Merge and update

[skip changelog]

.gitignore

@@ -0,0 +1 @@
+SOURCES/libtommath-1.2.0.tar.gz

.libtommath.metadata

@@ -0,0 +1 @@
+1329d340bd571d04c3d30baf9564796c198c1a08  SOURCES/libtommath-1.2.0.tar.gz

Makefile

@@ -1,21 +0,0 @@
-# Makefile for source rpm: libtommath
-# $Id$
-NAME := libtommath
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attept a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)

SOURCES/CVE-2023-36328.patch

@@ -0,0 +1,137 @@
+From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001
+From: czurnieden <czurnieden@gmx.de>
+Date: Tue, 9 May 2023 17:17:12 +0200
+Subject: [PATCH] Fix possible integer overflow
+
+---
+ bn_mp_2expt.c                | 4 ++++
+ bn_mp_grow.c                 | 4 ++++
+ bn_mp_init_size.c            | 5 +++++
+ bn_mp_mul_2d.c               | 4 ++++
+ bn_s_mp_mul_digs.c           | 4 ++++
+ bn_s_mp_mul_digs_fast.c      | 4 ++++
+ bn_s_mp_mul_high_digs.c      | 4 ++++
+ bn_s_mp_mul_high_digs_fast.c | 4 ++++
+ 8 files changed, 33 insertions(+)
+
+diff --git a/bn_mp_2expt.c b/bn_mp_2expt.c
+index 0ae3df1bf..23de0c3c5 100644
+--- a/bn_mp_2expt.c
++++ b/bn_mp_2expt.c
+@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
+ {
+    mp_err    err;
+ 
++   if (b < 0) {
++      return MP_VAL;
++   }
++
+    /* zero a as per default */
+    mp_zero(a);
+ 
+diff --git a/bn_mp_grow.c b/bn_mp_grow.c
+index 9e904c547..2b1682651 100644
+--- a/bn_mp_grow.c
++++ b/bn_mp_grow.c
+@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
+    int     i;
+    mp_digit *tmp;
+ 
++   if (size < 0) {
++      return MP_VAL;
++   }
++
+    /* if the alloc size is smaller alloc more ram */
+    if (a->alloc < size) {
+       /* reallocate the array a->dp
+diff --git a/bn_mp_init_size.c b/bn_mp_init_size.c
+index d62268721..99573833f 100644
+--- a/bn_mp_init_size.c
++++ b/bn_mp_init_size.c
+@@ -6,6 +6,11 @@
+ /* init an mp_init for a given size */
+ mp_err mp_init_size(mp_int *a, int size)
+ {
++
++   if (size < 0) {
++      return MP_VAL;
++   }
++
+    size = MP_MAX(MP_MIN_PREC, size);
+ 
+    /* alloc mem */
+diff --git a/bn_mp_mul_2d.c b/bn_mp_mul_2d.c
+index 87354de20..bfeaf2eb2 100644
+--- a/bn_mp_mul_2d.c
++++ b/bn_mp_mul_2d.c
+@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c)
+    mp_digit d;
+    mp_err   err;
+ 
++   if (b < 0) {
++      return MP_VAL;
++   }
++
+    /* copy */
+    if (a != c) {
+       if ((err = mp_copy(a, c)) != MP_OKAY) {
+diff --git a/bn_s_mp_mul_digs.c b/bn_s_mp_mul_digs.c
+index 64509d4cb..3682b4980 100644
+--- a/bn_s_mp_mul_digs.c
++++ b/bn_s_mp_mul_digs.c
+@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
+    mp_word r;
+    mp_digit tmpx, *tmpt, *tmpy;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* can we use the fast multiplier? */
+    if ((digs < MP_WARRAY) &&
+        (MP_MIN(a->used, b->used) < MP_MAXFAST)) {
+diff --git a/bn_s_mp_mul_digs_fast.c b/bn_s_mp_mul_digs_fast.c
+index b2a287b02..3c4176a87 100644
+--- a/bn_s_mp_mul_digs_fast.c
++++ b/bn_s_mp_mul_digs_fast.c
+@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int digs)
+    mp_digit W[MP_WARRAY];
+    mp_word  _W;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* grow the destination as required */
+    if (c->alloc < digs) {
+       if ((err = mp_grow(c, digs)) != MP_OKAY) {
+diff --git a/bn_s_mp_mul_high_digs.c b/bn_s_mp_mul_high_digs.c
+index 2bb2a5098..c9dd355f8 100644
+--- a/bn_s_mp_mul_high_digs.c
++++ b/bn_s_mp_mul_high_digs.c
+@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
+    mp_word  r;
+    mp_digit tmpx, *tmpt, *tmpy;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* can we use the fast multiplier? */
+    if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)
+        && ((a->used + b->used + 1) < MP_WARRAY)
+diff --git a/bn_s_mp_mul_high_digs_fast.c b/bn_s_mp_mul_high_digs_fast.c
+index a2c4fb692..4ce7f590c 100644
+--- a/bn_s_mp_mul_high_digs_fast.c
++++ b/bn_s_mp_mul_high_digs_fast.c
+@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int
+    mp_digit W[MP_WARRAY];
+    mp_word  _W;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* grow the destination as required */
+    pa = a->used + b->used;
+    if (c->alloc < pa) {

SPECS/libtommath.spec

@@ -0,0 +1,171 @@
+## START: Set by rpmautospec
+## (rpmautospec version 0.3.5)
+## RPMAUTOSPEC: autorelease, autochangelog
+%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
+    release_number = 10;
+    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
+    print(release_number + base_release_number - 1);
+}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
+## END: Set by rpmautospec
+
+Name:           libtommath
+Version:        1.2.0
+Release:        %autorelease
+Summary:        A portable number theoretic multiple-precision integer library
+License:        Public Domain
+URL:            http://www.libtom.net/
+
+Source0:        https://github.com/libtom/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+
+Patch:          CVE-2023-36328.patch
+
+BuildRequires:  make
+BuildRequires:  libtool
+
+%description
+A free open source portable number theoretic multiple-precision integer library
+written entirely in C. (phew!). The library is designed to provide a simple to
+work with API that provides fairly efficient routines that build out of the box
+without configuration.
+
+%package        devel
+Summary:        Development files for %{name}
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+
+%description    devel
+The %{name}-devel package contains libraries and header files for developing
+applications that use %{name}.
+
+%prep
+%autosetup -p1
+# Fix permissions on installed library
+sed -i -e 's/644 $(LIBNAME)/755 $(LIBNAME)/g' makefile.shared
+# Fix pkgconfig path
+sed -i \
+    -e 's|^prefix=.*|prefix=%{_prefix}|g' \
+    -e 's|^libdir=.*|libdir=%{_libdir}|g' \
+    %{name}.pc.in
+
+%build
+%set_build_flags
+%make_build V=1 CFLAGS="$CFLAGS -I./" -f makefile.shared
+
+%install
+%make_install V=1 CFLAGS="$CFLAGS -I./" PREFIX=%{_prefix} LIBPATH=%{_libdir} -f makefile.shared
+
+find %{buildroot} -name '*.la' -delete
+find %{buildroot} -name '*.a' -delete
+
+%ldconfig_scriptlets
+
+%files
+%license LICENSE
+%{_libdir}/*.so.*
+
+%files devel
+%{_includedir}/*.h
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+
+%changelog
+* Sat Sep 02 2023 Frantisek Sumsal <frantisek@sumsal.cz> - 1.2.0-10
+- Fix CVE-2023-36328 (#2236877,#2236878)
+
+* Wed Apr 26 2023 Sergey Cherevko <s.cherevko@msvsphere.ru> - 1.2.0-7
+- Rebuilt for MSVSphere 9.1
+
+* Tue Jan 04 2022 Frantisek Sumsal <frantisek@sumsal.cz> - 1.2.0-7
+- Initial EPEL 9 build for BZ#2029481
+- Temporarily skip building docs due to work around BZ#2031879
+
+* Mon Dec 13 2021 Frantisek Sumsal <frantisek@sumsal.cz> - 1.2.0-6
+- Add a couple of missing BRs (texlive-kpathsea and texlive-metafont)
+
+* Wed Nov 03 2021 Frantisek Sumsal <frantisek@sumsal.cz> - 1.2.0-5
+- Drop an obsoleted texlive-updmap-map build dependency (#1999507, #1987664)
+- (see: #1965446)
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Mon Jan 25 2021 Than Ngo <than@redhat.com> - 1.2.0-3
+- Add missing BRs
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Apr 09 2020 Gerd Pokorra <gp@zimt.uni-siegen.de> - 1.2.0-1
+- Update to 1.2.0.
+- Remove poster make tag
+- Add BuildRequires texlive-appendix
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Oct 16 2019 Simone Caronni <negativo17@gmail.com> - 1.1.0-1
+- Update to 1.1.0.
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Jun 02 2019 Leigh Scott <leigh123linux@googlemail.com> - 1.0.1-9
+- Disable parallel build for docs
+
+* Tue May 14 2019 Scott Talbert <swt@techie.net> - 1.0.1-8
+- Add BR texlive-updmap-map to fix FTBFS when building docs (#1675313)
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Apr 05 2018 Rafael Santos <rdossant@redhat.com> - 1.0.1-5
+- Resolves #1548832 - Fix Fedora build flags injection
+
+* Sun Feb 25 2018 Florian Weimer <fweimer@redhat.com> - 1.0.1-4
+- Add BuildRequires: ghostscript-tools-dvipdf
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.0.1-2
+- Switch to %%ldconfig_scriptlets
+
+* Mon Sep 11 2017 Simone Caronni <negativo17@gmail.com> - 1.0.1-1
+- Update to 1.0.1.
+- Trim changelog.
+- Clean up SPEC file.
+- Remove RHEL 6 support.
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sun Jun 25 2017 Simone Caronni <negativo17@gmail.com> - 1.0-7
+- Update URL (#1463608, #1463547).
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Feb 23 2016 Simone Caronni <negativo17@gmail.com> - 1.0-4
+- Fix installs with non-standard buildroots (#1299860).
+
+* Tue Feb 23 2016 Simone Caronni <negativo17@gmail.com> - 1.0-3
+- Remove useless latex build requirements.
+
+* Tue Feb 23 2016 Simone Caronni <negativo17@gmail.com> - 1.0-2
+- Use proper source URL.
+- Cleanup SPEC file.
+
+* Tue Feb 23 2016 Simone Caronni <negativo17@gmail.com> - 1.0-1
+- Fix FTBFS (#1307741).
+- Update to 1.0.
+- Update URL.
+- Use license macro.
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.42.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+