diff options
Diffstat (limited to 'main')
4 files changed, 114 insertions, 1 deletions
diff --git a/main/musl/0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch b/main/musl/0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch new file mode 100644 index 0000000000..6354d7c50f --- /dev/null +++ b/main/musl/0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch @@ -0,0 +1,33 @@ +From 39dfd58417ef642307d90306e1c7e50aaec5a35c Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Fri, 20 Mar 2015 18:06:04 -0400 +Subject: [PATCH] fix memory-corruption in regcomp with backslash followed by + high byte + +the regex parser handles the (undefined) case of an unexpected byte +following a backslash as a literal. however, instead of correctly +decoding a character, it was treating the byte value itself as a +character. this was not only semantically unjustified, but turned out +to be dangerous on archs where plain char is signed: bytes in the +range 252-255 alias the internal codes -4 through -1 used for special +types of literal nodes in the AST. +--- + src/regex/regcomp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/regex/regcomp.c b/src/regex/regcomp.c +index 4cdaa1e..bce6bc1 100644 +--- a/src/regex/regcomp.c ++++ b/src/regex/regcomp.c +@@ -847,7 +847,7 @@ static reg_errcode_t parse_atom(tre_parse_ctx_t *ctx, const char *s) + } else { + /* extension: accept unknown escaped char + as a literal */ +- node = tre_ast_new_literal(ctx->mem, *s, *s, ctx->position); ++ goto parse_literal; + } + ctx->position++; + } +-- +2.3.3 + diff --git a/main/musl/0002-suppress-backref-processing-in-ERE-regcomp.patch b/main/musl/0002-suppress-backref-processing-in-ERE-regcomp.patch new file mode 100644 index 0000000000..6fb421728b --- /dev/null +++ b/main/musl/0002-suppress-backref-processing-in-ERE-regcomp.patch @@ -0,0 +1,29 @@ +From 7c8c86f6308c7e0816b9638465a5917b12159e8f Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Fri, 20 Mar 2015 18:25:01 -0400 +Subject: [PATCH] suppress backref processing in ERE regcomp + +one of the features of ERE is that it's actually a regular language +and does not admit expressions which cannot be matched in linear time. +introduction of \n backref support into regcomp's ERE parsing was +unintentional. +--- + src/regex/regcomp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/regex/regcomp.c b/src/regex/regcomp.c +index bce6bc1..4d80cb1 100644 +--- a/src/regex/regcomp.c ++++ b/src/regex/regcomp.c +@@ -839,7 +839,7 @@ static reg_errcode_t parse_atom(tre_parse_ctx_t *ctx, const char *s) + s--; + break; + default: +- if (isdigit(*s)) { ++ if (!ere && isdigit(*s)) { + /* back reference */ + int val = *s - '0'; + node = tre_ast_new_literal(ctx->mem, BACKREF, val, ctx->position); +-- +2.3.3 + diff --git a/main/musl/0003-fix-internal-buffer-overrun-in-inet_pton.patch b/main/musl/0003-fix-internal-buffer-overrun-in-inet_pton.patch new file mode 100644 index 0000000000..ba9de58566 --- /dev/null +++ b/main/musl/0003-fix-internal-buffer-overrun-in-inet_pton.patch @@ -0,0 +1,39 @@ +From fc13acc3dcb5b1f215c007f583a63551f6a71363 Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Mon, 23 Mar 2015 09:44:18 -0400 +Subject: [PATCH] fix internal buffer overrun in inet_pton + +one stop condition for parsing abbreviated ipv6 addressed was missed, +allowing the internal ip[] buffer to overflow. this patch adds the +missing stop condition and masks the array index so that, in case +there are any remaining stop conditions missing, overflowing the +buffer is not possible. +--- + src/network/inet_pton.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/network/inet_pton.c b/src/network/inet_pton.c +index 4496b47..d36c368 100644 +--- a/src/network/inet_pton.c ++++ b/src/network/inet_pton.c +@@ -39,14 +39,15 @@ int inet_pton(int af, const char *restrict s, void *restrict a0) + for (i=0; ; i++) { + if (s[0]==':' && brk<0) { + brk=i; +- ip[i]=0; ++ ip[i&7]=0; + if (!*++s) break; ++ if (i==7) return 0; + continue; + } + for (v=j=0; j<4 && (d=hexval(s[j]))>=0; j++) + v=16*v+d; + if (j==0) return 0; +- ip[i] = v; ++ ip[i&7] = v; + if (!s[j] && (brk>=0 || i==7)) break; + if (i==7) return 0; + if (s[j]!=':') { +-- +2.3.3 + diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD index 626c53575b..f0c2f9b96b 100644 --- a/main/musl/APKBUILD +++ b/main/musl/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=musl pkgver=1.1.7 -pkgrel=0 +pkgrel=1 pkgdesc="the musl c library (libc) implementation" url="http://www.musl-libc.org/" arch="all" @@ -13,6 +13,9 @@ makedepends="$depends_dev" install="$pkgname.post-upgrade" subpackages="$pkgname-dev $pkgname-utils $pkgname-dbg" source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz + 0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch + 0002-suppress-backref-processing-in-ERE-regcomp.patch + 0003-fix-internal-buffer-overrun-in-inet_pton.patch ldconfig __stack_chk_fail_local.c @@ -111,18 +114,27 @@ utils() { } md5sums="6fe9fc4d99a7d321432b3e179c138d73 musl-1.1.7.tar.gz +ca2d1b1283b15df595950d0ba63b9e90 0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch +d2c8268e812b8c40860eecfaca077959 0002-suppress-backref-processing-in-ERE-regcomp.patch +f99a4519a796a56360a203723c1dff0e 0003-fix-internal-buffer-overrun-in-inet_pton.patch 830d01f7821b978df770b06db3790921 ldconfig 0df687757221bbb0fc1aa67f1bd646f9 __stack_chk_fail_local.c 57ef2c63b9ec6a2041694ace97d4ffa2 getconf.c 2b941c4251cac44988a4abfc50e21267 getent.c 45f92f8d59cf84d765de698a9578dbf4 iconv.c" sha256sums="d8e0aae287ecf8aa6500d3ed4131f33d216a7857dc7649a89125ffca6bf91599 musl-1.1.7.tar.gz +618af64186986b8fe2e1f8c31745da9d2a3f5fc213cfe23efcc2c7e5f4572129 0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch +4a733c74d3b7b1986e3770fbbd2d0d5d5f1144b3104fe9aaab4580b8ab67fe67 0002-suppress-backref-processing-in-ERE-regcomp.patch +2362acd6c14977072d25a205190277c25edc0d32396a5bca5eab8d88894ac654 0003-fix-internal-buffer-overrun-in-inet_pton.patch b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7 ldconfig 299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da __stack_chk_fail_local.c d87d0cbb3690ae2c5d8cc218349fd8278b93855dd625deaf7ae50e320aad247c getconf.c 68373a55e89ce85c562d941ccf588337d6cc6c9c17689d695f65cd7607134bbe getent.c f79a2930a2e5bb0624321589edf8b889d1e9b603e01e6b7ae214616605b3fdd7 iconv.c" sha512sums="7fe002ed5f7fd96c8759f3f85ee382809043e1829e093b88eaaddc197f7d558473ad66b33be41dbb1afe750ccdd62e6dfcc3a591c122e84435142fab890e8edc musl-1.1.7.tar.gz +0a9ae94be997ef5218e2759ead181733270a415822c64a7b539a571fe4c8e3b148e527ec3ef3dfea8937df741a6685b38d3dd0a8eb9a14a9f904e19a79735965 0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch +7f13fcfb7e0a834fb7499805ace8a95ab7e930cd947d2b6749107d0cf80b207dfb0ab52210f0850f15c794cb011e3477b647a9a8e6cba96a2c4b13f0890d00c4 0002-suppress-backref-processing-in-ERE-regcomp.patch +0e978f001e8339f22c3fe09bd4f40227978db922b353559e2f052f81641b289510b9f344dd71f7205e8463ce0a1da01ebb8445089cf822c6d6996eb3e37e0eac 0003-fix-internal-buffer-overrun-in-inet_pton.patch 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c |