diff options
Diffstat (limited to 'source/l/mpfr/patches/patch01')
-rw-r--r-- | source/l/mpfr/patches/patch01 | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/source/l/mpfr/patches/patch01 b/source/l/mpfr/patches/patch01 new file mode 100644 index 000000000..293cb8ad7 --- /dev/null +++ b/source/l/mpfr/patches/patch01 @@ -0,0 +1,63 @@ +diff -Naurd mpfr-4.2.0-a/PATCHES mpfr-4.2.0-b/PATCHES +--- mpfr-4.2.0-a/PATCHES 2023-04-17 21:17:39.748645280 +0000 ++++ mpfr-4.2.0-b/PATCHES 2023-04-17 21:17:39.792645218 +0000 +@@ -0,0 +1 @@ ++tsprintf-thousands +diff -Naurd mpfr-4.2.0-a/VERSION mpfr-4.2.0-b/VERSION +--- mpfr-4.2.0-a/VERSION 2023-01-06 10:55:57.000000000 +0000 ++++ mpfr-4.2.0-b/VERSION 2023-04-17 21:17:39.792645218 +0000 +@@ -1 +1 @@ +-4.2.0 ++4.2.0-p1 +diff -Naurd mpfr-4.2.0-a/src/mpfr.h mpfr-4.2.0-b/src/mpfr.h +--- mpfr-4.2.0-a/src/mpfr.h 2023-01-06 10:55:57.000000000 +0000 ++++ mpfr-4.2.0-b/src/mpfr.h 2023-04-17 21:17:39.788645224 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 2 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.2.0" ++#define MPFR_VERSION_STRING "4.2.0-p1" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.2.0-a/src/version.c mpfr-4.2.0-b/src/version.c +--- mpfr-4.2.0-a/src/version.c 2023-01-06 10:55:57.000000000 +0000 ++++ mpfr-4.2.0-b/src/version.c 2023-04-17 21:17:39.792645218 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.2.0"; ++ return "4.2.0-p1"; + } +diff -Naurd mpfr-4.2.0-a/tests/tsprintf.c mpfr-4.2.0-b/tests/tsprintf.c +--- mpfr-4.2.0-a/tests/tsprintf.c 2023-01-05 17:09:48.000000000 +0000 ++++ mpfr-4.2.0-b/tests/tsprintf.c 2023-04-17 21:17:39.784645229 +0000 +@@ -1715,7 +1715,25 @@ + check_sprintf ("000000001,000", "%'013.4Rg", x); + + #ifdef PRINTF_GROUPFLAG +- check_vsprintf ("+01,234,567 :", "%0+ -'13.10Pd:", (mpfr_prec_t) 1234567); ++ /* Do not test the thousands separator with a precision field larger ++ than the number of digits (thus needing leading zeros), such as ++ "%0+ -'13.10Pd:" (used up to MPFR 4.2.0), since the GNU libc is ++ buggy: https://sourceware.org/bugzilla/show_bug.cgi?id=23432 ++ We don't know about the other implementations. ++ This new test works fine with glibc up to 2.36, but fails with 2.37 ++ (as reported by Klaus Dittrich in the MPFR mailing-list); this is ++ actually a bug introduced in glibc 2.37, not in MPFR: ++ https://sourceware.org/bugzilla/show_bug.cgi?id=30068 ++ Since this bug can yield a buffer overflow (CVE-2023-25139), possibly ++ affecting MPFR users, let us rather require a fix in glibc. This bug ++ has been fixed in the 2.37 branch: ++ https://sourceware.org/git/?p=glibc.git;a=commit;h=07b9521fc6 ++ If we wanted to check that and avoid a failure of the test because of ++ a buggy C library (while MPFR would be consistent with the C library), ++ we could compare the MPFR output with both the correct output and the ++ output from the C library (possibly buggy). But to do that in a clean ++ way, this would require a change in the check_vsprintf() call. */ ++ check_vsprintf ("+1,234,567 :", "%0+ -'13Pd:", (mpfr_prec_t) 1234567); + #endif + + mpfr_clear (x); |