commit: 0c55fe4bf46a1b867746a6ead419fce585d0d456 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Thu Nov 25 02:41:44 2021 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Nov 25 02:45:24 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c55fe4b
dev-libs/gmp: add patch for CVE-2021-43618; add Darwin arm64 patch Apply two upstream patches: - Fix CVE-2021-43618 - Fix incorrect use of reserved register on Darwin/arm64 Bug: https://bugs.gentoo.org/823804 Signed-off-by: Sam James <sam <AT> gentoo.org> dev-libs/gmp/Manifest | 1 + dev-libs/gmp/files/gmp-6.2.1-CVE-2021-43618.patch | 17 ++++ dev-libs/gmp/gmp-6.2.1-r2.ebuild | 116 ++++++++++++++++++++++ 3 files changed, 134 insertions(+) diff --git a/dev-libs/gmp/Manifest b/dev-libs/gmp/Manifest index 4db6b7b96743..846b78dc7601 100644 --- a/dev-libs/gmp/Manifest +++ b/dev-libs/gmp/Manifest @@ -1,2 +1,3 @@ +DIST gmp-6.2.1-arm64-darwin.patch.bz2 2520 BLAKE2B 3d4e9dbd29dc9aa81f0c9e0de4a5904c989d54148c9e3dcc5097a43b3fb1ecd17802dacfc71ee131c0805a345f5dce9009e88439758d3a0ed8b3a88526353b4a SHA512 72d49f09c3facd75036c945e076207e72e5673ba9605999c32a122e43e8b970ed646c8ca8f07acbb62bff5e7c387d4c8e1f73ca73e50ac3f574b5f6471d66d56 DIST gmp-6.2.1.tar.xz 2027316 BLAKE2B c0d85f175392a50cfa01bc6b0a312b235946ad8b4f6f84f6dabd33d7a6f2cc75c9b0e1e33057be07750bfa0145b7c4cf3b6188a5be6ca9d7271ec2276c84ebcb SHA512 c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84 DIST gmp-man-6.2.1.pdf 827583 BLAKE2B 9aa25457a3c488e37cc7d54d825253ab749a3780919570579b319cf607001de50b212ca387b70213abcc5ab428b4525bdb9cd8ae932798a2d7928da98ce3f353 SHA512 f2d9d02e97975355ef490e921fedc94fb7687c3661eec8fa2e94a1622b6e59b17b3879eb3ec1f2df8edac100f727175144d107f4c49c602b773c43bc9e91dbcb diff --git a/dev-libs/gmp/files/gmp-6.2.1-CVE-2021-43618.patch b/dev-libs/gmp/files/gmp-6.2.1-CVE-2021-43618.patch new file mode 100644 index 000000000000..90129ec5b2bd --- /dev/null +++ b/dev-libs/gmp/files/gmp-6.2.1-CVE-2021-43618.patch @@ -0,0 +1,17 @@ +https://bugs.gentoo.org/823804 +https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e +--- a/mpz/inp_raw.c ++++ b/mpz/inp_raw.c +@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp) + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++ return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { diff --git a/dev-libs/gmp/gmp-6.2.1-r2.ebuild b/dev-libs/gmp/gmp-6.2.1-r2.ebuild new file mode 100644 index 000000000000..f228e714b6e2 --- /dev/null +++ b/dev-libs/gmp/gmp-6.2.1-r2.ebuild @@ -0,0 +1,116 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit flag-o-matic libtool multilib-minimal toolchain-funcs + +MY_PV=${PV/_p*} +MY_PV=${MY_PV/_/-} +MANUAL_PV=${MY_PV} +MANUAL_PV=6.2.1 +MY_P=${PN}-${MY_PV} +PLEVEL=${PV/*p} +DESCRIPTION="Library for arbitrary-precision arithmetic on different type of numbers" +HOMEPAGE="https://gmplib.org/"; +SRC_URI="ftp://ftp.gmplib.org/pub/${MY_P}/${MY_P}.tar.xz + mirror://gnu/${PN}/${MY_P}.tar.xz + doc? ( https://gmplib.org/${PN}-man-${MANUAL_PV}.pdf )" +SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-arm64-darwin.patch.bz2"; + +LICENSE="|| ( LGPL-3+ GPL-2+ )" +# The subslot reflects the C & C++ SONAMEs. +SLOT="0/10.4" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="+asm doc +cxx pic static-libs" + +BDEPEND="sys-devel/m4 + app-arch/xz-utils" + +S=${WORKDIR}/${MY_P%a} + +DOCS=( AUTHORS ChangeLog NEWS README doc/configuration doc/isa_abi_headache ) +HTML_DOCS=( doc ) +MULTILIB_WRAPPED_HEADERS=( /usr/include/gmp.h ) + +PATCHES=( + "${FILESDIR}"/${PN}-6.1.0-noexecstack-detect.patch + "${FILESDIR}"/${PN}-6.2.1-no-zarch.patch + "${WORKDIR}"/${P}-arm64-darwin.patch + "${FILESDIR}"/${P}-CVE-2021-43618.patch +) + +src_prepare() { + default + + # We cannot run autotools here as gcc depends on this package + elibtoolize + + # bug #536894 + if [[ ${CHOST} == *-darwin* ]] ; then + eapply "${FILESDIR}"/${PN}-6.1.2-gcc-apple-4.0.1.patch + fi + + # GMP uses the "ABI" env var during configure as does Gentoo (econf). + # So, to avoid patching the source constantly, wrap things up. + mv configure configure.wrapped || die + cat <<-\EOF > configure + #!/usr/bin/env sh + exec env ABI="${GMPABI}" "$0.wrapped" "$@" + EOF + + # Patches to original configure might have lost the +x bit. + chmod a+rx configure{,.wrapped} || die +} + +multilib_src_configure() { + # Because of our 32-bit userland, 1.0 is the only HPPA ABI that works + # https://gmplib.org/manual/ABI-and-ISA.html#ABI-and-ISA (bug #344613) + if [[ ${CHOST} == hppa2.0-* ]] ; then + GMPABI="1.0" + fi + + # ABI mappings (needs all architectures supported) + case ${ABI} in + 32|x86) GMPABI=32;; + 64|amd64|n64) GMPABI=64;; + [onx]32) GMPABI=${ABI};; + esac + export GMPABI + + # bug #367719 + if [[ ${CHOST} == *-mint* ]]; then + filter-flags -O? + fi + + tc-export CC + + # --with-pic forces static libraries to be built as PIC + # and without TEXTRELs. musl does not support TEXTRELs: bug #707332 + ECONF_SOURCE="${S}" econf \ + CC_FOR_BUILD="$(tc-getBUILD_CC)" \ + --localstatedir="${EPREFIX}"/var/state/gmp \ + --enable-shared \ + $(use_enable asm assembly) \ + $(use_enable cxx) \ + $(use pic && echo --with-pic) \ + $(use_enable static-libs static) +} + +multilib_src_install() { + emake DESTDIR="${D}" install + + # Should be a standalone lib + rm -f "${ED}"/usr/$(get_libdir)/libgmp.la + + # This requires libgmp + local la="${ED}/usr/$(get_libdir)/libgmpxx.la" + if ! use static-libs ; then + rm -f "${la}" + fi +} + +multilib_src_install_all() { + einstalldocs + use doc && cp "${DISTDIR}"/gmp-man-${MANUAL_PV}.pdf "${ED}"/usr/share/doc/${PF}/ +}
