dev-libs/gmp: add patch for CVE-2021-43618; add Darwin arm64 patch

Apply two upstream patches:
- Fix CVE-2021-43618
- Fix incorrect use of reserved register on Darwin/arm64

Bug: https://bugs.gentoo.org/823804
Signed-off-by: Sam James <sam@gentoo.org>

3 files changed, 134 insertions, 0 deletions

diff --git a/dev-libs/gmp/Manifest b/dev-libs/gmp/Manifest
index 4db6b7b96743..846b78dc7601 100644
--- a/dev-libs/gmp/Manifest
+++ b/dev-libs/gmp/Manifest
@@ -1,2 +1,3 @@
+DIST gmp-6.2.1-arm64-darwin.patch.bz2 2520 BLAKE2B 3d4e9dbd29dc9aa81f0c9e0de4a5904c989d54148c9e3dcc5097a43b3fb1ecd17802dacfc71ee131c0805a345f5dce9009e88439758d3a0ed8b3a88526353b4a SHA512 72d49f09c3facd75036c945e076207e72e5673ba9605999c32a122e43e8b970ed646c8ca8f07acbb62bff5e7c387d4c8e1f73ca73e50ac3f574b5f6471d66d56
 DIST gmp-6.2.1.tar.xz 2027316 BLAKE2B c0d85f175392a50cfa01bc6b0a312b235946ad8b4f6f84f6dabd33d7a6f2cc75c9b0e1e33057be07750bfa0145b7c4cf3b6188a5be6ca9d7271ec2276c84ebcb SHA512 c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84
 DIST gmp-man-6.2.1.pdf 827583 BLAKE2B 9aa25457a3c488e37cc7d54d825253ab749a3780919570579b319cf607001de50b212ca387b70213abcc5ab428b4525bdb9cd8ae932798a2d7928da98ce3f353 SHA512 f2d9d02e97975355ef490e921fedc94fb7687c3661eec8fa2e94a1622b6e59b17b3879eb3ec1f2df8edac100f727175144d107f4c49c602b773c43bc9e91dbcb
diff --git a/dev-libs/gmp/files/gmp-6.2.1-CVE-2021-43618.patch b/dev-libs/gmp/files/gmp-6.2.1-CVE-2021-43618.patch
new file mode 100644
index 000000000000..90129ec5b2bd
--- /dev/null
+++ b/dev-libs/gmp/files/gmp-6.2.1-CVE-2021-43618.patch
@@ -0,0 +1,17 @@
+https://bugs.gentoo.org/823804
+https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
+--- a/mpz/inp_raw.c
++++ b/mpz/inp_raw.c
+@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp)
+ 
+   abs_csize = ABS (csize);
+ 
++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++    return 0; /* Bit size overflows */
++
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+     {
diff --git a/dev-libs/gmp/gmp-6.2.1-r2.ebuild b/dev-libs/gmp/gmp-6.2.1-r2.ebuild
new file mode 100644
index 000000000000..f228e714b6e2
--- /dev/null
+++ b/dev-libs/gmp/gmp-6.2.1-r2.ebuild
@@ -0,0 +1,116 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic libtool multilib-minimal toolchain-funcs
+
+MY_PV=${PV/_p*}
+MY_PV=${MY_PV/_/-}
+MANUAL_PV=${MY_PV}
+MANUAL_PV=6.2.1
+MY_P=${PN}-${MY_PV}
+PLEVEL=${PV/*p}
+DESCRIPTION="Library for arbitrary-precision arithmetic on different type of numbers"
+HOMEPAGE="https://gmplib.org/"
+SRC_URI="ftp://ftp.gmplib.org/pub/${MY_P}/${MY_P}.tar.xz
+	mirror://gnu/${PN}/${MY_P}.tar.xz
+	doc? ( https://gmplib.org/${PN}-man-${MANUAL_PV}.pdf )"
+SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-arm64-darwin.patch.bz2"
+
+LICENSE="|| ( LGPL-3+ GPL-2+ )"
+# The subslot reflects the C & C++ SONAMEs.
+SLOT="0/10.4"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+asm doc +cxx pic static-libs"
+
+BDEPEND="sys-devel/m4
+	app-arch/xz-utils"
+
+S=${WORKDIR}/${MY_P%a}
+
+DOCS=( AUTHORS ChangeLog NEWS README doc/configuration doc/isa_abi_headache )
+HTML_DOCS=( doc )
+MULTILIB_WRAPPED_HEADERS=( /usr/include/gmp.h )
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-6.1.0-noexecstack-detect.patch
+	"${FILESDIR}"/${PN}-6.2.1-no-zarch.patch
+	"${WORKDIR}"/${P}-arm64-darwin.patch
+	"${FILESDIR}"/${P}-CVE-2021-43618.patch
+)
+
+src_prepare() {
+	default
+
+	# We cannot run autotools here as gcc depends on this package
+	elibtoolize
+
+	# bug #536894
+	if [[ ${CHOST} == *-darwin* ]] ; then
+		eapply "${FILESDIR}"/${PN}-6.1.2-gcc-apple-4.0.1.patch
+	fi
+
+	# GMP uses the "ABI" env var during configure as does Gentoo (econf).
+	# So, to avoid patching the source constantly, wrap things up.
+	mv configure configure.wrapped || die
+	cat <<-\EOF > configure
+	#!/usr/bin/env sh
+	exec env ABI="${GMPABI}" "$0.wrapped" "$@"
+	EOF
+
+	# Patches to original configure might have lost the +x bit.
+	chmod a+rx configure{,.wrapped} || die
+}
+
+multilib_src_configure() {
+	# Because of our 32-bit userland, 1.0 is the only HPPA ABI that works
+	# https://gmplib.org/manual/ABI-and-ISA.html#ABI-and-ISA (bug #344613)
+	if [[ ${CHOST} == hppa2.0-* ]] ; then
+		GMPABI="1.0"
+	fi
+
+	# ABI mappings (needs all architectures supported)
+	case ${ABI} in
+		32|x86)       GMPABI=32;;
+		64|amd64|n64) GMPABI=64;;
+		[onx]32)      GMPABI=${ABI};;
+	esac
+	export GMPABI
+
+	# bug #367719
+	if [[ ${CHOST} == *-mint* ]]; then
+		filter-flags -O?
+	fi
+
+	tc-export CC
+
+	# --with-pic forces static libraries to be built as PIC
+	# and without TEXTRELs. musl does not support TEXTRELs: bug #707332
+	ECONF_SOURCE="${S}" econf \
+		CC_FOR_BUILD="$(tc-getBUILD_CC)" \
+		--localstatedir="${EPREFIX}"/var/state/gmp \
+		--enable-shared \
+		$(use_enable asm assembly) \
+		$(use_enable cxx) \
+		$(use pic && echo --with-pic) \
+		$(use_enable static-libs static)
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+
+	# Should be a standalone lib
+	rm -f "${ED}"/usr/$(get_libdir)/libgmp.la
+
+	# This requires libgmp
+	local la="${ED}/usr/$(get_libdir)/libgmpxx.la"
+	if ! use static-libs ; then
+		rm -f "${la}"
+	fi
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	use doc && cp "${DISTDIR}"/gmp-man-${MANUAL_PV}.pdf "${ED}"/usr/share/doc/${PF}/
+}