Mail archive
alpine-aports

[alpine-aports] [PATCH] main/musl: Apply upstream fixes.

From: Przemyslaw Pawelczyk <przemoc_at_zoho.com>
Date: Tue, 3 Jan 2017 02:26:42 +0100

Second one (safe globfree() after failed glob()) is especially important
in case of recently updated busybox, because ash since 1.26 supports
libc's glob() and AL's busyboxconfig does not set
CONFIG_ASH_INTERNAL_GLOB.
musl's glob() still needs to be fixed to work for long inputs.

At least ash: out of memory instead of Segmentation fault is nicer.
---
 .../0001-fix-strftime-y-for-negative-years.patch   | 34 +++++++++++++++++
 ...ee-safe-after-failed-glob-from-over-lengt.patch | 44 ++++++++++++++++++++++
 main/musl/APKBUILD                                 | 10 ++++-
 3 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 main/musl/0001-fix-strftime-y-for-negative-years.patch
 create mode 100644 main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
diff --git a/main/musl/0001-fix-strftime-y-for-negative-years.patch b/main/musl/0001-fix-strftime-y-for-negative-years.patch
new file mode 100644
index 000000000000..85d21c7e3f05
--- /dev/null
+++ b/main/musl/0001-fix-strftime-y-for-negative-years.patch
_at_@ -0,0 +1,34 @@
+From 61fb81e3959ecf0848eef8d2767bb80ae5d1a68e Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias_at_aerifal.cx>
+Date: Mon, 2 Jan 2017 17:30:40 -0500
+Subject: [PATCH 1/2] fix strftime %y for negative years
+
+commit 583ea83541dcc6481c7a1bd1a9b485526bad84a1 fixed the case where
+tm_year is negative but the resulting year (offset by 1900) was still
+positive, which is always the case for time_t values that fit in 32
+bits, but not for arbitrary inputs.
+
+based on an earlier patch by Julien Ramseier which was overlooked at
+the time the previous fix was applied.
+---
+ src/time/strftime.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/time/strftime.c b/src/time/strftime.c
+index e103e02b7204..a30392044bf8 100644
+--- a/src/time/strftime.c
++++ b/src/time/strftime.c
+_at_@ -166,8 +166,8 @@ const char *__strftime_fmt_1(char (*s)[100], size_t *l, int f, const struct tm *
+ 		item = T_FMT;
+ 		goto nl_strftime;
+ 	case 'y':
+-		val = tm->tm_year % 100;
+-		if (val<0) val += 100;
++		val = (tm->tm_year + 1900LL) % 100;
++		if (val < 0) val = -val;
+ 		goto number;
+ 	case 'Y':
+ 		val = tm->tm_year + 1900LL;
+-- 
+2.8.3
+
diff --git a/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch b/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
new file mode 100644
index 000000000000..db1083531b8c
--- /dev/null
+++ b/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
_at_@ -0,0 +1,44 @@
+From 769f53598e781ffc89191520f3f8a93cb58db91f Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias_at_aerifal.cx>
+Date: Mon, 2 Jan 2017 19:47:12 -0500
+Subject: [PATCH 2/2] make globfree safe after failed glob from over-length
+ argument
+
+commit 0dc99ac413d8bc054a2e95578475c7122455eee8 added input length
+checking to avoid unsafe VLA allocation, but put it in the wrong
+place, before the glob_t structure was zeroed out. while POSIX isn't
+clear on whether it's permitted to call globfree after glob failed
+with GLOB_NOSPACE, making it safe is clearly better than letting
+uninitialized pointers get passed to free in non-conforming callers.
+
+while we're fixing this, change strlen check to the idiomatic strnlen
+version to avoid unbounded input scanning before returning an error.
+---
+ src/regex/glob.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/regex/glob.c b/src/regex/glob.c
+index 6affee040c31..5b6ff1247f43 100644
+--- a/src/regex/glob.c
++++ b/src/regex/glob.c
+_at_@ -169,8 +169,6 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i
+ 		d = "";
+ 	}
+ 
+-	if (strlen(p) > PATH_MAX) return GLOB_NOSPACE;
+-
+ 	if (!errfunc) errfunc = ignore_err;
+ 
+ 	if (!(flags & GLOB_APPEND)) {
+_at_@ -179,6 +177,8 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i
+ 		g->gl_pathv = NULL;
+ 	}
+ 
++	if (strnlen(p, PATH_MAX+1) > PATH_MAX) return GLOB_NOSPACE;
++
+ 	if (*p) error = match_in_dir(d, p, flags, errfunc, &tail);
+ 	if (error == GLOB_NOSPACE) {
+ 		freelist(&head);
+-- 
+2.8.3
+
diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD
index dd3dccf417ac..233908e4e9ab 100644
--- a/main/musl/APKBUILD
+++ b/main/musl/APKBUILD
_at_@ -2,7 +2,7 @@
 # Maintainer: Timo Teräs <timo.teras_at_iki.fi>
 pkgname=musl
 pkgver=1.1.16
-pkgrel=0
+pkgrel=1
 pkgdesc="the musl c library (libc) implementation"
 url="http://www.musl-libc.org/"
 arch="all"
_at_@ -13,6 +13,8 @@ makedepends="$depends_dev"
 subpackages="$pkgname-dev $pkgname-dbg libc6-compat:compat:noarch"
 [ "$BOOTSTRAP" != "nolibc" ] && subpackages="$subpackages $pkgname-utils"
 source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz
+	0001-fix-strftime-y-for-negative-years.patch
+	0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
 
 	ldconfig
 	__stack_chk_fail_local.c
_at_@ -125,18 +127,24 @@ compat() {
 }
 
 md5sums="ac52ccaec6b06ab0f289d37e8436859b  musl-1.1.16.tar.gz
+d9da36992a9ccd200242b38b67823b95  0001-fix-strftime-y-for-negative-years.patch
+93a7dfa98dff324f2242d10f7c2d68f8  0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
 830d01f7821b978df770b06db3790921  ldconfig
 0df687757221bbb0fc1aa67f1bd646f9  __stack_chk_fail_local.c
 57ef2c63b9ec6a2041694ace97d4ffa2  getconf.c
 eadc8794eadb79dbc383b2b91a32084d  getent.c
 45f92f8d59cf84d765de698a9578dbf4  iconv.c"
 sha256sums="937185a5e5d721050306cf106507a006c3f1f86d86cd550024ea7be909071011  musl-1.1.16.tar.gz
+ec5209fe48aa54a859cc034557b7cca8307adaf345b3f7c061e0b284eee00ccc  0001-fix-strftime-y-for-negative-years.patch
+b8c92e4c6c60b67fde4eab3465041c12a942a319501710babaf3b6ead381bd95  0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
 b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7  ldconfig
 299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da  __stack_chk_fail_local.c
 d87d0cbb3690ae2c5d8cc218349fd8278b93855dd625deaf7ae50e320aad247c  getconf.c
 b323f20c9bf560a13c877eb05428bc4a203383697bac763e7b12865db5c5922c  getent.c
 f79a2930a2e5bb0624321589edf8b889d1e9b603e01e6b7ae214616605b3fdd7  iconv.c"
 sha512sums="47c00e50b7605102fb4aebe1f9ba9db94d26fac64805f6d744c9c557a05b8a58dff7f9558ff7c8d66b5d7c43740cdc2dd79448bacac47f1414e6ada99c210140  musl-1.1.16.tar.gz
+74e95ab3a74513e7a0513e004c376d4055eca0e21162e717dfcab249302a9060d3ac3eb88b562dea14b71b475b4dd2f703e355e2f5050b58891a848c5093c5f6  0001-fix-strftime-y-for-negative-years.patch
+04805970e7dc11f84a86df49688f3b7670933860192e99637e189494c261e49b3cce1d80019d69341452062df03d5a349450015076c947296ac4a0d40e5789f4  0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f  ldconfig
 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b  __stack_chk_fail_local.c
 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d  getconf.c
-- 
2.8.3
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Tue Jan 03 2017 - 02:26:42 GMT