|
|
NEWS 2023-06-21: The GMP servers has been under serious load due to a barrage of clone requests from Microsoft/Github. Github's setup encourages "forks" of their projects, and such forks then by default pull in parent project changes. Around 2023-06-15, a project known as FFmpeg decided that it would be a great idea to clone GMP in their CI scripts, meaning that every one of their commits requested a compressed clone from the GMP servers. But, by Github's design, hundreds of FFmpeg forks automatically followed suit, themselves cloning the GMP repo.
In effect, Microsoft's computer cloud performed a DDoS attack on the GMP servers.
After bringing up the issue here and on the GMP mailing lists, some Github brass replied, minimizing the issue and blaming our servers for the denial-of-service attack. They did not do anything to stop the attack! In fact, it is still ongoing a week later. Each clone takes about 10 CPU seconds on our server, each FFmpeg commit resulted in about 10 CPU hours of CPU on our side.
Our servers are fully available again, but that's the result of us adding all participating Microsoft network ranges to our firewall. We understand that we are far from the first project to take such measures against Github.
Thanks to a very generous donation from Christian Calderon, the GMP project now has a brand new, AMD Epyc server which will replace the old server. This is great for GMP, not only because of the old server's hardware security issues, but also since the new server is 3x more powerful than the old one.
Here are the specs of the system Christian has given us:
- Supermicro barebone 1114S-WTRT
- AMD Epyc 7402P 24-core CPU
- 256 GiB of ECC RAM
- 1.6 TB PCIe SSD disk (Samsung PM1735)
GMP is a free library for arbitrary precision arithmetic, operating on signed integers, rational numbers, and floating-point numbers. There is no practical limit to the precision except the ones implied by the available memory in the machine GMP runs on. GMP has a rich set of functions, and the functions have a regular interface.
The main target applications for GMP are cryptography applications and research, Internet security applications, algebra systems, computational algebra research, etc.
GMP is carefully designed to be as fast as possible, both for small operands and for huge operands. The speed is achieved by using fullwords as the basic arithmetic type, by using fast algorithms, with highly optimised assembly code for the most common inner loops for a lot of CPUs, and by a general emphasis on speed.
The first GMP release was made in 1991. It is continually developed and maintained, with a new release about once a year.
Since version 6, GMP is distributed under the dual licenses, GNU LGPL v3 and GNU GPL v2. These licenses make the library free to use, share, and improve, and allow you to pass on the result. The GNU licenses give freedoms, but also set firm restrictions on the use with non-free programs.
GMP is part of the GNU project. For more information about the GNU project, please see the official GNU web site.
GMP's main target platforms are Unix-type systems, such as GNU/Linux, Solaris, HP-UX, Mac OS X/Darwin, BSD, AIX, etc. It also is known to work on Windows in both 32-bit and 64-bit mode.
GMP is brought to you by a team listed in the manual.
GMP is carefully developed and maintained, both technically and legally. We of course inspect and test contributed code carefully, but equally importantly we make sure we have the legal right to distribute the contributions, meaning users can safely use GMP. To achieve this, we will ask contributors to sign paperwork where they allow us to distribute their work.
There are several categories of functions in GMP:
mpz
). There are about 150
arithmetic and logic functions in this category. mpq
). This category consists of
about 35 functions, but all mpz
functions can be used
too, by applying them to the numerator and denominator separately. mpf
). This is the GMP
function category to use if the C type `double' doesn't give enough
precision for an application. There are about 70 functions in this
category. New projects should strongly consider using the much more
complete GMP extension library mpfr
instead of mpf. mpn
category. No memory management is performed; the caller
must ensure enough space is available for the results. The set of
functions is not always regular, nor is the calling interface. These
functions accept input arguments in the form of pairs consisting of a
pointer to the least significant word, and an integral size telling how
many limbs (= words) there are in that argument. The functions in the
other categories call mpn for almost all their calculations. Of these
functions about 60 are public.
GMP 6.3.0 lz, 2086209 bytes xz, 2094196 bytes zstd, 2176751 bytes Main site, gmplib.org, via https gmp-6.3.0.tar.lz gmp-6.3.0.tar.xz gmp-6.3.0.tar.zst USA, ftp.gnu.org, via https gmp-6.3.0.tar.lz gmp-6.3.0.tar.xz gmp-6.3.0.tar.zst
To try to verify that the file you have downloaded has not been tampered with, you can check that the GnuPG signature matches the contents of the file. Use your GnuPG software or a key server directly to get the key that was used for creating the signature. Starting from the repackaging of gmp-5.1.0 as gmp-5.1.0a.tar.* the following key is used to sign GMP releases:
Key ID: 0x28C67298
Key type: 2560 bit RSA
Fingerprint: 343C 2FF0 FBEE 5EC2 EDBE F399 F359 9FF8 28C6 7298
Instead of using a release, you may also get the latest code from the GMP repositories. This will require some more work compared to using a release.
Please first see the manual on how to report bugs. The proper address for bug reports is gmp-bugs at gmplib.org.
Most problems with GMP these days are due to problems not in GMP, but with the compiler used for compiling the GMP sources. This is a major concern to the GMP project, since an incorrect computation is an incorrect computation, whether caused by a GMP bug or a compiler bug. We fight this by making the GMP testsuite have great coverage, so that it should catch every possible miscompilation.
List Subscribe URL Archive URL Purpose gmp-bugs gmplib.org/mailman/listinfo/gmp-bugs gmplib.org/list-archives/gmp-bugs/ Bug reports (not questions!). See manual. gmp-announce gmplib.org/mailman/listinfo/gmp-announce gmplib.org/list-archives/gmp-announce/ Announcements from the developers (very little traffic) gmp-discuss gmplib.org/mailman/listinfo/gmp-discuss gmplib.org/list-archives/gmp-discuss/ Questions, Help, Discussions gmp-devel gmplib.org/mailman/listinfo/gmp-devel gmplib.org/list-archives/gmp-devel/ Technical discussions between developers gmp-commit gmplib.org/mailman/listinfo/gmp-commit gmplib.org/list-archives/gmp-commit/ Commit messages
Starting in early 2024, we cannot deliver email to any gmail.com addresses. This is a result of that Google no longer trusts our email server. We have never delivered spam to any gmail account, their policies are based on other considerations.
Note that we perform spam and virus filtering of these lists. The lists have been 100% spam-free during the last years.
We're blocking all mail from many IP ranges, for spam mitigation. That even includes geo blocking. If you are affected but have a legitimate reason to send mail to the GMP project, e.g., if you work at a university or corporation with an interest in GMP, please let us know; we will open access for you.
The current stable release is 6.3.0, released 2023-07-30.
t-lucm
test case for an unknown reason. 2: Some x86
64-bit builds fail for the mpq tests t-cmp
,
t-cmp_ui
, t-cmp_z
; this is caused by a GCC bug
where some additive algebra goes very wrong.
mpn_set_str
is incorrect and
incomplete wrt allocation requirements.
Patch.
mpn_sbpi1_div_qr_sec
and
mpn_sbpi1_div_r_sec
compute incorrect results for some
operands. With uniformly distributed random operands, the error is very
hard to trigger, and for the intended use of these functions, operands can
be expected to appear as such random operands from these functions'
perspective. Patch.
mpz_powm_ui
computes garbage if the base
argument is over 15000 decimal or the mod argument is at least 7500 decimal
digits. No other GMP powm function is affected.
Patch.
distcheck
target which creates a world-writable directory.
This target is not used in the GMP release process, but it is a potential
security problem affecting users who invoke this make target. This
problem (and no other) is corrected in the gmp-5.1.0a.tar.* set of
files. For patches to older GMP versions, please see the Info on older GMP releases.
Please see the GMPng page for information on what we're working on.