Summary: | dev-lang/ocaml-4.05.0-r1: Fixing GLSA 202007-48 for unison-compatibility with Debian | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Stefan Huber <shuber> |
Component: | Current packages | Assignee: | Gentoo Team for the ML programming language family <ml> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gienah, sam, security |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 719134 |
Description
Stefan Huber
2020-11-18 11:58:55 UTC
Debian has fixed this issue with 4.05.0-11, see [1]. According to [1], the patch that was used is this [2] one. I have applied the patch [2] to ocaml-4.05.0-r1, which builds fine and unison works, too. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895472#25 [2] https://salsa.debian.org/ocaml-team/ocaml/commit/25dd36af0e6921c7df85b80d4cac68a177a8def5 P.S. Note that GLSA 202007-48 actually concerns the very same marshaling mechanisms, that stops unison users from upgrading to ocaml-4.09.0. I just realized that unison (all versions) fails to build due to undefined reference to `caml_umul_overflow`. The following patch, however, changes the call to caml_umul_overflow in the patch to a call to caml_ba_multov: https://gitea.lakaban.net/def/ocaml/commit/c6ca3afc78b75d7748e4e09e56c6b020418be06e Unison 2.48.15_p4-r2 and 2.51.3_p20201024 compiles against dev-lang/ocaml-4.05.0-r1 with the proposed patch applied. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73b6349cc23be7639100ff7f759516d6e28157a8 commit 73b6349cc23be7639100ff7f759516d6e28157a8 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-12-20 18:41:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-12-20 18:43:08 +0000 dev-ml/findlib: lower the minimum OCaml version Some users still need an older version of OCaml for e.g. Unison where there are compatibility issues we need to handle. Thanks-to: Stefan Huber <shuber@sthu.org> Bug: https://bugs.gentoo.org/755257 Closes: https://bugs.gentoo.org/760911 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> .../findlib/{findlib-1.8.1-r1.ebuild => findlib-1.8.1-r2.ebuild} | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34b06d35218d9e444050526511da10962ea72c2f commit 34b06d35218d9e444050526511da10962ea72c2f Author: Sam James <sam@gentoo.org> AuthorDate: 2021-06-08 04:58:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-08 04:59:09 +0000 dev-lang/ocaml: add CVE-2018-9838 patch to 4.05.0 Closes: https://bugs.gentoo.org/755257 Bug: https://bugs.gentoo.org/719134 Signed-off-by: Sam James <sam@gentoo.org> .../ocaml/files/ocaml-4.05.0-CVE-2018-9838.patch | 70 ++++++++++ dev-lang/ocaml/ocaml-4.05.0-r4.ebuild | 143 +++++++++++++++++++++ 2 files changed, 213 insertions(+) |