diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-02-22 10:43:06 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-03-11 16:17:56 +0000 |
commit | ca1aada113c0ebda1ab8667199f6453f8e01c4fc (patch) | |
tree | 55e402280096f62eb0bc8bcad5ce6050c5a0aec7 /nixpkgs/pkgs/development/libraries/gmp | |
parent | e4df5a52a6a6531f32626f57205356a773ac2975 (diff) | |
parent | 93883402a445ad467320925a0a5dbe43a949f25b (diff) | |
download | nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.gz nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.bz2 nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.lz nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.xz nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.zst nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.zip |
Merge commit '93883402a445ad467320925a0a5dbe43a949f25b'
Conflicts: nixpkgs/nixos/modules/programs/ssh.nix nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix nixpkgs/pkgs/data/fonts/noto-fonts/default.nix nixpkgs/pkgs/development/go-modules/generic/default.nix nixpkgs/pkgs/development/interpreters/ruby/default.nix nixpkgs/pkgs/development/libraries/mesa/default.nix
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/gmp')
4 files changed, 46 insertions, 1 deletions
diff --git a/nixpkgs/pkgs/development/libraries/gmp/5.1.3-CVE-2021-43618.patch b/nixpkgs/pkgs/development/libraries/gmp/5.1.3-CVE-2021-43618.patch new file mode 100644 index 000000000000..13b9bc5f58cd --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/gmp/5.1.3-CVE-2021-43618.patch @@ -0,0 +1,20 @@ +Based on https://gmplib.org/repo/gmp-6.2/raw-rev/561a9c25298e, +adapted for 5.x by ris + +diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c +--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100 ++++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200 +@@ -81,8 +81,11 @@ + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++ return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = (abs_csize*8 + GMP_NUMB_BITS-1) / GMP_NUMB_BITS; ++ abs_xsize = ((mp_bitcnt_t)abs_csize*8 + GMP_NUMB_BITS-1) / GMP_NUMB_BITS; + + if (abs_xsize != 0) + { + diff --git a/nixpkgs/pkgs/development/libraries/gmp/5.1.x.nix b/nixpkgs/pkgs/development/libraries/gmp/5.1.x.nix index aa3704eb0b58..c83a4785ebea 100644 --- a/nixpkgs/pkgs/development/libraries/gmp/5.1.x.nix +++ b/nixpkgs/pkgs/development/libraries/gmp/5.1.x.nix @@ -22,7 +22,11 @@ let self = stdenv.mkDerivation rec { nativeBuildInputs = [ m4 ]; - patches = if stdenv.isDarwin then [ ./need-size-t.patch ] else null; + patches = [ + ./5.1.3-CVE-2021-43618.patch + ] ++ lib.optionals stdenv.isDarwin [ + ./need-size-t.patch + ]; configureFlags = [ "--with-pic" diff --git a/nixpkgs/pkgs/development/libraries/gmp/6.2.1-CVE-2021-43618.patch b/nixpkgs/pkgs/development/libraries/gmp/6.2.1-CVE-2021-43618.patch new file mode 100644 index 000000000000..eec8206dba05 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/gmp/6.2.1-CVE-2021-43618.patch @@ -0,0 +1,19 @@ +https://gmplib.org/repo/gmp-6.2/raw-rev/561a9c25298e + +diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c +--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100 ++++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200 +@@ -88,8 +88,11 @@ + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++ return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { + diff --git a/nixpkgs/pkgs/development/libraries/gmp/6.x.nix b/nixpkgs/pkgs/development/libraries/gmp/6.x.nix index 59bc98aa559f..9093073cecff 100644 --- a/nixpkgs/pkgs/development/libraries/gmp/6.x.nix +++ b/nixpkgs/pkgs/development/libraries/gmp/6.x.nix @@ -20,6 +20,8 @@ let self = stdenv.mkDerivation rec { sha256 = "0z2ddfiwgi0xbf65z4fg4hqqzlhv0cc6hdcswf3c6n21xdmk5sga"; }; + patches = [ ./6.2.1-CVE-2021-43618.patch ]; + #outputs TODO: split $cxx due to libstdc++ dependency # maybe let ghc use a version with *.so shared with rest of nixpkgs and *.a added # - see #5855 for related discussion |