gmp5: add patch for CVE-2021-43618

2025-02-17 17:44:44 +00:00 · 2021-12-09 00:43:15 +00:00 · 2021-12-09 00:43:15 +00:00 · 7ba37884e2
commit 7ba37884e2
parent d35c79a419
2 changed files with 25 additions and 1 deletions
--- a/pkgs/development/libraries/gmp/5.1.3-CVE-2021-43618.patch
+++ b/pkgs/development/libraries/gmp/5.1.3-CVE-2021-43618.patch
@ -0,0 +1,20 @@
+Based on https://gmplib.org/repo/gmp-6.2/raw-rev/561a9c25298e,
+adapted for 5.x by ris
+
+diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
+--- a/mpz/inp_raw.c	Tue Dec 22 23:49:51 2020 +0100
+++ b/mpz/inp_raw.c	Thu Oct 21 19:06:49 2021 +0200
+@@ -81,8 +81,11 @@
+ 
+   abs_csize = ABS (csize);
+ 
+  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
+    return 0; /* Bit size overflows */
+
+   /* round up to a multiple of limbs */
+-  abs_xsize = (abs_csize*8 + GMP_NUMB_BITS-1) / GMP_NUMB_BITS;
+  abs_xsize = ((mp_bitcnt_t)abs_csize*8 + GMP_NUMB_BITS-1) / GMP_NUMB_BITS;
+ 
+   if (abs_xsize != 0)
+     {
+
--- a/pkgs/development/libraries/gmp/5.1.x.nix
+++ b/pkgs/development/libraries/gmp/5.1.x.nix
@ -22,7 +22,11 @@ let self = stdenv.mkDerivation rec {

  nativeBuildInputs = [ m4 ];

-  patches = if stdenv.isDarwin then [ ./need-size-t.patch ] else null;
+  patches = [
+    ./5.1.3-CVE-2021-43618.patch
+  ] ++ lib.optionals stdenv.isDarwin [
+    ./need-size-t.patch
+  ];

  configureFlags = [
    "--with-pic"