diff options
author | Ariadne Conill <ariadne@dereferenced.org> | 2020-11-20 00:37:38 -0700 |
---|---|---|
committer | Ariadne Conill <ariadne@dereferenced.org> | 2020-11-20 00:44:15 -0700 |
commit | 60aa954b2f8c9e3f4f0274165fcdffba95ba1abf (patch) | |
tree | 099fac727684a808a92397ed1b8a73f70dcf9461 | |
parent | 99db9460e9bbcdfb2c8cb20976a3d7e89e7d859d (diff) |
main/musl: security fix for CVE-2020-28928
-rw-r--r-- | main/musl/APKBUILD | 10 | ||||
-rw-r--r-- | main/musl/wcsnrtombs-cve-2020-28928.diff | 65 |
2 files changed, 73 insertions, 2 deletions
diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD index 390644b80f1..321287eea67 100644 --- a/main/musl/APKBUILD +++ b/main/musl/APKBUILD @@ -1,13 +1,14 @@ -# Contributor: William Pitcock <nenolod@dereferenced.org> +# Contributor: Ariadne Conill <ariadne@dereferenced.org> # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=musl pkgver=1.1.20 -pkgrel=5 +pkgrel=6 pkgdesc="the musl c library (libc) implementation" url="http://www.musl-libc.org/" arch="all" license="MIT" subpackages="$pkgname-dev $pkgname-dbg libc6-compat:compat:noarch" +options="lib64" case "$BOOTSTRAP" in nocc) pkgname="musl-dev"; subpackages="";; nolibc) ;; @@ -21,6 +22,8 @@ source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz 0001-fix-getaddrinfo-regression-with-AI_ADDRCONFIG-on-som.patch s390x-fadv.patch + wcsnrtombs-cve-2020-28928.diff + ldconfig __stack_chk_fail_local.c getconf.c @@ -29,6 +32,8 @@ source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz " # secfixes: +# 1.1.20-r6: +# - CVE-2020-28928 # 1.1.20-r5: # - CVE-2019-14697 # 1.1.15-r4: @@ -157,6 +162,7 @@ sha512sums="d3a7a30aa375ca50d7dcfbd618581d59e1aa5378417f50a0ca5510099336fd74cc9d ab34509cec7419c11352094ed6acf14e5766b314bd2b96506a0d0203e61e90e85ea9a121f1fefc0d00bcba381778d579ea2c02325605344530420305fcf1a0d0 0001-fix-race-condition-in-file-locking.patch 20f9db1f96d4867fb0e4d4e1b4b323e1871ce5660896c8608f7a5147d247f6c6840f84eff25ae8f8b7cf04af0f586afed00acb6abcbedd4240a4678359fa6dc9 0001-fix-getaddrinfo-regression-with-AI_ADDRCONFIG-on-som.patch e9c9135f6dc3260e62ae6e9c45f3c43574af6ff2c2bfe411eb83f7e80d13bb8c86425cb41fc961e27f7bc15f679db1fbfb267e401bbe81d6cd5b872eb9b1f471 s390x-fadv.patch +35dc5df28d90d1c84f9100116b63ba9e7fd44a20f512d12760da5e01f1aec4e799f726cbafb586bae568ff4f6d5a70948f1bf9fb901f1ca7dfcdf35c5d7510a6 wcsnrtombs-cve-2020-28928.diff 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c diff --git a/main/musl/wcsnrtombs-cve-2020-28928.diff b/main/musl/wcsnrtombs-cve-2020-28928.diff new file mode 100644 index 00000000000..8465f9422a8 --- /dev/null +++ b/main/musl/wcsnrtombs-cve-2020-28928.diff @@ -0,0 +1,65 @@ +diff --git a/src/multibyte/wcsnrtombs.c b/src/multibyte/wcsnrtombs.c +index 676932b5..95e25e70 100644 +--- a/src/multibyte/wcsnrtombs.c ++++ b/src/multibyte/wcsnrtombs.c +@@ -1,41 +1,33 @@ + #include <wchar.h> ++#include <limits.h> ++#include <string.h> + + size_t wcsnrtombs(char *restrict dst, const wchar_t **restrict wcs, size_t wn, size_t n, mbstate_t *restrict st) + { +- size_t l, cnt=0, n2; +- char *s, buf[256]; + const wchar_t *ws = *wcs; +- const wchar_t *tmp_ws; +- +- if (!dst) s = buf, n = sizeof buf; +- else s = dst; +- +- while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) { +- if (n2>=n) n2=n; +- tmp_ws = ws; +- l = wcsrtombs(s, &ws, n2, 0); +- if (!(l+1)) { +- cnt = l; +- n = 0; ++ size_t cnt = 0; ++ if (!dst) n=0; ++ while (ws && wn) { ++ char tmp[MB_LEN_MAX]; ++ size_t l = wcrtomb(n<MB_LEN_MAX ? tmp : dst, *ws, 0); ++ if (l==-1) { ++ cnt = -1; + break; + } +- if (s != buf) { +- s += l; ++ if (dst) { ++ if (n<MB_LEN_MAX) { ++ if (l>n) break; ++ memcpy(dst, tmp, l); ++ } ++ dst += l; + n -= l; + } +- wn = ws ? wn - (ws - tmp_ws) : 0; +- cnt += l; +- } +- if (ws) while (n && wn) { +- l = wcrtomb(s, *ws, 0); +- if ((l+1)<=1) { +- if (!l) ws = 0; +- else cnt = l; ++ if (!*ws) { ++ ws = 0; + break; + } +- ws++; wn--; +- /* safe - this loop runs fewer than sizeof(buf) times */ +- s+=l; n-=l; ++ ws++; ++ wn--; + cnt += l; + } + if (dst) *wcs = ws; |