gmp: fix CVE-2021-43618 using upstream patch Bump PKGREVISION.diff -r1.88 -r1.89 pkgsrc/devel/gmp/Makefile
(wiz)
@@ -1,16 +1,17 @@ | @@ -1,16 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.88 2020/11/16 13:12:41 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.89 2021/11/26 12:23:08 wiz Exp $ | |
2 | 2 | |||
3 | DISTNAME= gmp-6.2.1 | 3 | DISTNAME= gmp-6.2.1 | |
4 | PKGREVISION= 1 | |||
4 | CATEGORIES= devel math | 5 | CATEGORIES= devel math | |
5 | MASTER_SITES= https://gmplib.org/download/gmp/ | 6 | MASTER_SITES= https://gmplib.org/download/gmp/ | |
6 | MASTER_SITES+= ${MASTER_SITE_GNU:=gmp/} | 7 | MASTER_SITES+= ${MASTER_SITE_GNU:=gmp/} | |
7 | # Use .tar.bz2 distfile so that no extra dependency on archivers/xz | 8 | # Use .tar.bz2 distfile so that no extra dependency on archivers/xz | |
8 | # is needed when building lang/gcc* with option gcc-inplace-math. | 9 | # is needed when building lang/gcc* with option gcc-inplace-math. | |
9 | EXTRACT_SUFX= .tar.bz2 | 10 | EXTRACT_SUFX= .tar.bz2 | |
10 | 11 | |||
11 | MAINTAINER= pkgsrc-users@NetBSD.org | 12 | MAINTAINER= pkgsrc-users@NetBSD.org | |
12 | HOMEPAGE= https://gmplib.org/ | 13 | HOMEPAGE= https://gmplib.org/ | |
13 | COMMENT= Library for arbitrary precision arithmetic | 14 | COMMENT= Library for arbitrary precision arithmetic | |
14 | LICENSE= gnu-lgpl-v3 OR gnu-gpl-v2 | 15 | LICENSE= gnu-lgpl-v3 OR gnu-gpl-v2 | |
15 | 16 | |||
16 | USE_LANGUAGES= c c++ c99 | 17 | USE_LANGUAGES= c c++ c99 |
@@ -1,6 +1,7 @@ | @@ -1,6 +1,7 @@ | |||
1 | $NetBSD: distinfo,v 1.58 2021/10/26 10:14:43 nia Exp $ | 1 | $NetBSD: distinfo,v 1.59 2021/11/26 12:23:08 wiz Exp $ | |
2 | 2 | |||
3 | BLAKE2s (gmp-6.2.1.tar.bz2) = 4125e2992b9aa28eea69ada6030b34a0e293ca80140c3c069f4fcbd38055d6ee | 3 | BLAKE2s (gmp-6.2.1.tar.bz2) = 4125e2992b9aa28eea69ada6030b34a0e293ca80140c3c069f4fcbd38055d6ee | |
4 | SHA512 (gmp-6.2.1.tar.bz2) = 8904334a3bcc5c896ececabc75cda9dec642e401fb5397c4992c4fabea5e962c9ce8bd44e8e4233c34e55c8010cc28db0545f5f750cbdbb5f00af538dc763be9 | 4 | SHA512 (gmp-6.2.1.tar.bz2) = 8904334a3bcc5c896ececabc75cda9dec642e401fb5397c4992c4fabea5e962c9ce8bd44e8e4233c34e55c8010cc28db0545f5f750cbdbb5f00af538dc763be9 | |
5 | Size (gmp-6.2.1.tar.bz2) = 2493916 bytes | 5 | Size (gmp-6.2.1.tar.bz2) = 2493916 bytes | |
6 | SHA1 (patch-acinclude.m4) = 3f76c0aa8d29ec815a93448f9c4bc976ebdf7a2a | 6 | SHA1 (patch-acinclude.m4) = 3f76c0aa8d29ec815a93448f9c4bc976ebdf7a2a | |
7 | SHA1 (patch-mpz_inp__raw.c) = d25995039d4c7226b5209cb932c13fe59a4578ca |
$NetBSD: patch-mpz_inp__raw.c,v 1.1 2021/11/26 12:23:08 wiz Exp $
Fix for CVE-2021-43618
https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
--- mpz/inp_raw.c.orig 2020-11-14 18:45:09.000000000 +0000
+++ mpz/inp_raw.c
@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp)
abs_csize = ABS (csize);
+ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
+ return 0; /* Bit size overflows */
+
/* round up to a multiple of limbs */
- abs_xsize = BITS_TO_LIMBS (abs_csize*8);
+ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
if (abs_xsize != 0)
{