main/musl: cherry pick two more bug fixes from upstream

4 files changed, 134 insertions, 5 deletions

diff --git a/main/musl/0001-add-missing-i386-syscall-numbers.patch b/main/musl/0001-add-missing-i386-syscall-numbers.patch
new file mode 100644
index 0000000000..8c0b0a892d
--- /dev/null
+++ b/main/musl/0001-add-missing-i386-syscall-numbers.patch
@@ -0,0 +1,41 @@
+From 78178542e73e143bf44b3ba32cf0b58ced53f2d5 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Thu, 26 Sep 2013 14:17:36 -0400
+Subject: [PATCH] add missing i386 syscall numbers
+
+somehow the range 335-339 was missed when updating the file.
+---
+ arch/i386/bits/syscall.h | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/arch/i386/bits/syscall.h b/arch/i386/bits/syscall.h
+index 800409a..2af242b 100644
+--- a/arch/i386/bits/syscall.h
++++ b/arch/i386/bits/syscall.h
+@@ -333,6 +333,11 @@
+ #define __NR_inotify_init1	332
+ #define __NR_preadv		333
+ #define __NR_pwritev		334
++#define __NR_rt_tgsigqueueinfo	335
++#define __NR_perf_event_open	336
++#define __NR_recvmmsg		337
++#define __NR_fanotify_init	338
++#define __NR_fanotify_mark	339
+ #define __NR_prlimit64		340
+ #define __NR_name_to_handle_at	341
+ #define __NR_open_by_handle_at	342
+@@ -683,6 +688,11 @@
+ #define SYS_inotify_init1	332
+ #define SYS_preadv		333
+ #define SYS_pwritev		334
++#define SYS_rt_tgsigqueueinfo	335
++#define SYS_perf_event_open	336
++#define SYS_recvmmsg		337
++#define SYS_fanotify_init	338
++#define SYS_fanotify_mark	339
+ #define SYS_prlimit64		340
+ #define SYS_name_to_handle_at	341
+ #define SYS_open_by_handle_at	342
+-- 
+1.8.4
+
diff --git a/main/musl/0002-fix-buffer-overflow-in-mbsrtowcs.patch b/main/musl/0002-fix-buffer-overflow-in-mbsrtowcs.patch
new file mode 100644
index 0000000000..8b68cc8777
--- /dev/null
+++ b/main/musl/0002-fix-buffer-overflow-in-mbsrtowcs.patch
@@ -0,0 +1,41 @@
+From 211264e46a2f1bc382a84435e904d1548de672b0 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Fri, 27 Sep 2013 13:09:46 -0400
+Subject: [PATCH] fix buffer overflow in mbsrtowcs
+
+issue reported by Michael Forney:
+
+"If wn becomes 0 after processing a chunk of 4, mbsrtowcs currently
+continues on, wrapping wn around to -1, causing the rest of the string
+to be processed.
+
+This resulted in buffer overruns if there was only space in ws for wn
+wide characters."
+
+the original patch submitted added an additional check for !wn after
+the loop; to avoid extra branching, I instead just changed the wn>=4
+check to wn>=5 to ensure that at least one slot remains after the
+word-at-a-time loop runs. this should not slow down the tail
+processing on real-world usage, since an extra slot that can't be
+processed in the word-at-a-time loop is needed for the null
+termination anyway.
+---
+ src/multibyte/mbsrtowcs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/multibyte/mbsrtowcs.c b/src/multibyte/mbsrtowcs.c
+index b9bbc33..066cce6 100644
+--- a/src/multibyte/mbsrtowcs.c
++++ b/src/multibyte/mbsrtowcs.c
+@@ -59,7 +59,7 @@ resume0:
+ 			return wn0;
+ 		}
+ 		if (*s-1u < 0x7f && (uintptr_t)s%4 == 0) {
+-			while (wn>=4 && !(( *(uint32_t*)s | *(uint32_t*)s-0x01010101) & 0x80808080)) {
++			while (wn>=5 && !(( *(uint32_t*)s | *(uint32_t*)s-0x01010101) & 0x80808080)) {
+ 				*ws++ = *s++;
+ 				*ws++ = *s++;
+ 				*ws++ = *s++;
+-- 
+1.8.4
+
diff --git a/main/musl/0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch b/main/musl/0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch
new file mode 100644
index 0000000000..ebc1910c7f
--- /dev/null
+++ b/main/musl/0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch
@@ -0,0 +1,38 @@
+From 23b8e3bc95620b0bd90a78ce0d926942c12b45da Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Sun, 29 Sep 2013 02:52:33 -0400
+Subject: [PATCH] fix off-by-one error in getgrnam_r and getgrgid_r, clobbering
+ gr_name
+
+bug report and patch by Michael Forney. the terminating null pointer
+at the end of the gr_mem array was overwriting the beginning of the
+string data, causing the gr_name member to always be a zero-length
+string.
+---
+ src/passwd/getgr_r.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/passwd/getgr_r.c b/src/passwd/getgr_r.c
+index 234c901..3fe2e2b 100644
+--- a/src/passwd/getgr_r.c
++++ b/src/passwd/getgr_r.c
+@@ -26,14 +26,14 @@ static int getgr_r(const char *name, gid_t gid, struct group *gr, char *buf, siz
+ 	while (__getgrent_a(f, gr, &line, &len, &mem, &nmem)) {
+ 		if (name && !strcmp(name, gr->gr_name)
+ 		|| !name && gr->gr_gid == gid) {
+-			if (size < len + nmem*sizeof(char *) + 32) {
++			if (size < len + (nmem+1)*sizeof(char *) + 32) {
+ 				rv = ERANGE;
+ 				break;
+ 			}
+ 			*res = gr;
+ 			buf += (16-(uintptr_t)buf)%16;
+ 			gr->gr_mem = (void *)buf;
+-			buf += nmem*sizeof(char *);
++			buf += (nmem+1)*sizeof(char *);
+ 			memcpy(buf, line, len);
+ 			FIX(name);
+ 			FIX(passwd);
+-- 
+1.8.4
+
diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD
index ded6dd6ee5..d277162332 100644
--- a/main/musl/APKBUILD
+++ b/main/musl/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Timo Teräs <timo.teras@iki.fi>
 pkgname=musl
 pkgver=0.9.14
-pkgrel=2
+pkgrel=3
 pkgdesc="the musl c library (libc) implementation"
 url="http://www.musl-libc.org/"
 arch="all"
@@ -14,7 +14,10 @@ install=""
 subpackages="$pkgname-dev $pkgname-utils"
 [ "${CTARGET#*musl}" = "$CTARGET" ] && subpackages="$subpackages musl-gcc:crosstool"
 source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz
-	add-missing-i386-syscall-numbers.patch
+	0001-add-missing-i386-syscall-numbers.patch
+	0002-fix-buffer-overflow-in-mbsrtowcs.patch
+	0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch
+
 	add-rfc3678-mcast-structs.patch
 	workaround-gcc-pr58245.patch
 	getopt_long.c
@@ -105,21 +108,27 @@ crosstool() {
 }
 
 md5sums="bfb685695aa942e64c63170589e575b2  musl-0.9.14.tar.gz
-f116cf69bcbcb7080ef3aa521acce8b8  add-missing-i386-syscall-numbers.patch
+f116cf69bcbcb7080ef3aa521acce8b8  0001-add-missing-i386-syscall-numbers.patch
+bfefbd099f555fe8fd22e7ffc3accbef  0002-fix-buffer-overflow-in-mbsrtowcs.patch
+5d722e38a7ca2032c9f202db8ff7e369  0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch
 dcdded62320e3aa2a550058a75bc9c6e  add-rfc3678-mcast-structs.patch
 7a09c5cd7b3e9532e6902f54a5e928bb  workaround-gcc-pr58245.patch
 61c6c1e84ed1df82abbe6d75e90cf21c  getopt_long.c
 0df687757221bbb0fc1aa67f1bd646f9  __stack_chk_fail_local.c
 ef81489a6258501cf45db58dfc6d5211  getent"
 sha256sums="982e9de1287cf95f9aa526adba008660d8885bfccc41faf5c613ea47f1922872  musl-0.9.14.tar.gz
-84886493008bdca79ad223708e5568baeb948a520499b9f4eea2f1526aefb304  add-missing-i386-syscall-numbers.patch
+84886493008bdca79ad223708e5568baeb948a520499b9f4eea2f1526aefb304  0001-add-missing-i386-syscall-numbers.patch
+a6cb8b279e5b737d43c2de1bd6229f5e6599e9514bcb41ddaa411cd44dc65ba7  0002-fix-buffer-overflow-in-mbsrtowcs.patch
+b6b161383b287505eecb53595039b8fe26c622508e783c86ee82d38c1ea582f4  0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch
 6e8c4fe897c88e4b8f5654766cdaa5d14a0bfa51f28518b53cba2628ca700cdb  add-rfc3678-mcast-structs.patch
 45d6efda7450809e4e68f6e951431dcadf6cb7f0260930d50a9f1a8667aca49f  workaround-gcc-pr58245.patch
 d9b644ec20bc33e81a7c52b9fcf7973d835923a69faf50f03db45534b811bd96  getopt_long.c
 299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da  __stack_chk_fail_local.c
 d6996273f5aaaed429058257e4646b243d9e3a4d8609522f802762453f5be4cb  getent"
 sha512sums="e5c3f7b1549dc2f9cbd3359cc413f761d5967607c23705f651c33d0ae93f00582193a41fe1f87158467d58d8eba2d7c09e0fe2f2b2c02c1dda78eee1a4cecff6  musl-0.9.14.tar.gz
-e6cdb6b4c87e2488d31ac46898010dc9d41f31f2ed9c6f2f8a763b76e63587a37a54a7557cd7db1c524b1fcbd17e5418ec1058b30dc17cc91c3fb3ac7cd47fc8  add-missing-i386-syscall-numbers.patch
+e6cdb6b4c87e2488d31ac46898010dc9d41f31f2ed9c6f2f8a763b76e63587a37a54a7557cd7db1c524b1fcbd17e5418ec1058b30dc17cc91c3fb3ac7cd47fc8  0001-add-missing-i386-syscall-numbers.patch
+bb1a0025675fc0241a0ae15e04e12cfbb3c12604ccdb8ac9a2a192d76d346c2804d051f6698a636671d9b4154132b1fe4270bc464bdd370a9b2070c4573361e0  0002-fix-buffer-overflow-in-mbsrtowcs.patch
+60fd9640ea6a8c46e8724ec80d228bcabb9ae3f0f366d2a21c7e15da4a31395aa6dfadeb480f22c720cbd773b73b245174adc3031ee04e69efecf4c45af8538f  0003-fix-off-by-one-error-in-getgrnam_r-and-getgrgid_r-cl.patch
 72789ddf7018bb0878cb1f9c8a47d7b371a9a3e1c58693090d518bf1cc0d26e4edda3e3a405b2ddcdfb06f05a94eb4a358d9e26f742702be891a6578673a0369  add-rfc3678-mcast-structs.patch
 69ad3fc851b44f33dd7c98b83fd0adbd149b37263d17b989f4d7338ee0703dfe8994f4299744e2509492300227d652de6f21b6cdba9b633fcefd3d9f7ca0cf20  workaround-gcc-pr58245.patch
 140f3f20d30bd95ebce8c41b8cc7f616c6cbedf4ea06c729c21014e74f6043796825cc40ebc5180620ea38173afdba23f09ebf6d8b11fa05440b14d23764fca9  getopt_long.c