about summary refs log tree commit diff
path: root/nixpkgs/pkgs/development/libraries/gmp
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2022-02-22 10:43:06 +0000
committerAlyssa Ross <hi@alyssa.is>2022-03-11 16:17:56 +0000
commitca1aada113c0ebda1ab8667199f6453f8e01c4fc (patch)
tree55e402280096f62eb0bc8bcad5ce6050c5a0aec7 /nixpkgs/pkgs/development/libraries/gmp
parente4df5a52a6a6531f32626f57205356a773ac2975 (diff)
parent93883402a445ad467320925a0a5dbe43a949f25b (diff)
downloadnixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar
nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.gz
nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.bz2
nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.lz
nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.xz
nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.zst
nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.zip
Merge commit '93883402a445ad467320925a0a5dbe43a949f25b'
Conflicts:
	nixpkgs/nixos/modules/programs/ssh.nix
	nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix
	nixpkgs/pkgs/data/fonts/noto-fonts/default.nix
	nixpkgs/pkgs/development/go-modules/generic/default.nix
	nixpkgs/pkgs/development/interpreters/ruby/default.nix
	nixpkgs/pkgs/development/libraries/mesa/default.nix
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/gmp')
-rw-r--r--nixpkgs/pkgs/development/libraries/gmp/5.1.3-CVE-2021-43618.patch20
-rw-r--r--nixpkgs/pkgs/development/libraries/gmp/5.1.x.nix6
-rw-r--r--nixpkgs/pkgs/development/libraries/gmp/6.2.1-CVE-2021-43618.patch19
-rw-r--r--nixpkgs/pkgs/development/libraries/gmp/6.x.nix2
4 files changed, 46 insertions, 1 deletions
diff --git a/nixpkgs/pkgs/development/libraries/gmp/5.1.3-CVE-2021-43618.patch b/nixpkgs/pkgs/development/libraries/gmp/5.1.3-CVE-2021-43618.patch
new file mode 100644
index 000000000000..13b9bc5f58cd
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/gmp/5.1.3-CVE-2021-43618.patch
@@ -0,0 +1,20 @@
+Based on https://gmplib.org/repo/gmp-6.2/raw-rev/561a9c25298e,
+adapted for 5.x by ris
+
+diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
+--- a/mpz/inp_raw.c	Tue Dec 22 23:49:51 2020 +0100
++++ b/mpz/inp_raw.c	Thu Oct 21 19:06:49 2021 +0200
+@@ -81,8 +81,11 @@
+ 
+   abs_csize = ABS (csize);
+ 
++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++    return 0; /* Bit size overflows */
++
+   /* round up to a multiple of limbs */
+-  abs_xsize = (abs_csize*8 + GMP_NUMB_BITS-1) / GMP_NUMB_BITS;
++  abs_xsize = ((mp_bitcnt_t)abs_csize*8 + GMP_NUMB_BITS-1) / GMP_NUMB_BITS;
+ 
+   if (abs_xsize != 0)
+     {
+
diff --git a/nixpkgs/pkgs/development/libraries/gmp/5.1.x.nix b/nixpkgs/pkgs/development/libraries/gmp/5.1.x.nix
index aa3704eb0b58..c83a4785ebea 100644
--- a/nixpkgs/pkgs/development/libraries/gmp/5.1.x.nix
+++ b/nixpkgs/pkgs/development/libraries/gmp/5.1.x.nix
@@ -22,7 +22,11 @@ let self = stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ m4 ];
 
-  patches = if stdenv.isDarwin then [ ./need-size-t.patch ] else null;
+  patches = [
+    ./5.1.3-CVE-2021-43618.patch
+  ] ++ lib.optionals stdenv.isDarwin [
+    ./need-size-t.patch
+  ];
 
   configureFlags = [
     "--with-pic"
diff --git a/nixpkgs/pkgs/development/libraries/gmp/6.2.1-CVE-2021-43618.patch b/nixpkgs/pkgs/development/libraries/gmp/6.2.1-CVE-2021-43618.patch
new file mode 100644
index 000000000000..eec8206dba05
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/gmp/6.2.1-CVE-2021-43618.patch
@@ -0,0 +1,19 @@
+https://gmplib.org/repo/gmp-6.2/raw-rev/561a9c25298e
+
+diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
+--- a/mpz/inp_raw.c	Tue Dec 22 23:49:51 2020 +0100
++++ b/mpz/inp_raw.c	Thu Oct 21 19:06:49 2021 +0200
+@@ -88,8 +88,11 @@
+ 
+   abs_csize = ABS (csize);
+ 
++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++    return 0; /* Bit size overflows */
++
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+     {
+
diff --git a/nixpkgs/pkgs/development/libraries/gmp/6.x.nix b/nixpkgs/pkgs/development/libraries/gmp/6.x.nix
index 59bc98aa559f..9093073cecff 100644
--- a/nixpkgs/pkgs/development/libraries/gmp/6.x.nix
+++ b/nixpkgs/pkgs/development/libraries/gmp/6.x.nix
@@ -20,6 +20,8 @@ let self = stdenv.mkDerivation rec {
     sha256 = "0z2ddfiwgi0xbf65z4fg4hqqzlhv0cc6hdcswf3c6n21xdmk5sga";
   };
 
+  patches = [ ./6.2.1-CVE-2021-43618.patch ];
+
   #outputs TODO: split $cxx due to libstdc++ dependency
   # maybe let ghc use a version with *.so shared with rest of nixpkgs and *.a added
   # - see #5855 for related discussion
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-15 10:44:47 +0000