CVE-2015-8869 ocaml: sizes arguments are sign-extended from
32 to 64 bits (RHBZ#1332090)
This commit is contained in:
Richard W.M. Jones
parent
32ff87d95d
commit
496d4e4eaf
@ -1,7 +1,7 @@
|
||||
From 988c1068100b7f30bd8b0d2c1195ac383705dc1c Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 24 Jun 2014 22:29:38 +0100
|
||||
Subject: [PATCH 01/19] Don't ignore ./configure, it's a real git file.
|
||||
Subject: [PATCH 01/20] Don't ignore ./configure, it's a real git file.
|
||||
|
||||
---
|
||||
.gitignore | 1 -
|
||||
@ -20,5 +20,5 @@ index 87f7cda..8aad7c2 100644
|
||||
/ocamlc.opt
|
||||
/expunge
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From d08dc9232f0ee90e3dc8132b9e63935be58e668e Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Thu, 7 Jun 2012 15:36:16 +0100
|
||||
Subject: [PATCH 02/19] Ensure empty compilerlibs/ directory is created by git.
|
||||
Subject: [PATCH 02/20] Ensure empty compilerlibs/ directory is created by git.
|
||||
|
||||
This directory exists in the OCaml tarball, but is empty. As a
|
||||
result, git ignores it unless we put a dummy file in it.
|
||||
@ -14,5 +14,5 @@ diff --git a/compilerlibs/.exists b/compilerlibs/.exists
|
||||
new file mode 100644
|
||||
index 0000000..e69de29
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 73db2ab33221880d2399b2e98038219d798861ff Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 24 Jun 2014 10:00:15 +0100
|
||||
Subject: [PATCH 03/19] Don't add rpaths to libraries.
|
||||
Subject: [PATCH 03/20] Don't add rpaths to libraries.
|
||||
|
||||
---
|
||||
tools/Makefile.shared | 6 +++---
|
||||
@ -25,5 +25,5 @@ index 0b90cd3..dc48712 100644
|
||||
sed -n -e 's/^#ml //p' ../config/Makefile) \
|
||||
> ocamlmklibconfig.ml
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 953b84dd9626f2be68f5cc8942478338250d560b Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 29 May 2012 20:40:36 +0100
|
||||
Subject: [PATCH 04/19] ocamlbyteinfo, ocamlplugininfo: Useful utilities from
|
||||
Subject: [PATCH 04/20] ocamlbyteinfo, ocamlplugininfo: Useful utilities from
|
||||
Debian, sent upstream.
|
||||
|
||||
See:
|
||||
@ -236,5 +236,5 @@ index 0000000..e28800f
|
||||
+ header.units
|
||||
+ end
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 613c9273f4cd73eb6e6750d8be29d7fa7f5a68c9 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 29 May 2012 20:44:18 +0100
|
||||
Subject: [PATCH 05/19] configure: Allow user defined C compiler flags.
|
||||
Subject: [PATCH 05/20] configure: Allow user defined C compiler flags.
|
||||
|
||||
---
|
||||
configure | 4 ++++
|
||||
@ -23,5 +23,5 @@ index 4ea1498..d006010 100755
|
||||
|
||||
cclibs="$cclibs $mathlib"
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From d1b5848cac51fc63723cdecb857f520caa0b27a2 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 29 May 2012 20:47:07 +0100
|
||||
Subject: [PATCH 06/19] Add support for ppc64.
|
||||
Subject: [PATCH 06/20] Add support for ppc64.
|
||||
|
||||
Note (1): This patch was rejected upstream because they don't have
|
||||
appropriate hardware for testing.
|
||||
@ -2126,5 +2126,5 @@ index d006010..cb289fb 100755
|
||||
aspp="$bytecc -c";;
|
||||
sparc,solaris) as="${TOOLPREF}as"
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 49dcd94b5db72c7d6d0801309ca1e218b759fa00 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Fri, 24 Oct 2014 12:59:23 +0200
|
||||
Subject: [PATCH 07/19] ppc64: Update for OCaml 4.02.0.
|
||||
Subject: [PATCH 07/20] ppc64: Update for OCaml 4.02.0.
|
||||
|
||||
These are based on the power (ppc32) branch and some guesswork.
|
||||
In particular, I'm not convinced that my changes to floating
|
||||
@ -201,5 +201,5 @@ index b7bba9b..b582b6a 100644
|
||||
| Iintop(Imod) -> 40 (* assuming full stall *)
|
||||
| Iintop(Icomp _) -> 4
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From d63e08ea4d073b2f5d5297eff396110d949c0352 Mon Sep 17 00:00:00 2001
|
||||
From: Michel Normand <normand@linux.vnet.ibm.com>
|
||||
Date: Tue, 18 Mar 2014 09:15:47 -0400
|
||||
Subject: [PATCH 08/19] Add support for ppc64le.
|
||||
Subject: [PATCH 08/20] Add support for ppc64le.
|
||||
|
||||
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
|
||||
---
|
||||
@ -1913,5 +1913,5 @@ index cb289fb..6157157 100755
|
||||
aspp="$bytecc -c";;
|
||||
sparc,solaris) as="${TOOLPREF}as"
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 5abd39f1a1e4f7c4dd0c1b1252f98e7ee5a95e27 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Fri, 24 Oct 2014 12:59:23 +0200
|
||||
Subject: [PATCH 09/19] ppc64le: Update for OCaml 4.02.0.
|
||||
Subject: [PATCH 09/20] ppc64le: Update for OCaml 4.02.0.
|
||||
|
||||
These are based on the power (ppc32) branch and some guesswork. In
|
||||
particular, I'm not convinced that my changes to floating point
|
||||
@ -200,5 +200,5 @@ index b7bba9b..b582b6a 100644
|
||||
| Iintop(Imod) -> 40 (* assuming full stall *)
|
||||
| Iintop(Icomp _) -> 4
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From e3a29e8c9e85c5d1a4dc28f2ab746dae57c2636b Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sat, 10 May 2014 03:20:35 -0400
|
||||
Subject: [PATCH 10/19] arm, arm64: Mark stack as non-executable.
|
||||
Subject: [PATCH 10/20] arm, arm64: Mark stack as non-executable.
|
||||
|
||||
The same fix as this one, which was only fully applied to
|
||||
i686 & x86-64:
|
||||
@ -35,5 +35,5 @@ index 9b4b9ab..c23168b 100644
|
||||
+ /* Mark stack as non-executable, PR#4564 */
|
||||
+ .section .note.GNU-stack,"",%progbits
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From e48a32ed47b6b5a77653ca3b40afb7c26aca7123 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 1 Apr 2014 11:17:07 +0100
|
||||
Subject: [PATCH 11/19] arg: Add no_arg and get_arg helper functions.
|
||||
Subject: [PATCH 11/20] arg: Add no_arg and get_arg helper functions.
|
||||
|
||||
The no_arg function in this patch is a no-op. It will do something
|
||||
useful in the followups.
|
||||
@ -114,5 +114,5 @@ index d7b8ac0..a8f3964 100644
|
||||
treat_action action
|
||||
with Bad m -> stop (Message m);
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From b5e341afca2bdb390255cb74b3e3f5d1e3971590 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 1 Apr 2014 11:21:40 +0100
|
||||
Subject: [PATCH 12/19] arg: Allow flags such as --flag=arg as well as --flag
|
||||
Subject: [PATCH 12/20] arg: Allow flags such as --flag=arg as well as --flag
|
||||
arg.
|
||||
|
||||
Allow flags to be followed directly by their argument, separated by an '='
|
||||
@ -80,5 +80,5 @@ index 0999edf..71af638 100644
|
||||
|
||||
Examples ([cmd] is assumed to be the command name):
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 341e1f0892d1c7d39057e733b035fce54568d28b Mon Sep 17 00:00:00 2001
|
||||
From: Xavier Leroy <xavier.leroy@inria.fr>
|
||||
Date: Wed, 27 Aug 2014 09:58:33 +0000
|
||||
Subject: [PATCH 13/19] PR#6517: use ISO C99 types {,u}int{32,64}_t in
|
||||
Subject: [PATCH 13/20] PR#6517: use ISO C99 types {,u}int{32,64}_t in
|
||||
preference to our homegrown types {,u}int{32,64}.
|
||||
|
||||
git-svn-id: http://caml.inria.fr/svn/ocaml/trunk@15131 f963ae5c-01c2-4b8c-9fe0-0dff7051ff02
|
||||
@ -1959,5 +1959,5 @@ index b8d02ea..6f3dc54 100644
|
||||
|
||||
lseek(fd, (long) -TRAILER_SIZE, SEEK_END);
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From e6b37c1b0c9ee724ae81b74a84e133a75ed9e3a3 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Thu, 11 Sep 2014 14:49:54 +0100
|
||||
Subject: [PATCH 14/19] ppc, ppc64, ppc64le: Mark stack as non-executable.
|
||||
Subject: [PATCH 14/20] ppc, ppc64, ppc64le: Mark stack as non-executable.
|
||||
|
||||
The same fix as this one, which was only fully applied to
|
||||
i686 & x86-64:
|
||||
@ -70,5 +70,5 @@ index 98c42e2..b7bfce4 100644
|
||||
+/* Mark stack as non-executable, PR#4564 */
|
||||
+ .section .note.GNU-stack,"",%progbits
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 3f2be69df7fa930e0584abc217ef9d06b1155696 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Fri, 24 Oct 2014 10:10:54 +0100
|
||||
Subject: [PATCH 15/19] ppc64/ppc64le: proc: Interim definitions for op_is_pure
|
||||
Subject: [PATCH 15/20] ppc64/ppc64le: proc: Interim definitions for op_is_pure
|
||||
and regs_are_volatile.
|
||||
|
||||
See: https://bugzilla.redhat.com/show_bug.cgi?id=1156300
|
||||
@ -80,5 +80,5 @@ index 476c984..56473ac 100644
|
||||
|
||||
let num_stack_slots = [| 0; 0 |]
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 3aff352bb01751cddeb2b18c26576337d1b46c90 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Thu, 28 May 2015 16:13:40 -0400
|
||||
Subject: [PATCH 16/19] ppc64le: Fix calling convention of external functions
|
||||
Subject: [PATCH 16/20] ppc64le: Fix calling convention of external functions
|
||||
with > 8 parameters (RHBZ#1225995).
|
||||
|
||||
For external (ie. C) functions with more than 8 parameters, we must
|
||||
@ -30,5 +30,5 @@ index 56473ac..c705695 100644
|
||||
|
||||
let extcall_use_push = false
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 8f8713a113a218e7d7203c1575e8302f49821f41 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Mon, 29 Jun 2015 08:31:31 -0400
|
||||
Subject: [PATCH 17/19] ppc64: Fix PIC variant of asmrun.
|
||||
Subject: [PATCH 17/20] ppc64: Fix PIC variant of asmrun.
|
||||
|
||||
---
|
||||
asmrun/Makefile | 3 +++
|
||||
@ -22,5 +22,5 @@ index a63321e..4aa2fc9 100644
|
||||
cp power64le-$(SYSTEM).o power64le.o
|
||||
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 184190bc52eb86fe37864acc4679297a52756b01 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Mon, 29 Jun 2015 08:32:31 -0400
|
||||
Subject: [PATCH 18/19] ppc64le: Fix PIC variant of asmrun.
|
||||
Subject: [PATCH 18/20] ppc64le: Fix PIC variant of asmrun.
|
||||
|
||||
---
|
||||
asmrun/Makefile | 3 +++
|
||||
@ -22,5 +22,5 @@ index 4aa2fc9..8997e15 100644
|
||||
ln -s ../byterun/main.c main.c
|
||||
misc.c: ../byterun/misc.c
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 351e776744c56bf6c4afb75e8e9f510e89c15233 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Mon, 29 Jun 2015 14:18:38 -0400
|
||||
Subject: [PATCH 19/19] =?UTF-8?q?ppc64/ppc64le:=20Fix=20behaviour=20of=20I?=
|
||||
Subject: [PATCH 19/20] =?UTF-8?q?ppc64/ppc64le:=20Fix=20behaviour=20of=20I?=
|
||||
=?UTF-8?q?nt64.max=5Fint=20=C3=B7=20-1=20(RHBZ#1236615).?=
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
@ -41,5 +41,5 @@ index 586534b..2155e79 100644
|
||||
(* Operations on addressing modes *)
|
||||
|
||||
--
|
||||
2.4.3
|
||||
2.7.4
|
||||
|
||||
|
||||
@ -0,0 +1,88 @@
|
||||
From 27381a26db4604d9f37ab9f1a12f885d1dbd278a Mon Sep 17 00:00:00 2001
|
||||
From: Damien Doligez <damien.doligez-inria.fr>
|
||||
Date: Mon, 19 Oct 2015 15:47:33 +0000
|
||||
Subject: [PATCH 20/20] fix PR#7003 and a few other bugs caused by misuse of
|
||||
Int_val
|
||||
|
||||
git-svn-id: http://caml.inria.fr/svn/ocaml/trunk@16525 f963ae5c-01c2-4b8c-9fe0-0dff7051ff02
|
||||
(cherry picked from commit 659615c7b100a89eafe6253e7a5b9d84d0e8df74)
|
||||
---
|
||||
Changes | 2 ++
|
||||
byterun/alloc.c | 4 ++--
|
||||
byterun/intern.c | 2 +-
|
||||
byterun/str.c | 4 ++--
|
||||
4 files changed, 7 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/Changes b/Changes
|
||||
index 3587d44..9649e1a 100644
|
||||
--- a/Changes
|
||||
+++ b/Changes
|
||||
@@ -2,6 +2,8 @@ OCaml 4.02.3:
|
||||
-------------
|
||||
|
||||
Bug fixes:
|
||||
+- PR#7003: String.sub causes segmentation fault
|
||||
+ (Damien Doligez, report by Radek Micek)
|
||||
- PR#6908: Top-level custom printing for GADTs: interface change in 4.02.2
|
||||
(Grégoire Henry, report by Jeremy Yallop)
|
||||
- PR#6919: corrupted final_table
|
||||
diff --git a/byterun/alloc.c b/byterun/alloc.c
|
||||
index b421cac..3d7dfc4 100644
|
||||
--- a/byterun/alloc.c
|
||||
+++ b/byterun/alloc.c
|
||||
@@ -147,7 +147,7 @@ CAMLexport int caml_convert_flag_list(value list, int *flags)
|
||||
|
||||
CAMLprim value caml_alloc_dummy(value size)
|
||||
{
|
||||
- mlsize_t wosize = Int_val(size);
|
||||
+ mlsize_t wosize = Long_val(size);
|
||||
|
||||
if (wosize == 0) return Atom(0);
|
||||
return caml_alloc (wosize, 0);
|
||||
@@ -161,7 +161,7 @@ CAMLprim value caml_alloc_dummy_function(value size,value arity)
|
||||
|
||||
CAMLprim value caml_alloc_dummy_float (value size)
|
||||
{
|
||||
- mlsize_t wosize = Int_val(size) * Double_wosize;
|
||||
+ mlsize_t wosize = Long_val(size) * Double_wosize;
|
||||
|
||||
if (wosize == 0) return Atom(0);
|
||||
return caml_alloc (wosize, 0);
|
||||
diff --git a/byterun/intern.c b/byterun/intern.c
|
||||
index 6f2d49f..4ddc8d0 100644
|
||||
--- a/byterun/intern.c
|
||||
+++ b/byterun/intern.c
|
||||
@@ -287,7 +287,7 @@ static void intern_rec(value *dest)
|
||||
case OFreshOID:
|
||||
/* Refresh the object ID */
|
||||
/* but do not do it for predefined exception slots */
|
||||
- if (Int_val(Field((value)dest, 1)) >= 0)
|
||||
+ if (Long_val(Field((value)dest, 1)) >= 0)
|
||||
caml_set_oo_id((value)dest);
|
||||
/* Pop item and iterate */
|
||||
sp--;
|
||||
diff --git a/byterun/str.c b/byterun/str.c
|
||||
index d88c3d2..5bc4e0a 100644
|
||||
--- a/byterun/str.c
|
||||
+++ b/byterun/str.c
|
||||
@@ -266,7 +266,7 @@ CAMLprim value caml_string_greaterequal(value s1, value s2)
|
||||
CAMLprim value caml_blit_string(value s1, value ofs1, value s2, value ofs2,
|
||||
value n)
|
||||
{
|
||||
- memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Int_val(n));
|
||||
+ memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Long_val(n));
|
||||
return Val_unit;
|
||||
}
|
||||
|
||||
@@ -293,7 +293,7 @@ CAMLprim value caml_is_printable(value chr)
|
||||
|
||||
CAMLprim value caml_bitvect_test(value bv, value n)
|
||||
{
|
||||
- int pos = Int_val(n);
|
||||
+ intnat pos = Long_val(n);
|
||||
return Val_int(Byte_u(bv, pos >> 3) & (1 << (pos & 7)));
|
||||
}
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
|
||||
Name: ocaml
|
||||
Version: 4.02.3
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
|
||||
Summary: OCaml compiler and programming environment
|
||||
|
||||
@ -64,6 +64,7 @@ Patch0016: 0016-ppc64le-Fix-calling-convention-of-external-functions.patch
|
||||
Patch0017: 0017-ppc64-Fix-PIC-variant-of-asmrun.patch
|
||||
Patch0018: 0018-ppc64le-Fix-PIC-variant-of-asmrun.patch
|
||||
Patch0019: 0019-ppc64-ppc64le-Fix-behaviour-of-Int64.max_int-1-RHBZ-.patch
|
||||
Patch0020: 0020-fix-PR-7003-and-a-few-other-bugs-caused-by-misuse-of.patch
|
||||
|
||||
# Add BFD support so that ocamlobjinfo supports *.cmxs format (RHBZ#1113735).
|
||||
BuildRequires: binutils-devel
|
||||
@ -445,6 +446,10 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed May 04 2016 Richard W.M. Jones <rjones@redhat.com> - 4.02.3-3
|
||||
- CVE-2015-8869 ocaml: sizes arguments are sign-extended from
|
||||
32 to 64 bits (RHBZ#1332090)
|
||||
|
||||
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 4.02.3-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user