diff options
5 files changed, 130 insertions, 17 deletions
diff --git a/main/musl/0001-fix-assumption-in-fputs-that-fwrite-returning-0-impl.patch b/main/musl/0001-fix-assumption-in-fputs-that-fwrite-returning-0-impl.patch new file mode 100644 index 0000000000..0be9162aab --- /dev/null +++ b/main/musl/0001-fix-assumption-in-fputs-that-fwrite-returning-0-impl.patch @@ -0,0 +1,34 @@ +From 10a17dfbad2c267d885817abc9c7589fc7ff630b Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Tue, 16 Feb 2016 13:26:16 -0500 +Subject: [PATCH] fix assumption in fputs that fwrite returning 0 implies an + error + +internally, the idiom of passing nmemb=1 to fwrite and interpreting +the return value of fwrite (which is necessarily 0 or 1) as +failure/success is fairly widely used. this is not correct, however, +when the size argument is unknown and may be zero, since C requires +fwrite to return 0 in that special case. previously fwrite always +returned nmemb on success, but this was changed for conformance with +ISO C by commit 500c6886c654fd45e4926990fee2c61d816be197. +--- + src/stdio/fputs.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/stdio/fputs.c b/src/stdio/fputs.c +index 4737f44..1cf344f 100644 +--- a/src/stdio/fputs.c ++++ b/src/stdio/fputs.c +@@ -3,7 +3,8 @@ + + int fputs(const char *restrict s, FILE *restrict f) + { +- return (int)fwrite(s, strlen(s), 1, f) - 1; ++ size_t l = strlen(s); ++ return (fwrite(s, 1, l, f)==l) - 1; + } + + weak_alias(fputs, fputs_unlocked); +-- +2.7.1 + diff --git a/main/musl/0002-fix-unlikely-corner-cases-in-getopt-s-message-printi.patch b/main/musl/0002-fix-unlikely-corner-cases-in-getopt-s-message-printi.patch new file mode 100644 index 0000000000..a5d4e4af63 --- /dev/null +++ b/main/musl/0002-fix-unlikely-corner-cases-in-getopt-s-message-printi.patch @@ -0,0 +1,37 @@ +From ef2b5e9f13a7f216d6d64aeccc6b33c1262faece Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Tue, 16 Feb 2016 13:27:24 -0500 +Subject: [PATCH] fix unlikely corner cases in getopt's message printing + +like fputs (see commit 10a17dfbad2c267d885817abc9c7589fc7ff630b), the +message printing code for getopt assumed that fwrite only returns 0 on +failure, but it can also happen on success if the total length to be +written is zero. programs with zero-length argv[0] were affected. + +commit 500c6886c654fd45e4926990fee2c61d816be197 introduced this +problem in getopt by fixing the fwrite behavior to conform to the +requirements of ISO C. previously the wrong expectations of the getopt +code were met by the fwrite implementation. +--- + src/misc/getopt.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/misc/getopt.c b/src/misc/getopt.c +index 9217983..8290aef 100644 +--- a/src/misc/getopt.c ++++ b/src/misc/getopt.c +@@ -17,9 +17,9 @@ void __getopt_msg(const char *a, const char *b, const char *c, size_t l) + FILE *f = stderr; + b = __lctrans_cur(b); + flockfile(f); +- fwrite(a, strlen(a), 1, f) ++ fputs(a, f)>=0 + && fwrite(b, strlen(b), 1, f) +- && fwrite(c, l, 1, f) ++ && fwrite(c, 1, l, f)==l + && putc('\n', f); + funlockfile(f); + } +-- +2.7.1 + diff --git a/main/musl/0003-in-crypt-sha-reject-excessive-rounds-as-error-rather.patch b/main/musl/0003-in-crypt-sha-reject-excessive-rounds-as-error-rather.patch new file mode 100644 index 0000000000..7204b6a4f4 --- /dev/null +++ b/main/musl/0003-in-crypt-sha-reject-excessive-rounds-as-error-rather.patch @@ -0,0 +1,46 @@ +From cf115059ba0ecd611008c89c78c37b62f8e6d6af Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Tue, 16 Feb 2016 17:38:07 -0500 +Subject: [PATCH] in crypt-sha*, reject excessive rounds as error rather than + clamping + +the reference implementation clamps rounds to [1000,999999999]. we +further limited rounds to at most 9999999 as a defense against extreme +run times, but wrongly clamped instead of treating out-of-bounds +values as an error, thereby producing implementation-specific hash +results. fixing this should not break anything since values of rounds +this high are not useful anyway. +--- + src/crypt/crypt_sha256.c | 2 +- + src/crypt/crypt_sha512.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/crypt/crypt_sha256.c b/src/crypt/crypt_sha256.c +index d5f0b78..e885dc6 100644 +--- a/src/crypt/crypt_sha256.c ++++ b/src/crypt/crypt_sha256.c +@@ -230,7 +230,7 @@ static char *sha256crypt(const char *key, const char *setting, char *output) + if (u < ROUNDS_MIN) + r = ROUNDS_MIN; + else if (u > ROUNDS_MAX) +- r = ROUNDS_MAX; ++ return 0; + else + r = u; + /* needed when rounds is zero prefixed or out of bounds */ +diff --git a/src/crypt/crypt_sha512.c b/src/crypt/crypt_sha512.c +index 1294e98..39970ca 100644 +--- a/src/crypt/crypt_sha512.c ++++ b/src/crypt/crypt_sha512.c +@@ -252,7 +252,7 @@ static char *sha512crypt(const char *key, const char *setting, char *output) + if (u < ROUNDS_MIN) + r = ROUNDS_MIN; + else if (u > ROUNDS_MAX) +- r = ROUNDS_MAX; ++ return 0; + else + r = u; + /* needed when rounds is zero prefixed or out of bounds */ +-- +2.7.1 + diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD index e5ac6481e2..d2324c9c3d 100644 --- a/main/musl/APKBUILD +++ b/main/musl/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=musl pkgver=1.1.13 -pkgrel=1 +pkgrel=2 pkgdesc="the musl c library (libc) implementation" url="http://www.musl-libc.org/" arch="all" @@ -12,7 +12,9 @@ depends_dev="!uclibc-dev" makedepends="$depends_dev" subpackages="$pkgname-dev $pkgname-utils $pkgname-dbg libc6-compat:compat" source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz - fix-fputs.patch + 0001-fix-assumption-in-fputs-that-fwrite-returning-0-impl.patch + 0002-fix-unlikely-corner-cases-in-getopt-s-message-printi.patch + 0003-in-crypt-sha-reject-excessive-rounds-as-error-rather.patch ldconfig __stack_chk_fail_local.c @@ -129,21 +131,27 @@ compat() { } md5sums="b8cb33a04ab461b55edcc807abf82241 musl-1.1.13.tar.gz -796a4dab96dc5c1c182a7b6e44f563fb fix-fputs.patch +b05c1a3f3b773610fdfe1fe44f41c5f8 0001-fix-assumption-in-fputs-that-fwrite-returning-0-impl.patch +5b1ab9ab71069b9daafaf7a62ee3cf8e 0002-fix-unlikely-corner-cases-in-getopt-s-message-printi.patch +bf74e577da2993ccf468787910a3d4d3 0003-in-crypt-sha-reject-excessive-rounds-as-error-rather.patch 830d01f7821b978df770b06db3790921 ldconfig 0df687757221bbb0fc1aa67f1bd646f9 __stack_chk_fail_local.c 57ef2c63b9ec6a2041694ace97d4ffa2 getconf.c 2b941c4251cac44988a4abfc50e21267 getent.c 45f92f8d59cf84d765de698a9578dbf4 iconv.c" sha256sums="bbacdc64f557d0c4857f7d2daf592c32c29aec1babbb94fcf01a2e05bed15013 musl-1.1.13.tar.gz -990d71f2efacede62b54225c773b1245b38fae9d5bd59971984bbd173cfb5e9c fix-fputs.patch +f32bfc319bb2e4dd6e20ab81dd838af991c6696dbd70db93926e8e3e446caf50 0001-fix-assumption-in-fputs-that-fwrite-returning-0-impl.patch +e21ad9f7e9ff9089d3be03281366dd01a7487b21fb00dd7b7556f46e84f2e282 0002-fix-unlikely-corner-cases-in-getopt-s-message-printi.patch +4542c63178f1f8d42d54a3e81a3db1978103d76f0d3ffb42b133bfe4b02f5de4 0003-in-crypt-sha-reject-excessive-rounds-as-error-rather.patch b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7 ldconfig 299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da __stack_chk_fail_local.c d87d0cbb3690ae2c5d8cc218349fd8278b93855dd625deaf7ae50e320aad247c getconf.c 68373a55e89ce85c562d941ccf588337d6cc6c9c17689d695f65cd7607134bbe getent.c f79a2930a2e5bb0624321589edf8b889d1e9b603e01e6b7ae214616605b3fdd7 iconv.c" sha512sums="d5f4a6fdb6a2cdbd7ab1ad5a8d91b1c690b3bd31d9049dfc022067019bba11952e375374eed982a0ddac7347d17f9ff2300178c4d5f27bdd8480933cc6e67802 musl-1.1.13.tar.gz -1fb5708a0dd8938622c0a1c8f933f79da1de94d37952d555930152d52d5405f1e744e502bdf9e22cd4d16293dcfb685707f323f6ac2af5ef4eb6b6897ac4d182 fix-fputs.patch +c634947ddf6d0b2e462cacff3920326a5677c06a3fc58f40cf99f22496b33882d25b4dce041a368fa2961d23bccbf9145a571fd40ea0d390cea1ab2849e681d7 0001-fix-assumption-in-fputs-that-fwrite-returning-0-impl.patch +2a9b55bedfd13bb6f1ad6a10344294d672eaafbc4402c0f18cc31a9b5a62879a606e7fe4733c09295159a7458502886ed4d0c71170e66dca9a1bd228dbb08123 0002-fix-unlikely-corner-cases-in-getopt-s-message-printi.patch +0a1715fb46204a13d9a29dfa9d86d3335890e75990d0d76c06daccb059f31498858b106966063e4b01c101f67ed139d8a24915d1ebeafec2491213d3e6bfdac9 0003-in-crypt-sha-reject-excessive-rounds-as-error-rather.patch 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c diff --git a/main/musl/fix-fputs.patch b/main/musl/fix-fputs.patch deleted file mode 100644 index da9e4a0929..0000000000 --- a/main/musl/fix-fputs.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/src/stdio/fputs.c b/src/stdio/fputs.c -index 4737f44..c419923 100644 ---- a/src/stdio/fputs.c -+++ b/src/stdio/fputs.c -@@ -3,6 +3,7 @@ - - int fputs(const char *restrict s, FILE *restrict f) - { -+ if (!*s) return 0; - return (int)fwrite(s, strlen(s), 1, f) - 1; - } - |