Patches for aports can be sent to this list

[alpine-aports] [PATCH] main/musl: Apply upstream fixes.

Przemyslaw Pawelczyk
Details
Message ID
<20170103012642.2750-1-przemoc@zoho.com>
Sender timestamp
1483406802
DKIM signature
missing
Download raw message
Patch: +87 -1
Second one (safe globfree() after failed glob()) is especially important
in case of recently updated busybox, because ash since 1.26 supports
libc's glob() and AL's busyboxconfig does not set
CONFIG_ASH_INTERNAL_GLOB.
musl's glob() still needs to be fixed to work for long inputs.

At least  ash: out of memory  instead of  Segmentation fault  is nicer.
---
 .../0001-fix-strftime-y-for-negative-years.patch   | 34 +++++++++++++++++
 ...ee-safe-after-failed-glob-from-over-lengt.patch | 44 ++++++++++++++++++++++
 main/musl/APKBUILD                                 | 10 ++++-
 3 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 main/musl/0001-fix-strftime-y-for-negative-years.patch
 create mode 100644 main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch

diff --git a/main/musl/0001-fix-strftime-y-for-negative-years.patch b/main/musl/0001-fix-strftime-y-for-negative-years.patch
new file mode 100644
index 000000000000..85d21c7e3f05
--- /dev/null
+++ b/main/musl/0001-fix-strftime-y-for-negative-years.patch
@@ -0,0 +1,34 @@
+From 61fb81e3959ecf0848eef8d2767bb80ae5d1a68e Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Mon, 2 Jan 2017 17:30:40 -0500
+Subject: [PATCH 1/2] fix strftime %y for negative years
+
+commit 583ea83541dcc6481c7a1bd1a9b485526bad84a1 fixed the case where
+tm_year is negative but the resulting year (offset by 1900) was still
+positive, which is always the case for time_t values that fit in 32
+bits, but not for arbitrary inputs.
+
+based on an earlier patch by Julien Ramseier which was overlooked at
+the time the previous fix was applied.
+---
+ src/time/strftime.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/time/strftime.c b/src/time/strftime.c
+index e103e02b7204..a30392044bf8 100644
+--- a/src/time/strftime.c
+@@ -166,8 +166,8 @@ const char *__strftime_fmt_1(char (*s)[100], size_t *l, int f, const struct tm *
+ 		item = T_FMT;
+ 		goto nl_strftime;
+ 	case 'y':
+-		val = tm->tm_year % 100;
+-		if (val<0) val += 100;
++		val = (tm->tm_year + 1900LL) % 100;
++		if (val < 0) val = -val;
+ 		goto number;
+ 	case 'Y':
+ 		val = tm->tm_year + 1900LL;
+-- 
+2.8.3
+
diff --git a/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch b/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
new file mode 100644
index 000000000000..db1083531b8c
--- /dev/null
+++ b/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
@@ -0,0 +1,44 @@
+From 769f53598e781ffc89191520f3f8a93cb58db91f Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Mon, 2 Jan 2017 19:47:12 -0500
+Subject: [PATCH 2/2] make globfree safe after failed glob from over-length
+ argument
+
+commit 0dc99ac413d8bc054a2e95578475c7122455eee8 added input length
+checking to avoid unsafe VLA allocation, but put it in the wrong
+place, before the glob_t structure was zeroed out. while POSIX isn't
+clear on whether it's permitted to call globfree after glob failed
+with GLOB_NOSPACE, making it safe is clearly better than letting
+uninitialized pointers get passed to free in non-conforming callers.
+
+while we're fixing this, change strlen check to the idiomatic strnlen
+version to avoid unbounded input scanning before returning an error.
+---
+ src/regex/glob.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/regex/glob.c b/src/regex/glob.c
+index 6affee040c31..5b6ff1247f43 100644
+--- a/src/regex/glob.c
+@@ -169,8 +169,6 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i
+ 		d = "";
+ 	}
+ 
+-	if (strlen(p) > PATH_MAX) return GLOB_NOSPACE;
+-
+ 	if (!errfunc) errfunc = ignore_err;
+ 
+ 	if (!(flags & GLOB_APPEND)) {
+@@ -179,6 +177,8 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i
+ 		g->gl_pathv = NULL;
+ 	}
+ 
++	if (strnlen(p, PATH_MAX+1) > PATH_MAX) return GLOB_NOSPACE;
++
+ 	if (*p) error = match_in_dir(d, p, flags, errfunc, &tail);
+ 	if (error == GLOB_NOSPACE) {
+ 		freelist(&head);
+-- 
+2.8.3
+
diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD
index dd3dccf417ac..233908e4e9ab 100644
--- a/main/musl/APKBUILD
+++ b/main/musl/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Timo Teräs <timo.teras@iki.fi>
 pkgname=musl
 pkgver=1.1.16
-pkgrel=0
+pkgrel=1
 pkgdesc="the musl c library (libc) implementation"
 url="http://www.musl-libc.org/"
 arch="all"
@@ -13,6 +13,8 @@ makedepends="$depends_dev"
 subpackages="$pkgname-dev $pkgname-dbg libc6-compat:compat:noarch"
 [ "$BOOTSTRAP" != "nolibc" ] && subpackages="$subpackages $pkgname-utils"
 source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz
+	0001-fix-strftime-y-for-negative-years.patch
+	0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
 
 	ldconfig
 	__stack_chk_fail_local.c
@@ -125,18 +127,24 @@ compat() {
 }
 
 md5sums="ac52ccaec6b06ab0f289d37e8436859b  musl-1.1.16.tar.gz
+d9da36992a9ccd200242b38b67823b95  0001-fix-strftime-y-for-negative-years.patch
+93a7dfa98dff324f2242d10f7c2d68f8  0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
 830d01f7821b978df770b06db3790921  ldconfig
 0df687757221bbb0fc1aa67f1bd646f9  __stack_chk_fail_local.c
 57ef2c63b9ec6a2041694ace97d4ffa2  getconf.c
 eadc8794eadb79dbc383b2b91a32084d  getent.c
 45f92f8d59cf84d765de698a9578dbf4  iconv.c"
 sha256sums="937185a5e5d721050306cf106507a006c3f1f86d86cd550024ea7be909071011  musl-1.1.16.tar.gz
+ec5209fe48aa54a859cc034557b7cca8307adaf345b3f7c061e0b284eee00ccc  0001-fix-strftime-y-for-negative-years.patch
+b8c92e4c6c60b67fde4eab3465041c12a942a319501710babaf3b6ead381bd95  0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
 b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7  ldconfig
 299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da  __stack_chk_fail_local.c
 d87d0cbb3690ae2c5d8cc218349fd8278b93855dd625deaf7ae50e320aad247c  getconf.c
 b323f20c9bf560a13c877eb05428bc4a203383697bac763e7b12865db5c5922c  getent.c
 f79a2930a2e5bb0624321589edf8b889d1e9b603e01e6b7ae214616605b3fdd7  iconv.c"
 sha512sums="47c00e50b7605102fb4aebe1f9ba9db94d26fac64805f6d744c9c557a05b8a58dff7f9558ff7c8d66b5d7c43740cdc2dd79448bacac47f1414e6ada99c210140  musl-1.1.16.tar.gz
+74e95ab3a74513e7a0513e004c376d4055eca0e21162e717dfcab249302a9060d3ac3eb88b562dea14b71b475b4dd2f703e355e2f5050b58891a848c5093c5f6  0001-fix-strftime-y-for-negative-years.patch
+04805970e7dc11f84a86df49688f3b7670933860192e99637e189494c261e49b3cce1d80019d69341452062df03d5a349450015076c947296ac4a0d40e5789f4  0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f  ldconfig
 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b  __stack_chk_fail_local.c
 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d  getconf.c
-- 
2.8.3




---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---