commit libtommath for openSUSE:Factory

Source-Sync Wed, 15 Nov 2023 12:07:58 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libtommath for openSUSE:Factory 
checked in at 2023-11-15 21:07:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libtommath (Old)
 and      /work/SRC/openSUSE:Factory/.libtommath.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libtommath"

Wed Nov 15 21:07:05 2023 rev:6 rq:1126546 version:1.2.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/libtommath/libtommath.changes    2023-06-30 
19:58:01.341340170 +0200
+++ /work/SRC/openSUSE:Factory/.libtommath.new.17445/libtommath.changes 
2023-11-15 21:07:42.618310875 +0100
@@ -1,0 +2,10 @@
+Wed Oct 18 11:11:53 UTC 2023 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Update to version 1.2.1 (bsc#1214927, CVE-2023-36328):
+  + Bugfix release because of potential integer overflow (
+    CVE-2023-36328).
+- Drop 546.patch: fixed upstream.
+- Update libtommath.keyring to contain gpg key
+  7B24BC73AFEEFA69A5BDE9C53FAA94B3BD9016D9.
+
+-------------------------------------------------------------------

Old:
----
  546.patch
  ltm-1.2.0.tar.xz
  ltm-1.2.0.tar.xz.asc

New:
----
  ltm-1.2.1.tar.xz
  ltm-1.2.1.tar.xz.asc

BETA DEBUG BEGIN:
  Old:    CVE-2023-36328).
- Drop 546.patch: fixed upstream.
- Update libtommath.keyring to contain gpg key
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libtommath.spec ++++++
--- /var/tmp/diff_new_pack.NLep6G/_old  2023-11-15 21:07:43.470342311 +0100
+++ /var/tmp/diff_new_pack.NLep6G/_new  2023-11-15 21:07:43.470342311 +0100
@@ -19,7 +19,7 @@
 
 Name:           libtommath
 %define libsoname %{name}1
-Version:        1.2.0
+Version:        1.2.1
 Release:        0
 Summary:        Routines For a Integer Based Number Theoretic Applications
 License:        Unlicense
@@ -30,7 +30,6 @@
 Source3:        %{name}.keyring
 Source4:        baselibs.conf
 Source5:        libtommath-rpmlintrc
-Patch1:         
https://patch-diff.githubusercontent.com/raw/libtom/libtommath/pull/546.patch
 BuildRequires:  dos2unix
 BuildRequires:  libtool
 BuildRequires:  pkg-config
@@ -90,7 +89,6 @@
 
 %prep
 %setup -q
-%patch1 -p1
 
 %build
 export CFLAGS="%{optflags}"

++++++ libtommath.keyring ++++++
Binary files /var/tmp/diff_new_pack.NLep6G/_old and 
/var/tmp/diff_new_pack.NLep6G/_new differ

++++++ ltm-1.2.0.tar.xz -> ltm-1.2.1.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/appveyor.yml 
new/libtommath-1.2.1/appveyor.yml
--- old/libtommath-1.2.0/appveyor.yml   2019-10-22 11:44:44.000000000 +0200
+++ new/libtommath-1.2.1/appveyor.yml   2023-09-04 14:59:35.000000000 +0200
@@ -1,4 +1,4 @@
-version: 1.2.0-{build}
+version: 1.2.1-{build}
 branches:
   only:
   - master
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/bn_mp_2expt.c 
new/libtommath-1.2.1/bn_mp_2expt.c
--- old/libtommath-1.2.0/bn_mp_2expt.c  2019-10-22 11:44:44.000000000 +0200
+++ new/libtommath-1.2.1/bn_mp_2expt.c  2023-09-04 14:59:35.000000000 +0200
@@ -12,6 +12,10 @@
 {
    mp_err    err;
 
+   if (b < 0) {
+      return MP_VAL;
+   }
+
    /* zero a as per default */
    mp_zero(a);
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/bn_mp_grow.c 
new/libtommath-1.2.1/bn_mp_grow.c
--- old/libtommath-1.2.0/bn_mp_grow.c   2019-10-22 11:44:44.000000000 +0200
+++ new/libtommath-1.2.1/bn_mp_grow.c   2023-09-04 14:59:35.000000000 +0200
@@ -9,6 +9,10 @@
    int     i;
    mp_digit *tmp;
 
+   if (size < 0) {
+      return MP_VAL;
+   }
+
    /* if the alloc size is smaller alloc more ram */
    if (a->alloc < size) {
       /* reallocate the array a->dp
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/bn_mp_init_size.c 
new/libtommath-1.2.1/bn_mp_init_size.c
--- old/libtommath-1.2.0/bn_mp_init_size.c      2019-10-22 11:44:44.000000000 
+0200
+++ new/libtommath-1.2.1/bn_mp_init_size.c      2023-09-04 14:59:35.000000000 
+0200
@@ -6,6 +6,11 @@
 /* init an mp_init for a given size */
 mp_err mp_init_size(mp_int *a, int size)
 {
+
+   if (size < 0) {
+      return MP_VAL;
+   }
+
    size = MP_MAX(MP_MIN_PREC, size);
 
    /* alloc mem */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/bn_mp_mul_2d.c 
new/libtommath-1.2.1/bn_mp_mul_2d.c
--- old/libtommath-1.2.0/bn_mp_mul_2d.c 2019-10-22 11:44:44.000000000 +0200
+++ new/libtommath-1.2.1/bn_mp_mul_2d.c 2023-09-04 14:59:35.000000000 +0200
@@ -9,6 +9,10 @@
    mp_digit d;
    mp_err   err;
 
+   if (b < 0) {
+      return MP_VAL;
+   }
+
    /* copy */
    if (a != c) {
       if ((err = mp_copy(a, c)) != MP_OKAY) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/bn_s_mp_mul_digs.c 
new/libtommath-1.2.1/bn_s_mp_mul_digs.c
--- old/libtommath-1.2.0/bn_s_mp_mul_digs.c     2019-10-22 11:44:44.000000000 
+0200
+++ new/libtommath-1.2.1/bn_s_mp_mul_digs.c     2023-09-04 14:59:35.000000000 
+0200
@@ -16,6 +16,10 @@
    mp_word r;
    mp_digit tmpx, *tmpt, *tmpy;
 
+   if (digs < 0) {
+      return MP_VAL;
+   }
+
    /* can we use the fast multiplier? */
    if ((digs < MP_WARRAY) &&
        (MP_MIN(a->used, b->used) < MP_MAXFAST)) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/bn_s_mp_mul_digs_fast.c 
new/libtommath-1.2.1/bn_s_mp_mul_digs_fast.c
--- old/libtommath-1.2.0/bn_s_mp_mul_digs_fast.c        2019-10-22 
11:44:44.000000000 +0200
+++ new/libtommath-1.2.1/bn_s_mp_mul_digs_fast.c        2023-09-04 
14:59:35.000000000 +0200
@@ -26,6 +26,10 @@
    mp_digit W[MP_WARRAY];
    mp_word  _W;
 
+   if (digs < 0) {
+      return MP_VAL;
+   }
+
    /* grow the destination as required */
    if (c->alloc < digs) {
       if ((err = mp_grow(c, digs)) != MP_OKAY) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/bn_s_mp_mul_high_digs.c 
new/libtommath-1.2.1/bn_s_mp_mul_high_digs.c
--- old/libtommath-1.2.0/bn_s_mp_mul_high_digs.c        2019-10-22 
11:44:44.000000000 +0200
+++ new/libtommath-1.2.1/bn_s_mp_mul_high_digs.c        2023-09-04 
14:59:35.000000000 +0200
@@ -15,6 +15,10 @@
    mp_word  r;
    mp_digit tmpx, *tmpt, *tmpy;
 
+   if (digs < 0) {
+      return MP_VAL;
+   }
+
    /* can we use the fast multiplier? */
    if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)
        && ((a->used + b->used + 1) < MP_WARRAY)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/bn_s_mp_mul_high_digs_fast.c 
new/libtommath-1.2.1/bn_s_mp_mul_high_digs_fast.c
--- old/libtommath-1.2.0/bn_s_mp_mul_high_digs_fast.c   2019-10-22 
11:44:44.000000000 +0200
+++ new/libtommath-1.2.1/bn_s_mp_mul_high_digs_fast.c   2023-09-04 
14:59:35.000000000 +0200
@@ -19,6 +19,10 @@
    mp_digit W[MP_WARRAY];
    mp_word  _W;
 
+   if (digs < 0) {
+      return MP_VAL;
+   }
+
    /* grow the destination as required */
    pa = a->used + b->used;
    if (c->alloc < pa) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/changes.txt 
new/libtommath-1.2.1/changes.txt
--- old/libtommath-1.2.0/changes.txt    2019-10-22 11:44:44.000000000 +0200
+++ new/libtommath-1.2.1/changes.txt    2023-09-04 14:59:35.000000000 +0200
@@ -1,4 +1,9 @@
-XXX XXth, 2019
+Sep 04th, 2023
+v1.2.1
+       -- Bugfix release because of potential integer overflow
+          c.f. PR #546 resp. CVE-2023-36328
+
+Oct 22nd, 2019
 v1.2.0
        -- A huge refactoring of the library happened - renaming,
           deprecating and replacing existing functions by improved API's.
Binary files old/libtommath-1.2.0/doc/bn.pdf and 
new/libtommath-1.2.1/doc/bn.pdf differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/doc/bn.tex 
new/libtommath-1.2.1/doc/bn.tex
--- old/libtommath-1.2.0/doc/bn.tex     2019-10-22 11:44:44.000000000 +0200
+++ new/libtommath-1.2.1/doc/bn.tex     2023-09-04 14:59:35.000000000 +0200
@@ -50,7 +50,7 @@
 \begin{document}
 \frontmatter
 \pagestyle{empty}
-\title{LibTomMath User Manual \\ v1.2.0}
+\title{LibTomMath User Manual \\ v1.2.1}
 \author{LibTom Projects \\ www.libtom.net}
 \maketitle
 This text, the library and the accompanying textbook are all hereby placed in 
the public domain.  This book has been
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/makefile.unix 
new/libtommath-1.2.1/makefile.unix
--- old/libtommath-1.2.0/makefile.unix  2019-10-22 11:44:44.000000000 +0200
+++ new/libtommath-1.2.1/makefile.unix  2023-09-04 14:59:35.000000000 +0200
@@ -21,7 +21,7 @@
 CFLAGS    = -O2
 LDFLAGS   =
 
-VERSION   = 1.2.0
+VERSION   = 1.2.1
 
 #Compilation flags
 LTM_CFLAGS  = -I. $(CFLAGS)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/makefile_include.mk 
new/libtommath-1.2.1/makefile_include.mk
--- old/libtommath-1.2.0/makefile_include.mk    2019-10-22 11:44:44.000000000 
+0200
+++ new/libtommath-1.2.1/makefile_include.mk    2023-09-04 14:59:35.000000000 
+0200
@@ -3,9 +3,9 @@
 #
 
 #version of library
-VERSION=1.2.0
-VERSION_PC=1.2.0
-VERSION_SO=3:0:2
+VERSION=1.2.1
+VERSION_PC=1.2.1
+VERSION_SO=3:1:2
 
 PLATFORM := $(shell uname | sed -e 's/_.*//')
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtommath-1.2.0/pre_gen/mpi.c 
new/libtommath-1.2.1/pre_gen/mpi.c
--- old/libtommath-1.2.0/pre_gen/mpi.c  2019-10-22 11:50:29.000000000 +0200
+++ new/libtommath-1.2.1/pre_gen/mpi.c  2023-09-04 15:01:53.000000000 +0200
@@ -356,6 +356,10 @@
 {
    mp_err    err;
 
+   if (b < 0) {
+      return MP_VAL;
+   }
+
    /* zero a as per default */
    mp_zero(a);
 
@@ -2322,6 +2326,10 @@
    int     i;
    mp_digit *tmp;
 
+   if (size < 0) {
+      return MP_VAL;
+   }
+
    /* if the alloc size is smaller alloc more ram */
    if (a->alloc < size) {
       /* reallocate the array a->dp
@@ -2556,6 +2564,11 @@
 /* init an mp_init for a given size */
 mp_err mp_init_size(mp_int *a, int size)
 {
+
+   if (size < 0) {
+      return MP_VAL;
+   }
+
    size = MP_MAX(MP_MIN_PREC, size);
 
    /* alloc mem */
@@ -3618,6 +3631,10 @@
    mp_digit d;
    mp_err   err;
 
+   if (b < 0) {
+      return MP_VAL;
+   }
+
    /* copy */
    if (a != c) {
       if ((err = mp_copy(a, c)) != MP_OKAY) {
@@ -8339,6 +8356,10 @@
    mp_word r;
    mp_digit tmpx, *tmpt, *tmpy;
 
+   if (digs < 0) {
+      return MP_VAL;
+   }
+
    /* can we use the fast multiplier? */
    if ((digs < MP_WARRAY) &&
        (MP_MIN(a->used, b->used) < MP_MAXFAST)) {
@@ -8427,6 +8448,10 @@
    mp_digit W[MP_WARRAY];
    mp_word  _W;
 
+   if (digs < 0) {
+      return MP_VAL;
+   }
+
    /* grow the destination as required */
    if (c->alloc < digs) {
       if ((err = mp_grow(c, digs)) != MP_OKAY) {
@@ -8510,6 +8535,10 @@
    mp_word  r;
    mp_digit tmpx, *tmpt, *tmpy;
 
+   if (digs < 0) {
+      return MP_VAL;
+   }
+
    /* can we use the fast multiplier? */
    if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)
        && ((a->used + b->used + 1) < MP_WARRAY)
@@ -8582,6 +8611,10 @@
    mp_digit W[MP_WARRAY];
    mp_word  _W;
 
+   if (digs < 0) {
+      return MP_VAL;
+   }
+
    /* grow the destination as required */
    pa = a->used + b->used;
    if (c->alloc < pa) {

commit libtommath for openSUSE:Factory

Reply via email to