This patch updates musl to the latest 1.1.17 release. Rick Felker stated in his release note: " This release fixes numerous bugs affecting visible behavior and safety/internal consistency, including a stack-based buffer overflow in dns parsing and multiple sources of invalid memory accesses that may lead to crashes. See the release notes in WHATSNEW for details.
Many new features have also been added, including deferred symbol binding in the dynamic linker (RTLD_LAZY emulation), an option to overrid argv[0] when running ldso to execute a program, support for starting new sessions via posix_spawn (POSIX_SPAWN_SETSID, accepted for standardization), and ability to query the active thread-local locale (via _NL_LOCALE_NAME extension). Improvements in compatibility with applications, build tools, and platforms have also been made. " <http://www.openwall.com/lists/musl/2017/10/19/1> The stack-based buffer overflow in dns parsing can be mitigated by: "running a caching nameserver on localhost and pointing resolv.conf to 127.0.0.1." <http://www.openwall.com/lists/musl/2017/10/19/2> Which is the case on the default LEDE installation (dnsmasq). Signed-off-by: Christian Lamparter <chunk...@gmail.com> --- toolchain/musl/common.mk | 6 +++--- toolchain/musl/patches/900-iconv_size_hack.patch | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/toolchain/musl/common.mk b/toolchain/musl/common.mk index 0a45828f79..4c4e5b47ae 100644 --- a/toolchain/musl/common.mk +++ b/toolchain/musl/common.mk @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/target.mk PKG_NAME:=musl -PKG_VERSION:=1.1.16 +PKG_VERSION:=1.1.17 PKG_RELEASE=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) -PKG_SOURCE_VERSION:=5f7efb87a28a311ad377dd26adf53715dedb096d -PKG_MIRROR_HASH:=da18ef24f270e5cae6bc4c440479da17bec1949ae5a1bc990352ca04f24c4378 +PKG_SOURCE_VERSION:=2cd663fb2d576d590a08c1e40386c07b378d5ad6 +PKG_MIRROR_HASH:=e3140faaa9aff51c4f56f36c15d677265a5bed39aa6d9ab5d252f1c49b7c13ca PKG_SOURCE_URL:=git://git.musl-libc.org/musl PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz diff --git a/toolchain/musl/patches/900-iconv_size_hack.patch b/toolchain/musl/patches/900-iconv_size_hack.patch index 343915fb06..cfbb7ee5f7 100644 --- a/toolchain/musl/patches/900-iconv_size_hack.patch +++ b/toolchain/musl/patches/900-iconv_size_hack.patch @@ -32,7 +32,7 @@ static int fuzzycmp(const unsigned char *a, const unsigned char *b) { -@@ -216,6 +220,7 @@ size_t iconv(iconv_t cd0, char **restric +@@ -224,6 +228,7 @@ size_t iconv(iconv_t cd0, char **restric c = ((c-0xd7c0)<<10) + (d-0xdc00); } break; @@ -47,7 +47,7 @@ +#endif default: if (c < 128+type) break; - c -= 128+type; + c = legacy_map(map, c); --- a/src/locale/codepages.h +++ b/src/locale/codepages.h @@ -118,6 +118,7 @@ -- 2.15.0.rc1 _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev