pool/mpfr
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 280281 from devel:libraries:c_c++

Browse Source 
- Add mpfr-3.1.2-patch11.diff to fix possible buffer overflow in
  mpfr_strtofr (CVE-2014-9474).  [bnc#911812]

OBS-URL: https://build.opensuse.org/request/show/280281
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mpfr?expand=0&rev=36
This commit is contained in:
Dominique Leuenberger 2015-01-10 22:04:52 +00:00 committed by Git OBS Bridge
commit 80c03d2d6a
3 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
mpfr-3.1.2-patch11.diff Normal file
View File

@ -0,0 +1,17 @@
diff -Naurd mpfr-3.1.2-a/src/strtofr.c mpfr-3.1.2-b/src/strtofr.c
--- mpfr-3.1.2-a/src/strtofr.c 2013-03-13 15:37:32.000000000 +0000
+++ mpfr-3.1.2-b/src/strtofr.c 2014-12-04 01:41:57.287791246 +0000
@@ -473,8 +473,10 @@
/* prec bits corresponds to ysize limbs */
ysize_bits = ysize * GMP_NUMB_BITS;
/* and to ysize_bits >= prec > MPFR_PREC (x) bits */
- y = MPFR_TMP_LIMBS_ALLOC (2 * ysize + 1);
- y += ysize; /* y has (ysize+1) allocated limbs */
+ /* we need to allocate one more limb to work around bug
+ https://gmplib.org/list-archives/gmp-bugs/2013-December/003267.html */
+ y = MPFR_TMP_LIMBS_ALLOC (2 * ysize + 2);
+ y += ysize; /* y has (ysize+2) allocated limbs */
/* pstr_size is the number of characters we read in pstr->mant
to have at least ysize full limbs.

6
mpfr.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Jan 8 09:55:31 UTC 2015 - rguenther@suse.com
- Add mpfr-3.1.2-patch11.diff to fix possible buffer overflow in
mpfr_strtofr (CVE-2014-9474). [bnc#911812]
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Apr 16 10:24:10 UTC 2013 - idonmez@suse.com Tue Apr 16 10:24:10 UTC 2013 - idonmez@suse.com

4
mpfr.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package mpfr # spec file for package mpfr
# #
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -26,6 +26,7 @@ Group: Development/Libraries/C and C++
Url: http://www.mpfr.org/ Url: http://www.mpfr.org/
Source: http://www.mpfr.org/mpfr-%{version}/mpfr-%{version}.tar.bz2 Source: http://www.mpfr.org/mpfr-%{version}/mpfr-%{version}.tar.bz2
Source2: baselibs.conf Source2: baselibs.conf
Patch1: mpfr-3.1.2-patch11.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
@ -67,6 +68,7 @@ based on the GMP multiple-precision library.
%prep %prep
%setup -q %setup -q
%patch1 -p1
%build %build
%configure \ %configure \