From 9faf619175b5128226b9501f8d59aca481d5c9ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E5=AE=81=E6=9D=B0?= <liningjie@xfusion.com>
Date: Fri, 1 Nov 2024 06:32:49 +0000
Subject: [PATCH] Fix CVE-2024-50610

(cherry picked from commit 386be692f88fd2c30873694819244433af4c5f1a)
---
 backport-CVE-2024-50610.patch | 25 +++++++++++++++++++++++++
 gsl.spec                      |  7 ++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-50610.patch

diff --git a/backport-CVE-2024-50610.patch b/backport-CVE-2024-50610.patch
new file mode 100644
index 0000000..cd2db8d
--- /dev/null
+++ b/backport-CVE-2024-50610.patch
@@ -0,0 +1,25 @@
+From 82bc5c00cfe4d1e2f4386e0760dd9ad26cfa4831 Mon Sep 17 00:00:00 2001
+From: Dirk Eddelbuettel <edd@debian.org>
+Date: Mon, 28 Oct 2024 18:33:15 -0500
+Subject: [PATCH] releasing package gsl version 2.8+dfsg-4
+
+---
+ siman/siman.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/siman/siman.c b/siman/siman.c
+index 65b9177..5e8d75d 100644
+--- a/siman/siman.c
++++ b/siman/siman.c
+@@ -197,6 +197,9 @@ gsl_siman_solve_many (const gsl_rng * r, void *x0_p, gsl_siman_Efunc_t Ef,
+   double u;                     /* throw the die to choose a new "x" */
+   int n_iter;
+ 
++  /* this function requires that n_tries be positive */
++  assert(params.n_tries > 0);
++
+   if (print_position) {
+     printf ("#-iter    temperature       position");
+     printf ("         delta_pos        energy\n");
+-- 
+2.33.0
diff --git a/gsl.spec b/gsl.spec
index ec7829a..9d2e399 100644
--- a/gsl.spec
+++ b/gsl.spec
@@ -1,12 +1,14 @@
 Name: gsl
 Version: 2.7
-Release: 2
+Release: 3
 Summary: The GNU Scientific Library for numerical analysis
 URL: http://www.gnu.org/software/gsl/
 License: GPLv3 and GFDL-1.3-or-later and BSD
 Source: ftp://ftp.gnu.org/gnu/gsl/%{name}-%{version}.tar.gz
 
 Patch0: gsl-test.patch
+# backport patch from Debian
+Patch1: backport-CVE-2024-50610.patch
 
 BuildRequires: gcc pkgconfig
 BuildRequires: chrpath
@@ -94,6 +96,9 @@ fi
 %{_mandir}/man3/*.3*
 
 %changelog
+* Fri Nov 1 2024 liningjie <liningjie@xfusion.com> - 2.7-3
+- Fix CVE-2024-50610
+
 * Tue Aug 20 2024 yaoxin <yao_xin001@hoperun.com> - 2.7-2
 - Remove rpath
 
-- 
Gitee