CVS commit: pkgsrc/devel/gmp

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/devel/gmp
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Fri, 26 Nov 2021 12:23:09 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Fri Nov 26 12:23:09 UTC 2021

Modified Files:
        pkgsrc/devel/gmp: Makefile distinfo
Added Files:
        pkgsrc/devel/gmp/patches: patch-mpz_inp__raw.c

Log Message:
gmp: fix CVE-2021-43618 using upstream patch

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.88 -r1.89 pkgsrc/devel/gmp/Makefile
cvs rdiff -u -r1.58 -r1.59 pkgsrc/devel/gmp/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/gmp/patches/patch-mpz_inp__raw.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/gmp/Makefile
diff -u pkgsrc/devel/gmp/Makefile:1.88 pkgsrc/devel/gmp/Makefile:1.89
--- pkgsrc/devel/gmp/Makefile:1.88      Mon Nov 16 13:12:41 2020
+++ pkgsrc/devel/gmp/Makefile   Fri Nov 26 12:23:08 2021
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.88 2020/11/16 13:12:41 wiz Exp $
+# $NetBSD: Makefile,v 1.89 2021/11/26 12:23:08 wiz Exp $
 
 DISTNAME=      gmp-6.2.1
+PKGREVISION=   1
 CATEGORIES=    devel math
 MASTER_SITES=  https://gmplib.org/download/gmp/
 MASTER_SITES+= ${MASTER_SITE_GNU:=gmp/}

Index: pkgsrc/devel/gmp/distinfo
diff -u pkgsrc/devel/gmp/distinfo:1.58 pkgsrc/devel/gmp/distinfo:1.59
--- pkgsrc/devel/gmp/distinfo:1.58      Tue Oct 26 10:14:43 2021
+++ pkgsrc/devel/gmp/distinfo   Fri Nov 26 12:23:08 2021
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.58 2021/10/26 10:14:43 nia Exp $
+$NetBSD: distinfo,v 1.59 2021/11/26 12:23:08 wiz Exp $
 
 BLAKE2s (gmp-6.2.1.tar.bz2) = 4125e2992b9aa28eea69ada6030b34a0e293ca80140c3c069f4fcbd38055d6ee
 SHA512 (gmp-6.2.1.tar.bz2) = 8904334a3bcc5c896ececabc75cda9dec642e401fb5397c4992c4fabea5e962c9ce8bd44e8e4233c34e55c8010cc28db0545f5f750cbdbb5f00af538dc763be9
 Size (gmp-6.2.1.tar.bz2) = 2493916 bytes
 SHA1 (patch-acinclude.m4) = 3f76c0aa8d29ec815a93448f9c4bc976ebdf7a2a
+SHA1 (patch-mpz_inp__raw.c) = d25995039d4c7226b5209cb932c13fe59a4578ca

Added files:

Index: pkgsrc/devel/gmp/patches/patch-mpz_inp__raw.c
diff -u /dev/null pkgsrc/devel/gmp/patches/patch-mpz_inp__raw.c:1.1
--- /dev/null   Fri Nov 26 12:23:09 2021
+++ pkgsrc/devel/gmp/patches/patch-mpz_inp__raw.c       Fri Nov 26 12:23:08 2021
@@ -0,0 +1,20 @@
+$NetBSD: patch-mpz_inp__raw.c,v 1.1 2021/11/26 12:23:08 wiz Exp $
+
+Fix for CVE-2021-43618
+https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
+
+--- mpz/inp_raw.c.orig 2020-11-14 18:45:09.000000000 +0000
++++ mpz/inp_raw.c
+@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp)
+ 
+   abs_csize = ABS (csize);
+ 
++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++    return 0; /* Bit size overflows */
++
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+     {

Prev by Date: CVS commit: pkgsrc/editors/vim-share
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/editors/vim-share
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index