main/musl: cherry-pick fixes from git

includes fix to CVE-2015-1817

4 files changed, 114 insertions, 1 deletions

diff --git a/main/musl/0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch b/main/musl/0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch
new file mode 100644
index 000000000..6354d7c50
--- /dev/null
+++ b/main/musl/0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch
@@ -0,0 +1,33 @@
+From 39dfd58417ef642307d90306e1c7e50aaec5a35c Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Fri, 20 Mar 2015 18:06:04 -0400
+Subject: [PATCH] fix memory-corruption in regcomp with backslash followed by
+ high byte
+
+the regex parser handles the (undefined) case of an unexpected byte
+following a backslash as a literal. however, instead of correctly
+decoding a character, it was treating the byte value itself as a
+character. this was not only semantically unjustified, but turned out
+to be dangerous on archs where plain char is signed: bytes in the
+range 252-255 alias the internal codes -4 through -1 used for special
+types of literal nodes in the AST.
+---
+ src/regex/regcomp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/regex/regcomp.c b/src/regex/regcomp.c
+index 4cdaa1e..bce6bc1 100644
+--- a/src/regex/regcomp.c
++++ b/src/regex/regcomp.c
+@@ -847,7 +847,7 @@ static reg_errcode_t parse_atom(tre_parse_ctx_t *ctx, const char *s)
+ 			} else {
+ 				/* extension: accept unknown escaped char
+ 				   as a literal */
+-				node = tre_ast_new_literal(ctx->mem, *s, *s, ctx->position);
++				goto parse_literal;
+ 			}
+ 			ctx->position++;
+ 		}
+-- 
+2.3.3
+
diff --git a/main/musl/0002-suppress-backref-processing-in-ERE-regcomp.patch b/main/musl/0002-suppress-backref-processing-in-ERE-regcomp.patch
new file mode 100644
index 000000000..6fb421728
--- /dev/null
+++ b/main/musl/0002-suppress-backref-processing-in-ERE-regcomp.patch
@@ -0,0 +1,29 @@
+From 7c8c86f6308c7e0816b9638465a5917b12159e8f Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Fri, 20 Mar 2015 18:25:01 -0400
+Subject: [PATCH] suppress backref processing in ERE regcomp
+
+one of the features of ERE is that it's actually a regular language
+and does not admit expressions which cannot be matched in linear time.
+introduction of \n backref support into regcomp's ERE parsing was
+unintentional.
+---
+ src/regex/regcomp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/regex/regcomp.c b/src/regex/regcomp.c
+index bce6bc1..4d80cb1 100644
+--- a/src/regex/regcomp.c
++++ b/src/regex/regcomp.c
+@@ -839,7 +839,7 @@ static reg_errcode_t parse_atom(tre_parse_ctx_t *ctx, const char *s)
+ 			s--;
+ 			break;
+ 		default:
+-			if (isdigit(*s)) {
++			if (!ere && isdigit(*s)) {
+ 				/* back reference */
+ 				int val = *s - '0';
+ 				node = tre_ast_new_literal(ctx->mem, BACKREF, val, ctx->position);
+-- 
+2.3.3
+
diff --git a/main/musl/0003-fix-internal-buffer-overrun-in-inet_pton.patch b/main/musl/0003-fix-internal-buffer-overrun-in-inet_pton.patch
new file mode 100644
index 000000000..ba9de5856
--- /dev/null
+++ b/main/musl/0003-fix-internal-buffer-overrun-in-inet_pton.patch
@@ -0,0 +1,39 @@
+From fc13acc3dcb5b1f215c007f583a63551f6a71363 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Mon, 23 Mar 2015 09:44:18 -0400
+Subject: [PATCH] fix internal buffer overrun in inet_pton
+
+one stop condition for parsing abbreviated ipv6 addressed was missed,
+allowing the internal ip[] buffer to overflow. this patch adds the
+missing stop condition and masks the array index so that, in case
+there are any remaining stop conditions missing, overflowing the
+buffer is not possible.
+---
+ src/network/inet_pton.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/inet_pton.c b/src/network/inet_pton.c
+index 4496b47..d36c368 100644
+--- a/src/network/inet_pton.c
++++ b/src/network/inet_pton.c
+@@ -39,14 +39,15 @@ int inet_pton(int af, const char *restrict s, void *restrict a0)
+ 	for (i=0; ; i++) {
+ 		if (s[0]==':' && brk<0) {
+ 			brk=i;
+-			ip[i]=0;
++			ip[i&7]=0;
+ 			if (!*++s) break;
++			if (i==7) return 0;
+ 			continue;
+ 		}
+ 		for (v=j=0; j<4 && (d=hexval(s[j]))>=0; j++)
+ 			v=16*v+d;
+ 		if (j==0) return 0;
+-		ip[i] = v;
++		ip[i&7] = v;
+ 		if (!s[j] && (brk>=0 || i==7)) break;
+ 		if (i==7) return 0;
+ 		if (s[j]!=':') {
+-- 
+2.3.3
+
diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD
index 626c53575..f0c2f9b96 100644
--- a/main/musl/APKBUILD
+++ b/main/musl/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Timo Teräs <timo.teras@iki.fi>
 pkgname=musl
 pkgver=1.1.7
-pkgrel=0
+pkgrel=1
 pkgdesc="the musl c library (libc) implementation"
 url="http://www.musl-libc.org/"
 arch="all"
@@ -13,6 +13,9 @@ makedepends="$depends_dev"
 install="$pkgname.post-upgrade"
 subpackages="$pkgname-dev $pkgname-utils $pkgname-dbg"
 source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz
+	0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch
+	0002-suppress-backref-processing-in-ERE-regcomp.patch
+	0003-fix-internal-buffer-overrun-in-inet_pton.patch
 
 	ldconfig
 	__stack_chk_fail_local.c
@@ -111,18 +114,27 @@ utils() {
 }
 
 md5sums="6fe9fc4d99a7d321432b3e179c138d73  musl-1.1.7.tar.gz
+ca2d1b1283b15df595950d0ba63b9e90  0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch
+d2c8268e812b8c40860eecfaca077959  0002-suppress-backref-processing-in-ERE-regcomp.patch
+f99a4519a796a56360a203723c1dff0e  0003-fix-internal-buffer-overrun-in-inet_pton.patch
 830d01f7821b978df770b06db3790921  ldconfig
 0df687757221bbb0fc1aa67f1bd646f9  __stack_chk_fail_local.c
 57ef2c63b9ec6a2041694ace97d4ffa2  getconf.c
 2b941c4251cac44988a4abfc50e21267  getent.c
 45f92f8d59cf84d765de698a9578dbf4  iconv.c"
 sha256sums="d8e0aae287ecf8aa6500d3ed4131f33d216a7857dc7649a89125ffca6bf91599  musl-1.1.7.tar.gz
+618af64186986b8fe2e1f8c31745da9d2a3f5fc213cfe23efcc2c7e5f4572129  0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch
+4a733c74d3b7b1986e3770fbbd2d0d5d5f1144b3104fe9aaab4580b8ab67fe67  0002-suppress-backref-processing-in-ERE-regcomp.patch
+2362acd6c14977072d25a205190277c25edc0d32396a5bca5eab8d88894ac654  0003-fix-internal-buffer-overrun-in-inet_pton.patch
 b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7  ldconfig
 299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da  __stack_chk_fail_local.c
 d87d0cbb3690ae2c5d8cc218349fd8278b93855dd625deaf7ae50e320aad247c  getconf.c
 68373a55e89ce85c562d941ccf588337d6cc6c9c17689d695f65cd7607134bbe  getent.c
 f79a2930a2e5bb0624321589edf8b889d1e9b603e01e6b7ae214616605b3fdd7  iconv.c"
 sha512sums="7fe002ed5f7fd96c8759f3f85ee382809043e1829e093b88eaaddc197f7d558473ad66b33be41dbb1afe750ccdd62e6dfcc3a591c122e84435142fab890e8edc  musl-1.1.7.tar.gz
+0a9ae94be997ef5218e2759ead181733270a415822c64a7b539a571fe4c8e3b148e527ec3ef3dfea8937df741a6685b38d3dd0a8eb9a14a9f904e19a79735965  0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch
+7f13fcfb7e0a834fb7499805ace8a95ab7e930cd947d2b6749107d0cf80b207dfb0ab52210f0850f15c794cb011e3477b647a9a8e6cba96a2c4b13f0890d00c4  0002-suppress-backref-processing-in-ERE-regcomp.patch
+0e978f001e8339f22c3fe09bd4f40227978db922b353559e2f052f81641b289510b9f344dd71f7205e8463ce0a1da01ebb8445089cf822c6d6996eb3e37e0eac  0003-fix-internal-buffer-overrun-in-inet_pton.patch
 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f  ldconfig
 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b  __stack_chk_fail_local.c
 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d  getconf.c