Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gsl for openSUSE:Factory checked in at 2023-08-30 10:18:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gsl (Old) and /work/SRC/openSUSE:Factory/.gsl.new.1766 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gsl" Wed Aug 30 10:18:01 2023 rev:51 rq:1106734 version:2.7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/gsl/gsl.changes 2023-02-09 16:22:12.446404009 +0100 +++ /work/SRC/openSUSE:Factory/.gsl.new.1766/gsl.changes 2023-08-30 10:19:22.353769472 +0200 @@ -1,0 +2,7 @@ +Mon Aug 28 11:27:15 UTC 2023 - Adam Majer <[email protected]> + +- 989a193268b963aa1047814f7f1402084fb7d859.patch: fix + stack out of bounds read in gsl_stats_quantile_from_sorted_data() + (bsc#1214681, CVE-2020-353570) + +------------------------------------------------------------------- New: ---- 989a193268b963aa1047814f7f1402084fb7d859.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gsl.spec ++++++ --- /var/tmp/diff_new_pack.h15RG8/_old 2023-08-30 10:19:24.381841849 +0200 +++ /var/tmp/diff_new_pack.h15RG8/_new 2023-08-30 10:19:24.389842135 +0200 @@ -122,6 +122,7 @@ Source2: https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gsl&download=1#/%{pname}.keyring Patch6: gsl-qawc-test-x86-precision.diff Patch7: gsl-disable-fma.patch +Patch8: 989a193268b963aa1047814f7f1402084fb7d859.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -259,6 +260,7 @@ %setup -q -n %{pname}-%{version} %patch6 %patch7 -p1 +%patch8 -p1 %build ++++++ 989a193268b963aa1047814f7f1402084fb7d859.patch ++++++ >From 989a193268b963aa1047814f7f1402084fb7d859 Mon Sep 17 00:00:00 2001 From: Patrick Alken <[email protected]> Date: Sat, 16 Apr 2022 11:56:10 -0600 Subject: fix for bug #59624 --- NEWS | 2 ++ statistics/quantiles.c | 1 + statistics/quantiles_source.c | 35 +++++++++++++++++++++-------------- 3 files changed, 24 insertions(+), 14 deletions(-) diff --git a/statistics/quantiles.c b/statistics/quantiles.c index 96a3a25..50898d9 100644 --- a/statistics/quantiles.c +++ b/statistics/quantiles.c @@ -1,5 +1,6 @@ #include <config.h> #include <gsl/gsl_statistics.h> +#include <gsl/gsl_errno.h> #define BASE_LONG_DOUBLE #include "templates_on.h" diff --git a/statistics/quantiles_source.c b/statistics/quantiles_source.c index e2956d9..b2feba4 100644 --- a/statistics/quantiles_source.c +++ b/statistics/quantiles_source.c @@ -24,22 +24,29 @@ FUNCTION(gsl_stats,quantile_from_sorted_data) (const BASE sorted_data[], const size_t n, const double f) { - const double index = f * (n - 1) ; - const size_t lhs = (int)index ; - const double delta = index - lhs ; - double result; - - if (n == 0) - return 0.0 ; - - if (lhs == n - 1) + if ((f < 0.0) || (f > 1.0)) { - result = sorted_data[lhs * stride] ; + GSL_ERROR_VAL ("invalid quantile fraction", GSL_EDOM, 0.0); } - else + else { - result = (1 - delta) * sorted_data[lhs * stride] + delta * sorted_data[(lhs + 1) * stride] ; - } + const double index = f * (n - 1) ; + const size_t lhs = (int)index ; + const double delta = index - lhs ; + double result; - return result ; + if (n == 0) + return 0.0 ; + + if (lhs == n - 1) + { + result = sorted_data[lhs * stride] ; + } + else + { + result = (1 - delta) * sorted_data[lhs * stride] + delta * sorted_data[(lhs + 1) * stride] ; + } + + return result ; + } } -- cgit v1.1
