From 0151c5b4e6ea2705d2a52cabe3e6b7f8c23347f818ad4ecb7f889ba8969d0108 Mon Sep 17 00:00:00 2001 From: Richard Biener Date: Fri, 10 Feb 2012 13:49:44 +0000 Subject: [PATCH] - Update to release GMP 5.0.4 * Thresholds in mpn_powm_sec for both fat and non-fat builds are now used safely, plugging a one-word buffer overrun introduced in the 5.0.3 release (for non-fat) and a multi-word buffer overrun that existed since 5.0 (for fat). (We have not been able to provoke malign stack smashing in any of the ~100 configurations explored by the GMP nightly builds, but the bug should be assumed to be exploitable.) * Two bugs in multiplication code causing incorrect computation with extremely low probability have been fixed. * A bug in the test suite causing buffer overruns during "make check", sometimes leading to subsequent malloc crashes, has been fixed. * Two bugs in the gcd code have been fixed. They could lead to incorrect results, but for uniformly distributed random operands, the likelihood for that is infinitesimally small. (There was also a third bug, but that was an incorrect ASSERT, which furthermore was not enabled by default.) * A bug affecting 32-bit PowerPC division has been fixed. The bug caused miscomputation for certain divisors in the range 2^32 ... 2^64-1 (about 1 in 2^30 of these). OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/gmp?expand=0&rev=26 --- gmp-5.0.3.tar.bz2 | 3 --- gmp-5.0.4.tar.bz2 | 3 +++ gmp.changes | 22 ++++++++++++++++++++++ gmp.spec | 3 ++- 4 files changed, 27 insertions(+), 4 deletions(-) delete mode 100644 gmp-5.0.3.tar.bz2 create mode 100644 gmp-5.0.4.tar.bz2 diff --git a/gmp-5.0.3.tar.bz2 b/gmp-5.0.3.tar.bz2 deleted file mode 100644 index b318487..0000000 --- a/gmp-5.0.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dcafe9989c7f332b373e1f766af8e9cd790fc802fdec422a1910a6ef783480e3 -size 2010173 diff --git a/gmp-5.0.4.tar.bz2 b/gmp-5.0.4.tar.bz2 new file mode 100644 index 0000000..b7daced --- /dev/null +++ b/gmp-5.0.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:35d4aade3e4bdf0915c944599b10d23f108ffedf6c3188aeec52221c5cf9a06f +size 2031540 diff --git a/gmp.changes b/gmp.changes index 0fb59fe..bf79f64 100644 --- a/gmp.changes +++ b/gmp.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Fri Feb 10 13:48:16 UTC 2012 - rguenther@suse.com + +- Update to release GMP 5.0.4 + * Thresholds in mpn_powm_sec for both fat and non-fat builds are now used + safely, plugging a one-word buffer overrun introduced in the 5.0.3 release + (for non-fat) and a multi-word buffer overrun that existed since 5.0 (for + fat). (We have not been able to provoke malign stack smashing in any of + the ~100 configurations explored by the GMP nightly builds, but the bug + should be assumed to be exploitable.) + * Two bugs in multiplication code causing incorrect computation with + extremely low probability have been fixed. + * A bug in the test suite causing buffer overruns during "make check", + sometimes leading to subsequent malloc crashes, has been fixed. + * Two bugs in the gcd code have been fixed. They could lead to incorrect + results, but for uniformly distributed random operands, the likelihood for + that is infinitesimally small. (There was also a third bug, but that was + an incorrect ASSERT, which furthermore was not enabled by default.) + * A bug affecting 32-bit PowerPC division has been fixed. The bug caused + miscomputation for certain divisors in the range 2^32 ... 2^64-1 (about 1 + in 2^30 of these). + ------------------------------------------------------------------- Sat Feb 4 17:20:28 UTC 2012 - jengelh@medozas.de diff --git a/gmp.spec b/gmp.spec index f567f5c..4aa0bdd 100644 --- a/gmp.spec +++ b/gmp.spec @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: gmp BuildRequires: gcc-c++ # bug437293 @@ -22,7 +23,7 @@ BuildRequires: gcc-c++ Obsoletes: gmp-64bit %endif # -Version: 5.0.3 +Version: 5.0.4 Release: 0 Summary: The GNU MP Library License: GPL-3.0+ ; LGPL-3.0+