pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2021Q3]: pkgsrc/devel/gmp Pullup ticket #6544 - requested by wiz
details: https://anonhg.NetBSD.org/pkgsrc/rev/024c6c961a8c
branches: pkgsrc-2021Q3
changeset: 770214:024c6c961a8c
user: tm <tm%pkgsrc.org@localhost>
date: Sat Nov 27 21:43:55 2021 +0000
description:
Pullup ticket #6544 - requested by wiz
devel/gmp: security fix
Revisions pulled up:
- devel/gmp/Makefile 1.89
- devel/gmp/distinfo 1.59
- devel/gmp/patches/patch-mpz_inp__raw.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Nov 26 12:23:09 UTC 2021
Modified Files:
pkgsrc/devel/gmp: Makefile distinfo
Added Files:
pkgsrc/devel/gmp/patches: patch-mpz_inp__raw.c
Log Message:
gmp: fix CVE-2021-43618 using upstream patch
Bump PKGREVISION.
diffstat:
devel/gmp/Makefile | 3 ++-
devel/gmp/distinfo | 3 ++-
devel/gmp/patches/patch-mpz_inp__raw.c | 20 ++++++++++++++++++++
3 files changed, 24 insertions(+), 2 deletions(-)
diffs (49 lines):
diff -r 4a8296cd38e6 -r 024c6c961a8c devel/gmp/Makefile
--- a/devel/gmp/Makefile Wed Nov 24 19:55:37 2021 +0000
+++ b/devel/gmp/Makefile Sat Nov 27 21:43:55 2021 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.88 2020/11/16 13:12:41 wiz Exp $
+# $NetBSD: Makefile,v 1.88.8.1 2021/11/27 21:43:55 tm Exp $
DISTNAME= gmp-6.2.1
+PKGREVISION= 1
CATEGORIES= devel math
MASTER_SITES= https://gmplib.org/download/gmp/
MASTER_SITES+= ${MASTER_SITE_GNU:=gmp/}
diff -r 4a8296cd38e6 -r 024c6c961a8c devel/gmp/distinfo
--- a/devel/gmp/distinfo Wed Nov 24 19:55:37 2021 +0000
+++ b/devel/gmp/distinfo Sat Nov 27 21:43:55 2021 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.56 2020/11/16 13:12:41 wiz Exp $
+$NetBSD: distinfo,v 1.56.8.1 2021/11/27 21:43:55 tm Exp $
SHA1 (gmp-6.2.1.tar.bz2) = 2dcf34d4a432dbe6cce1475a835d20fe44f75822
RMD160 (gmp-6.2.1.tar.bz2) = 2a4204453eb608bec6bb647ff5a0c47ca4d43878
SHA512 (gmp-6.2.1.tar.bz2) = 8904334a3bcc5c896ececabc75cda9dec642e401fb5397c4992c4fabea5e962c9ce8bd44e8e4233c34e55c8010cc28db0545f5f750cbdbb5f00af538dc763be9
Size (gmp-6.2.1.tar.bz2) = 2493916 bytes
SHA1 (patch-acinclude.m4) = 3f76c0aa8d29ec815a93448f9c4bc976ebdf7a2a
+SHA1 (patch-mpz_inp__raw.c) = d25995039d4c7226b5209cb932c13fe59a4578ca
diff -r 4a8296cd38e6 -r 024c6c961a8c devel/gmp/patches/patch-mpz_inp__raw.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/gmp/patches/patch-mpz_inp__raw.c Sat Nov 27 21:43:55 2021 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-mpz_inp__raw.c,v 1.1.2.2 2021/11/27 21:43:55 tm Exp $
+
+Fix for CVE-2021-43618
+https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
+
+--- mpz/inp_raw.c.orig 2020-11-14 18:45:09.000000000 +0000
++++ mpz/inp_raw.c
+@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp)
+
+ abs_csize = ABS (csize);
+
++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++ return 0; /* Bit size overflows */
++
+ /* round up to a multiple of limbs */
+- abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+
+ if (abs_xsize != 0)
+ {
Home |
Main Index |
Thread Index |
Old Index