[pkgsrc/pkgsrc-2021Q3]: pkgsrc/devel/gmp Pullup ticket #6544 - requested by wiz

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2021Q3]: pkgsrc/devel/gmp Pullup ticket #6544 - requested by wiz
From: tm <tm%pkgsrc.org@localhost>
Date: Sat, 27 Nov 2021 23:31:43 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/024c6c961a8c
branches:  pkgsrc-2021Q3
changeset: 770214:024c6c961a8c
user:      tm <tm%pkgsrc.org@localhost>
date:      Sat Nov 27 21:43:55 2021 +0000

description:
Pullup ticket #6544 - requested by wiz
devel/gmp: security fix

Revisions pulled up:
- devel/gmp/Makefile                                            1.89
- devel/gmp/distinfo                                            1.59
- devel/gmp/patches/patch-mpz_inp__raw.c                        1.1

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Fri Nov 26 12:23:09 UTC 2021

   Modified Files:
        pkgsrc/devel/gmp: Makefile distinfo
   Added Files:
        pkgsrc/devel/gmp/patches: patch-mpz_inp__raw.c

   Log Message:
   gmp: fix CVE-2021-43618 using upstream patch

   Bump PKGREVISION.

diffstat:

 devel/gmp/Makefile                     |   3 ++-
 devel/gmp/distinfo                     |   3 ++-
 devel/gmp/patches/patch-mpz_inp__raw.c |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diffs (49 lines):

diff -r 4a8296cd38e6 -r 024c6c961a8c devel/gmp/Makefile
--- a/devel/gmp/Makefile        Wed Nov 24 19:55:37 2021 +0000
+++ b/devel/gmp/Makefile        Sat Nov 27 21:43:55 2021 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.88 2020/11/16 13:12:41 wiz Exp $
+# $NetBSD: Makefile,v 1.88.8.1 2021/11/27 21:43:55 tm Exp $
 
 DISTNAME=      gmp-6.2.1
+PKGREVISION=   1
 CATEGORIES=    devel math
 MASTER_SITES=  https://gmplib.org/download/gmp/
 MASTER_SITES+= ${MASTER_SITE_GNU:=gmp/}
diff -r 4a8296cd38e6 -r 024c6c961a8c devel/gmp/distinfo
--- a/devel/gmp/distinfo        Wed Nov 24 19:55:37 2021 +0000
+++ b/devel/gmp/distinfo        Sat Nov 27 21:43:55 2021 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.56 2020/11/16 13:12:41 wiz Exp $
+$NetBSD: distinfo,v 1.56.8.1 2021/11/27 21:43:55 tm Exp $
 
 SHA1 (gmp-6.2.1.tar.bz2) = 2dcf34d4a432dbe6cce1475a835d20fe44f75822
 RMD160 (gmp-6.2.1.tar.bz2) = 2a4204453eb608bec6bb647ff5a0c47ca4d43878
 SHA512 (gmp-6.2.1.tar.bz2) = 8904334a3bcc5c896ececabc75cda9dec642e401fb5397c4992c4fabea5e962c9ce8bd44e8e4233c34e55c8010cc28db0545f5f750cbdbb5f00af538dc763be9
 Size (gmp-6.2.1.tar.bz2) = 2493916 bytes
 SHA1 (patch-acinclude.m4) = 3f76c0aa8d29ec815a93448f9c4bc976ebdf7a2a
+SHA1 (patch-mpz_inp__raw.c) = d25995039d4c7226b5209cb932c13fe59a4578ca
diff -r 4a8296cd38e6 -r 024c6c961a8c devel/gmp/patches/patch-mpz_inp__raw.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/gmp/patches/patch-mpz_inp__raw.c    Sat Nov 27 21:43:55 2021 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-mpz_inp__raw.c,v 1.1.2.2 2021/11/27 21:43:55 tm Exp $
+
+Fix for CVE-2021-43618
+https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
+
+--- mpz/inp_raw.c.orig 2020-11-14 18:45:09.000000000 +0000
++++ mpz/inp_raw.c
+@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp)
+ 
+   abs_csize = ABS (csize);
+ 
++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++    return 0; /* Bit size overflows */
++
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+     {

Prev by Date: [pkgsrc/trunk]: pkgsrc/devel/py-libusb1 py-libusb1: fix build with latest set...
Next by Date: [pkgsrc/pkgsrc-2021Q3]: pkgsrc/doc doc: Pullup ticket #6544
Previous by Thread: [pkgsrc/trunk]: pkgsrc/devel/py-libusb1 py-libusb1: fix build with latest set...
Next by Thread: [pkgsrc/pkgsrc-2021Q3]: pkgsrc/doc doc: Pullup ticket #6544
Indexes:

Home | Main Index | Thread Index | Old Index