Bug#1000473: buster-pu: package gmp/gmp_6.1.2+dfsg-4+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Dear release team,
I have prepared a fix for buster, fixing CVE-2021-43618.
The fix was also successfully fixed in unstable and testing.
Gitlab-CI is employed for the package testing. Diff is applied.
Thanks
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
Thanks
Anton
diff -Nru gmp-6.1.2+dfsg/debian/changelog gmp-6.1.2+dfsg/debian/changelog
--- gmp-6.1.2+dfsg/debian/changelog 2018-12-02 07:39:34.000000000 +0100
+++ gmp-6.1.2+dfsg/debian/changelog 2021-11-23 21:09:08.000000000 +0100
@@ -1,3 +1,10 @@
+gmp (2:6.1.2+dfsg-4+deb10u1) buster; urgency=medium
+
+ * [1f4ce6d] Add .gitlab-ci.yml
+ * [df6d314] Avoid bit size overflows. CVE-2021-43618
+
+ -- Anton Gladky <gladk@debian.org> Tue, 23 Nov 2021 21:09:08 +0100
+
gmp (2:6.1.2+dfsg-4) unstable; urgency=medium
* Team Upload.
diff -Nru gmp-6.1.2+dfsg/debian/.gitlab-ci.yml gmp-6.1.2+dfsg/debian/.gitlab-ci.yml
--- gmp-6.1.2+dfsg/debian/.gitlab-ci.yml 1970-01-01 01:00:00.000000000 +0100
+++ gmp-6.1.2+dfsg/debian/.gitlab-ci.yml 2021-11-23 21:04:00.000000000 +0100
@@ -0,0 +1,6 @@
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+variables:
+ RELEASE: 'buster'
+ SALSA_CI_DISABLE_REPROTEST: 1
+ SALSA_CI_DISABLE_BLHC: 1
diff -Nru gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch
--- gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch 1970-01-01 01:00:00.000000000 +0100
+++ gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch 2021-11-23 21:06:22.000000000 +0100
@@ -0,0 +1,25 @@
+# Origin: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
+# HG changeset patch
+# User Marco Bodrato <bodrato@mail.dm.unipi.it>
+# Date 1634836009 -7200
+# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
+# Parent e1fd9db13b475209a864577237ea4b9105b3e96e
+mpz/inp_raw.c: Avoid bit size overflows
+
+Index: gmp/mpz/inp_raw.c
+===================================================================
+--- gmp.orig/mpz/inp_raw.c
++++ gmp/mpz/inp_raw.c
+@@ -89,8 +89,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp)
+
+ abs_csize = ABS (csize);
+
++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++ return 0; /* Bit size overflows */
++
+ /* round up to a multiple of limbs */
+- abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+
+ if (abs_xsize != 0)
+ {
diff -Nru gmp-6.1.2+dfsg/debian/patches/series gmp-6.1.2+dfsg/debian/patches/series
--- gmp-6.1.2+dfsg/debian/patches/series 2018-12-02 07:39:27.000000000 +0100
+++ gmp-6.1.2+dfsg/debian/patches/series 2021-11-23 21:06:09.000000000 +0100
@@ -1 +1,2 @@
gmp-exception-sigfpe.patch
+CVE-2021-43618.patch
Reply to: