[PATCH 0/1] ocaml: Fix CVE-2015-8869

[PATCH 0/1] ocaml: Fix CVE-2015-8869

[Leo Famulari]

This adapts an upstream patch from OCaml to fix CVE-2015-8869.

I removed the changes to the files 'Changes' and 'VERSION' since they
apply to a more recent version of OCaml.

Feedback requested!

[0]
http://seclists.org/oss-sec/2016/q2/170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869

Leo Famulari (1):
  gnu: ocaml: Fix CVE-2015-8869.

 gnu/local.mk                                   |  1 +
 gnu/packages/ocaml.scm                         |  3 +-
 gnu/packages/patches/ocaml-CVE-2015-8869.patch | 70 ++++++++++++++++++++++++++
 3 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/ocaml-CVE-2015-8869.patch

-- 
2.7.4

[PATCH 1/1] gnu: ocaml: Fix CVE-2015-8869.

[Leo Famulari]

* gnu/packages/patches/ocaml-CVE-2015-8869.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ocaml.scm (ocaml): Use it.
---
 gnu/local.mk                                   |  1 +
 gnu/packages/ocaml.scm                         |  3 +-
 gnu/packages/patches/ocaml-CVE-2015-8869.patch | 70 ++++++++++++++++++++++++++
 3 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/ocaml-CVE-2015-8869.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 9e31ef9..90899d4 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -642,6 +642,7 @@ dist_patch_DATA =						\
   gnu/packages/patches/nvi-assume-preserve-path.patch		\
   gnu/packages/patches/nvi-dbpagesize-binpower.patch		\
   gnu/packages/patches/nvi-db4.patch				\
+  gnu/packages/patches/ocaml-CVE-2015-8869.patch		\
   gnu/packages/patches/ocaml-findlib-make-install.patch	\
   gnu/packages/patches/openexr-missing-samples.patch		\
   gnu/packages/patches/openimageio-boost-1.60.patch		\
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index 5d48953..434fb13 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -60,7 +60,8 @@
                     "/ocaml-" version ".tar.xz"))
               (sha256
                (base32
-                "1qwwvy8nzd87hk8rd9sm667nppakiapnx4ypdwcrlnav2dz6kil3"))))
+                "1qwwvy8nzd87hk8rd9sm667nppakiapnx4ypdwcrlnav2dz6kil3"))
+              (patches (search-patches "ocaml-CVE-2015-8869.patch"))))
     (build-system gnu-build-system)
     (native-search-paths
      (list (search-path-specification
diff --git a/gnu/packages/patches/ocaml-CVE-2015-8869.patch b/gnu/packages/patches/ocaml-CVE-2015-8869.patch
new file mode 100644
index 0000000..23f7409
--- /dev/null
+++ b/gnu/packages/patches/ocaml-CVE-2015-8869.patch
@@ -0,0 +1,70 @@
+Adapted from upstream commit 659615c7b100a89eafe6253e7a5b9d84d0e8df74,
+this patch omits the upstream changes to 'Changes' and 'VERSION'.
+
+https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74
+---
+ byterun/alloc.c  | 4 ++--
+ byterun/intern.c | 2 +-
+ byterun/str.c    | 4 ++--
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/byterun/alloc.c b/byterun/alloc.c
+index 96a21bf..0db9947 100644
+--- a/byterun/alloc.c
++++ b/byterun/alloc.c
+@@ -153,7 +153,7 @@ CAMLexport int caml_convert_flag_list(value list, int *flags)
+ /* [size] is a [value] representing number of words (fields) */
+ CAMLprim value caml_alloc_dummy(value size)
+ {
+-  mlsize_t wosize = Int_val(size);
++  mlsize_t wosize = Long_val(size);
+ 
+   if (wosize == 0) return Atom(0);
+   return caml_alloc (wosize, 0);
+@@ -169,7 +169,7 @@ CAMLprim value caml_alloc_dummy_function(value size,value arity)
+ /* [size] is a [value] representing number of floats. */
+ CAMLprim value caml_alloc_dummy_float (value size)
+ {
+-  mlsize_t wosize = Int_val(size) * Double_wosize;
++  mlsize_t wosize = Long_val(size) * Double_wosize;
+ 
+   if (wosize == 0) return Atom(0);
+   return caml_alloc (wosize, 0);
+diff --git a/byterun/intern.c b/byterun/intern.c
+index 89d13d1..7b8d049 100644
+--- a/byterun/intern.c
++++ b/byterun/intern.c
+@@ -291,7 +291,7 @@ static void intern_rec(value *dest)
+   case OFreshOID:
+     /* Refresh the object ID */
+     /* but do not do it for predefined exception slots */
+-    if (Int_val(Field((value)dest, 1)) >= 0)
++    if (Long_val(Field((value)dest, 1)) >= 0)
+       caml_set_oo_id((value)dest);
+     /* Pop item and iterate */
+     sp--;
+diff --git a/byterun/str.c b/byterun/str.c
+index 5ad4e29..885772f 100644
+--- a/byterun/str.c
++++ b/byterun/str.c
+@@ -266,7 +266,7 @@ CAMLprim value caml_string_greaterequal(value s1, value s2)
+ CAMLprim value caml_blit_string(value s1, value ofs1, value s2, value ofs2,
+                                 value n)
+ {
+-  memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Int_val(n));
++  memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Long_val(n));
+   return Val_unit;
+ }
+ 
+@@ -278,7 +278,7 @@ CAMLprim value caml_fill_string(value s, value offset, value len, value init)
+ 
+ CAMLprim value caml_bitvect_test(value bv, value n)
+ {
+-  int pos = Int_val(n);
++  intnat pos = Long_val(n);
+   return Val_int(Byte_u(bv, pos >> 3) & (1 << (pos & 7)));
+ }
+ 
+-- 
+2.7.4
+
-- 
2.7.4

Re: [PATCH 1/1] gnu: ocaml: Fix CVE-2015-8869.

[Ludovic Courtès]

Leo Famulari <leo@famulari.name> skribis:

> * gnu/packages/patches/ocaml-CVE-2015-8869.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/ocaml.scm (ocaml): Use it.

LGTM, thanks!

Ludo'.

Re: [PATCH 1/1] gnu: ocaml: Fix CVE-2015-8869.

[Leo Famulari]

On Mon, May 02, 2016 at 10:18:25AM +0200, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> 
> > * gnu/packages/patches/ocaml-CVE-2015-8869.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/ocaml.scm (ocaml): Use it.
> 
> LGTM, thanks!

Applied as 3854f3d7e4c, with a couple more reference links in the patch file.

> 
> Ludo'.