diff --git a/gnu/local.mk b/gnu/local.mk index 5e7fbf3545..83937db4c8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1608,7 +1608,6 @@ dist_patch_DATA = \ %D%/packages/patches/libtiff-CVE-2022-34526.patch \ %D%/packages/patches/libtirpc-CVE-2021-46828.patch \ %D%/packages/patches/libtirpc-hurd.patch \ - %D%/packages/patches/libtommath-integer-overflow.patch \ %D%/packages/patches/libtool-grep-compat.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libtree-fix-check-non-x86.patch \ diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm index 18a269ddc7..daa3144bd3 100644 --- a/gnu/packages/multiprecision.scm +++ b/gnu/packages/multiprecision.scm @@ -455,7 +455,7 @@ (define-public libtomcrypt (define-public libtommath (package (name "libtommath") - (version "1.2.0") + (version "1.2.1") (outputs '("out" "static")) (source (origin @@ -464,8 +464,7 @@ (define-public libtommath "download/v" version "/ltm-" version ".tar.xz")) (sha256 (base32 - "1c8q1qy88cjhdjlk3g24mra94h34c1ldvkjz0n2988c0yvn5xixp")) - (patches (search-patches "libtommath-integer-overflow.patch")))) + "07qdxnmp5bhfw5za6mr2l2w0vb7494v9zs9h5vp6y9vlngbjaq4q")))) (build-system gnu-build-system) (arguments '(#:phases @@ -476,13 +475,11 @@ (define-public libtommath ;; We want the shared library by default so force it to be the ;; default makefile target. (delete-file "makefile") - (symlink "makefile.shared" "makefile") - #t)) + (symlink "makefile.shared" "makefile"))) (add-after 'install 'remove-static-library (lambda* (#:key outputs #:allow-other-keys) (delete-file (string-append (assoc-ref outputs "out") - "/lib/libtommath.a")) - #t)) + "/lib/libtommath.a")))) (replace 'check (lambda* (#:key tests? test-target make-flags #:allow-other-keys) (when tests? @@ -504,4 +501,6 @@ (define-public libtommath integer library written entirely in C. It's designed to provide an API that is simple to work with that provides fairly efficient routines that build out of the box without configuration.") + (properties `((upstream-name . "ltm") + (lint-hidden-cve . ("CVE-2023-36328")))) (license unlicense))) diff --git a/gnu/packages/patches/libtommath-integer-overflow.patch b/gnu/packages/patches/libtommath-integer-overflow.patch deleted file mode 100644 index 5241726775..0000000000 --- a/gnu/packages/patches/libtommath-integer-overflow.patch +++ /dev/null @@ -1,140 +0,0 @@ -This patch is from upstream: -https://github.com/libtom/libtommath/pull/546 - -From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001 -From: czurnieden -Date: Tue, 9 May 2023 17:17:12 +0200 -Subject: [PATCH] Fix possible integer overflow - ---- - bn_mp_2expt.c | 4 ++++ - bn_mp_grow.c | 4 ++++ - bn_mp_init_size.c | 5 +++++ - bn_mp_mul_2d.c | 4 ++++ - bn_s_mp_mul_digs.c | 4 ++++ - bn_s_mp_mul_digs_fast.c | 4 ++++ - bn_s_mp_mul_high_digs.c | 4 ++++ - bn_s_mp_mul_high_digs_fast.c | 4 ++++ - 8 files changed, 33 insertions(+) - -diff --git a/bn_mp_2expt.c b/bn_mp_2expt.c -index 0ae3df1bf..23de0c3c5 100644 ---- a/bn_mp_2expt.c -+++ b/bn_mp_2expt.c -@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b) - { - mp_err err; - -+ if (b < 0) { -+ return MP_VAL; -+ } -+ - /* zero a as per default */ - mp_zero(a); - -diff --git a/bn_mp_grow.c b/bn_mp_grow.c -index 9e904c547..2b1682651 100644 ---- a/bn_mp_grow.c -+++ b/bn_mp_grow.c -@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size) - int i; - mp_digit *tmp; - -+ if (size < 0) { -+ return MP_VAL; -+ } -+ - /* if the alloc size is smaller alloc more ram */ - if (a->alloc < size) { - /* reallocate the array a->dp -diff --git a/bn_mp_init_size.c b/bn_mp_init_size.c -index d62268721..99573833f 100644 ---- a/bn_mp_init_size.c -+++ b/bn_mp_init_size.c -@@ -6,6 +6,11 @@ - /* init an mp_init for a given size */ - mp_err mp_init_size(mp_int *a, int size) - { -+ -+ if (size < 0) { -+ return MP_VAL; -+ } -+ - size = MP_MAX(MP_MIN_PREC, size); - - /* alloc mem */ -diff --git a/bn_mp_mul_2d.c b/bn_mp_mul_2d.c -index 87354de20..bfeaf2eb2 100644 ---- a/bn_mp_mul_2d.c -+++ b/bn_mp_mul_2d.c -@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c) - mp_digit d; - mp_err err; - -+ if (b < 0) { -+ return MP_VAL; -+ } -+ - /* copy */ - if (a != c) { - if ((err = mp_copy(a, c)) != MP_OKAY) { -diff --git a/bn_s_mp_mul_digs.c b/bn_s_mp_mul_digs.c -index 64509d4cb..3682b4980 100644 ---- a/bn_s_mp_mul_digs.c -+++ b/bn_s_mp_mul_digs.c -@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs) - mp_word r; - mp_digit tmpx, *tmpt, *tmpy; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* can we use the fast multiplier? */ - if ((digs < MP_WARRAY) && - (MP_MIN(a->used, b->used) < MP_MAXFAST)) { -diff --git a/bn_s_mp_mul_digs_fast.c b/bn_s_mp_mul_digs_fast.c -index b2a287b02..3c4176a87 100644 ---- a/bn_s_mp_mul_digs_fast.c -+++ b/bn_s_mp_mul_digs_fast.c -@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int digs) - mp_digit W[MP_WARRAY]; - mp_word _W; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* grow the destination as required */ - if (c->alloc < digs) { - if ((err = mp_grow(c, digs)) != MP_OKAY) { -diff --git a/bn_s_mp_mul_high_digs.c b/bn_s_mp_mul_high_digs.c -index 2bb2a5098..c9dd355f8 100644 ---- a/bn_s_mp_mul_high_digs.c -+++ b/bn_s_mp_mul_high_digs.c -@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs) - mp_word r; - mp_digit tmpx, *tmpt, *tmpy; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* can we use the fast multiplier? */ - if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST) - && ((a->used + b->used + 1) < MP_WARRAY) -diff --git a/bn_s_mp_mul_high_digs_fast.c b/bn_s_mp_mul_high_digs_fast.c -index a2c4fb692..4ce7f590c 100644 ---- a/bn_s_mp_mul_high_digs_fast.c -+++ b/bn_s_mp_mul_high_digs_fast.c -@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int - mp_digit W[MP_WARRAY]; - mp_word _W; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* grow the destination as required */ - pa = a->used + b->used; - if (c->alloc < pa) {