diff --git a/0001-CVE-2021-43618.patch b/0001-CVE-2021-43618.patch deleted file mode 100644 index f015ca0..0000000 --- a/0001-CVE-2021-43618.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 561a9c25298e17bb01896801ff353546c6923dbd Mon Sep 17 00:00:00 2001 -From: Marco Bodrato -Date: Thu, 21 Oct 2021 19:06:49 +0200 -Subject: [PATCH] CVE-2021-43618: GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. - -This patch fixes it by avoiding bit size overflows - -CVE-2021-43618 -https://nvd.nist.gov/vuln/detail/CVE-2021-43618 - ---- - mpz/inp_raw.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/mpz/inp_raw.c b/mpz/inp_raw.c -index 378c42b..f88fea9 100644 ---- a/mpz/inp_raw.c -+++ b/mpz/inp_raw.c -@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp) - - abs_csize = ABS (csize); - -+ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) -+ return 0; /* Bit size overflows */ -+ - /* round up to a multiple of limbs */ -- abs_xsize = BITS_TO_LIMBS (abs_csize*8); -+ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); - - if (abs_xsize != 0) - { --- -2.27.0 - diff --git a/gmp-6.2.1.tar.bz2 b/gmp-6.2.1.tar.bz2 deleted file mode 100644 index 3056336..0000000 Binary files a/gmp-6.2.1.tar.bz2 and /dev/null differ diff --git a/gmp-6.3.0.tar.xz b/gmp-6.3.0.tar.xz new file mode 100644 index 0000000..eed1334 Binary files /dev/null and b/gmp-6.3.0.tar.xz differ diff --git a/gmp.spec b/gmp.spec index 39256ad..c921db9 100644 --- a/gmp.spec +++ b/gmp.spec @@ -1,15 +1,13 @@ Name: gmp -Version: 6.2.1 -Release: 3 +Version: 6.3.0 +Release: 1 Epoch: 1 URL: https://gmplib.org -Source0: https://gmplib.org/download/gmp/gmp-%{version}.tar.bz2 +Source0: https://gmplib.org/download/gmp/gmp-%{version}.tar.xz License: LGPLv3 and GPLv2 -BuildRequires: autoconf automake libtool gcc gcc-c++ perl-Carp +BuildRequires: gcc gcc-c++ make m4 Summary: A GNU multiple precision arithmetic library -Patch1 :0001-CVE-2021-43618.patch - %description GMP is a portable library written in C for arbitrary precision arithmetic on integers, rational numbers, and floating-point numbers. It aims to provide @@ -36,7 +34,6 @@ GMP dependent library for C++ applications. %autosetup -p1 %build -autoreconf -ifv if as --help | grep -q execstack; then export CCAS="gcc -c -Wa,--noexecstack" fi @@ -53,11 +50,11 @@ sed -e 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' \ -e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' \ -i libtool export LD_LIBRARY_PATH=`pwd`/.libs -make %{?_smp_mflags} +%make_build %install export LD_LIBRARY_PATH=`pwd`/.libs -make install DESTDIR=$RPM_BUILD_ROOT +%make_install install -m 644 gmp-mparam.h ${RPM_BUILD_ROOT}%{_includedir} rm -f $RPM_BUILD_ROOT%{_infodir}/dir rm -f $RPM_BUILD_ROOT%{_libdir}/lib{gmp,mp,gmpxx}.la @@ -71,13 +68,7 @@ basearch=i386 %check export LD_LIBRARY_PATH=`pwd`/.libs -make %{?_smp_mflags} check - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%post c++ -p /sbin/ldconfig -%postun c++ -p /sbin/ldconfig +%make_build check %files %{!?_licensedir:%global license %%doc} @@ -99,10 +90,13 @@ make %{?_smp_mflags} check %{_libdir}/pkgconfig/gmpxx.pc %changelog -* Tue Dec 7 2021 zhouwenpei - 6.2.1-3 +* Mon Jul 31 2023 Funda Wang - 1:6.3.0-1 +- New version 6.3.0 + +* Tue Dec 7 2021 zhouwenpei - 1:6.2.1-3 - fix CVE-2021-43618 -* Fri Jul 30 2021 chenyanpanHW - 6.2.1-2 +* Fri Jul 30 2021 chenyanpanHW - 1:6.2.1-2 - DESC: delete -S git from %autosetup, and delete BuildRequires git * Sat Jan 30 2021 xinghe - 1:6.2.1-1