diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD
index 5f40cc7da304272cdb674a8c8d0fca2595a822c4..a3d238f86af61ad8ad56b0c223d60f1d99f17ca0 100644
--- a/main/musl/APKBUILD
+++ b/main/musl/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=musl
pkgver=1.2.5
-pkgrel=0
+pkgrel=1
pkgdesc="the musl c library (libc) implementation"
url="https://musl.libc.org/"
arch="all"
@@ -21,6 +21,7 @@ nolibc) ;;
esac
source="https://musl.libc.org/releases/musl-$pkgver.tar.gz
handle-aux-at_base.patch
+ CVE-2025-26519.patch
ldconfig
__stack_chk_fail_local.c
@@ -32,6 +33,8 @@ source="https://musl.libc.org/releases/musl-$pkgver.tar.gz
builddir="$srcdir/musl-$pkgver"
# secfixes:
+# 1.2.5-r1:
+# - CVE-2025-26519
# 1.2.2_pre2-r0:
# - CVE-2020-28928
# 1.1.23-r2:
@@ -161,6 +164,7 @@ dev() {
sha512sums="
7bb7f7833923cd69c7a1a9b8a5f1784bfd5289663eb6061dcd43d583e45987df8a68a1be05d75cc1c88a3f5b610653d1a70f4a9cff4d8f7fd41ae73ee058c17c musl-1.2.5.tar.gz
a76f79b801497ad994746cf82bb6eaf86f9e1ae646e6819fbae8532a7f4eee53a96ac1d4e789ec8f66aea2a68027b0597f7a579b3369e01258da8accfce41370 handle-aux-at_base.patch
+7a6a9836d2de91afc1115868e68f347bd2365fa48188e65938cfa654ae9bafdbb3a56bf12d3185a96800a85198378c8dbf9c25d977ca0e318220529fa4458123 CVE-2025-26519.patch
8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig
062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c
0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c
diff --git a/main/musl/CVE-2025-26519.patch b/main/musl/CVE-2025-26519.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8d5ba6cc8390c322cac11070911df61f48572172
--- /dev/null
+++ b/main/musl/CVE-2025-26519.patch
@@ -0,0 +1,78 @@
+Patch-Source: https://www.openwall.com/lists/musl/2025/02/13/1
+---
+>From e5adcd97b5196e29991b524237381a0202a60659 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Sun, 9 Feb 2025 10:07:19 -0500
+Subject: [PATCH] iconv: fix erroneous input validation in EUC-KR decoder
+
+as a result of incorrect bounds checking on the lead byte being
+decoded, certain invalid inputs which should produce an encoding
+error, such as "\xc8\x41", instead produced out-of-bounds loads from
+the ksc table.
+
+in a worst case, the loaded value may not be a valid unicode scalar
+value, in which case, if the output encoding was UTF-8, wctomb would
+return (size_t)-1, causing an overflow in the output pointer and
+remaining buffer size which could clobber memory outside of the output
+buffer.
+
+bug report was submitted in private by Nick Wellnhofer on account of
+potential security implications.
+---
+ src/locale/iconv.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/locale/iconv.c b/src/locale/iconv.c
+index 9605c8e9..008c93f0 100644
+--- a/src/locale/iconv.c
++++ b/src/locale/iconv.c
+@@ -502,7 +502,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
+ if (c >= 93 || d >= 94) {
+ c += (0xa1-0x81);
+ d += 0xa1;
+- if (c >= 93 || c>=0xc6-0x81 && d>0x52)
++ if (c > 0xc6-0x81 || c==0xc6-0x81 && d>0x52)
+ goto ilseq;
+ if (d-'A'<26) d = d-'A';
+ else if (d-'a'<26) d = d-'a'+26;
+--
+2.21.0
+
+>From c47ad25ea3b484e10326f933e927c0bc8cded3da Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Wed, 12 Feb 2025 17:06:30 -0500
+Subject: [PATCH] iconv: harden UTF-8 output code path against input decoder
+ bugs
+
+the UTF-8 output code was written assuming an invariant that iconv's
+decoders only emit valid Unicode Scalar Values which wctomb can encode
+successfully, thereby always returning a value between 1 and 4.
+
+if this invariant is not satisfied, wctomb returns (size_t)-1, and the
+subsequent adjustments to the output buffer pointer and remaining
+output byte count overflow, moving the output position backwards,
+potentially past the beginning of the buffer, without storing any
+bytes.
+---
+ src/locale/iconv.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/locale/iconv.c b/src/locale/iconv.c
+index 008c93f0..52178950 100644
+--- a/src/locale/iconv.c
++++ b/src/locale/iconv.c
+@@ -545,6 +545,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
+ if (*outb < k) goto toobig;
+ memcpy(*out, tmp, k);
+ } else k = wctomb_utf8(*out, c);
++ /* This failure condition should be unreachable, but
++ * is included to prevent decoder bugs from translating
++ * into advancement outside the output buffer range. */
++ if (k>4) goto ilseq;
+ *out += k;
+ *outb -= k;
+ break;
+--
+2.21.0
+
+