New upstream version 4.04.2.

Fix: ocaml: Insufficient sanitisation allows privilege escalation for setuid binaries (CVE-2017-9772) (RHBZ#1464920).
2017-06-26 10:53:06 +01:00 · 2017-06-26 10:53:06 +01:00 · 310b7aa2bb
commit 310b7aa2bb
parent 62c9a887d9
12 changed files with 29 additions and 23 deletions
--- a/.gitignore
+++ b/.gitignore
@ -5,3 +5,4 @@
 /ocaml-*-refman.pdf
 /4.04.0+beta2.tar.gz
 /ocaml-4.04.1.tar.xz
+/ocaml-4.04.2.tar.xz
--- a/0001-Don-t-add-rpaths-to-libraries.patch
+++ b/0001-Don-t-add-rpaths-to-libraries.patch
@ -1,4 +1,4 @@
-From 6adc7bf72e58038638b67393695f26561e456eb4 Mon Sep 17 00:00:00 2001
+From ff87e5c4252e5545e50fff0a2e7c10b813c02ec2 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 24 Jun 2014 10:00:15 +0100
 Subject: [PATCH 1/9] Don't add rpaths to libraries.
@ -25,5 +25,5 @@ index a873bdd98..ba263b88f 100644
          sed -n -e 's/^#ml //p' ../config/Makefile) \
         > ocamlmklibconfig.ml
 -- 
-2.12.0
+2.13.1

--- a/0002-ocamlbyteinfo-ocamlplugininfo-Useful-utilities-from-.patch
+++ b/0002-ocamlbyteinfo-ocamlplugininfo-Useful-utilities-from-.patch
@ -1,4 +1,4 @@
-From 9b2bdf0f3c63690ad942cf3c5615b9e5205b3da7 Mon Sep 17 00:00:00 2001
+From c047077c1c8a2acdc1d9bfe502c1a9b910ac3b9d Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 29 May 2012 20:40:36 +0100
 Subject: [PATCH 2/9] ocamlbyteinfo, ocamlplugininfo: Useful utilities from
@ -236,5 +236,5 @@ index 000000000..e28800f31
 +        header.units
 +    end
 -- 
-2.12.0
+2.13.1

--- a/0003-configure-Allow-user-defined-C-compiler-flags.patch
+++ b/0003-configure-Allow-user-defined-C-compiler-flags.patch
@ -1,4 +1,4 @@
-From 33f0bc368f005204bb3f7f99bc678ecfab4d94c0 Mon Sep 17 00:00:00 2001
+From 77475cec6718b9f15bc6e8e5c7e6edb936b93cd2 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 29 May 2012 20:44:18 +0100
 Subject: [PATCH 3/9] configure: Allow user defined C compiler flags.
@ -8,10 +8,10 @@ Subject: [PATCH 3/9] configure: Allow user defined C compiler flags.
 1 file changed, 4 insertions(+)

 diff --git a/configure b/configure
-index b9ae81a3c..01a7baedf 100755
+index 3b2636035..d53d90367 100755
 --- a/configure
 +++ b/configure
-@@ -1902,6 +1902,10 @@ if $with_fpic; then
+@@ -1912,6 +1912,10 @@ if $with_fpic; then
   echo "#define CAML_WITH_FPIC" >> m.h
 fi
 
@ -23,5 +23,5 @@ index b9ae81a3c..01a7baedf 100755
 
 cclibs="$cclibs $mathlib"
 -- 
-2.12.0
+2.13.1

--- a/0004-Don-t-rewrite-Werror.patch
+++ b/0004-Don-t-rewrite-Werror.patch
@ -1,4 +1,4 @@
-From 88a446ec1637f3ed7e22eabfa27afd728c8e52dc Mon Sep 17 00:00:00 2001
+From 5376164719c12fbad2321551425b3c46ec794817 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Thu, 3 Nov 2016 19:50:20 +0000
 Subject: [PATCH 4/9] Don't rewrite -Werror.
@ -24,5 +24,5 @@ index b30564d00..e8514d41e 100644
 	    -e 's|%%BYTECCLIBS%%|$(BYTECCLIBS)|' \
 	    -e 's|%%NATIVECCLIBS%%|$(NATIVECCLIBS)|' \
 -- 
-2.12.0
+2.13.1

--- a/0005-Adapt-config.guess-for-RISC-V.patch
+++ b/0005-Adapt-config.guess-for-RISC-V.patch
@ -1,4 +1,4 @@
-From f44dd01468eb9b98e55c6b78b1cf6dc3aecd8b6b Mon Sep 17 00:00:00 2001
+From 8860338049b0a43377c2ea7fa05a47766b3b21aa Mon Sep 17 00:00:00 2001
 From: Nicolas Ojeda Bar <n.oje.bar@gmail.com>
 Date: Tue, 8 Nov 2016 23:56:50 +0100
 Subject: [PATCH 5/9] Adapt config.guess for RISC-V
@ -31,5 +31,5 @@ index b79252d6b..8335398b2 100755
 	echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
 	exit ;;
 -- 
-2.12.0
+2.13.1

--- a/0006-Add-RISC-V-backend-runtime.patch
+++ b/0006-Add-RISC-V-backend-runtime.patch
@ -1,4 +1,4 @@
-From 3562730fcdf7f5b3802876980b7cac96a49709de Mon Sep 17 00:00:00 2001
+From c7d7b98e82b5571965e57c1537899094222f3157 Mon Sep 17 00:00:00 2001
 From: Nicolas Ojeda Bar <n.oje.bar@gmail.com>
 Date: Fri, 4 Nov 2016 20:39:09 +0100
 Subject: [PATCH 6/9] Add RISC-V backend & runtime
@ -1683,7 +1683,7 @@ index fd9d528e9..781c2517b 100644
 
 struct caml_context {
 diff --git a/configure b/configure
-index 01a7baedf..9562cfa0d 100755
+index d53d90367..04acb43be 100755
 --- a/configure
 +++ b/configure
@@ -820,6 +820,7 @@ if test $with_sharedlibs = "yes"; then
@ -1713,5 +1713,5 @@ index 01a7baedf..9562cfa0d 100755
                   aspp="${TOOLPREF}gcc -c";;
 esac
 -- 
-2.12.0
+2.13.1

--- a/0007-Try-fix-for-andi-ori-xori-immediates-1.patch
+++ b/0007-Try-fix-for-andi-ori-xori-immediates-1.patch
@ -1,4 +1,4 @@
-From e6d320c5b0f0370b4d1cb8a06f708bbe238a450e Mon Sep 17 00:00:00 2001
+From 80e5cd3dc503319490761a705e14f3fa421ff760 Mon Sep 17 00:00:00 2001
 From: Nicolas Ojeda Bar <n.oje.bar@gmail.com>
 Date: Thu, 10 Nov 2016 14:12:53 +0100
 Subject: [PATCH 7/9] Try fix for andi/ori/xori immediates (#1)
@ -39,5 +39,5 @@ index 60ec5cb4e..ad2b26e9b 100644
 
 method! select_condition = function
 -- 
-2.12.0
+2.13.1

--- a/0008-Fix-immediates-range-when-adjusting-indexing-sp.patch
+++ b/0008-Fix-immediates-range-when-adjusting-indexing-sp.patch
@ -1,4 +1,4 @@
-From c298ef710b12a4b0f00b21dbea79eab7ef10365a Mon Sep 17 00:00:00 2001
+From ded14c206a5e73ba5eae6d84ed4ee82c11ce6245 Mon Sep 17 00:00:00 2001
 From: Nicolas Ojeda Bar <n.oje.bar@gmail.com>
 Date: Tue, 22 Nov 2016 22:30:35 +0100
 Subject: [PATCH 8/9] Fix immediates' range when adjusting/indexing sp
@ -152,5 +152,5 @@ index ad2b26e9b..283233679 100644
 method select_addressing _ = function
   | Cop(Cadda, [arg; Cconst_int n]) when self#is_immediate n ->
 -- 
-2.12.0
+2.13.1

--- a/0009-Another-immediate-range-fix.patch
+++ b/0009-Another-immediate-range-fix.patch
@ -1,4 +1,4 @@
-From 21c3a72623492ee22080f1bba2cfa93cbac613e8 Mon Sep 17 00:00:00 2001
+From 664a26d436919be1fe3a33094aa44403b4bf710d Mon Sep 17 00:00:00 2001
 From: Nicolas Ojeda Bar <n.oje.bar@gmail.com>
 Date: Wed, 23 Nov 2016 12:38:28 +0100
 Subject: [PATCH 9/9] Another immediate range fix
@ -127,5 +127,5 @@ index 97c49ce80..6cc190864 100644
   emit_all fundecl.fun_body;
   List.iter emit_call_gc !call_gc_sites;
 -- 
-2.12.0
+2.13.1

--- a/ocaml.spec
+++ b/ocaml.spec
@ -26,7 +26,7 @@
 %global no_parallel_build_arches aarch64

 Name:           ocaml
-Version:        4.04.1
+Version:        4.04.2
 Release:        1%{?dist}

 Summary:        OCaml compiler and programming environment
@ -453,6 +453,11 @@ fi


 %changelog
+* Mon Jun 26 2017 Richard W.M. Jones <rjones@redhat.com> - 4.04.2-1
+- New upstream version 4.04.2.
+- Fix: ocaml: Insufficient sanitisation allows privilege escalation for
+  setuid binaries (CVE-2017-9772) (RHBZ#1464920).
+
 * Wed May 10 2017 Richard W.M. Jones <rjones@redhat.com> - 4.04.1-1
 - New upstream version 4.04.1.

--- a/2
+++ b/2
@ -1,4 +1,4 @@
-SHA512 (ocaml-4.04.1.tar.xz) = 908bb3afc0a37c33faf9fcb00506bbe44b94f9d45bb6e28312c92c7f46e070bdffec30da65285864a984db70dc7b9bfcefe03b8b7a04da39a7efc9093ea8a297
 SHA512 (ocaml-4.04-refman-html.tar.gz) = 027ad5ea08488beb5ce65ec97a8aaf04197317d7d3194de771a4170dea9f8b90fc4309fd917b4176cd930dd0835c84448771b84fa92a735cfc60668ef0a6a413
 SHA512 (ocaml-4.04-refman.info.tar.gz) = e83a28e8fb6af198471d26e790ce64ae11d6a2262110ecd5a7b150f9248c221847b1bde3e076b38a7e412ea1d709e0c1bfbf890ccbd5721869ea98d6d9dcc052
 SHA512 (ocaml-4.04-refman.pdf) = 9194d0a9cddb1cde3f86f90fbe6e23740ef0e4e49515f40708fe5a2acc3318f6c3839377f93163e2520770357ad0ce7145c5cfb1424503e8873106b17338e4b6
+SHA512 (ocaml-4.04.2.tar.xz) = 0449f650388fe63e1f96c6f63d994855cf76bac5b52d3f76e781c8d9f5fddb657a24a88063c1280d45ccc741c372085bad46cdb3dbc186e1861627d500290629