From 749f35f705a0737a7e14dba62a58213399e353c5480a9a04529d477612232f98 Mon Sep 17 00:00:00 2001 From: Richard Biener Date: Tue, 16 Nov 2021 07:39:19 +0000 Subject: [PATCH 1/2] - Add gmp-6.2.1-CVE-2021-43618.diff to fix buffer overflow on malformed input to mpz_inp_raw. [bsc#1192717, CVE-2021-43618] OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/gmp?expand=0&rev=91 --- gmp-6.2.1-CVE-2021-43618.patch | 25 +++++++++++++++++++++++++ gmp.changes | 6 ++++++ gmp.spec | 2 ++ 3 files changed, 33 insertions(+) create mode 100644 gmp-6.2.1-CVE-2021-43618.patch diff --git a/gmp-6.2.1-CVE-2021-43618.patch b/gmp-6.2.1-CVE-2021-43618.patch new file mode 100644 index 0000000..3ac255c --- /dev/null +++ b/gmp-6.2.1-CVE-2021-43618.patch @@ -0,0 +1,25 @@ + +# HG changeset patch +# User Marco Bodrato +# Date 1634836009 -7200 +# Node ID 561a9c25298e17bb01896801ff353546c6923dbd +# Parent e1fd9db13b475209a864577237ea4b9105b3e96e +mpz/inp_raw.c: Avoid bit size overflows + +diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c +--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100 ++++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200 +@@ -88,8 +88,11 @@ + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++ return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { + diff --git a/gmp.changes b/gmp.changes index 067857e..7bfd6b4 100644 --- a/gmp.changes +++ b/gmp.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Nov 16 07:33:41 UTC 2021 - Richard Biener + +- Add gmp-6.2.1-CVE-2021-43618.diff to fix buffer overflow on + malformed input to mpz_inp_raw. [bsc#1192717, CVE-2021-43618] + ------------------------------------------------------------------- Tue Apr 20 12:59:35 UTC 2021 - Richard Biener diff --git a/gmp.spec b/gmp.spec index 1ba8211..1d96997 100644 --- a/gmp.spec +++ b/gmp.spec @@ -30,6 +30,7 @@ Source2: %{name}.keyring Source3: baselibs.conf # revert change causing bsc#1179751 Patch1: gmp-6.2.1-arm64-invert_limb.patch +Patch2: gmp-6.2.1-CVE-2021-43618.patch BuildRequires: fipscheck BuildRequires: gcc-c++ BuildRequires: m4 @@ -78,6 +79,7 @@ huge numbers (integer and floating point). %prep %setup -q %patch1 +%patch2 -p1 %build export CFLAGS="%{optflags} -fexceptions" From 895c8325a13b04eb347bebe56fcbb8f8e052219298ca292aa88e33d1f0ac69cb Mon Sep 17 00:00:00 2001 From: Richard Biener Date: Tue, 16 Nov 2021 07:44:18 +0000 Subject: [PATCH 2/2] - Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/gmp?expand=0&rev=92 --- gmp.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gmp.changes b/gmp.changes index 7bfd6b4..6d74eb3 100644 --- a/gmp.changes +++ b/gmp.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Tue Nov 16 07:33:41 UTC 2021 - Richard Biener -- Add gmp-6.2.1-CVE-2021-43618.diff to fix buffer overflow on +- Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on malformed input to mpz_inp_raw. [bsc#1192717, CVE-2021-43618] -------------------------------------------------------------------