ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-12-25 22:08:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: musl: Update to 1.1.17.

Browse source 
* gnu/packages/musl.scm (musl): Update to 1.1.17.
[source]: Remove patch.
* gnu/packages/patches/musl-CVE-2016-8859.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
Leo Famulari 2017-10-19 17:33:55 -04:00
parent 37ce440dcf
commit 9ccce79910
No known key found for this signature in database
GPG key ID: 2646FA30BACA7F08
3 changed files with 2 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -879,7 +879,6 @@ dist_patch_DATA = \
%D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \ %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \
%D%/packages/patches/mupdf-CVE-2017-15587.patch \ %D%/packages/patches/mupdf-CVE-2017-15587.patch \
%D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \
%D%/packages/patches/musl-CVE-2016-8859.patch \
%D%/packages/patches/mutt-store-references.patch \ %D%/packages/patches/mutt-store-references.patch \
%D%/packages/patches/ncurses-CVE-2017-10684-10685.patch \ %D%/packages/patches/ncurses-CVE-2017-10684-10685.patch \
%D%/packages/patches/net-tools-bitrot.patch \ %D%/packages/patches/net-tools-bitrot.patch \

5
gnu/packages/musl.scm
View file

@ -27,15 +27,14 @@ (define-module (gnu packages musl)
(define-public musl (define-public musl
(package (package
(name "musl") (name "musl")
(version "1.1.15") (version "1.1.17")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "http://www.musl-libc.org/releases/" (uri (string-append "http://www.musl-libc.org/releases/"
name "-" version ".tar.gz")) name "-" version ".tar.gz"))
(patches (search-patches "musl-CVE-2016-8859.patch"))
(sha256 (sha256
(base32 (base32
"1ymhxkskivzph0q34zadwfglc5gyahqajm7chqqn2zraxv3lgr4p")))) "0r0lyp2w6v2bvm8h1si7w3p2qx037szl14qnxm5p00568z3m3an8"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(arguments (arguments
`(#:tests? #f ; Musl has no tests `(#:tests? #f ; Musl has no tests

81
gnu/packages/patches/musl-CVE-2016-8859.patch
View file

@ -1,81 +0,0 @@
Fix CVE-2016-8859:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8859
Patch copied from upstream source repository:
http://git.musl-libc.org/cgit/musl/commit/?id=c3edc06d1e1360f3570db9155d6b318ae0d0f0f7
From c3edc06d1e1360f3570db9155d6b318ae0d0f0f7 Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Thu, 6 Oct 2016 18:34:58 -0400
Subject: [PATCH] fix missing integer overflow checks in regexec buffer size
computations
most of the possible overflows were already ruled out in practice by
regcomp having already succeeded performing larger allocations.
however at least the num_states*num_tags multiplication can clearly
overflow in practice. for safety, check them all, and use the proper
type, size_t, rather than int.
also improve comments, use calloc in place of malloc+memset, and
remove bogus casts.
---
src/regex/regexec.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/src/regex/regexec.c b/src/regex/regexec.c
index 16c5d0a..dd52319 100644
--- a/src/regex/regexec.c
+++ b/src/regex/regexec.c
@@ -34,6 +34,7 @@
#include <wchar.h>
#include <wctype.h>
#include <limits.h>
+#include <stdint.h>
#include <regex.h>
@@ -206,11 +207,24 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string,
/* Allocate memory for temporary data required for matching. This needs to
be done for every matching operation to be thread safe. This allocates
- everything in a single large block from the stack frame using alloca()
- or with malloc() if alloca is unavailable. */
+ everything in a single large block with calloc(). */
{
- int tbytes, rbytes, pbytes, xbytes, total_bytes;
+ size_t tbytes, rbytes, pbytes, xbytes, total_bytes;
char *tmp_buf;
+
+ /* Ensure that tbytes and xbytes*num_states cannot overflow, and that
+ * they don't contribute more than 1/8 of SIZE_MAX to total_bytes. */
+ if (num_tags > SIZE_MAX/(8 * sizeof(int) * tnfa->num_states))
+ goto error_exit;
+
+ /* Likewise check rbytes. */
+ if (tnfa->num_states+1 > SIZE_MAX/(8 * sizeof(*reach_next)))
+ goto error_exit;
+
+ /* Likewise check pbytes. */
+ if (tnfa->num_states > SIZE_MAX/(8 * sizeof(*reach_pos)))
+ goto error_exit;
+
/* Compute the length of the block we need. */
tbytes = sizeof(*tmp_tags) * num_tags;
rbytes = sizeof(*reach_next) * (tnfa->num_states + 1);
@@ -221,10 +235,9 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string,
+ (rbytes + xbytes * tnfa->num_states) * 2 + tbytes + pbytes;
/* Allocate the memory. */
- buf = xmalloc((unsigned)total_bytes);
+ buf = calloc(total_bytes, 1);
if (buf == NULL)
return REG_ESPACE;
- memset(buf, 0, (size_t)total_bytes);
/* Get the various pointers within tmp_buf (properly aligned). */
tmp_tags = (void *)buf;
--
2.10.1