diff options
| author | tm <tm@pkgsrc.org> | 2021-11-27 21:43:55 +0000 |
|---|---|---|
| committer | tm <tm@pkgsrc.org> | 2021-11-27 21:43:55 +0000 |
| commit | 6469f99fac6ed36c2523de08c9892dad18cdee40 (patch) | |
| tree | febbba77bf8b94bd60ad425aa8e5611d842e38ce | |
| parent | 3694045f6475a430001f0c5e7393abf15044c55b (diff) | |
| download | pkgsrc-6469f99fac6ed36c2523de08c9892dad18cdee40.tar.gz | |
Pullup ticket #6544 - requested by wiz
devel/gmp: security fix
Revisions pulled up:
- devel/gmp/Makefile 1.89
- devel/gmp/distinfo 1.59
- devel/gmp/patches/patch-mpz_inp__raw.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Nov 26 12:23:09 UTC 2021
Modified Files:
pkgsrc/devel/gmp: Makefile distinfo
Added Files:
pkgsrc/devel/gmp/patches: patch-mpz_inp__raw.c
Log Message:
gmp: fix CVE-2021-43618 using upstream patch
Bump PKGREVISION.
| -rw-r--r-- | devel/gmp/Makefile | 3 | ||||
| -rw-r--r-- | devel/gmp/distinfo | 3 | ||||
| -rw-r--r-- | devel/gmp/patches/patch-mpz_inp__raw.c | 20 |
3 files changed, 24 insertions, 2 deletions
diff --git a/devel/gmp/Makefile b/devel/gmp/Makefile index 3e85c1da24a..9af0dcbf437 100644 --- a/devel/gmp/Makefile +++ b/devel/gmp/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.88 2020/11/16 13:12:41 wiz Exp $ +# $NetBSD: Makefile,v 1.88.8.1 2021/11/27 21:43:55 tm Exp $ DISTNAME= gmp-6.2.1 +PKGREVISION= 1 CATEGORIES= devel math MASTER_SITES= https://gmplib.org/download/gmp/ MASTER_SITES+= ${MASTER_SITE_GNU:=gmp/} diff --git a/devel/gmp/distinfo b/devel/gmp/distinfo index bbe05853694..7c27fc75209 100644 --- a/devel/gmp/distinfo +++ b/devel/gmp/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.56 2020/11/16 13:12:41 wiz Exp $ +$NetBSD: distinfo,v 1.56.8.1 2021/11/27 21:43:55 tm Exp $ SHA1 (gmp-6.2.1.tar.bz2) = 2dcf34d4a432dbe6cce1475a835d20fe44f75822 RMD160 (gmp-6.2.1.tar.bz2) = 2a4204453eb608bec6bb647ff5a0c47ca4d43878 SHA512 (gmp-6.2.1.tar.bz2) = 8904334a3bcc5c896ececabc75cda9dec642e401fb5397c4992c4fabea5e962c9ce8bd44e8e4233c34e55c8010cc28db0545f5f750cbdbb5f00af538dc763be9 Size (gmp-6.2.1.tar.bz2) = 2493916 bytes SHA1 (patch-acinclude.m4) = 3f76c0aa8d29ec815a93448f9c4bc976ebdf7a2a +SHA1 (patch-mpz_inp__raw.c) = d25995039d4c7226b5209cb932c13fe59a4578ca diff --git a/devel/gmp/patches/patch-mpz_inp__raw.c b/devel/gmp/patches/patch-mpz_inp__raw.c new file mode 100644 index 00000000000..5af0b23a66f --- /dev/null +++ b/devel/gmp/patches/patch-mpz_inp__raw.c @@ -0,0 +1,20 @@ +$NetBSD: patch-mpz_inp__raw.c,v 1.1.2.2 2021/11/27 21:43:55 tm Exp $ + +Fix for CVE-2021-43618 +https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e + +--- mpz/inp_raw.c.orig 2020-11-14 18:45:09.000000000 +0000 ++++ mpz/inp_raw.c +@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp) + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++ return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { |