X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail.ovgu.de (mail.ovgu.de [141.44.1.66])
	by lists.alpinelinux.org (Postfix) with ESMTP id 248F5F83227
	for <alpine-aports@lists.alpinelinux.org>; Mon, 25 Mar 2019 09:22:05 +0000 (UTC)
Received: from mail.ovgu.de (localhost [127.0.0.1])
	by localhost (Postfix) with SMTP id E732E415EB
	for <alpine-aports@lists.alpinelinux.org>; Mon, 25 Mar 2019 10:22:04 +0100 (CET)
Received: from faultier2go.iks.cs.ovgu.de (reh-a.iks.cs.ovgu.de [141.44.29.160])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.ovgu.de (Postfix) with ESMTPSA id 8B6E04006C;
	Mon, 25 Mar 2019 10:22:04 +0100 (CET)
From: Marian Buschsieweke <marian.buschsieweke@ovgu.de>
To: alpine-aports@lists.alpinelinux.org
Cc: Marian Buschsieweke <marian.buschsieweke@ovgu.de>
Subject: [alpine-aports] [PATCH] main/musl: Fix out-of-bound read in sscanf
Date: Mon, 25 Mar 2019 10:22:02 +0100
Message-Id: <20190325092202.14077-1-marian.buschsieweke@ovgu.de>
X-Mailer: git-send-email 2.21.0
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
X-PMX-Version: 6.4.6.2792898, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2019.3.25.91516, AntiVirus-Engine: 5.60.0, AntiVirus-Data: 2019.3.25.5600001
X-PMX-Spam: Gauge=X, Probability=10%, Report='
 URI_SNOWNS_NS_NAME 0.5, HTML_00_01 0.05, HTML_00_10 0.05, BODY_SIZE_4000_4999 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, CT_TEXT_PLAIN_UTF8_CAPS 0, DQ_SUSP_1 0, LEGITIMATE_SIGNS 0, MULTIPLE_REAL_RCPTS 0, NO_URI_HTTPS 0, __ANY_URI 0, __CC_NAME 0, __CC_NAME_DIFF_FROM_ACC 0, __CC_REAL_NAMES 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __DQ_HEUR_1 0, __FRAUD_MONEY_CURRENCY 0, __FRAUD_MONEY_CURRENCY_DOLLAR 0, __FROM_DOMAIN_IN_ANY_CC1 0, __FROM_DOMAIN_IN_RCPT 0, __HAS_CC_HDR 0, __HAS_FROM 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __INVOICE_MULTILINGUAL 0, __MIME_TEXT_ONLY 0, __MIME_TEXT_P 0, __MIME_TEXT_P1 0, __MIME_VERSION 0, __MULTIPLE_URI_TEXT 0, __NO_HTML_TAG_RAW 0, __SANE_MSGID 0, __SUBJ_ALPHA_END 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, __URI_IN_BODY 0, __URI_NOT_IMG 0, __URI_NS , __URI_WITHOUT_PATH 0, __URI_WITH_PATH 0'
X-Spam-Score: Gauge=*
X-PMX-consideredAsSpam: no

QWRkZWQgcGF0Y2ggZnJvbSBjb21taXQgOGYxMmM0ZTExMGFjYjNiYmJkYzhhYmZiM2E1NTJjM2Nl
ZDcxODAzOSwgd2hpY2gNCmZpeGVzIGFuIG91dC1vZi1ib3VuZCByZWFkIGluIHNzY2FuZi4NCi0t
LQ0KIG1haW4vbXVzbC9BUEtCVUlMRCAgICAgICAgICAgICAgfCAgNCArKy0NCiBtYWluL211c2wv
c3NjYW5mX3NlZ2ZhdWx0LnBhdGNoIHwgNTggKysrKysrKysrKysrKysrKysrKysrKysrKysrKysr
KysrDQogMiBmaWxlcyBjaGFuZ2VkLCA2MSBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9uKC0pDQog
Y3JlYXRlIG1vZGUgMTAwNjQ0IG1haW4vbXVzbC9zc2NhbmZfc2VnZmF1bHQucGF0Y2gNCg0KZGlm
ZiAtLWdpdCBhL21haW4vbXVzbC9BUEtCVUlMRCBiL21haW4vbXVzbC9BUEtCVUlMRA0KaW5kZXgg
OTM1NTIwZTQ2Yy4uNjlhYThiYmIwZSAxMDA2NDQNCi0tLSBhL21haW4vbXVzbC9BUEtCVUlMRA0K
KysrIGIvbWFpbi9tdXNsL0FQS0JVSUxEDQpAQCAtMiw3ICsyLDcgQEANCiAjIE1haW50YWluZXI6
IFRpbW8gVGVyw6RzIDx0aW1vLnRlcmFzQGlraS5maT4NCiBwa2duYW1lPW11c2wNCiBwa2d2ZXI9
MS4xLjIxDQotcGtncmVsPTENCitwa2dyZWw9Mg0KIHBrZ2Rlc2M9InRoZSBtdXNsIGMgbGlicmFy
eSAobGliYykgaW1wbGVtZW50YXRpb24iDQogdXJsPSJodHRwOi8vd3d3Lm11c2wtbGliYy5vcmcv
Ig0KIGFyY2g9ImFsbCINCkBAIC0xNiw2ICsxNiw3IEBAIGVzYWMNCiBzb3VyY2U9Imh0dHA6Ly93
d3cubXVzbC1saWJjLm9yZy9yZWxlYXNlcy9tdXNsLSRwa2d2ZXIudGFyLmd6DQogCWhhbmRsZS1h
dXgtYXRfYmFzZS5wYXRjaA0KIAlzMzkweC1mYWR2LnBhdGNoDQorCXNzY2FuZl9zZWdmYXVsdC5w
YXRjaA0KIA0KIAlsZGNvbmZpZw0KIAlfX3N0YWNrX2Noa19mYWlsX2xvY2FsLmMNCkBAIC0xNDYs
NiArMTQ3LDcgQEAgY29tcGF0KCkgew0KIHNoYTUxMnN1bXM9ImZhNmM0Y2MwMTI2MjZjNWU1MTdl
MGUxMDkyNmZjODQ1ZTNhYTVmODYzZmZhY2VlYjM4YWM1YjljZTBhZjYzMWEzN2Y2Yjk0ZjQ3MDk5
N2RiMDlhYTBkNWUwM2Y0ZjI4YTJkYjgzNDg0YjBmOTg0ODFiZWEyMjM5YzE5ODlkMzYzICBtdXNs
LTEuMS4yMS50YXIuZ3oNCiA2YTdmZjE2ZDk1YjVkMWJlNzdlMGEwZmJiMjQ1NDkxODE3ZGIxOTIx
NzY0OTZhNTdiMjJhYjAzNzYzN2Q5N2ExODVlYTBiMGQxOWRhNjg3ZGE2NmMyYTJmNTU3OGU0MzQz
ZDIzMGYzOTlkNDlmZTM3N2Q4ZjAwODQxMDk3NDIzOCAgaGFuZGxlLWF1eC1hdF9iYXNlLnBhdGNo
DQogZTljOTEzNWY2ZGMzMjYwZTYyYWU2ZTljNDVmM2M0MzU3NGFmNmZmMmMyYmZlNDExZWI4M2Y3
ZTgwZDEzYmI4Yzg2NDI1Y2I0MWZjOTYxZTI3ZjdiYzE1ZjY3OWRiMWZiZmIyNjdlNDAxYmJlODFk
NmNkNWI4NzJlYjliMWY0NzEgIHMzOTB4LWZhZHYucGF0Y2gNCis4YTU3MDRiMjdmNDBkNWI4NzAw
YmE1MzU1NTM4Y2YxNmE1ZDYzNjBlNDAwMjMxNjQ4ZmUxMDcwZDVmYWRlOTA2NGQ0MTI0MzJmNjI5
NjllNDQxNzkxOTMyODM5Mzg3MzFlNzk3MDQ1NzVlMDg1YjJjN2YxMDAyMGFiOTc3MDA5YiAgc3Nj
YW5mX3NlZ2ZhdWx0LnBhdGNoDQogOGQzYTJkNTMxNWZjNTZmZWU3ZGE5YWJiOGI4OWJiMzhjNjA0
NmMzM2QxNTRjMTBkMTY4ZmIzNWJmZGU2YjBjZjlmMTMwNDJhM2JjZWVlMzRkYWYwOTFiYzQwOWQ2
OTkyMjM3MzVkY2YxOWYzODJlZWVlMWY2YmUzNDE1NGYyNmYgIGxkY29uZmlnDQogMDYyYmI0OWZh
NTQ4MzkwMTBhY2Q0YWYxMTNlMjBmNzI2M2RkZTFjOGEyY2EzNTliNWZiMjY2MWVmOWVkOWQ4NGEw
ZjdjM2JjMTBjMjVkY2ZhMTBiYjNjNWE0ODc0NTg4ZGZmNjM2YWM0M2Q1ZGJiM2Q3NDhkNzU0MDA3
NTZkMGIgIF9fc3RhY2tfY2hrX2ZhaWxfbG9jYWwuYw0KIDBkODBmMzdiMzRhMzVlM2QxNGIwMTIy
NTdjNTA4NjJkZmViOWQyYzgxMTM5ZWEyZGZhMTAxZDk4MWQwOTNiMDA5YjlmYTQ1MGJhMjdhNzA4
YWM1OTM3N2E0ODYyNjk3MWRmYzU4ZTIwYTM3OTkwODRhNjU3NzdhMGMzMmNiYzdkICBnZXRjb25m
LmMNCmRpZmYgLS1naXQgYS9tYWluL211c2wvc3NjYW5mX3NlZ2ZhdWx0LnBhdGNoIGIvbWFpbi9t
dXNsL3NzY2FuZl9zZWdmYXVsdC5wYXRjaA0KbmV3IGZpbGUgbW9kZSAxMDA2NDQNCmluZGV4IDAw
MDAwMDAwMDAuLjYyOWM3MGUxZjYNCi0tLSAvZGV2L251bGwNCisrKyBiL21haW4vbXVzbC9zc2Nh
bmZfc2VnZmF1bHQucGF0Y2gNCkBAIC0wLDAgKzEsNTggQEANCitGcm9tIDhmMTJjNGUxMTBhY2Iz
YmJiZGM4YWJmYjNhNTUyYzNjZWQ3MTgwMzkgTW9uIFNlcCAxNyAwMDowMDowMCAyMDAxDQorRnJv
bTogUmljaCBGZWxrZXIgPGRhbGlhc0BhZXJpZmFsLmN4Pg0KK0RhdGU6IFRodSwgMTQgTWFyIDIw
MTkgMjA6NTI6MTggLTA0MDANCitTdWJqZWN0OiBmaXggY3Jhc2gvb3V0LW9mLWJvdW5kIHJlYWQg
aW4gc3NjYW5mDQorDQorY29tbWl0IGQ2Yzg1NWNhYTg4ZGRiMWFiNmUyNGUyM2ExNGIxZTdiYWY0
YmE5YzcgY2F1c2VkIHRoaXMNCisicmVncmVzc2lvbiIsIHRob3VnaCB0aGUgYmVoYXZpb3Igd2Fz
IHVuZGVmaW5lZCBiZWZvcmUsIG92ZXJsb29raW5nDQordGhhdCBmLT5zaGVuZD0wIHdhcyBiZWlu
ZyB1c2VkIGFzIGEgc2VudGluZWwgZm9yICJFT0YiIHN0YXR1cyAoYWN0dWFsDQorRU9GIG9yIGhp
dHRpbmcgdGhlIHNjYW5mIGZpZWxkIHdpZHRoKSBvZiB0aGUgc3RyZWFtIGhlbHBlciAoc2hnZXRj
KQ0KK2Z1bmN0aW9ucy4NCisNCitvYnZpb3VzbHkgdGhlIHNoZ2V0YyBtYWNybyBjb3VsZCBiZSBh
ZGp1c3RlZCB0byBjaGVjayBmb3IgYSBudWxsDQorcG9pbnRlciBpbiBhZGRpdGlvbiB0byB0aGUg
IT0gY29tcGFyaXNvbiwgYnV0IGl0J3MgdGhlIGhvdCBwYXRoLCBhbmQNCithZGRpbmcgZXh0cmEg
Y29kZS9icmFuY2hlcyB0byBpdCBiZWdpbnMgdG8gZGVmZWF0IHRoZSBwdXJwb3NlLg0KKw0KK3Nv
IGluc3RlYWQgb2Ygc2V0dGluZyBzaGVuZCB0byBhIG51bGwgcG9pbnRlciB0byBibG9jayBmdXJ0
aGVyIHJlYWRzLA0KK3doaWNoIG5vIGxvbmdlciB3b3Jrcywgc2V0IGl0IHRvIHRoZSBjdXJyZW50
IHBvc2l0aW9uIChycG9zKS4gdGhpcw0KK21ha2VzIHRoZSBzaGdldGMgbWFjcm8gd29yayB3aXRo
IG5vIGNoYW5nZSwgYnV0IGl0IGJyZWFrcyBzaHVuZ2V0LA0KK3doaWNoIGNhbiBubyBsb25nZXIg
bG9vayBhdCB0aGUgdmFsdWUgb2Ygc2hlbmQgdG8gZGV0ZXJtaW5lIHdoZXRoZXIgdG8NCitiYWNr
IHVwLiBTemFib2xjcyBOYWd5IHN1Z2dlc3RlZCBhIHNvbHV0aW9uIHdoaWNoIEknbSB1c2luZyBo
ZXJlOg0KK3NldHRpbmcgc2hsaW0gdG8gYSBuZWdhdGl2ZSB2YWx1ZSBpcyBpbmV4cGVuc2l2ZSB0
byB0ZXN0IGF0IHNodW5nZXQNCit0aW1lLCBhbmQgYXV0b21hdGljYWxseSByZS10cmlwcyB0aGUg
Y250Pj1zaGxpbSBzdG9wIGNvbmRpdGlvbiBpbg0KK19fc2hnZXRjIG5vIG1hdHRlciB3aGF0IHRo
ZSBvcmlnaW5hbCBsaW1pdCB3YXMuDQorLS0tDQorIHNyYy9pbnRlcm5hbC9zaGdldGMuYyB8IDMg
KystDQorIHNyYy9pbnRlcm5hbC9zaGdldGMuaCB8IDIgKy0NCisgMiBmaWxlcyBjaGFuZ2VkLCAz
IGluc2VydGlvbnMoKyksIDIgZGVsZXRpb25zKC0pDQorDQorZGlmZiAtLWdpdCBhL3NyYy9pbnRl
cm5hbC9zaGdldGMuYyBiL3NyYy9pbnRlcm5hbC9zaGdldGMuYw0KK2luZGV4IGViZDVmYWU3Li5h
NGE5YzYzMyAxMDA2NDQNCistLS0gYS9zcmMvaW50ZXJuYWwvc2hnZXRjLmMNCisrKysgYi9zcmMv
aW50ZXJuYWwvc2hnZXRjLmMNCitAQCAtMjIsNyArMjIsOCBAQCBpbnQgX19zaGdldGMoRklMRSAq
ZikNCisgCW9mZl90IGNudCA9IHNoY250KGYpOw0KKyAJaWYgKGYtPnNobGltICYmIGNudCA+PSBm
LT5zaGxpbSB8fCAoYz1fX3VmbG93KGYpKSA8IDApIHsNCisgCQlmLT5zaGNudCA9IGYtPmJ1ZiAt
IGYtPnJwb3MgKyBjbnQ7DQorLQkJZi0+c2hlbmQgPSAwOw0KKysJCWYtPnNoZW5kID0gZi0+cnBv
czsNCisrCQlmLT5zaGxpbSA9IC0xOw0KKyAJCXJldHVybiBFT0Y7DQorIAl9DQorIAljbnQrKzsN
CitkaWZmIC0tZ2l0IGEvc3JjL2ludGVybmFsL3NoZ2V0Yy5oIGIvc3JjL2ludGVybmFsL3NoZ2V0
Yy5oDQoraW5kZXggMWMzMGY3NWYuLjk0MzUzODFhIDEwMDY0NA0KKy0tLSBhL3NyYy9pbnRlcm5h
bC9zaGdldGMuaA0KKysrKyBiL3NyYy9pbnRlcm5hbC9zaGdldGMuaA0KK0BAIC0yNiw3ICsyNiw3
IEBAIGhpZGRlbiBpbnQgX19zaGdldGMoRklMRSAqKTsNCisgI2RlZmluZSBzaGNudChmKSAoKGYp
LT5zaGNudCArICgoZiktPnJwb3MgLSAoZiktPmJ1ZikpDQorICNkZWZpbmUgc2hsaW0oZiwgbGlt
KSBfX3NobGltKChmKSwgKGxpbSkpDQorICNkZWZpbmUgc2hnZXRjKGYpICgoKGYpLT5ycG9zICE9
IChmKS0+c2hlbmQpID8gKihmKS0+cnBvcysrIDogX19zaGdldGMoZikpDQorLSNkZWZpbmUgc2h1
bmdldChmKSAoKGYpLT5zaGVuZCA/ICh2b2lkKShmKS0+cnBvcy0tIDogKHZvaWQpMCkNCisrI2Rl
ZmluZSBzaHVuZ2V0KGYpICgoZiktPnNobGltPj0wID8gKHZvaWQpKGYpLT5ycG9zLS0gOiAodm9p
ZCkwKQ0KKyANCisgI2RlZmluZSBzaF9mcm9tc3RyaW5nKGYsIHMpIFwNCisgCSgoZiktPmJ1ZiA9
IChmKS0+cnBvcyA9ICh2b2lkICopKHMpLCAoZiktPnJlbmQgPSAodm9pZCopLTEpDQorLS0gDQor
Y2dpdCB2MS4yLjENCisNCi0tIA0KMi4yMS4wDQoNCg0KDQotLS0NClVuc3Vic2NyaWJlOiAgYWxw
aW5lLWFwb3J0cyt1bnN1YnNjcmliZUBsaXN0cy5hbHBpbmVsaW51eC5vcmcNCkhlbHA6ICAgICAg
ICAgYWxwaW5lLWFwb3J0cytoZWxwQGxpc3RzLmFscGluZWxpbnV4Lm9yZw0KLS0tDQo=