From 749f35f705a0737a7e14dba62a58213399e353c5480a9a04529d477612232f98 Mon Sep 17 00:00:00 2001
From: Richard Biener <rguenther@suse.com>
Date: Tue, 16 Nov 2021 07:39:19 +0000
Subject: [PATCH] - Add gmp-6.2.1-CVE-2021-43618.diff to fix buffer overflow on
   malformed input to mpz_inp_raw.  [bsc#1192717, CVE-2021-43618]

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/gmp?expand=0&rev=91
---
 gmp-6.2.1-CVE-2021-43618.patch | 25 +++++++++++++++++++++++++
 gmp.changes                    |  6 ++++++
 gmp.spec                       |  2 ++
 3 files changed, 33 insertions(+)
 create mode 100644 gmp-6.2.1-CVE-2021-43618.patch

diff --git a/gmp-6.2.1-CVE-2021-43618.patch b/gmp-6.2.1-CVE-2021-43618.patch
new file mode 100644
index 0000000..3ac255c
--- /dev/null
+++ b/gmp-6.2.1-CVE-2021-43618.patch
@@ -0,0 +1,25 @@
+
+# HG changeset patch
+# User Marco Bodrato <bodrato@mail.dm.unipi.it>
+# Date 1634836009 -7200
+# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
+# Parent  e1fd9db13b475209a864577237ea4b9105b3e96e
+mpz/inp_raw.c: Avoid bit size overflows
+
+diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
+--- a/mpz/inp_raw.c	Tue Dec 22 23:49:51 2020 +0100
++++ b/mpz/inp_raw.c	Thu Oct 21 19:06:49 2021 +0200
+@@ -88,8 +88,11 @@
+ 
+   abs_csize = ABS (csize);
+ 
++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++    return 0; /* Bit size overflows */
++
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+     {
+
diff --git a/gmp.changes b/gmp.changes
index 067857e..7bfd6b4 100644
--- a/gmp.changes
+++ b/gmp.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Nov 16 07:33:41 UTC 2021 - Richard Biener <rguenther@suse.com>
+
+- Add gmp-6.2.1-CVE-2021-43618.diff to fix buffer overflow on
+  malformed input to mpz_inp_raw.  [bsc#1192717, CVE-2021-43618]
+
 -------------------------------------------------------------------
 Tue Apr 20 12:59:35 UTC 2021 - Richard Biener <rguenther@suse.com>
 
diff --git a/gmp.spec b/gmp.spec
index 1ba8211..1d96997 100644
--- a/gmp.spec
+++ b/gmp.spec
@@ -30,6 +30,7 @@ Source2:        %{name}.keyring
 Source3:        baselibs.conf
 # revert change causing bsc#1179751
 Patch1:         gmp-6.2.1-arm64-invert_limb.patch
+Patch2:         gmp-6.2.1-CVE-2021-43618.patch
 BuildRequires:  fipscheck
 BuildRequires:  gcc-c++
 BuildRequires:  m4
@@ -78,6 +79,7 @@ huge numbers (integer and floating point).
 %prep
 %setup -q
 %patch1
+%patch2 -p1
 
 %build
 export CFLAGS="%{optflags} -fexceptions"