From c620f66df0d6acc16aae222f8b228d20d20d299efce72771308012fc6f72a416 Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Mon, 28 Aug 2023 11:36:19 +0000 Subject: [PATCH] - 989a193268b963aa1047814f7f1402084fb7d859.patch: fix stack out of bounds read in gsl_stats_quantile_from_sorted_data() (bsc#1214681, CVE-2020-353570) OBS-URL: https://build.opensuse.org/package/show/science/gsl?expand=0&rev=43 --- ...193268b963aa1047814f7f1402084fb7d859.patch | 73 +++++++++++++++++++ gsl.changes | 7 ++ gsl.spec | 2 + 3 files changed, 82 insertions(+) create mode 100644 989a193268b963aa1047814f7f1402084fb7d859.patch diff --git a/989a193268b963aa1047814f7f1402084fb7d859.patch b/989a193268b963aa1047814f7f1402084fb7d859.patch new file mode 100644 index 0000000..0d7af71 --- /dev/null +++ b/989a193268b963aa1047814f7f1402084fb7d859.patch @@ -0,0 +1,73 @@ +From 989a193268b963aa1047814f7f1402084fb7d859 Mon Sep 17 00:00:00 2001 +From: Patrick Alken +Date: Sat, 16 Apr 2022 11:56:10 -0600 +Subject: fix for bug #59624 + +--- + NEWS | 2 ++ + statistics/quantiles.c | 1 + + statistics/quantiles_source.c | 35 +++++++++++++++++++++-------------- + 3 files changed, 24 insertions(+), 14 deletions(-) + +diff --git a/statistics/quantiles.c b/statistics/quantiles.c +index 96a3a25..50898d9 100644 +--- a/statistics/quantiles.c ++++ b/statistics/quantiles.c +@@ -1,5 +1,6 @@ + #include + #include ++#include + + #define BASE_LONG_DOUBLE + #include "templates_on.h" +diff --git a/statistics/quantiles_source.c b/statistics/quantiles_source.c +index e2956d9..b2feba4 100644 +--- a/statistics/quantiles_source.c ++++ b/statistics/quantiles_source.c +@@ -24,22 +24,29 @@ FUNCTION(gsl_stats,quantile_from_sorted_data) (const BASE sorted_data[], + const size_t n, + const double f) + { +- const double index = f * (n - 1) ; +- const size_t lhs = (int)index ; +- const double delta = index - lhs ; +- double result; +- +- if (n == 0) +- return 0.0 ; +- +- if (lhs == n - 1) ++ if ((f < 0.0) || (f > 1.0)) + { +- result = sorted_data[lhs * stride] ; ++ GSL_ERROR_VAL ("invalid quantile fraction", GSL_EDOM, 0.0); + } +- else ++ else + { +- result = (1 - delta) * sorted_data[lhs * stride] + delta * sorted_data[(lhs + 1) * stride] ; +- } ++ const double index = f * (n - 1) ; ++ const size_t lhs = (int)index ; ++ const double delta = index - lhs ; ++ double result; + +- return result ; ++ if (n == 0) ++ return 0.0 ; ++ ++ if (lhs == n - 1) ++ { ++ result = sorted_data[lhs * stride] ; ++ } ++ else ++ { ++ result = (1 - delta) * sorted_data[lhs * stride] + delta * sorted_data[(lhs + 1) * stride] ; ++ } ++ ++ return result ; ++ } + } +-- +cgit v1.1 + diff --git a/gsl.changes b/gsl.changes index ea0d67a..a315c67 100644 --- a/gsl.changes +++ b/gsl.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Aug 28 11:27:15 UTC 2023 - Adam Majer + +- 989a193268b963aa1047814f7f1402084fb7d859.patch: fix + stack out of bounds read in gsl_stats_quantile_from_sorted_data() + (bsc#1214681, CVE-2020-353570) + ------------------------------------------------------------------- Fri Feb 3 14:25:46 UTC 2023 - Stefan BrĂ¼ns diff --git a/gsl.spec b/gsl.spec index ce50652..20d503d 100644 --- a/gsl.spec +++ b/gsl.spec @@ -122,6 +122,7 @@ Source1: https://ftp.gnu.org/pub/gnu/%{pname}/%{pname}-%{version}.tar.gz. Source2: https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gsl&download=1#/%{pname}.keyring Patch6: gsl-qawc-test-x86-precision.diff Patch7: gsl-disable-fma.patch +Patch8: 989a193268b963aa1047814f7f1402084fb7d859.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -259,6 +260,7 @@ library packages. %setup -q -n %{pname}-%{version} %patch6 %patch7 -p1 +%patch8 -p1 %build