From 53993d6b5a3b555579aa202429764996517ed6aa Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Thu, 19 Oct 2017 22:56:38 +0000
Subject: main/musl: fix possible buffer overrun in __posix_spawnx().

This can allow programs to crash when $PATH contains elements that are larger than 1024 bytes.
Notably, PATH_MAX is larger than 1024 bytes, so this can cause environments with very long, but
valid path elements in $PATH to have program crashes when they spawn new processes.

No CVE for this one at the time of writing, but this seems like a probable security bug.
---
 main/musl/APKBUILD | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'main/musl/APKBUILD')

diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD
index bafdf61646..1938bbb3ca 100644
--- a/main/musl/APKBUILD
+++ b/main/musl/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Timo Teräs <timo.teras@iki.fi>
 pkgname=musl
 pkgver=1.1.17
-pkgrel=0
+pkgrel=1
 pkgdesc="the musl c library (libc) implementation"
 url="http://www.musl-libc.org/"
 arch="all"
@@ -18,6 +18,7 @@ nolibc) ;;
 esac
 source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz
 
+	0001-posix_spawn-use-larger-stack-to-cover-worst-case-in-.patch
 	1000-implement-strftime-GNU-extension-padding-specifiers-.patch
 	2000-pthread-internals-increase-DEFAULT_GUARD_SIZE-to-2-p.patch
 	3002-stdio-implement-fopencookie-3.patch
@@ -144,6 +145,7 @@ compat() {
 }
 
 sha512sums="bc99c7d58d64116c03e68fe77141a1f2938e0c01ba027937587a060d435b4b00b8b1f18c63fb8ed445ef36f377974e02a7b4821c793e4292041e31e66f145428  musl-1.1.17.tar.gz
+0ccf3dc82ab5556c001a0cc4209f4263eb3670f188e1ca0e649593f4dca0bd1107f1985f608b30c4eb0ef8b0a76d31434fb9ecc3c82fed2bb5f1860016d5057c  0001-posix_spawn-use-larger-stack-to-cover-worst-case-in-.patch
 7e4c703e57a3564cd3ee1d5334b806cbe654355179ba55d4d25361dfc555eb4a7d081d80d64fdaff8476949afd04558d278b124d1fb108080beaa5ba2f8ce2b9  1000-implement-strftime-GNU-extension-padding-specifiers-.patch
 2c8e1dde1834238097b2ee8a7bfb53471a0d9cff4a5e38b55f048b567deff1cdd47c170d0578a67b1a039f95a6c5fbb8cff369c75b6a3e4d7ed171e8e86ebb8c  2000-pthread-internals-increase-DEFAULT_GUARD_SIZE-to-2-p.patch
 0053e16cbac968b50dee98e3b36d29a497aaca6d9d0e120556273c9d0cd8360310eb7b7ab3c1e416217210fdd071e98268eaca54f3a0e9a22408ed8701dc54c1  3002-stdio-implement-fopencookie-3.patch
-- 
cgit v1.2.3