upload ocaml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello.
I have prepared LTS security update for ocaml[1]. Debdiff is attached.
I compiled couple of ocaml programs for testing. I don't have any
experience with ocaml. If you know any ocaml projects please compile
with this build. Please upload if it look good. Once it reach the
archive I will send the DLA.
Thanks.
- --abhijith
1.
https://mentors.debian.net/debian/pool/main/o/ocaml/ocaml_3.12.1-4+deb7u
2.dsc
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlrq2Z8ACgkQhj1N8u2c
KO9gaQ/+KwsJJAKGNCf4mJHNAJ6fqmVR88l+o1Ub0cInyE2teY882xFDv/R/nkmQ
fqTfZOFUXKw/QZQ8gLoGtq4Xy/zflX/3AEZejVP4XMUoBgKS5s6Q3O9c5dHdz0w8
Px9MPu6raAs+DPdegXi1IjONYiScA1H1gPRVAmcSLVeeFsNcfVQH1VcXj2xc8d9m
fIxXIXHjx59/Fr+TsvCWg5CKDM2CsoRowKfUJouo3oOEzwdGGZ8pNm1poEU9GpBa
Ou/7ENQTkn8JaplSlePWQ2bMDPh30zJS8jCKVyDUyhndqgVfscUPgtrotCEMGrWk
bk/74NcQLjuWrUsvfFSATC4I81VYd5NoxT13cp1wfXnTPDjxzrgOO8/LSZM041Eq
XSLBcrzjoDilepM0EzV03DgSCgkeBHFzwRodV4yojjdWb0oQmclRp6DGUPa24HdE
CvfnH8oJjQXA5FsEYxX1gSlGYEGEsXIDSBqy7AD+86MzH+pecdCzmF6VJyf182SC
GArT2GqrIKsQfz88tbqO+d1R7jMek/7LSja1CVDrcSUJY/yqgsfSw4nBu4ZT4+ji
rcJvD8NvekdCS0DKlWbhcqyfpRyFR6nboeAgKF0g8oA/k7sZl4G/MTkJRKVpt5ir
H+Zof/yRVaE9/ZjEFA0TzAe+ASM28L33b82Em9aL1ZEJCBFUzL0=
=Y7GY
-----END PGP SIGNATURE-----
diff -Nru ocaml-3.12.1/debian/changelog ocaml-3.12.1/debian/changelog
--- ocaml-3.12.1/debian/changelog 2016-05-11 23:31:44.000000000 +0530
+++ ocaml-3.12.1/debian/changelog 2018-05-03 13:43:57.000000000 +0530
@@ -1,3 +1,12 @@
+ocaml (3.12.1-4+deb7u2) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the Debian LTS Team.
+ * CVE-2018-9838: An integer overflow in bigarray module which allows
+ allows remote attackers to cause a denial of service or possibly
+ execute arbitrary code via a crafted object (Closes: #895472)
+
+ -- Abhijith PA <abhijith@disroot.org> Wed, 02 May 2018 15:40:09 +0530
+
ocaml (3.12.1-4+deb7u1) wheezy-security; urgency=high
* Non-maintainer upload by the Wheezy LTS Team.
diff -Nru ocaml-3.12.1/debian/patches/0017-CVE-2018-9838.patch ocaml-3.12.1/debian/patches/0017-CVE-2018-9838.patch
--- ocaml-3.12.1/debian/patches/0017-CVE-2018-9838.patch 1970-01-01 05:30:00.000000000 +0530
+++ ocaml-3.12.1/debian/patches/0017-CVE-2018-9838.patch 2018-05-03 13:45:09.000000000 +0530
@@ -0,0 +1,53 @@
+Description: CVE-2018-9838
+ The bigarray module(bigarray_stubs.c) is capable of reading in serialized
+ (marshalled) objects from a external source which is often used for network
+ operations and interprocess communication. An integer overflow is detected in
+ the module which allows remote attackers to cause a denial of service or
+ possibly execute arbitrary code via a crafted object. This patch checks for
+ overflows when computing the in-memory size of the bigarray.
+
+Author: Abhijith PA <abhijith@disroot.org>
+Origin: https://github.com/ocaml/ocaml/commit/9664c7ee807c2dfa802f53cabd405ff58e219c47
+Bug: https://caml.inria.fr/mantis/view.php?id=7765
+Bug-Debian: https://bugs.debian.org/895472
+Last-Update: 2018-05-02
+
+--- ocaml-3.12.1.orig/otherlibs/bigarray/bigarray_stubs.c
++++ ocaml-3.12.1/otherlibs/bigarray/bigarray_stubs.c
+@@ -784,22 +784,29 @@ static void caml_ba_deserialize_longarra
+ uintnat caml_ba_deserialize(void * dst)
+ {
+ struct caml_ba_array * b = dst;
+- int i, elt_size;
+- uintnat num_elts;
++ int i;
++ uintnat num_elts, size;
+
+ /* Read back header information */
+ b->num_dims = caml_deserialize_uint_4();
+ b->flags = caml_deserialize_uint_4() | CAML_BA_MANAGED;
+ b->proxy = NULL;
+ for (i = 0; i < b->num_dims; i++) b->dim[i] = caml_deserialize_uint_4();
+- /* Compute total number of elements */
+- num_elts = caml_ba_num_elts(b);
+- /* Determine element size in bytes */
++ /* Compute total number of elements. Watch out for overflows (MPR#7765). */
++ num_elts = 1;
++ for (i = 0; i < b->num_dims; i++) {
++ if (caml_umul_overflow(num_elts, b->dim[i], &num_elts))
++ caml_deserialize_error("input_value: size overflow for bigarray");
++ }
++ /* Determine array size in bytes. Watch out for overflows (MPR#7765). */
+ if ((b->flags & CAML_BA_KIND_MASK) > CAML_BA_COMPLEX64)
+ caml_deserialize_error("input_value: bad bigarray kind");
+- elt_size = caml_ba_element_size[b->flags & CAML_BA_KIND_MASK];
++ if (caml_umul_overflow(num_elts,
++ caml_ba_element_size[b->flags & CAML_BA_KIND_MASK],
++ &size))
++ caml_deserialize_error("input_value: size overflow for bigarray");
+ /* Allocate room for data */
+- b->data = malloc(elt_size * num_elts);
++ b->data = malloc(size);
+ if (b->data == NULL)
+ caml_deserialize_error("input_value: out of memory for bigarray");
+ /* Read data */
diff -Nru ocaml-3.12.1/debian/patches/series ocaml-3.12.1/debian/patches/series
--- ocaml-3.12.1/debian/patches/series 2016-05-11 23:00:48.000000000 +0530
+++ ocaml-3.12.1/debian/patches/series 2018-05-03 13:45:35.000000000 +0530
@@ -14,3 +14,4 @@
0014-Add-support-for-ENOTSUP.patch
0015-Do-not-add-R-dir-in-X11-link-options-on-GNU-kFreeBSD.patch
0016-CVE-2015-8869.patch
+0017-CVE-2018-9838.patch
Reply to: