CVE-2015-8869 ocaml: sizes arguments are sign-extended from

32 to 64 bits (RHBZ#1332090)

0001-Don-t-ignore-.-configure-it-s-a-real-git-file.patch

@@ -1,7 +1,7 @@
 From 988c1068100b7f30bd8b0d2c1195ac383705dc1c Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 24 Jun 2014 22:29:38 +0100
-Subject: [PATCH 01/19] Don't ignore ./configure, it's a real git file.
+Subject: [PATCH 01/20] Don't ignore ./configure, it's a real git file.
 
 ---
  .gitignore | 1 -
@@ -20,5 +20,5 @@ index 87f7cda..8aad7c2 100644
  /ocamlc.opt
  /expunge
 -- 
-2.4.3
+2.7.4
 

0002-Ensure-empty-compilerlibs-directory-is-created-by-gi.patch

@@ -1,7 +1,7 @@
 From d08dc9232f0ee90e3dc8132b9e63935be58e668e Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Thu, 7 Jun 2012 15:36:16 +0100
-Subject: [PATCH 02/19] Ensure empty compilerlibs/ directory is created by git.
+Subject: [PATCH 02/20] Ensure empty compilerlibs/ directory is created by git.
 
 This directory exists in the OCaml tarball, but is empty.  As a
 result, git ignores it unless we put a dummy file in it.
@@ -14,5 +14,5 @@ diff --git a/compilerlibs/.exists b/compilerlibs/.exists
 new file mode 100644
 index 0000000..e69de29
 -- 
-2.4.3
+2.7.4
 

0003-Don-t-add-rpaths-to-libraries.patch

@@ -1,7 +1,7 @@
 From 73db2ab33221880d2399b2e98038219d798861ff Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 24 Jun 2014 10:00:15 +0100
-Subject: [PATCH 03/19] Don't add rpaths to libraries.
+Subject: [PATCH 03/20] Don't add rpaths to libraries.
 
 ---
  tools/Makefile.shared | 6 +++---
@@ -25,5 +25,5 @@ index 0b90cd3..dc48712 100644
           sed -n -e 's/^#ml //p' ../config/Makefile) \
          > ocamlmklibconfig.ml
 -- 
-2.4.3
+2.7.4
 

0004-ocamlbyteinfo-ocamlplugininfo-Useful-utilities-from-.patch

@@ -1,7 +1,7 @@
 From 953b84dd9626f2be68f5cc8942478338250d560b Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 29 May 2012 20:40:36 +0100
-Subject: [PATCH 04/19] ocamlbyteinfo, ocamlplugininfo: Useful utilities from
+Subject: [PATCH 04/20] ocamlbyteinfo, ocamlplugininfo: Useful utilities from
  Debian, sent upstream.
 
 See:
@@ -236,5 +236,5 @@ index 0000000..e28800f
 +        header.units
 +    end
 -- 
-2.4.3
+2.7.4
 

0005-configure-Allow-user-defined-C-compiler-flags.patch

@@ -1,7 +1,7 @@
 From 613c9273f4cd73eb6e6750d8be29d7fa7f5a68c9 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 29 May 2012 20:44:18 +0100
-Subject: [PATCH 05/19] configure: Allow user defined C compiler flags.
+Subject: [PATCH 05/20] configure: Allow user defined C compiler flags.
 
 ---
  configure | 4 ++++
@@ -23,5 +23,5 @@ index 4ea1498..d006010 100755
  
  cclibs="$cclibs $mathlib"
 -- 
-2.4.3
+2.7.4
 

0006-Add-support-for-ppc64.patch

@@ -1,7 +1,7 @@
 From d1b5848cac51fc63723cdecb857f520caa0b27a2 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 29 May 2012 20:47:07 +0100
-Subject: [PATCH 06/19] Add support for ppc64.
+Subject: [PATCH 06/20] Add support for ppc64.
 
 Note (1): This patch was rejected upstream because they don't have
 appropriate hardware for testing.
@@ -2126,5 +2126,5 @@ index d006010..cb289fb 100755
                    aspp="$bytecc -c";;
    sparc,solaris)  as="${TOOLPREF}as"
 -- 
-2.4.3
+2.7.4
 

0007-ppc64-Update-for-OCaml-4.02.0.patch

@@ -1,7 +1,7 @@
 From 49dcd94b5db72c7d6d0801309ca1e218b759fa00 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Fri, 24 Oct 2014 12:59:23 +0200
-Subject: [PATCH 07/19] ppc64: Update for OCaml 4.02.0.
+Subject: [PATCH 07/20] ppc64: Update for OCaml 4.02.0.
 
 These are based on the power (ppc32) branch and some guesswork.
 In particular, I'm not convinced that my changes to floating
@@ -201,5 +201,5 @@ index b7bba9b..b582b6a 100644
    | Iintop(Imod) -> 40 (* assuming full stall *)
    | Iintop(Icomp _) -> 4
 -- 
-2.4.3
+2.7.4
 

0008-Add-support-for-ppc64le.patch

@@ -1,7 +1,7 @@
 From d63e08ea4d073b2f5d5297eff396110d949c0352 Mon Sep 17 00:00:00 2001
 From: Michel Normand <normand@linux.vnet.ibm.com>
 Date: Tue, 18 Mar 2014 09:15:47 -0400
-Subject: [PATCH 08/19] Add support for ppc64le.
+Subject: [PATCH 08/20] Add support for ppc64le.
 
 Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
 ---
@@ -1913,5 +1913,5 @@ index cb289fb..6157157 100755
                    aspp="$bytecc -c";;
    sparc,solaris)  as="${TOOLPREF}as"
 -- 
-2.4.3
+2.7.4
 

0009-ppc64le-Update-for-OCaml-4.02.0.patch

@@ -1,7 +1,7 @@
 From 5abd39f1a1e4f7c4dd0c1b1252f98e7ee5a95e27 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Fri, 24 Oct 2014 12:59:23 +0200
-Subject: [PATCH 09/19] ppc64le: Update for OCaml 4.02.0.
+Subject: [PATCH 09/20] ppc64le: Update for OCaml 4.02.0.
 
 These are based on the power (ppc32) branch and some guesswork.  In
 particular, I'm not convinced that my changes to floating point
@@ -200,5 +200,5 @@ index b7bba9b..b582b6a 100644
    | Iintop(Imod) -> 40 (* assuming full stall *)
    | Iintop(Icomp _) -> 4
 -- 
-2.4.3
+2.7.4
 

0010-arm-arm64-Mark-stack-as-non-executable.patch

@@ -1,7 +1,7 @@
 From e3a29e8c9e85c5d1a4dc28f2ab746dae57c2636b Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Sat, 10 May 2014 03:20:35 -0400
-Subject: [PATCH 10/19] arm, arm64: Mark stack as non-executable.
+Subject: [PATCH 10/20] arm, arm64: Mark stack as non-executable.
 
 The same fix as this one, which was only fully applied to
 i686 & x86-64:
@@ -35,5 +35,5 @@ index 9b4b9ab..c23168b 100644
 +    /* Mark stack as non-executable, PR#4564 */
 +        .section .note.GNU-stack,"",%progbits
 -- 
-2.4.3
+2.7.4
 

0011-arg-Add-no_arg-and-get_arg-helper-functions.patch

@@ -1,7 +1,7 @@
 From e48a32ed47b6b5a77653ca3b40afb7c26aca7123 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 1 Apr 2014 11:17:07 +0100
-Subject: [PATCH 11/19] arg: Add no_arg and get_arg helper functions.
+Subject: [PATCH 11/20] arg: Add no_arg and get_arg helper functions.
 
 The no_arg function in this patch is a no-op.  It will do something
 useful in the followups.
@@ -114,5 +114,5 @@ index d7b8ac0..a8f3964 100644
          treat_action action
        with Bad m -> stop (Message m);
 -- 
-2.4.3
+2.7.4
 

0012-arg-Allow-flags-such-as-flag-arg-as-well-as-flag-arg.patch

@@ -1,7 +1,7 @@
 From b5e341afca2bdb390255cb74b3e3f5d1e3971590 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 1 Apr 2014 11:21:40 +0100
-Subject: [PATCH 12/19] arg: Allow flags such as --flag=arg as well as --flag
+Subject: [PATCH 12/20] arg: Allow flags such as --flag=arg as well as --flag
  arg.
 
 Allow flags to be followed directly by their argument, separated by an '='
@@ -80,5 +80,5 @@ index 0999edf..71af638 100644
  
     Examples ([cmd] is assumed to be the command name):
 -- 
-2.4.3
+2.7.4
 

0013-PR-6517-use-ISO-C99-types-u-int-32-64-_t-in-preferen.patch

@@ -1,7 +1,7 @@
 From 341e1f0892d1c7d39057e733b035fce54568d28b Mon Sep 17 00:00:00 2001
 From: Xavier Leroy <xavier.leroy@inria.fr>
 Date: Wed, 27 Aug 2014 09:58:33 +0000
-Subject: [PATCH 13/19] PR#6517: use ISO C99 types {,u}int{32,64}_t in
+Subject: [PATCH 13/20] PR#6517: use ISO C99 types {,u}int{32,64}_t in
  preference to our homegrown types {,u}int{32,64}.
 
 git-svn-id: http://caml.inria.fr/svn/ocaml/trunk@15131 f963ae5c-01c2-4b8c-9fe0-0dff7051ff02
@@ -1959,5 +1959,5 @@ index b8d02ea..6f3dc54 100644
  
    lseek(fd, (long) -TRAILER_SIZE, SEEK_END);
 -- 
-2.4.3
+2.7.4
 

0014-ppc-ppc64-ppc64le-Mark-stack-as-non-executable.patch

@@ -1,7 +1,7 @@
 From e6b37c1b0c9ee724ae81b74a84e133a75ed9e3a3 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Thu, 11 Sep 2014 14:49:54 +0100
-Subject: [PATCH 14/19] ppc, ppc64, ppc64le: Mark stack as non-executable.
+Subject: [PATCH 14/20] ppc, ppc64, ppc64le: Mark stack as non-executable.
 
 The same fix as this one, which was only fully applied to
 i686 & x86-64:
@@ -70,5 +70,5 @@ index 98c42e2..b7bfce4 100644
 +/* Mark stack as non-executable, PR#4564 */
 +        .section .note.GNU-stack,"",%progbits
 -- 
-2.4.3
+2.7.4
 

0015-ppc64-ppc64le-proc-Interim-definitions-for-op_is_pur.patch

@@ -1,7 +1,7 @@
 From 3f2be69df7fa930e0584abc217ef9d06b1155696 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Fri, 24 Oct 2014 10:10:54 +0100
-Subject: [PATCH 15/19] ppc64/ppc64le: proc: Interim definitions for op_is_pure
+Subject: [PATCH 15/20] ppc64/ppc64le: proc: Interim definitions for op_is_pure
  and regs_are_volatile.
 
 See: https://bugzilla.redhat.com/show_bug.cgi?id=1156300
@@ -80,5 +80,5 @@ index 476c984..56473ac 100644
  
  let num_stack_slots = [| 0; 0 |]
 -- 
-2.4.3
+2.7.4
 

0016-ppc64le-Fix-calling-convention-of-external-functions.patch

@@ -1,7 +1,7 @@
 From 3aff352bb01751cddeb2b18c26576337d1b46c90 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Thu, 28 May 2015 16:13:40 -0400
-Subject: [PATCH 16/19] ppc64le: Fix calling convention of external functions
+Subject: [PATCH 16/20] ppc64le: Fix calling convention of external functions
  with > 8 parameters (RHBZ#1225995).
 
 For external (ie. C) functions with more than 8 parameters, we must
@@ -30,5 +30,5 @@ index 56473ac..c705695 100644
  
  let extcall_use_push = false
 -- 
-2.4.3
+2.7.4
 

0017-ppc64-Fix-PIC-variant-of-asmrun.patch

@@ -1,7 +1,7 @@
 From 8f8713a113a218e7d7203c1575e8302f49821f41 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Mon, 29 Jun 2015 08:31:31 -0400
-Subject: [PATCH 17/19] ppc64: Fix PIC variant of asmrun.
+Subject: [PATCH 17/20] ppc64: Fix PIC variant of asmrun.
 
 ---
  asmrun/Makefile | 3 +++
@@ -22,5 +22,5 @@ index a63321e..4aa2fc9 100644
  	cp power64le-$(SYSTEM).o power64le.o
  
 -- 
-2.4.3
+2.7.4
 

0018-ppc64le-Fix-PIC-variant-of-asmrun.patch

@@ -1,7 +1,7 @@
 From 184190bc52eb86fe37864acc4679297a52756b01 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Mon, 29 Jun 2015 08:32:31 -0400
-Subject: [PATCH 18/19] ppc64le: Fix PIC variant of asmrun.
+Subject: [PATCH 18/20] ppc64le: Fix PIC variant of asmrun.
 
 ---
  asmrun/Makefile | 3 +++
@@ -22,5 +22,5 @@ index 4aa2fc9..8997e15 100644
  	ln -s ../byterun/main.c main.c
  misc.c: ../byterun/misc.c
 -- 
-2.4.3
+2.7.4
 

0019-ppc64-ppc64le-Fix-behaviour-of-Int64.max_int-1-RHBZ-.patch

@@ -1,7 +1,7 @@
 From 351e776744c56bf6c4afb75e8e9f510e89c15233 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Mon, 29 Jun 2015 14:18:38 -0400
-Subject: [PATCH 19/19] =?UTF-8?q?ppc64/ppc64le:=20Fix=20behaviour=20of=20I?=
+Subject: [PATCH 19/20] =?UTF-8?q?ppc64/ppc64le:=20Fix=20behaviour=20of=20I?=
  =?UTF-8?q?nt64.max=5Fint=20=C3=B7=20-1=20(RHBZ#1236615).?=
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
@@ -41,5 +41,5 @@ index 586534b..2155e79 100644
  (* Operations on addressing modes *)
  
 -- 
-2.4.3
+2.7.4
 

0020-fix-PR-7003-and-a-few-other-bugs-caused-by-misuse-of.patch

@@ -0,0 +1,88 @@
+From 27381a26db4604d9f37ab9f1a12f885d1dbd278a Mon Sep 17 00:00:00 2001
+From: Damien Doligez <damien.doligez-inria.fr>
+Date: Mon, 19 Oct 2015 15:47:33 +0000
+Subject: [PATCH 20/20] fix PR#7003 and a few other bugs caused by misuse of
+ Int_val
+
+git-svn-id: http://caml.inria.fr/svn/ocaml/trunk@16525 f963ae5c-01c2-4b8c-9fe0-0dff7051ff02
+(cherry picked from commit 659615c7b100a89eafe6253e7a5b9d84d0e8df74)
+---
+ Changes          | 2 ++
+ byterun/alloc.c  | 4 ++--
+ byterun/intern.c | 2 +-
+ byterun/str.c    | 4 ++--
+ 4 files changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/Changes b/Changes
+index 3587d44..9649e1a 100644
+--- a/Changes
++++ b/Changes
+@@ -2,6 +2,8 @@ OCaml 4.02.3:
+ -------------
+ 
+ Bug fixes:
++- PR#7003: String.sub causes segmentation fault
++  (Damien Doligez, report by Radek Micek)
+ - PR#6908: Top-level custom printing for GADTs: interface change in 4.02.2
+   (Grégoire Henry, report by Jeremy Yallop)
+ - PR#6919: corrupted final_table
+diff --git a/byterun/alloc.c b/byterun/alloc.c
+index b421cac..3d7dfc4 100644
+--- a/byterun/alloc.c
++++ b/byterun/alloc.c
+@@ -147,7 +147,7 @@ CAMLexport int caml_convert_flag_list(value list, int *flags)
+ 
+ CAMLprim value caml_alloc_dummy(value size)
+ {
+-  mlsize_t wosize = Int_val(size);
++  mlsize_t wosize = Long_val(size);
+ 
+   if (wosize == 0) return Atom(0);
+   return caml_alloc (wosize, 0);
+@@ -161,7 +161,7 @@ CAMLprim value caml_alloc_dummy_function(value size,value arity)
+ 
+ CAMLprim value caml_alloc_dummy_float (value size)
+ {
+-  mlsize_t wosize = Int_val(size) * Double_wosize;
++  mlsize_t wosize = Long_val(size) * Double_wosize;
+ 
+   if (wosize == 0) return Atom(0);
+   return caml_alloc (wosize, 0);
+diff --git a/byterun/intern.c b/byterun/intern.c
+index 6f2d49f..4ddc8d0 100644
+--- a/byterun/intern.c
++++ b/byterun/intern.c
+@@ -287,7 +287,7 @@ static void intern_rec(value *dest)
+   case OFreshOID:
+     /* Refresh the object ID */
+     /* but do not do it for predefined exception slots */
+-    if (Int_val(Field((value)dest, 1)) >= 0)
++    if (Long_val(Field((value)dest, 1)) >= 0)
+       caml_set_oo_id((value)dest);
+     /* Pop item and iterate */
+     sp--;
+diff --git a/byterun/str.c b/byterun/str.c
+index d88c3d2..5bc4e0a 100644
+--- a/byterun/str.c
++++ b/byterun/str.c
+@@ -266,7 +266,7 @@ CAMLprim value caml_string_greaterequal(value s1, value s2)
+ CAMLprim value caml_blit_string(value s1, value ofs1, value s2, value ofs2,
+                                 value n)
+ {
+-  memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Int_val(n));
++  memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Long_val(n));
+   return Val_unit;
+ }
+ 
+@@ -293,7 +293,7 @@ CAMLprim value caml_is_printable(value chr)
+ 
+ CAMLprim value caml_bitvect_test(value bv, value n)
+ {
+-  int pos = Int_val(n);
++  intnat pos = Long_val(n);
+   return Val_int(Byte_u(bv, pos >> 3) & (1 << (pos & 7)));
+ }
+ 
+-- 
+2.7.4
+

ocaml.spec

@@ -17,7 +17,7 @@
 
 Name:           ocaml
 Version:        4.02.3
-Release:        2%{?dist}
+Release:        3%{?dist}
 
 Summary:        OCaml compiler and programming environment
 
@@ -64,6 +64,7 @@ Patch0016:      0016-ppc64le-Fix-calling-convention-of-external-functions.patch
 Patch0017:      0017-ppc64-Fix-PIC-variant-of-asmrun.patch
 Patch0018:      0018-ppc64le-Fix-PIC-variant-of-asmrun.patch
 Patch0019:      0019-ppc64-ppc64le-Fix-behaviour-of-Int64.max_int-1-RHBZ-.patch
+Patch0020:      0020-fix-PR-7003-and-a-few-other-bugs-caused-by-misuse-of.patch
 
 # Add BFD support so that ocamlobjinfo supports *.cmxs format (RHBZ#1113735).
 BuildRequires:  binutils-devel
@@ -445,6 +446,10 @@ fi
 
 
 %changelog
+* Wed May 04 2016 Richard W.M. Jones <rjones@redhat.com> - 4.02.3-3
+- CVE-2015-8869 ocaml: sizes arguments are sign-extended from
+  32 to 64 bits (RHBZ#1332090)
+
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 4.02.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild