From 0063cae2f0e77ed484636c29cbee9425b694933d4c0ec1a6fa4877bf43c5ac53 Mon Sep 17 00:00:00 2001
From: Richard Biener <rguenther@suse.com>
Date: Thu, 8 Jan 2015 10:25:44 +0000
Subject: [PATCH] - Add mpfr-3.1.2-patch11.diff to fix possible buffer overflow
 in   mpfr_strtofr (CVE-2014-9474).  [bnc#911812]

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/mpfr?expand=0&rev=26
---
 mpfr-3.1.2-patch11.diff | 17 +++++++++++++++++
 mpfr.changes            |  6 ++++++
 mpfr.spec               |  4 +++-
 3 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 mpfr-3.1.2-patch11.diff

diff --git a/mpfr-3.1.2-patch11.diff b/mpfr-3.1.2-patch11.diff
new file mode 100644
index 0000000..541e22d
--- /dev/null
+++ b/mpfr-3.1.2-patch11.diff
@@ -0,0 +1,17 @@
+diff -Naurd mpfr-3.1.2-a/src/strtofr.c mpfr-3.1.2-b/src/strtofr.c
+--- mpfr-3.1.2-a/src/strtofr.c	2013-03-13 15:37:32.000000000 +0000
++++ mpfr-3.1.2-b/src/strtofr.c	2014-12-04 01:41:57.287791246 +0000
+@@ -473,8 +473,10 @@
+       /* prec bits corresponds to ysize limbs */
+       ysize_bits = ysize * GMP_NUMB_BITS;
+       /* and to ysize_bits >= prec > MPFR_PREC (x) bits */
+-      y = MPFR_TMP_LIMBS_ALLOC (2 * ysize + 1);
+-      y += ysize; /* y has (ysize+1) allocated limbs */
++      /* we need to allocate one more limb to work around bug
++         https://gmplib.org/list-archives/gmp-bugs/2013-December/003267.html */
++      y = MPFR_TMP_LIMBS_ALLOC (2 * ysize + 2);
++      y += ysize; /* y has (ysize+2) allocated limbs */
+ 
+       /* pstr_size is the number of characters we read in pstr->mant
+          to have at least ysize full limbs.
+
diff --git a/mpfr.changes b/mpfr.changes
index fe5d3d9..7c5e661 100644
--- a/mpfr.changes
+++ b/mpfr.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jan  8 09:55:31 UTC 2015 - rguenther@suse.com
+
+- Add mpfr-3.1.2-patch11.diff to fix possible buffer overflow in
+  mpfr_strtofr (CVE-2014-9474).  [bnc#911812]
+
 -------------------------------------------------------------------
 Tue Apr 16 10:24:10 UTC 2013 - idonmez@suse.com
 
diff --git a/mpfr.spec b/mpfr.spec
index d739ca1..054d279 100644
--- a/mpfr.spec
+++ b/mpfr.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package mpfr
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,6 +26,7 @@ Group:          Development/Libraries/C and C++
 Url:            http://www.mpfr.org/
 Source:         http://www.mpfr.org/mpfr-%{version}/mpfr-%{version}.tar.bz2
 Source2:        baselibs.conf
+Patch1:         mpfr-3.1.2-patch11.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -67,6 +68,7 @@ based on the GMP multiple-precision library.
 
 %prep
 %setup -q
+%patch1 -p1
 
 %build
 %configure \