commit: 34b06d35218d9e444050526511da10962ea72c2f Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Tue Jun 8 04:58:53 2021 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Tue Jun 8 04:59:09 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34b06d35
dev-lang/ocaml: add CVE-2018-9838 patch to 4.05.0 Closes: https://bugs.gentoo.org/755257 Bug: https://bugs.gentoo.org/719134 Signed-off-by: Sam James <sam <AT> gentoo.org> .../ocaml/files/ocaml-4.05.0-CVE-2018-9838.patch | 70 ++++++++++ dev-lang/ocaml/ocaml-4.05.0-r4.ebuild | 143 +++++++++++++++++++++ 2 files changed, 213 insertions(+) diff --git a/dev-lang/ocaml/files/ocaml-4.05.0-CVE-2018-9838.patch b/dev-lang/ocaml/files/ocaml-4.05.0-CVE-2018-9838.patch new file mode 100644 index 00000000000..cfe3ff636c2 --- /dev/null +++ b/dev-lang/ocaml/files/ocaml-4.05.0-CVE-2018-9838.patch @@ -0,0 +1,70 @@ +https://bugs.gentoo.org/755257 + +Needed for both fixing the CVE + compatibility with Debian for e.g. +Unison. + +From c6ca3afc78b75d7748e4e09e56c6b020418be06e Mon Sep 17 00:00:00 2001 +From: Stephane Glondu <[email protected]> +Date: Fri, 25 Jan 2019 14:34:23 +0100 +Subject: [PATCH] Fix integer overflows when unmarshaling a bigarray + +Malicious or corrupted marshaled data can result in a bigarray +with impossibly large dimensions that cause overflow when computing +the in-memory size of the bigarray. Disaster ensues when the data +is read in a too small memory area. This commit checks for overflows +when computing the in-memory size of the bigarray. + +This patch is based on one by Xavier Leroy and has been modified to +use caml_ba_multov instead of caml_umul_overflow which is unavailable +in OCaml 4.05.0. + +The original commit hash is 85162eee9d4072fa9c2f498f03cd94e357033eec. + +Origin: https://github.com/ocaml/ocaml/pull/1718 +Bug: https://github.com/ocaml/ocaml/issues/7765 +Bug-Debian: https://bugs.debian.org/895472 +Bug-CVE: CVE-2018-9838 +--- a/otherlibs/bigarray/bigarray_stubs.c ++++ b/otherlibs/bigarray/bigarray_stubs.c +@@ -966,22 +966,34 @@ static void caml_ba_deserialize_longarray(void * dest, intnat num_elts) + uintnat caml_ba_deserialize(void * dst) + { + struct caml_ba_array * b = dst; +- int i, elt_size; +- uintnat num_elts; ++ int i; ++ uintnat num_elts, size; ++ int overflow; + + /* Read back header information */ + b->num_dims = caml_deserialize_uint_4(); ++ if (b->num_dims < 0 || b->num_dims > CAML_BA_MAX_NUM_DIMS) ++ caml_deserialize_error("input_value: wrong number of bigarray dimensions"); + b->flags = caml_deserialize_uint_4() | CAML_BA_MANAGED; + b->proxy = NULL; + for (i = 0; i < b->num_dims; i++) b->dim[i] = caml_deserialize_uint_4(); +- /* Compute total number of elements */ +- num_elts = caml_ba_num_elts(b); +- /* Determine element size in bytes */ ++ /* Compute total number of elements. Watch out for overflows (MPR#7765). */ ++ num_elts = 1; ++ for (i = 0; i < b->num_dims; i++) { ++ overflow = 0; ++ num_elts = caml_ba_multov(num_elts, b->dim[i], &overflow); ++ if (overflow) ++ caml_deserialize_error("input_value: size overflow for bigarray"); ++ } ++ /* Determine array size in bytes. Watch out for overflows (MPR#7765). */ + if ((b->flags & CAML_BA_KIND_MASK) > CAML_BA_CHAR) + caml_deserialize_error("input_value: bad bigarray kind"); +- elt_size = caml_ba_element_size[b->flags & CAML_BA_KIND_MASK]; ++ overflow = 0; ++ size = caml_ba_multov(num_elts, caml_ba_element_size[b->flags & CAML_BA_KIND_MASK], &overflow); ++ if (overflow) ++ caml_deserialize_error("input_value: size overflow for bigarray"); + /* Allocate room for data */ +- b->data = malloc(elt_size * num_elts); ++ b->data = malloc(size); + if (b->data == NULL) + caml_deserialize_error("input_value: out of memory for bigarray"); + /* Read data */ diff --git a/dev-lang/ocaml/ocaml-4.05.0-r4.ebuild b/dev-lang/ocaml/ocaml-4.05.0-r4.ebuild new file mode 100644 index 00000000000..1fd3049eff5 --- /dev/null +++ b/dev-lang/ocaml/ocaml-4.05.0-r4.ebuild @@ -0,0 +1,143 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit flag-o-matic multilib toolchain-funcs + +PATCHLEVEL="9" +MY_P="${P/_/-}" +DESCRIPTION="Type-inferring functional programming language descended from the ML family" +HOMEPAGE="https://ocaml.org"; +SRC_URI="https://github.com/ocaml/ocaml/archive/${PV/_/+}.tar.gz -> ${MY_P}.tar.gz + mirror://gentoo/${PN}-patches-${PATCHLEVEL}.tar.bz2" + +LICENSE="QPL-1.0 LGPL-2" +# Everytime ocaml is updated to a new version, everything ocaml must be rebuilt, +# so here we go with the subslot. +SLOT="0/${PV}" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris" +IUSE="emacs flambda latex ncurses +ocamlopt spacetime X xemacs" + +RDEPEND=" + sys-libs/binutils-libs:= + ncurses? ( sys-libs/ncurses:0= ) + spacetime? ( sys-libs/libunwind:= ) + X? ( x11-libs/libX11 ) + !dev-ml/num" +BDEPEND="${RDEPEND} + virtual/pkgconfig" +PDEPEND="emacs? ( app-emacs/ocaml-mode ) + xemacs? ( app-xemacs/ocaml )" + +S="${WORKDIR}/${MY_P}" + +PATCHES=( + "${FILESDIR}"/${PN}-4.04.2-tinfo.patch #459512 + "${FILESDIR}"/${P}-gcc10.patch + "${FILESDIR}"/${P}-CVE-2018-9838.patch +) + +pkg_setup() { + # dev-lang/ocaml creates its own objects but calls gcc for linking, which will + # results in relocations if gcc wants to create a PIE executable + if gcc-specs-pie ; then + append-ldflags -nopie + ewarn "Ocaml generates its own native asm, you're using a PIE compiler" + ewarn "We have appended -nopie to ocaml build options" + ewarn "because linking an executable with pie while the objects are not pic will not work" + fi +} + +src_prepare() { + EPATCH_SUFFIX="patch" eapply "${WORKDIR}/patches" + default +} + +src_configure() { + export LC_ALL=C + local myconf="" + + # Causes build failures because it builds some programs with -pg, + # bug #270920 + filter-flags -fomit-frame-pointer + # Bug #285993 + filter-mfpmath sse + + # -ggdb3 & co makes it behave weirdly, breaks sexplib + replace-flags -ggdb* -ggdb + + # OCaml generates textrels on 32-bit arches + # We can't do anything about it, but disabling it means that tests + # for OCaml-based packages won't fail on unexpected output + # bug #773226 + if use arm || use ppc || use x86 ; then + append-ldflags "-Wl,-z,notext" + fi + + # It doesn't compile on alpha without this LDFLAGS + use alpha && append-ldflags "-Wl,--no-relax" + + use ncurses || myconf="${myconf} -no-curses" + use X || myconf="${myconf} -no-graph" + use flambda && myconf="${myconf} -flambda" + use spacetime && myconf="${myconf} -spacetime" + + # ocaml uses a home-brewn configure script, preventing it to use econf. + RAW_LDFLAGS="$(raw-ldflags)" ./configure \ + --prefix "${EPREFIX}"/usr \ + --bindir "${EPREFIX}"/usr/bin \ + --target-bindir "${EPREFIX}"/usr/bin \ + --libdir "${EPREFIX}"/usr/$(get_libdir)/ocaml \ + --mandir "${EPREFIX}"/usr/share/man \ + -target "${CHOST}" \ + -host "${CBUILD}" \ + -cc "$(tc-getCC)" \ + -as "$(tc-getAS)" \ + -aspp "$(tc-getCC) -c" \ + -partialld "$(tc-getLD) -r" \ + --with-pthread ${myconf} || die "configure failed!" + + # http://caml.inria.fr/mantis/view.php?id=4698 + export CCLINKFLAGS="${LDFLAGS}" +} + +src_compile() { + emake world + + # Native code generation can be disabled now + if use ocamlopt ; then + # bug #279968 + emake opt + emake -j1 opt.opt + fi +} + +src_test() { + if use ocamlopt ; then + emake -j1 tests + else + ewarn "${PN} was built without 'ocamlopt' USE flag; skipping tests." + fi +} + +src_install() { + emake BINDIR="${ED}"/usr/bin \ + LIBDIR="${ED}"/usr/$(get_libdir)/ocaml \ + MANDIR="${ED}"/usr/share/man \ + install + + # Symlink the headers to the right place + dodir /usr/include + # Create symlink for header files + dosym "../$(get_libdir)/ocaml/caml" /usr/include/caml + dodoc Changes README.adoc + # Create envd entry for latex input files + if use latex ; then + echo "TEXINPUTS=\"${EPREFIX}/usr/$(get_libdir)/ocaml/ocamldoc:\"" > "${T}/99ocamldoc" + doenvd "${T}/99ocamldoc" + fi + # Install ocaml-rebuild portage set + insinto /usr/share/portage/config/sets + doins "${FILESDIR}/ocaml.conf" +}
