[LEDE-DEV] [PATCH] musl: update to 1.1.17

Christian Lamparter chunkeey at gmail.com
Thu Oct 19 14:41:48 PDT 2017


This patch updates musl to the latest 1.1.17 release.

Rick Felker stated in his release note: "
This release fixes numerous bugs affecting visible behavior and
safety/internal consistency, including a stack-based buffer overflow
in dns parsing and multiple sources of invalid memory accesses that
may lead to crashes. See the release notes in WHATSNEW for details.

Many new features have also been added, including deferred symbol
binding in the dynamic linker (RTLD_LAZY emulation), an option to
overrid argv[0] when running ldso to execute a program, support for
starting new sessions via posix_spawn (POSIX_SPAWN_SETSID, accepted
for standardization), and ability to query the active thread-local
locale (via _NL_LOCALE_NAME extension). Improvements in compatibility
with applications, build tools, and platforms have also been made.
" <http://www.openwall.com/lists/musl/2017/10/19/1>

The stack-based buffer overflow in dns parsing can be mitigated by:
"running a caching nameserver on localhost and pointing resolv.conf
to 127.0.0.1." <http://www.openwall.com/lists/musl/2017/10/19/2>
Which is the case on the default LEDE installation (dnsmasq).

Signed-off-by: Christian Lamparter <chunkeey at gmail.com>
---
 toolchain/musl/common.mk                         | 6 +++---
 toolchain/musl/patches/900-iconv_size_hack.patch | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/toolchain/musl/common.mk b/toolchain/musl/common.mk
index 0a45828f79..4c4e5b47ae 100644
--- a/toolchain/musl/common.mk
+++ b/toolchain/musl/common.mk
@@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/target.mk
 
 PKG_NAME:=musl
-PKG_VERSION:=1.1.16
+PKG_VERSION:=1.1.17
 PKG_RELEASE=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=5f7efb87a28a311ad377dd26adf53715dedb096d
-PKG_MIRROR_HASH:=da18ef24f270e5cae6bc4c440479da17bec1949ae5a1bc990352ca04f24c4378
+PKG_SOURCE_VERSION:=2cd663fb2d576d590a08c1e40386c07b378d5ad6
+PKG_MIRROR_HASH:=e3140faaa9aff51c4f56f36c15d677265a5bed39aa6d9ab5d252f1c49b7c13ca
 PKG_SOURCE_URL:=git://git.musl-libc.org/musl
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
 
diff --git a/toolchain/musl/patches/900-iconv_size_hack.patch b/toolchain/musl/patches/900-iconv_size_hack.patch
index 343915fb06..cfbb7ee5f7 100644
--- a/toolchain/musl/patches/900-iconv_size_hack.patch
+++ b/toolchain/musl/patches/900-iconv_size_hack.patch
@@ -32,7 +32,7 @@
  
  static int fuzzycmp(const unsigned char *a, const unsigned char *b)
  {
-@@ -216,6 +220,7 @@ size_t iconv(iconv_t cd0, char **restric
+@@ -224,6 +228,7 @@ size_t iconv(iconv_t cd0, char **restric
  				c = ((c-0xd7c0)<<10) + (d-0xdc00);
  			}
  			break;
@@ -47,7 +47,7 @@
 +#endif
  		default:
  			if (c < 128+type) break;
- 			c -= 128+type;
+ 			c = legacy_map(map, c);
 --- a/src/locale/codepages.h
 +++ b/src/locale/codepages.h
 @@ -118,6 +118,7 @@
-- 
2.15.0.rc1




More information about the Lede-dev mailing list