CVE-2015-8869 ocaml: sizes arguments are sign-extended from

32 to 64 bits (RHBZ#1332090)

0001-Don-t-ignore-.-configure-it-s-a-real-git-file.patch

@@ -1,7 +1,7 @@
 From 6fbdb9e95ecd4654067565afe0c0b12fbeed3336 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 24 Jun 2014 22:29:38 +0100
-Subject: [PATCH 01/19] Don't ignore ./configure, it's a real git file.
+Subject: [PATCH 01/20] Don't ignore ./configure, it's a real git file.
 
 ---
  .gitignore | 1 -
@@ -20,5 +20,5 @@ index 87f7cda..8aad7c2 100644
  /ocamlc.opt
  /expunge
 -- 
-2.3.1
+2.7.4
 

0002-Ensure-empty-compilerlibs-directory-is-created-by-gi.patch

@@ -1,7 +1,7 @@
 From 3cecfa8e2765a4f1a126af37ddb77ad67c3f6720 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Thu, 7 Jun 2012 15:36:16 +0100
-Subject: [PATCH 02/19] Ensure empty compilerlibs/ directory is created by git.
+Subject: [PATCH 02/20] Ensure empty compilerlibs/ directory is created by git.
 
 This directory exists in the OCaml tarball, but is empty.  As a
 result, git ignores it unless we put a dummy file in it.
@@ -14,5 +14,5 @@ diff --git a/compilerlibs/.exists b/compilerlibs/.exists
 new file mode 100644
 index 0000000..e69de29
 -- 
-2.3.1
+2.7.4
 

0003-Don-t-add-rpaths-to-libraries.patch

@@ -1,7 +1,7 @@
 From c8084922e188649becfe1e8bbe89b7fab0de6dd0 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 24 Jun 2014 10:00:15 +0100
-Subject: [PATCH 03/19] Don't add rpaths to libraries.
+Subject: [PATCH 03/20] Don't add rpaths to libraries.
 
 ---
  tools/Makefile.shared | 6 +++---
@@ -25,5 +25,5 @@ index 0b90cd3..dc48712 100644
           sed -n -e 's/^#ml //p' ../config/Makefile) \
          > ocamlmklibconfig.ml
 -- 
-2.3.1
+2.7.4
 

0004-ocamlbyteinfo-ocamlplugininfo-Useful-utilities-from-.patch

@@ -1,7 +1,7 @@
 From bfcc9876923963085d23537ca444469362673889 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 29 May 2012 20:40:36 +0100
-Subject: [PATCH 04/19] ocamlbyteinfo, ocamlplugininfo: Useful utilities from
+Subject: [PATCH 04/20] ocamlbyteinfo, ocamlplugininfo: Useful utilities from
  Debian, sent upstream.
 
 See:
@@ -236,5 +236,5 @@ index 0000000..e28800f
 +        header.units
 +    end
 -- 
-2.3.1
+2.7.4
 

0005-configure-Allow-user-defined-C-compiler-flags.patch

@@ -1,7 +1,7 @@
 From 67b0b755b208027600255e379f98cdd8a919c7aa Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 29 May 2012 20:44:18 +0100
-Subject: [PATCH 05/19] configure: Allow user defined C compiler flags.
+Subject: [PATCH 05/20] configure: Allow user defined C compiler flags.
 
 ---
  configure | 4 ++++
@@ -23,5 +23,5 @@ index 4ea1498..d006010 100755
  
  cclibs="$cclibs $mathlib"
 -- 
-2.3.1
+2.7.4
 

0006-Add-support-for-ppc64.patch

@@ -1,7 +1,7 @@
 From 83b653b6b163018086c0d9d66d02feb5edeb44d1 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 29 May 2012 20:47:07 +0100
-Subject: [PATCH 06/19] Add support for ppc64.
+Subject: [PATCH 06/20] Add support for ppc64.
 
 Note (1): This patch was rejected upstream because they don't have
 appropriate hardware for testing.
@@ -2126,5 +2126,5 @@ index d006010..cb289fb 100755
                    aspp="$bytecc -c";;
    sparc,solaris)  as="${TOOLPREF}as"
 -- 
-2.3.1
+2.7.4
 

0007-ppc64-Update-for-OCaml-4.02.0.patch

@@ -1,7 +1,7 @@
 From cec09000c6659261e90310c5eff81b936849edf0 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Fri, 24 Oct 2014 12:59:23 +0200
-Subject: [PATCH 07/19] ppc64: Update for OCaml 4.02.0.
+Subject: [PATCH 07/20] ppc64: Update for OCaml 4.02.0.
 
 These are based on the power (ppc32) branch and some guesswork.
 In particular, I'm not convinced that my changes to floating
@@ -201,5 +201,5 @@ index b7bba9b..b582b6a 100644
    | Iintop(Imod) -> 40 (* assuming full stall *)
    | Iintop(Icomp _) -> 4
 -- 
-2.3.1
+2.7.4
 

0008-Add-support-for-ppc64le.patch

@@ -1,7 +1,7 @@
 From 5a2495689fcb11c4ed690008f4eab7dfc51d89ef Mon Sep 17 00:00:00 2001
 From: Michel Normand <normand@linux.vnet.ibm.com>
 Date: Tue, 18 Mar 2014 09:15:47 -0400
-Subject: [PATCH 08/19] Add support for ppc64le.
+Subject: [PATCH 08/20] Add support for ppc64le.
 
 Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
 ---
@@ -1913,5 +1913,5 @@ index cb289fb..6157157 100755
                    aspp="$bytecc -c";;
    sparc,solaris)  as="${TOOLPREF}as"
 -- 
-2.3.1
+2.7.4
 

0009-ppc64le-Update-for-OCaml-4.02.0.patch

@@ -1,7 +1,7 @@
 From 1a1d2ae928bcc88591502414a4167865da2db93a Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Fri, 24 Oct 2014 12:59:23 +0200
-Subject: [PATCH 09/19] ppc64le: Update for OCaml 4.02.0.
+Subject: [PATCH 09/20] ppc64le: Update for OCaml 4.02.0.
 
 These are based on the power (ppc32) branch and some guesswork.  In
 particular, I'm not convinced that my changes to floating point
@@ -200,5 +200,5 @@ index b7bba9b..b582b6a 100644
    | Iintop(Imod) -> 40 (* assuming full stall *)
    | Iintop(Icomp _) -> 4
 -- 
-2.3.1
+2.7.4
 

0010-arm-arm64-Mark-stack-as-non-executable.patch

@@ -1,7 +1,7 @@
 From b2b2dd82e4aa60307ba2f98c142dd2980bf4dc18 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Sat, 10 May 2014 03:20:35 -0400
-Subject: [PATCH 10/19] arm, arm64: Mark stack as non-executable.
+Subject: [PATCH 10/20] arm, arm64: Mark stack as non-executable.
 
 The same fix as this one, which was only fully applied to
 i686 & x86-64:
@@ -35,5 +35,5 @@ index 9b4b9ab..c23168b 100644
 +    /* Mark stack as non-executable, PR#4564 */
 +        .section .note.GNU-stack,"",%progbits
 -- 
-2.3.1
+2.7.4
 

0011-arg-Add-no_arg-and-get_arg-helper-functions.patch

@@ -1,7 +1,7 @@
 From ee670da51f4d7763f607e456186c52e72a09a929 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 1 Apr 2014 11:17:07 +0100
-Subject: [PATCH 11/19] arg: Add no_arg and get_arg helper functions.
+Subject: [PATCH 11/20] arg: Add no_arg and get_arg helper functions.
 
 The no_arg function in this patch is a no-op.  It will do something
 useful in the followups.
@@ -114,5 +114,5 @@ index d7b8ac0..a8f3964 100644
          treat_action action
        with Bad m -> stop (Message m);
 -- 
-2.3.1
+2.7.4
 

0012-arg-Allow-flags-such-as-flag-arg-as-well-as-flag-arg.patch

@@ -1,7 +1,7 @@
 From 94a567b59750a3765140a6c8bd41223f5ecf6220 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 1 Apr 2014 11:21:40 +0100
-Subject: [PATCH 12/19] arg: Allow flags such as --flag=arg as well as --flag
+Subject: [PATCH 12/20] arg: Allow flags such as --flag=arg as well as --flag
  arg.
 
 Allow flags to be followed directly by their argument, separated by an '='
@@ -80,5 +80,5 @@ index 0999edf..71af638 100644
  
     Examples ([cmd] is assumed to be the command name):
 -- 
-2.3.1
+2.7.4
 

0013-PR-6517-use-ISO-C99-types-u-int-32-64-_t-in-preferen.patch

@@ -1,7 +1,7 @@
 From b6ae488dba765380975d71a03c5afdd02c4b5c58 Mon Sep 17 00:00:00 2001
 From: Xavier Leroy <xavier.leroy@inria.fr>
 Date: Wed, 27 Aug 2014 09:58:33 +0000
-Subject: [PATCH 13/19] PR#6517: use ISO C99 types {,u}int{32,64}_t in
+Subject: [PATCH 13/20] PR#6517: use ISO C99 types {,u}int{32,64}_t in
  preference to our homegrown types {,u}int{32,64}.
 
 git-svn-id: http://caml.inria.fr/svn/ocaml/trunk@15131 f963ae5c-01c2-4b8c-9fe0-0dff7051ff02
@@ -1959,5 +1959,5 @@ index b8d02ea..6f3dc54 100644
  
    lseek(fd, (long) -TRAILER_SIZE, SEEK_END);
 -- 
-2.3.1
+2.7.4
 

0014-ppc-ppc64-ppc64le-Mark-stack-as-non-executable.patch

@@ -1,7 +1,7 @@
 From 51d003033bc15d215a6860714190edacecd724ab Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Thu, 11 Sep 2014 14:49:54 +0100
-Subject: [PATCH 14/19] ppc, ppc64, ppc64le: Mark stack as non-executable.
+Subject: [PATCH 14/20] ppc, ppc64, ppc64le: Mark stack as non-executable.
 
 The same fix as this one, which was only fully applied to
 i686 & x86-64:
@@ -70,5 +70,5 @@ index 98c42e2..b7bfce4 100644
 +/* Mark stack as non-executable, PR#4564 */
 +        .section .note.GNU-stack,"",%progbits
 -- 
-2.3.1
+2.7.4
 

0015-ppc64-ppc64le-proc-Interim-definitions-for-op_is_pur.patch

@@ -1,7 +1,7 @@
 From e1dbbb661405f35600d78f16a0a729a8ac014f61 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Fri, 24 Oct 2014 10:10:54 +0100
-Subject: [PATCH 15/19] ppc64/ppc64le: proc: Interim definitions for op_is_pure
+Subject: [PATCH 15/20] ppc64/ppc64le: proc: Interim definitions for op_is_pure
  and regs_are_volatile.
 
 See: https://bugzilla.redhat.com/show_bug.cgi?id=1156300
@@ -80,5 +80,5 @@ index 476c984..56473ac 100644
  
  let num_stack_slots = [| 0; 0 |]
 -- 
-2.3.1
+2.7.4
 

0016-ppc64le-Fix-calling-convention-of-external-functions.patch

@@ -1,7 +1,7 @@
 From 4198d84ca53b4760269abe7bfbecf9ecb853a303 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Thu, 28 May 2015 16:13:40 -0400
-Subject: [PATCH 16/19] ppc64le: Fix calling convention of external functions
+Subject: [PATCH 16/20] ppc64le: Fix calling convention of external functions
  with > 8 parameters (RHBZ#1225995).
 
 For external (ie. C) functions with more than 8 parameters, we must
@@ -30,5 +30,5 @@ index 56473ac..c705695 100644
  
  let extcall_use_push = false
 -- 
-2.3.1
+2.7.4
 

0017-ppc64-Fix-PIC-variant-of-asmrun.patch

@@ -1,7 +1,7 @@
 From e549e91ccfeb0c8bb99aa4095cc2088ab443e7a3 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Mon, 29 Jun 2015 08:31:31 -0400
-Subject: [PATCH 17/19] ppc64: Fix PIC variant of asmrun.
+Subject: [PATCH 17/20] ppc64: Fix PIC variant of asmrun.
 
 ---
  asmrun/Makefile | 3 +++
@@ -22,5 +22,5 @@ index a63321e..4aa2fc9 100644
  	cp power64le-$(SYSTEM).o power64le.o
  
 -- 
-2.3.1
+2.7.4
 

0018-ppc64le-Fix-PIC-variant-of-asmrun.patch

@@ -1,7 +1,7 @@
 From d662ee171f94885a565828818ad0ccd73af06d39 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Mon, 29 Jun 2015 08:32:31 -0400
-Subject: [PATCH 18/19] ppc64le: Fix PIC variant of asmrun.
+Subject: [PATCH 18/20] ppc64le: Fix PIC variant of asmrun.
 
 ---
  asmrun/Makefile | 3 +++
@@ -22,5 +22,5 @@ index 4aa2fc9..8997e15 100644
  	ln -s ../byterun/main.c main.c
  misc.c: ../byterun/misc.c
 -- 
-2.3.1
+2.7.4
 

0019-ppc64-ppc64le-Fix-behaviour-of-Int64.max_int-1-RHBZ-.patch

@@ -1,7 +1,7 @@
 From cf026cf66315609afe8f76272e493259bade255f Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Mon, 29 Jun 2015 14:18:38 -0400
-Subject: [PATCH 19/19] =?UTF-8?q?ppc64/ppc64le:=20Fix=20behaviour=20of=20I?=
+Subject: [PATCH 19/20] =?UTF-8?q?ppc64/ppc64le:=20Fix=20behaviour=20of=20I?=
  =?UTF-8?q?nt64.max=5Fint=20=C3=B7=20-1=20(RHBZ#1236615).?=
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
@@ -41,5 +41,5 @@ index 586534b..2155e79 100644
  (* Operations on addressing modes *)
  
 -- 
-2.3.1
+2.7.4
 

0020-fix-PR-7003-and-a-few-other-bugs-caused-by-misuse-of.patch

@@ -0,0 +1,91 @@
+From fa7913e37523955ac9de29b2373b70182c4b690c Mon Sep 17 00:00:00 2001
+From: Damien Doligez <damien.doligez-inria.fr>
+Date: Mon, 19 Oct 2015 15:47:33 +0000
+Subject: [PATCH 20/20] fix PR#7003 and a few other bugs caused by misuse of
+ Int_val
+
+git-svn-id: http://caml.inria.fr/svn/ocaml/trunk@16525 f963ae5c-01c2-4b8c-9fe0-0dff7051ff02
+(cherry picked from commit 659615c7b100a89eafe6253e7a5b9d84d0e8df74)
+(cherry picked from commit 27381a26db4604d9f37ab9f1a12f885d1dbd278a)
+---
+ Changes          | 4 ++++
+ byterun/alloc.c  | 4 ++--
+ byterun/intern.c | 2 +-
+ byterun/str.c    | 4 ++--
+ 4 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/Changes b/Changes
+index dfa9e70..674f2b7 100644
+--- a/Changes
++++ b/Changes
+@@ -1,6 +1,10 @@
+ OCaml 4.02.2:
+ -------------
+ 
++Bug fixes:
++- PR#7003: String.sub causes segmentation fault
++  (Damien Doligez, report by Radek Micek)
++
+ (Changes that can break existing programs are marked with a "*")
+ 
+ Language features:
+diff --git a/byterun/alloc.c b/byterun/alloc.c
+index 6544a0c..b4f00e4 100644
+--- a/byterun/alloc.c
++++ b/byterun/alloc.c
+@@ -147,7 +147,7 @@ CAMLexport int caml_convert_flag_list(value list, int *flags)
+ 
+ CAMLprim value caml_alloc_dummy(value size)
+ {
+-  mlsize_t wosize = Int_val(size);
++  mlsize_t wosize = Long_val(size);
+ 
+   if (wosize == 0) return Atom(0);
+   return caml_alloc (wosize, 0);
+@@ -155,7 +155,7 @@ CAMLprim value caml_alloc_dummy(value size)
+ 
+ CAMLprim value caml_alloc_dummy_float (value size)
+ {
+-  mlsize_t wosize = Int_val(size) * Double_wosize;
++  mlsize_t wosize = Long_val(size) * Double_wosize;
+ 
+   if (wosize == 0) return Atom(0);
+   return caml_alloc (wosize, 0);
+diff --git a/byterun/intern.c b/byterun/intern.c
+index 6f2d49f..4ddc8d0 100644
+--- a/byterun/intern.c
++++ b/byterun/intern.c
+@@ -287,7 +287,7 @@ static void intern_rec(value *dest)
+   case OFreshOID:
+     /* Refresh the object ID */
+     /* but do not do it for predefined exception slots */
+-    if (Int_val(Field((value)dest, 1)) >= 0)
++    if (Long_val(Field((value)dest, 1)) >= 0)
+       caml_set_oo_id((value)dest);
+     /* Pop item and iterate */
+     sp--;
+diff --git a/byterun/str.c b/byterun/str.c
+index d88c3d2..5bc4e0a 100644
+--- a/byterun/str.c
++++ b/byterun/str.c
+@@ -266,7 +266,7 @@ CAMLprim value caml_string_greaterequal(value s1, value s2)
+ CAMLprim value caml_blit_string(value s1, value ofs1, value s2, value ofs2,
+                                 value n)
+ {
+-  memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Int_val(n));
++  memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Long_val(n));
+   return Val_unit;
+ }
+ 
+@@ -293,7 +293,7 @@ CAMLprim value caml_is_printable(value chr)
+ 
+ CAMLprim value caml_bitvect_test(value bv, value n)
+ {
+-  int pos = Int_val(n);
++  intnat pos = Long_val(n);
+   return Val_int(Byte_u(bv, pos >> 3) & (1 << (pos & 7)));
+ }
+ 
+-- 
+2.7.4
+

ocaml.spec

@@ -17,7 +17,7 @@
 
 Name:           ocaml
 Version:        4.02.2
-Release:        4%{?dist}
+Release:        5%{?dist}
 
 Summary:        OCaml compiler and programming environment
 
@@ -64,6 +64,7 @@ Patch0016:      0016-ppc64le-Fix-calling-convention-of-external-functions.patch
 Patch0017:      0017-ppc64-Fix-PIC-variant-of-asmrun.patch
 Patch0018:      0018-ppc64le-Fix-PIC-variant-of-asmrun.patch
 Patch0019:      0019-ppc64-ppc64le-Fix-behaviour-of-Int64.max_int-1-RHBZ-.patch
+Patch0020:      0020-fix-PR-7003-and-a-few-other-bugs-caused-by-misuse-of.patch
 
 # Add BFD support so that ocamlobjinfo supports *.cmxs format (RHBZ#1113735).
 BuildRequires:  binutils-devel
@@ -441,6 +442,10 @@ fi
 
 
 %changelog
+* Wed May 04 2016 Richard W.M. Jones <rjones@redhat.com> - 4.02.2-5
+- CVE-2015-8869 ocaml: sizes arguments are sign-extended from
+  32 to 64 bits (RHBZ#1332090)
+
 * Mon Jun 29 2015 Richard W.M. Jones <rjones@redhat.com> - 4.02.2-4
 - Couple of minor build fixes for ppc64 and ppc64le.
 - ppc64/ppc64le: Fix behaviour of Int64.max_int ÷ -1 (RHBZ#1236615).