!24 [sync] PR-21: Fix CVE-2024-50610

From: @openeuler-sync-bot 
Reviewed-by: @starlet-dx 
Signed-off-by: @starlet-dx

backport-CVE-2024-50610.patch

@@ -0,0 +1,25 @@
+From 82bc5c00cfe4d1e2f4386e0760dd9ad26cfa4831 Mon Sep 17 00:00:00 2001
+From: Dirk Eddelbuettel <edd@debian.org>
+Date: Mon, 28 Oct 2024 18:33:15 -0500
+Subject: [PATCH] releasing package gsl version 2.8+dfsg-4
+
+---
+ siman/siman.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/siman/siman.c b/siman/siman.c
+index 65b9177..5e8d75d 100644
+--- a/siman/siman.c
++++ b/siman/siman.c
+@@ -197,6 +197,9 @@ gsl_siman_solve_many (const gsl_rng * r, void *x0_p, gsl_siman_Efunc_t Ef,
+   double u;                     /* throw the die to choose a new "x" */
+   int n_iter;
+ 
++  /* this function requires that n_tries be positive */
++  assert(params.n_tries > 0);
++
+   if (print_position) {
+     printf ("#-iter    temperature       position");
+     printf ("         delta_pos        energy\n");
+-- 
+2.33.0

gsl.spec

@@ -1,12 +1,14 @@
 Name: gsl
 Version: 2.4
-Release: 9
+Release: 10
 Summary: The GNU Scientific Library for numerical analysis
 URL: http://www.gnu.org/software/gsl/
-License: GPLv3 and GFDL and BSD
+License: GPL-3.0-or-later AND GFDL-1.3-or-later
 Source: ftp://ftp.gnu.org/gnu/gsl/%{name}-%{version}.tar.gz
 
 Patch0: gsl-test.patch
+# backport patch from Debian
+Patch1: backport-CVE-2024-50610.patch
 
 BuildRequires: gcc pkgconfig
 
@@ -90,5 +92,8 @@ fi
 %{_mandir}/man3/*.3*
 
 %changelog
+* Fri Nov 1 2024 liningjie <liningjie@xfusion.com> - 2.4-10
+- Fix CVE-2024-50610
+
 * Fri Feb 14 2020 fengbing <fengbing7@huawei.com> - 2.4-9
 - Package init