commit gmp for openSUSE:Factory

Sat, 20 Nov 2021 13:48:02 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package gmp for openSUSE:Factory checked in 
at 2021-11-20 22:47:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gmp (Old)
 and      /work/SRC/openSUSE:Factory/.gmp.new.1895 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "gmp"

Sat Nov 20 22:47:45 2021 rev:59 rq:931707 version:6.2.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/gmp/gmp.changes  2021-04-23 17:49:36.130688593 
+0200
+++ /work/SRC/openSUSE:Factory/.gmp.new.1895/gmp.changes        2021-11-20 
22:47:46.743912177 +0100
@@ -1,0 +2,6 @@
+Tue Nov 16 07:33:41 UTC 2021 - Richard Biener <rguent...@suse.com>
+
+- Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on
+  malformed input to mpz_inp_raw.  [bsc#1192717, CVE-2021-43618]
+
+-------------------------------------------------------------------

New:
----
  gmp-6.2.1-CVE-2021-43618.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ gmp.spec ++++++
--- /var/tmp/diff_new_pack.PxdLVg/_old  2021-11-20 22:47:47.251910494 +0100
+++ /var/tmp/diff_new_pack.PxdLVg/_new  2021-11-20 22:47:47.251910494 +0100
@@ -30,6 +30,7 @@
 Source3:        baselibs.conf
 # revert change causing bsc#1179751
 Patch1:         gmp-6.2.1-arm64-invert_limb.patch
+Patch2:         gmp-6.2.1-CVE-2021-43618.patch
 BuildRequires:  fipscheck
 BuildRequires:  gcc-c++
 BuildRequires:  m4
@@ -78,6 +79,7 @@
 %prep
 %setup -q
 %patch1
+%patch2 -p1
 
 %build
 export CFLAGS="%{optflags} -fexceptions"

++++++ gmp-6.2.1-CVE-2021-43618.patch ++++++

# HG changeset patch
# User Marco Bodrato <bodr...@mail.dm.unipi.it>
# Date 1634836009 -7200
# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
# Parent  e1fd9db13b475209a864577237ea4b9105b3e96e
mpz/inp_raw.c: Avoid bit size overflows

diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
--- a/mpz/inp_raw.c     Tue Dec 22 23:49:51 2020 +0100
+++ b/mpz/inp_raw.c     Thu Oct 21 19:06:49 2021 +0200
@@ -88,8 +88,11 @@
 
   abs_csize = ABS (csize);
 
+  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
+    return 0; /* Bit size overflows */
+
   /* round up to a multiple of limbs */
-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
+  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
 
   if (abs_xsize != 0)
     {

Reply via email to