From 57f489237eb80330c8faabfdd1185ec49f6445c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 30 Mar 2015 08:12:46 +0300
Subject: [PATCH] main/musl: upgrade to 1.1.8
We already had patched for CVE-2015-1817, but this release has couple
of additional important bug fixes.
---
...ption-in-regcomp-with-backslash-foll.patch | 33 ---------------
...ss-backref-processing-in-ERE-regcomp.patch | 29 -------------
...internal-buffer-overrun-in-inet_pton.patch | 39 -----------------
..._ROUNDS-regression-in-C-applications.patch | 42 -------------------
main/musl/APKBUILD | 26 +++---------
5 files changed, 5 insertions(+), 164 deletions(-)
delete mode 100644 main/musl/0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch
delete mode 100644 main/musl/0002-suppress-backref-processing-in-ERE-regcomp.patch
delete mode 100644 main/musl/0003-fix-internal-buffer-overrun-in-inet_pton.patch
delete mode 100644 main/musl/0004-fix-FLT_ROUNDS-regression-in-C-applications.patch
diff --git a/main/musl/0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch b/main/musl/0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch
deleted file mode 100644
index 6354d7c50fd3..000000000000
--- a/main/musl/0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 39dfd58417ef642307d90306e1c7e50aaec5a35c Mon Sep 17 00:00:00 2001
-From: Rich Felker <dalias@aerifal.cx>
-Date: Fri, 20 Mar 2015 18:06:04 -0400
-Subject: [PATCH] fix memory-corruption in regcomp with backslash followed by
- high byte
-
-the regex parser handles the (undefined) case of an unexpected byte
-following a backslash as a literal. however, instead of correctly
-decoding a character, it was treating the byte value itself as a
-character. this was not only semantically unjustified, but turned out
-to be dangerous on archs where plain char is signed: bytes in the
-range 252-255 alias the internal codes -4 through -1 used for special
-types of literal nodes in the AST.
----
- src/regex/regcomp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/regex/regcomp.c b/src/regex/regcomp.c
-index 4cdaa1e..bce6bc1 100644
---- a/src/regex/regcomp.c
-+++ b/src/regex/regcomp.c
-@@ -847,7 +847,7 @@ static reg_errcode_t parse_atom(tre_parse_ctx_t *ctx, const char *s)
- } else {
- /* extension: accept unknown escaped char
- as a literal */
-- node = tre_ast_new_literal(ctx->mem, *s, *s, ctx->position);
-+ goto parse_literal;
- }
- ctx->position++;
- }
---
-2.3.3
-
diff --git a/main/musl/0002-suppress-backref-processing-in-ERE-regcomp.patch b/main/musl/0002-suppress-backref-processing-in-ERE-regcomp.patch
deleted file mode 100644
index 6fb421728b61..000000000000
--- a/main/musl/0002-suppress-backref-processing-in-ERE-regcomp.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 7c8c86f6308c7e0816b9638465a5917b12159e8f Mon Sep 17 00:00:00 2001
-From: Rich Felker <dalias@aerifal.cx>
-Date: Fri, 20 Mar 2015 18:25:01 -0400
-Subject: [PATCH] suppress backref processing in ERE regcomp
-
-one of the features of ERE is that it's actually a regular language
-and does not admit expressions which cannot be matched in linear time.
-introduction of \n backref support into regcomp's ERE parsing was
-unintentional.
----
- src/regex/regcomp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/regex/regcomp.c b/src/regex/regcomp.c
-index bce6bc1..4d80cb1 100644
---- a/src/regex/regcomp.c
-+++ b/src/regex/regcomp.c
-@@ -839,7 +839,7 @@ static reg_errcode_t parse_atom(tre_parse_ctx_t *ctx, const char *s)
- s--;
- break;
- default:
-- if (isdigit(*s)) {
-+ if (!ere && isdigit(*s)) {
- /* back reference */
- int val = *s - '0';
- node = tre_ast_new_literal(ctx->mem, BACKREF, val, ctx->position);
---
-2.3.3
-
diff --git a/main/musl/0003-fix-internal-buffer-overrun-in-inet_pton.patch b/main/musl/0003-fix-internal-buffer-overrun-in-inet_pton.patch
deleted file mode 100644
index ba9de58566f7..000000000000
--- a/main/musl/0003-fix-internal-buffer-overrun-in-inet_pton.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From fc13acc3dcb5b1f215c007f583a63551f6a71363 Mon Sep 17 00:00:00 2001
-From: Rich Felker <dalias@aerifal.cx>
-Date: Mon, 23 Mar 2015 09:44:18 -0400
-Subject: [PATCH] fix internal buffer overrun in inet_pton
-
-one stop condition for parsing abbreviated ipv6 addressed was missed,
-allowing the internal ip[] buffer to overflow. this patch adds the
-missing stop condition and masks the array index so that, in case
-there are any remaining stop conditions missing, overflowing the
-buffer is not possible.
----
- src/network/inet_pton.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/network/inet_pton.c b/src/network/inet_pton.c
-index 4496b47..d36c368 100644
---- a/src/network/inet_pton.c
-+++ b/src/network/inet_pton.c
-@@ -39,14 +39,15 @@ int inet_pton(int af, const char *restrict s, void *restrict a0)
- for (i=0; ; i++) {
- if (s[0]==':' && brk<0) {
- brk=i;
-- ip[i]=0;
-+ ip[i&7]=0;
- if (!*++s) break;
-+ if (i==7) return 0;
- continue;
- }
- for (v=j=0; j<4 && (d=hexval(s[j]))>=0; j++)
- v=16*v+d;
- if (j==0) return 0;
-- ip[i] = v;
-+ ip[i&7] = v;
- if (!s[j] && (brk>=0 || i==7)) break;
- if (i==7) return 0;
- if (s[j]!=':') {
---
-2.3.3
-
diff --git a/main/musl/0004-fix-FLT_ROUNDS-regression-in-C-applications.patch b/main/musl/0004-fix-FLT_ROUNDS-regression-in-C-applications.patch
deleted file mode 100644
index 0410b076b99b..000000000000
--- a/main/musl/0004-fix-FLT_ROUNDS-regression-in-C-applications.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 11d1e2e2ded07673411ba872c1e3d0096dc79439 Mon Sep 17 00:00:00 2001
-From: Rich Felker <dalias@aerifal.cx>
-Date: Mon, 23 Mar 2015 11:26:51 -0400
-Subject: [PATCH] fix FLT_ROUNDS regression in C++ applications
-
-commit 559de8f5f06da9022cbba70e22e14a710eb74513 redefined FLT_ROUNDS
-to use an external function that can report the actual current
-rounding mode, rather than always reporting round-to-nearest. however,
-float.h did not include 'extern "C"' wrapping for C++, so C++ programs
-using FLT_ROUNDS ended up with an unresolved reference to a
-name-mangled C++ function __flt_rounds.
----
- include/float.h | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/include/float.h b/include/float.h
-index c6429d3..713aadb 100644
---- a/include/float.h
-+++ b/include/float.h
-@@ -1,6 +1,10 @@
- #ifndef _FLOAT_H
- #define _FLOAT_H
-
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
- int __flt_rounds(void);
- #define FLT_ROUNDS (__flt_rounds())
-
-@@ -41,4 +45,8 @@ int __flt_rounds(void);
-
- #include <bits/float.h>
-
-+#ifdef __cplusplus
-+}
-+#endif
-+
- #endif
---
-2.3.3
-
diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD
index 46473c2a8fdf..75c1bb0428f7 100644
--- a/main/musl/APKBUILD
+++ b/main/musl/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: William Pitcock <nenolod@dereferenced.org>
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=musl
-pkgver=1.1.7
-pkgrel=2
+pkgver=1.1.8
+pkgrel=0
pkgdesc="the musl c library (libc) implementation"
url="http://www.musl-libc.org/"
arch="all"
@@ -13,10 +13,6 @@ makedepends="$depends_dev"
install="$pkgname.post-upgrade"
subpackages="$pkgname-dev $pkgname-utils $pkgname-dbg"
source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz
- 0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch
- 0002-suppress-backref-processing-in-ERE-regcomp.patch
- 0003-fix-internal-buffer-overrun-in-inet_pton.patch
- 0004-fix-FLT_ROUNDS-regression-in-C-applications.patch
ldconfig
__stack_chk_fail_local.c
@@ -114,31 +110,19 @@ utils() {
install -D -m755 "$srcdir"/ldconfig "$subpkgdir"/sbin
}
-md5sums="6fe9fc4d99a7d321432b3e179c138d73 musl-1.1.7.tar.gz
-ca2d1b1283b15df595950d0ba63b9e90 0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch
-d2c8268e812b8c40860eecfaca077959 0002-suppress-backref-processing-in-ERE-regcomp.patch
-f99a4519a796a56360a203723c1dff0e 0003-fix-internal-buffer-overrun-in-inet_pton.patch
-dc7e69c07ead97cd275d26be0ad0c20d 0004-fix-FLT_ROUNDS-regression-in-C-applications.patch
+md5sums="d965d4bc873db4a3b56bbe7f31e47b4a musl-1.1.8.tar.gz
830d01f7821b978df770b06db3790921 ldconfig
0df687757221bbb0fc1aa67f1bd646f9 __stack_chk_fail_local.c
57ef2c63b9ec6a2041694ace97d4ffa2 getconf.c
2b941c4251cac44988a4abfc50e21267 getent.c
45f92f8d59cf84d765de698a9578dbf4 iconv.c"
-sha256sums="d8e0aae287ecf8aa6500d3ed4131f33d216a7857dc7649a89125ffca6bf91599 musl-1.1.7.tar.gz
-618af64186986b8fe2e1f8c31745da9d2a3f5fc213cfe23efcc2c7e5f4572129 0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch
-4a733c74d3b7b1986e3770fbbd2d0d5d5f1144b3104fe9aaab4580b8ab67fe67 0002-suppress-backref-processing-in-ERE-regcomp.patch
-2362acd6c14977072d25a205190277c25edc0d32396a5bca5eab8d88894ac654 0003-fix-internal-buffer-overrun-in-inet_pton.patch
-94fc35ef5cd4de3ed15a98a84f3859ca7506bb702b17ebe3c3f372b2cf7f7950 0004-fix-FLT_ROUNDS-regression-in-C-applications.patch
+sha256sums="fa928506415b9c555977daaf874c190eaf7fbbd16028cc5c5f33a00a83227813 musl-1.1.8.tar.gz
b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7 ldconfig
299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da __stack_chk_fail_local.c
d87d0cbb3690ae2c5d8cc218349fd8278b93855dd625deaf7ae50e320aad247c getconf.c
68373a55e89ce85c562d941ccf588337d6cc6c9c17689d695f65cd7607134bbe getent.c
f79a2930a2e5bb0624321589edf8b889d1e9b603e01e6b7ae214616605b3fdd7 iconv.c"
-sha512sums="7fe002ed5f7fd96c8759f3f85ee382809043e1829e093b88eaaddc197f7d558473ad66b33be41dbb1afe750ccdd62e6dfcc3a591c122e84435142fab890e8edc musl-1.1.7.tar.gz
-0a9ae94be997ef5218e2759ead181733270a415822c64a7b539a571fe4c8e3b148e527ec3ef3dfea8937df741a6685b38d3dd0a8eb9a14a9f904e19a79735965 0001-fix-memory-corruption-in-regcomp-with-backslash-foll.patch
-7f13fcfb7e0a834fb7499805ace8a95ab7e930cd947d2b6749107d0cf80b207dfb0ab52210f0850f15c794cb011e3477b647a9a8e6cba96a2c4b13f0890d00c4 0002-suppress-backref-processing-in-ERE-regcomp.patch
-0e978f001e8339f22c3fe09bd4f40227978db922b353559e2f052f81641b289510b9f344dd71f7205e8463ce0a1da01ebb8445089cf822c6d6996eb3e37e0eac 0003-fix-internal-buffer-overrun-in-inet_pton.patch
-dd775edddb092ec2c1a65d6f42992331b40183e04d15753aa9b8ed0b4d31b140dd3cc59ebaee47eaab3632be0ae625634f776ba6ac62b80aa58e9d5f32f8bf19 0004-fix-FLT_ROUNDS-regression-in-C-applications.patch
+sha512sums="de2f0b03fd199e2ceb9937686d1092838744dccaddb3916f9baef9cdd2621624fb3c4af2206a3366d12852d84ccc8b0b68350f9d06a9e2bcdbc0309dc05383ff musl-1.1.8.tar.gz
8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig
062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c
0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c
--
GitLab