+# $NetBSD: Makefile,v 1.89 2021/11/26 12:23:08 wiz Exp $
 
 DISTNAME=      gmp-6.2.1
+PKGREVISION=   1
 CATEGORIES=    devel math
 MASTER_SITES=  https://gmplib.org/download/gmp/
 MASTER_SITES+= ${MASTER_SITE_GNU:=gmp/}
diff -r e1259a4c597d -r 2bf33ca14bde devel/gmp/distinfo
--- a/devel/gmp/distinfo        Fri Nov 26 12:05:32 2021 +0000
+++ b/devel/gmp/distinfo        Fri Nov 26 12:23:08 2021 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.58 2021/10/26 10:14:43 nia Exp $
+$NetBSD: distinfo,v 1.59 2021/11/26 12:23:08 wiz Exp $
 
 BLAKE2s (gmp-6.2.1.tar.bz2) = 4125e2992b9aa28eea69ada6030b34a0e293ca80140c3c069f4fcbd38055d6ee
 SHA512 (gmp-6.2.1.tar.bz2) = 8904334a3bcc5c896ececabc75cda9dec642e401fb5397c4992c4fabea5e962c9ce8bd44e8e4233c34e55c8010cc28db0545f5f750cbdbb5f00af538dc763be9
 Size (gmp-6.2.1.tar.bz2) = 2493916 bytes
 SHA1 (patch-acinclude.m4) = 3f76c0aa8d29ec815a93448f9c4bc976ebdf7a2a
+SHA1 (patch-mpz_inp__raw.c) = d25995039d4c7226b5209cb932c13fe59a4578ca
diff -r e1259a4c597d -r 2bf33ca14bde devel/gmp/patches/patch-mpz_inp__raw.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/gmp/patches/patch-mpz_inp__raw.c    Fri Nov 26 12:23:08 2021 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-mpz_inp__raw.c,v 1.1 2021/11/26 12:23:08 wiz Exp $
+
+Fix for CVE-2021-43618
+https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
+
+--- mpz/inp_raw.c.orig 2020-11-14 18:45:09.000000000 +0000
++++ mpz/inp_raw.c
+@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp)
+ 
+   abs_csize = ABS (csize);
+ 
++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++    return 0; /* Bit size overflows */
++
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+     {