diff options
-rw-r--r-- | main/musl/APKBUILD | 10 | ||||
-rw-r--r-- | main/musl/wcsnrtombs-cve-2020-28928.diff | 65 |
2 files changed, 73 insertions, 2 deletions
diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD index e00c18db4cb..bd128c35868 100644 --- a/main/musl/APKBUILD +++ b/main/musl/APKBUILD @@ -1,8 +1,8 @@ -# Contributor: +# Contributor: Ariadne Conill <ariadne@dereferenced.org> # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=musl pkgver=1.1.24 -pkgrel=9 +pkgrel=10 pkgdesc="the musl c library (libc) implementation" url="https://musl.libc.org/" arch="all" @@ -12,6 +12,7 @@ subpackages="$pkgname-libintl:libintl:noarch $pkgname-dbg libc6-compat:compat:noarch " +options="lib64" case "$BOOTSTRAP" in nocc) pkgname="musl-dev"; subpackages="";; nolibc) ;; @@ -37,6 +38,8 @@ source="https://musl.libc.org/releases/musl-$pkgver.tar.gz 0003-cut-down-size-of-some-libc-struct-members.patch 0004-restore-lock-skipping-for-processes-that-return-to-s.patch + wcsnrtombs-cve-2020-28928.diff + ldconfig __stack_chk_fail_local.c getconf.c @@ -45,6 +48,8 @@ source="https://musl.libc.org/releases/musl-$pkgver.tar.gz " # secfixes: +# 1.1.24-r10: +# - CVE-2020-28928 # 1.1.23-r2: # - CVE-2019-14697 # 1.1.15-r4: @@ -195,6 +200,7 @@ dd46ef77b71d34b6207611be59dd4555b4e53fd7169732b9e5ee9a66f1e8da69fcca6634f895b9d3 c6cd692359961c382b7382c6eb819bf93ca8d687b7bd71e4d992acabc7003bd8388b22898059b6ac5abdf08c07020c8cbd2a5f908802258418079e096cdbc058 0002-don-t-use-libc.threads_minus_1-as-relaxed-atomic-for.patch 416aa17d4211ebbca97b4ce47eea8d8375ac5e0b602a4806175bc172be21b8291ac08fdaf39203e3a083a067bbbfa999cfb875f739d5fa07871885ac02eba75a 0003-cut-down-size-of-some-libc-struct-members.patch f0e5ab79a793152c5e6c1c560b409ef062c8f9232c893b36c58b9667e5e0e86969555d8e2e9e17b59835ec7ed3c926a6ccce453824561ad82e47364c44374549 0004-restore-lock-skipping-for-processes-that-return-to-s.patch +35dc5df28d90d1c84f9100116b63ba9e7fd44a20f512d12760da5e01f1aec4e799f726cbafb586bae568ff4f6d5a70948f1bf9fb901f1ca7dfcdf35c5d7510a6 wcsnrtombs-cve-2020-28928.diff 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c diff --git a/main/musl/wcsnrtombs-cve-2020-28928.diff b/main/musl/wcsnrtombs-cve-2020-28928.diff new file mode 100644 index 00000000000..8465f9422a8 --- /dev/null +++ b/main/musl/wcsnrtombs-cve-2020-28928.diff @@ -0,0 +1,65 @@ +diff --git a/src/multibyte/wcsnrtombs.c b/src/multibyte/wcsnrtombs.c +index 676932b5..95e25e70 100644 +--- a/src/multibyte/wcsnrtombs.c ++++ b/src/multibyte/wcsnrtombs.c +@@ -1,41 +1,33 @@ + #include <wchar.h> ++#include <limits.h> ++#include <string.h> + + size_t wcsnrtombs(char *restrict dst, const wchar_t **restrict wcs, size_t wn, size_t n, mbstate_t *restrict st) + { +- size_t l, cnt=0, n2; +- char *s, buf[256]; + const wchar_t *ws = *wcs; +- const wchar_t *tmp_ws; +- +- if (!dst) s = buf, n = sizeof buf; +- else s = dst; +- +- while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) { +- if (n2>=n) n2=n; +- tmp_ws = ws; +- l = wcsrtombs(s, &ws, n2, 0); +- if (!(l+1)) { +- cnt = l; +- n = 0; ++ size_t cnt = 0; ++ if (!dst) n=0; ++ while (ws && wn) { ++ char tmp[MB_LEN_MAX]; ++ size_t l = wcrtomb(n<MB_LEN_MAX ? tmp : dst, *ws, 0); ++ if (l==-1) { ++ cnt = -1; + break; + } +- if (s != buf) { +- s += l; ++ if (dst) { ++ if (n<MB_LEN_MAX) { ++ if (l>n) break; ++ memcpy(dst, tmp, l); ++ } ++ dst += l; + n -= l; + } +- wn = ws ? wn - (ws - tmp_ws) : 0; +- cnt += l; +- } +- if (ws) while (n && wn) { +- l = wcrtomb(s, *ws, 0); +- if ((l+1)<=1) { +- if (!l) ws = 0; +- else cnt = l; ++ if (!*ws) { ++ ws = 0; + break; + } +- ws++; wn--; +- /* safe - this loop runs fewer than sizeof(buf) times */ +- s+=l; n-=l; ++ ws++; ++ wn--; + cnt += l; + } + if (dst) *wcs = ws; |