diff --git a/backport-CVE-2023-36328-Fix-possible-integer-overflow.patch b/backport-CVE-2023-36328-Fix-possible-integer-overflow.patch deleted file mode 100644 index 4a25f67..0000000 --- a/backport-CVE-2023-36328-Fix-possible-integer-overflow.patch +++ /dev/null @@ -1,140 +0,0 @@ -From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001 -From: czurnieden -Date: Tue, 9 May 2023 17:17:12 +0200 -Subject: [PATCH] Fix possible integer overflow - ---- - bn_mp_2expt.c | 4 ++++ - bn_mp_grow.c | 4 ++++ - bn_mp_init_size.c | 5 +++++ - bn_mp_mul_2d.c | 4 ++++ - bn_s_mp_mul_digs.c | 4 ++++ - bn_s_mp_mul_digs_fast.c | 4 ++++ - bn_s_mp_mul_high_digs.c | 4 ++++ - bn_s_mp_mul_high_digs_fast.c | 4 ++++ - 8 files changed, 33 insertions(+) - -diff --git a/bn_mp_2expt.c b/bn_mp_2expt.c -index 0ae3df1..23de0c3 100644 ---- a/bn_mp_2expt.c -+++ b/bn_mp_2expt.c -@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b) - { - mp_err err; - -+ if (b < 0) { -+ return MP_VAL; -+ } -+ - /* zero a as per default */ - mp_zero(a); - -diff --git a/bn_mp_grow.c b/bn_mp_grow.c -index 9e904c5..2b16826 100644 ---- a/bn_mp_grow.c -+++ b/bn_mp_grow.c -@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size) - int i; - mp_digit *tmp; - -+ if (size < 0) { -+ return MP_VAL; -+ } -+ - /* if the alloc size is smaller alloc more ram */ - if (a->alloc < size) { - /* reallocate the array a->dp -diff --git a/bn_mp_init_size.c b/bn_mp_init_size.c -index d622687..9957383 100644 ---- a/bn_mp_init_size.c -+++ b/bn_mp_init_size.c -@@ -6,6 +6,11 @@ - /* init an mp_init for a given size */ - mp_err mp_init_size(mp_int *a, int size) - { -+ -+ if (size < 0) { -+ return MP_VAL; -+ } -+ - size = MP_MAX(MP_MIN_PREC, size); - - /* alloc mem */ -diff --git a/bn_mp_mul_2d.c b/bn_mp_mul_2d.c -index 87354de..bfeaf2e 100644 ---- a/bn_mp_mul_2d.c -+++ b/bn_mp_mul_2d.c -@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c) - mp_digit d; - mp_err err; - -+ if (b < 0) { -+ return MP_VAL; -+ } -+ - /* copy */ - if (a != c) { - if ((err = mp_copy(a, c)) != MP_OKAY) { -diff --git a/bn_s_mp_mul_digs.c b/bn_s_mp_mul_digs.c -index 64509d4..3682b49 100644 ---- a/bn_s_mp_mul_digs.c -+++ b/bn_s_mp_mul_digs.c -@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs) - mp_word r; - mp_digit tmpx, *tmpt, *tmpy; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* can we use the fast multiplier? */ - if ((digs < MP_WARRAY) && - (MP_MIN(a->used, b->used) < MP_MAXFAST)) { -diff --git a/bn_s_mp_mul_digs_fast.c b/bn_s_mp_mul_digs_fast.c -index b2a287b..3c4176a 100644 ---- a/bn_s_mp_mul_digs_fast.c -+++ b/bn_s_mp_mul_digs_fast.c -@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int digs) - mp_digit W[MP_WARRAY]; - mp_word _W; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* grow the destination as required */ - if (c->alloc < digs) { - if ((err = mp_grow(c, digs)) != MP_OKAY) { -diff --git a/bn_s_mp_mul_high_digs.c b/bn_s_mp_mul_high_digs.c -index 2bb2a50..c9dd355 100644 ---- a/bn_s_mp_mul_high_digs.c -+++ b/bn_s_mp_mul_high_digs.c -@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs) - mp_word r; - mp_digit tmpx, *tmpt, *tmpy; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* can we use the fast multiplier? */ - if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST) - && ((a->used + b->used + 1) < MP_WARRAY) -diff --git a/bn_s_mp_mul_high_digs_fast.c b/bn_s_mp_mul_high_digs_fast.c -index a2c4fb6..4ce7f59 100644 ---- a/bn_s_mp_mul_high_digs_fast.c -+++ b/bn_s_mp_mul_high_digs_fast.c -@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int - mp_digit W[MP_WARRAY]; - mp_word _W; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* grow the destination as required */ - pa = a->used + b->used; - if (c->alloc < pa) { --- -2.27.0 - diff --git a/libtommath-1.2.0.tar.gz b/libtommath-1.2.0.tar.gz deleted file mode 100644 index 9185bf5..0000000 Binary files a/libtommath-1.2.0.tar.gz and /dev/null differ diff --git a/libtommath-1.2.1.tar.gz b/libtommath-1.2.1.tar.gz new file mode 100644 index 0000000..8219248 Binary files /dev/null and b/libtommath-1.2.1.tar.gz differ diff --git a/libtommath.spec b/libtommath.spec index 9ff3f14..de40b92 100644 --- a/libtommath.spec +++ b/libtommath.spec @@ -1,14 +1,12 @@ Name: libtommath -Version: 1.2.0 -Release: 4 +Version: 1.2.1 +Release: 1 Summary: A portable number theoretic multiple-precision integer library. License: Public Domain URL: http://www.libtom.net/ Source0: https://github.com/libtom/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz -Patch0: backport-CVE-2023-36328-Fix-possible-integer-overflow.patch - BuildRequires: ghostscript libtiff-tools libtool texlive-dvips-bin ghostscript-tools-dvipdf BuildRequires: texlive-latex-bin-bin texlive-makeindex-bin texlive-mfware-bin TeXamator BuildRequires: tex(cmr10.tfm) tex(fancyhdr.sty) tex(hyphen.tex) texlive-metafont-bin @@ -75,6 +73,9 @@ rm -f demo/*.o %doc doc/bn.pdf %changelog +* Fri Dec 15 2023 fuanan - 1.2.1-1 +- update version to 1.2.1 + * Mon Sep 04 2023 fuanan - 1.2.0-4 - Fix CVE-2023-36328