!22 [sync] PR-18: Fix CVE-2024-50610

From: @openeuler-sync-bot Reviewed-by: @starlet-dx Signed-off-by: @starlet-dx
2024-11-04 01:26:05 +00:00 · 2024-11-04 01:26:05 +00:00 · 8caea409bb
commit 8caea409bb
parent 65512f39a8 bd0bb22216
2 changed files with 31 additions and 1 deletions
--- a/backport-CVE-2024-50610.patch
+++ b/backport-CVE-2024-50610.patch
@ -0,0 +1,25 @@
 From 82bc5c00cfe4d1e2f4386e0760dd9ad26cfa4831 Mon Sep 17 00:00:00 2001
 From: Dirk Eddelbuettel <edd@debian.org>
 Date: Mon, 28 Oct 2024 18:33:15 -0500
 Subject: [PATCH] releasing package gsl version 2.8+dfsg-4
 ---
 siman/siman.c | 3 +++
 1 file changed, 3 insertions(+)
 diff --git a/siman/siman.c b/siman/siman.c
 index 65b9177..5e8d75d 100644
 --- a/siman/siman.c
 +++ b/siman/siman.c
@@ -197,6 +197,9 @@ gsl_siman_solve_many (const gsl_rng * r, void *x0_p, gsl_siman_Efunc_t Ef,
   double u;                     /* throw the die to choose a new "x" */
   int n_iter;
 +  /* this function requires that n_tries be positive */
 +  assert(params.n_tries > 0);
 +
   if (print_position) {
     printf ("#-iter    temperature       position");
     printf ("         delta_pos        energy\n");
 -- 
 2.33.0
--- a/gsl.spec
+++ b/gsl.spec
@ -1,12 +1,14 @@
 Name: gsl
 Version: 2.7
-Release: 2
+Release: 3
 Summary: The GNU Scientific Library for numerical analysis
 URL: http://www.gnu.org/software/gsl/
 License: GPLv3 and GFDL-1.3-or-later and BSD
 Source: ftp://ftp.gnu.org/gnu/gsl/%{name}-%{version}.tar.gz
 Patch0: gsl-test.patch
 # backport patch from Debian
 Patch1: backport-CVE-2024-50610.patch
 BuildRequires: gcc pkgconfig
 BuildRequires: chrpath
@ -94,6 +96,9 @@ fi
 %{_mandir}/man3/*.3*
 %changelog
 * Fri Nov 1 2024 liningjie <liningjie@xfusion.com> - 2.7-3
 - Fix CVE-2024-50610
 * Tue Aug 20 2024 yaoxin <yao_xin001@hoperun.com> - 2.7-2
 - Remove rpath