Hello community, here is the log from the commit of package ocaml for openSUSE:Factory checked in at 2018-05-01 23:02:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ocaml (Old) and /work/SRC/openSUSE:Factory/.ocaml.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ocaml" Tue May 1 23:02:32 2018 rev:65 rq:601849 version:4.05.0 Changes: -------- --- /work/SRC/openSUSE:Factory/ocaml/ocaml.changes 2018-04-22 14:31:48.393975897 +0200 +++ /work/SRC/openSUSE:Factory/.ocaml.new/ocaml.changes 2018-05-01 23:02:36.598351622 +0200 @@ -1,0 +2,9 @@ +Tue Apr 24 14:26:24 UTC 2018 - [email protected] + +- update ocaml-4.05.0-CVE-2018-9838.patch that causes "undefined + reference to `caml_umul_overflow`" build failure. Replace this + function that is not available in ocaml 4.05 (added in ocaml + 4.06) with the present caml_ba_multov() that is basically the + same [bnc#1088591] [CVE-2018-9838] + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ocaml-4.05.0-CVE-2018-9838.patch ++++++ --- /var/tmp/diff_new_pack.BtppXC/_old 2018-05-01 23:02:37.338324745 +0200 +++ /var/tmp/diff_new_pack.BtppXC/_new 2018-05-01 23:02:37.338324745 +0200 @@ -9,17 +9,17 @@ is read in a too small memory area. This commit checks for overflows when computing the in-memory size of the bigarray. -Index: ocaml-4.05.0/otherlibs/bigarray/bigarray_stubs.c +Index: ocaml-4.03.0/otherlibs/bigarray/bigarray_stubs.c =================================================================== ---- ocaml-4.05.0.orig/otherlibs/bigarray/bigarray_stubs.c -+++ ocaml-4.05.0/otherlibs/bigarray/bigarray_stubs.c -@@ -966,22 +966,31 @@ static void caml_ba_deserialize_longarra +--- ocaml-4.03.0.orig/otherlibs/bigarray/bigarray_stubs.c ++++ ocaml-4.03.0/otherlibs/bigarray/bigarray_stubs.c +@@ -963,22 +963,33 @@ static void caml_ba_deserialize_longarra uintnat caml_ba_deserialize(void * dst) { struct caml_ba_array * b = dst; - int i, elt_size; - uintnat num_elts; -+ int i; ++ int i, overflow; + uintnat num_elts, size; /* Read back header information */ @@ -33,19 +33,21 @@ - num_elts = caml_ba_num_elts(b); - /* Determine element size in bytes */ + /* Compute total number of elements. Watch out for overflows (MPR#7765). */ ++ overflow = 0; + num_elts = 1; + for (i = 0; i < b->num_dims; i++) { -+ if (caml_umul_overflow(num_elts, b->dim[i], &num_elts)) -+ caml_deserialize_error("input_value: size overflow for bigarray"); ++ num_elts = caml_ba_multov(num_elts, b->dim[i], &overflow); ++ if (overflow) caml_deserialize_error("input_value: size overflow for bigarray"); + } -+ /* Determine element size in bytes. Watch out for overflows (MPR#7765). */ ++ /* Determine array size in bytes. Watch out for overflows (MPR#7765). */ if ((b->flags & CAML_BA_KIND_MASK) > CAML_BA_CHAR) caml_deserialize_error("input_value: bad bigarray kind"); - elt_size = caml_ba_element_size[b->flags & CAML_BA_KIND_MASK]; -+ if (caml_umul_overflow(num_elts, -+ caml_ba_element_size[b->flags & CAML_BA_KIND_MASK], -+ &size)) -+ caml_deserialize_error("input_value: size overflow for bigarray"); ++ overflow = 0; ++ size = caml_ba_multov(num_elts, ++ caml_ba_element_size[b->flags & CAML_BA_KIND_MASK], ++ &overflow); ++ if (overflow) caml_deserialize_error("input_value: size overflow for bigarray"); /* Allocate room for data */ - b->data = malloc(elt_size * num_elts); + b->data = malloc(size);
