-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello.
I have prepared LTS security update for ocaml[1]. Debdiff is attached. I compiled couple of ocaml programs for testing. I don't have any experience with ocaml. If you know any ocaml projects please compile with this build. Please upload if it look good. Once it reach the archive I will send the DLA. Thanks. - --abhijith 1. https://mentors.debian.net/debian/pool/main/o/ocaml/ocaml_3.12.1-4+deb7u 2.dsc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlrq2Z8ACgkQhj1N8u2c KO9gaQ/+KwsJJAKGNCf4mJHNAJ6fqmVR88l+o1Ub0cInyE2teY882xFDv/R/nkmQ fqTfZOFUXKw/QZQ8gLoGtq4Xy/zflX/3AEZejVP4XMUoBgKS5s6Q3O9c5dHdz0w8 Px9MPu6raAs+DPdegXi1IjONYiScA1H1gPRVAmcSLVeeFsNcfVQH1VcXj2xc8d9m fIxXIXHjx59/Fr+TsvCWg5CKDM2CsoRowKfUJouo3oOEzwdGGZ8pNm1poEU9GpBa Ou/7ENQTkn8JaplSlePWQ2bMDPh30zJS8jCKVyDUyhndqgVfscUPgtrotCEMGrWk bk/74NcQLjuWrUsvfFSATC4I81VYd5NoxT13cp1wfXnTPDjxzrgOO8/LSZM041Eq XSLBcrzjoDilepM0EzV03DgSCgkeBHFzwRodV4yojjdWb0oQmclRp6DGUPa24HdE CvfnH8oJjQXA5FsEYxX1gSlGYEGEsXIDSBqy7AD+86MzH+pecdCzmF6VJyf182SC GArT2GqrIKsQfz88tbqO+d1R7jMek/7LSja1CVDrcSUJY/yqgsfSw4nBu4ZT4+ji rcJvD8NvekdCS0DKlWbhcqyfpRyFR6nboeAgKF0g8oA/k7sZl4G/MTkJRKVpt5ir H+Zof/yRVaE9/ZjEFA0TzAe+ASM28L33b82Em9aL1ZEJCBFUzL0= =Y7GY -----END PGP SIGNATURE-----
diff -Nru ocaml-3.12.1/debian/changelog ocaml-3.12.1/debian/changelog --- ocaml-3.12.1/debian/changelog 2016-05-11 23:31:44.000000000 +0530 +++ ocaml-3.12.1/debian/changelog 2018-05-03 13:43:57.000000000 +0530 @@ -1,3 +1,12 @@ +ocaml (3.12.1-4+deb7u2) wheezy-security; urgency=high + + * Non-maintainer upload by the Debian LTS Team. + * CVE-2018-9838: An integer overflow in bigarray module which allows + allows remote attackers to cause a denial of service or possibly + execute arbitrary code via a crafted object (Closes: #895472) + + -- Abhijith PA <abhij...@disroot.org> Wed, 02 May 2018 15:40:09 +0530 + ocaml (3.12.1-4+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Wheezy LTS Team. diff -Nru ocaml-3.12.1/debian/patches/0017-CVE-2018-9838.patch ocaml-3.12.1/debian/patches/0017-CVE-2018-9838.patch --- ocaml-3.12.1/debian/patches/0017-CVE-2018-9838.patch 1970-01-01 05:30:00.000000000 +0530 +++ ocaml-3.12.1/debian/patches/0017-CVE-2018-9838.patch 2018-05-03 13:45:09.000000000 +0530 @@ -0,0 +1,53 @@ +Description: CVE-2018-9838 + The bigarray module(bigarray_stubs.c) is capable of reading in serialized + (marshalled) objects from a external source which is often used for network + operations and interprocess communication. An integer overflow is detected in + the module which allows remote attackers to cause a denial of service or + possibly execute arbitrary code via a crafted object. This patch checks for + overflows when computing the in-memory size of the bigarray. + +Author: Abhijith PA <abhij...@disroot.org> +Origin: https://github.com/ocaml/ocaml/commit/9664c7ee807c2dfa802f53cabd405ff58e219c47 +Bug: https://caml.inria.fr/mantis/view.php?id=7765 +Bug-Debian: https://bugs.debian.org/895472 +Last-Update: 2018-05-02 + +--- ocaml-3.12.1.orig/otherlibs/bigarray/bigarray_stubs.c ++++ ocaml-3.12.1/otherlibs/bigarray/bigarray_stubs.c +@@ -784,22 +784,29 @@ static void caml_ba_deserialize_longarra + uintnat caml_ba_deserialize(void * dst) + { + struct caml_ba_array * b = dst; +- int i, elt_size; +- uintnat num_elts; ++ int i; ++ uintnat num_elts, size; + + /* Read back header information */ + b->num_dims = caml_deserialize_uint_4(); + b->flags = caml_deserialize_uint_4() | CAML_BA_MANAGED; + b->proxy = NULL; + for (i = 0; i < b->num_dims; i++) b->dim[i] = caml_deserialize_uint_4(); +- /* Compute total number of elements */ +- num_elts = caml_ba_num_elts(b); +- /* Determine element size in bytes */ ++ /* Compute total number of elements. Watch out for overflows (MPR#7765). */ ++ num_elts = 1; ++ for (i = 0; i < b->num_dims; i++) { ++ if (caml_umul_overflow(num_elts, b->dim[i], &num_elts)) ++ caml_deserialize_error("input_value: size overflow for bigarray"); ++ } ++ /* Determine array size in bytes. Watch out for overflows (MPR#7765). */ + if ((b->flags & CAML_BA_KIND_MASK) > CAML_BA_COMPLEX64) + caml_deserialize_error("input_value: bad bigarray kind"); +- elt_size = caml_ba_element_size[b->flags & CAML_BA_KIND_MASK]; ++ if (caml_umul_overflow(num_elts, ++ caml_ba_element_size[b->flags & CAML_BA_KIND_MASK], ++ &size)) ++ caml_deserialize_error("input_value: size overflow for bigarray"); + /* Allocate room for data */ +- b->data = malloc(elt_size * num_elts); ++ b->data = malloc(size); + if (b->data == NULL) + caml_deserialize_error("input_value: out of memory for bigarray"); + /* Read data */ diff -Nru ocaml-3.12.1/debian/patches/series ocaml-3.12.1/debian/patches/series --- ocaml-3.12.1/debian/patches/series 2016-05-11 23:00:48.000000000 +0530 +++ ocaml-3.12.1/debian/patches/series 2018-05-03 13:45:35.000000000 +0530 @@ -14,3 +14,4 @@ 0014-Add-support-for-ENOTSUP.patch 0015-Do-not-add-R-dir-in-X11-link-options-on-GNU-kFreeBSD.patch 0016-CVE-2015-8869.patch +0017-CVE-2018-9838.patch
