From d29d4fe32654d5cc026e244254a79535215ec169 Mon Sep 17 00:00:00 2001 From: Sam James Date: Wed, 6 May 2026 07:33:36 +0100 Subject: [PATCH] sys-libs/musl: backport security fixes Liam Wachter (1): dns: fix nameserver OOB read in IPv6-disabled fallback Luca Kellermann (1): qsort: fix shift UB in shl and shr Rich Felker (4): fix incorrect access to tzname[] by strptime %Z conversion specifier fix pathological slowness & incorrect mappings in iconv gb18030 decoder qsort: fix leonardo heap corruption from bug in doubleword ctz primitive qsort: hard-preclude oob array writes independent of any invariants Szabolcs Nagy (1): regex: reject invalid \digit back reference in BRE Bug: https://bugs.gentoo.org/972527 Signed-off-by: Sam James --- sys-libs/musl/Manifest | 1 + sys-libs/musl/musl-1.2.6-r1.ebuild | 261 +++++++++++++++++++++++++++++ 2 files changed, 262 insertions(+) create mode 100644 sys-libs/musl/musl-1.2.6-r1.ebuild diff --git a/sys-libs/musl/Manifest b/sys-libs/musl/Manifest index 0b119e70b928..de76cae63051 100644 --- a/sys-libs/musl/Manifest +++ b/sys-libs/musl/Manifest @@ -2,6 +2,7 @@ DIST getconf.c 11614 BLAKE2B ba49a573fc16d51780a0b0b81fbf7b64a1142f1dbad203c9609 DIST iconv.c 2577 BLAKE2B 070ca87b30c90ab98c27d5faf7a2fcb64ff7c67ca212ee6072165b2146979c551f714954dbd465462a171837c59b6ea027e0206458a2df0f977e45f01be3ce48 SHA512 9d42d66fb1facce2b85dad919be5be819ee290bd26ca2db00982b2f8e055a0196290a008711cbe2b18ec9eee8d2270e3b3a4692c5a1b807013baa5c2b70a2bbf DIST musl-1.2.5.tar.gz 1080786 BLAKE2B 6065dc1e01874d1b96abe714147dcc0b41ca702ca9e9c44e85864185dab0b6d085a692745db0822c94a79325e1a91dad60c52f467717d9323b2b3c6ad0a17545 SHA512 7bb7f7833923cd69c7a1a9b8a5f1784bfd5289663eb6061dcd43d583e45987df8a68a1be05d75cc1c88a3f5b610653d1a70f4a9cff4d8f7fd41ae73ee058c17c DIST musl-1.2.5.tar.gz.asc 490 BLAKE2B f0d91b20aa7729449bd02a60adf17e8287904ed5971851a34b15f500011137ddc3f338d24712ff0481f1d6f9a749d87014a82b26a3bd9de660ddbf29678a8777 SHA512 c8aebf05b14abbd33ff568ca17ddd8b29e6f53cbb1cb85e00b64f15516ffc46a7a064c996a7bb1c9681a361a4921204ac58e4a1cfd7bd3ad60d7f2b0151d9229 +DIST musl-1.2.6-patches.tar.xz 7128 BLAKE2B 5e71184b5ab6b119105c897d811f52ea4169408fe6d91f77675b5378daef6aacb10650ca2dbdaeddc03c8aff3f774d02721b35d8fab9b7036e8fe68f969c132a SHA512 a4a37acc82874ce4f0e2aa512887c4d7cae3b9a895d06dce9ebb746ffe062f31d1ace0b815123563fdcdfcc2d6cedf3283911b8ec0eac62f8cd27877fea5ef7f DIST musl-1.2.6.tar.gz 1082499 BLAKE2B b13a95bacd1557ac3044bff63cb09bcc7f3b606a81eada2506461a34691502d25b54f0157e9c320b936d896496bd0c3bc4efbd91e8dab803e000e8c90d328800 SHA512 1adad96eddb3a2eb0cacb3e363b0046568925fcdd75cf8b0503f2139df1f693d64730779ca0ce8131b7624ab2d37f4247bb1d3393c523de6e30d2b1d7732555c DIST musl-1.2.6.tar.gz.asc 490 BLAKE2B c4270fd7e3f1e6a5a0ea39d386549c257329ede5f32e7823588b7b8c0703faa02d278c8a926d27821ae15a8c497b5eca2eb62633428a1b65ea4ed07c4154ebd9 SHA512 59f15ffb206bd25b99cccc49a9dfe8fcd0f8ad78b9f769cc650c113f6fff35f9c5b6a431e5a9952f2fab5da20ce1586f1429d40947cf68164712ebbfc2b637fe DIST musl-getent-93a08815f8598db442d8b766b463d0150ed8e2ab.c 11656 BLAKE2B 1b7bf7102a1eb91a8cb881ed8ca65eb8eed911dd50238e97dc2952d89d4c6ebed6bfd046a2b38776c550b2872ab54ced8cb452fcc2ad56e5616f722debda761f SHA512 7f5b9d934d82deb5f8b23e16169a5d9b99ccab3a4708df06a95d685e1b24a3a3e69b3dcf4942f2f66c12a3d4bf0c5827e2ee2e8c4d7b1997359fccc2ac212dee diff --git a/sys-libs/musl/musl-1.2.6-r1.ebuild b/sys-libs/musl/musl-1.2.6-r1.ebuild new file mode 100644 index 000000000000..777ce3610e03 --- /dev/null +++ b/sys-libs/musl/musl-1.2.6-r1.ebuild @@ -0,0 +1,261 @@ +# Copyright 1999-2026 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit crossdev flag-o-matic toolchain-funcs prefix + +DESCRIPTION="Light, fast and, simple C library focused on standards-conformance and safety" +HOMEPAGE="https://musl.libc.org" + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://git.musl-libc.org/git/musl" + inherit git-r3 +else + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/musl.asc + inherit verify-sig + + SRC_URI=" + https://musl.libc.org/releases/${P}.tar.gz + https://distfiles.gentoo.org/pub/proj/musl/${P}-patches.tar.xz + verify-sig? ( https://musl.libc.org/releases/${P}.tar.gz.asc ) + " + KEYWORDS="-* ~amd64 ~arm ~arm64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~x86" + + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-musl )" +fi + +GETENT_COMMIT="93a08815f8598db442d8b766b463d0150ed8e2ab" +GETENT_FILE="musl-getent-${GETENT_COMMIT}.c" +SRC_URI+=" + https://dev.gentoo.org/~blueness/musl-misc/getconf.c + https://gitlab.alpinelinux.org/alpine/aports/-/raw/${GETENT_COMMIT}/main/musl/getent.c -> ${GETENT_FILE} + https://dev.gentoo.org/~blueness/musl-misc/iconv.c +" + +LICENSE="MIT LGPL-2 GPL-2" +SLOT="0" +IUSE="crypt headers-only split-usr" + +QA_SONAME="usr/lib/libc.so" +QA_DT_NEEDED="usr/lib/libc.so" +# bug #830213 +QA_PRESTRIPPED="usr/lib/crtn.o" + +# We want crypt on by default for this as sys-libs/libxcrypt isn't (yet?) +# built as part as crossdev. Also, elide the blockers when in cross-*, +# as it doesn't make sense to block the normal CBUILD libxcrypt at all +# there when we're installing into /usr/${CHOST} anyway. +if is_crosspkg ; then + IUSE="${IUSE/crypt/+crypt}" +else + RDEPEND="crypt? ( !sys-libs/libxcrypt[system] )" + PDEPEND="!crypt? ( sys-libs/libxcrypt[system] )" +fi + +PATCHES=( + "${FILESDIR}"/${PN}-getifaddrs-qemu-workaround.patch + "${WORKDIR}"/${P}-patches +) + +just_headers() { + use headers-only && target_is_not_host +} + +pkg_setup() { + if [[ ${CTARGET} == ${CHOST} ]] ; then + case ${CHOST} in + *-musl*) ;; + *) die "Use sys-devel/crossdev to build a musl toolchain" ;; + esac + fi + + # Fix for bug #667126, copied from glibc ebuild: + # make sure host make.conf doesn't pollute us + if target_is_not_host || tc-is-cross-compiler ; then + CHOST=${CTARGET} strip-unsupported-flags + fi +} + +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + elif use verify-sig ; then + # We only verify the release; not the additional (fixed, safe) files + # we download. + # (Seem to get IPC error on verifying in cross?) + ! target_is_not_host && verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + +src_prepare() { + default + + mkdir "${WORKDIR}"/misc || die + cp "${DISTDIR}"/getconf.c "${WORKDIR}"/misc/getconf.c || die + cp "${DISTDIR}/${GETENT_FILE}" "${WORKDIR}"/misc/getent.c || die + cp "${DISTDIR}"/iconv.c "${WORKDIR}"/misc/iconv.c || die +} + +src_configure() { + strip-flags && filter-lto # Prevent issues caused by aggressive optimizations & bug #877343 + tc-getCC ${CTARGET} + + just_headers && export CC=true + + local sysroot + target_is_not_host && sysroot=/usr/${CTARGET} + ./configure \ + --target=${CTARGET} \ + --prefix="${EPREFIX}${sysroot}/usr" \ + --syslibdir="${EPREFIX}${sysroot}/lib" \ + --disable-gcc-wrapper || die +} + +src_compile() { + emake obj/include/bits/alltypes.h + just_headers && return 0 + + emake + if ! is_crosspkg ; then + emake -C "${T}" getconf getent iconv \ + CC="$(tc-getCC)" \ + CFLAGS="${CFLAGS}" \ + CPPFLAGS="${CPPFLAGS}" \ + LDFLAGS="${LDFLAGS}" \ + VPATH="${WORKDIR}/misc" + fi + + $(tc-getCC) ${CPPFLAGS} ${CFLAGS} -c -o libssp_nonshared.o "${FILESDIR}"/stack_chk_fail_local.c || die + $(tc-getAR) -rcs libssp_nonshared.a libssp_nonshared.o || die +} + +src_install() { + local target="install" + just_headers && target="install-headers" + emake DESTDIR="${D}" ${target} + just_headers && return 0 + + # musl provides ldd via a sym link to its ld.so + local sysroot= + target_is_not_host && sysroot=/usr/${CTARGET} + local ldso=$(basename "${ED}${sysroot}"/lib/ld-musl-*) + dosym -r "${sysroot}/lib/${ldso}" "${sysroot}/usr/bin/ldd" + + if ! use crypt ; then + # Allow sys-libs/libxcrypt[system] to provide it instead + rm "${ED}${sysroot}/usr/include/crypt.h" || die + rm "${ED}${sysroot}"/usr/*/libcrypt.a || die + fi + + if ! is_crosspkg ; then + # Fish out of config: + # ARCH = ... + # SUBARCH = ... + # and print $(ARCH)$(SUBARCH). + local arch=$(awk '{ k[$1] = $3 } END { printf("%s%s", k["ARCH"], k["SUBARCH"]); }' config.mak) + + # The musl build system seems to create a symlink: + # ${D}/lib/ld-musl-${arch}.so.1 -> /usr/lib/libc.so.1 (absolute) + # During cross or within prefix, there's no guarantee that the host is + # using musl so that file may not exist. Use a relative symlink within + # ${D} instead. + rm "${ED}"/lib/ld-musl-${arch}.so.1 || die + if use split-usr; then + dosym ../usr/lib/libc.so /lib/ld-musl-${arch}.so.1 + # If it's still a dead symlink, OK, we really do need to abort. + [[ -e "${ED}"/lib/ld-musl-${arch}.so.1 ]] || die + else + dosym libc.so /usr/lib/ld-musl-${arch}.so.1 + [[ -e "${ED}"/usr/lib/ld-musl-${arch}.so.1 ]] || die + fi + + cp "${FILESDIR}"/ldconfig.in-r3 "${T}"/ldconfig.in || die + sed -e "s|@@ARCH@@|${arch}|" "${T}"/ldconfig.in > "${T}"/ldconfig || die + eprefixify "${T}"/ldconfig + into / + dosbin "${T}"/ldconfig + into /usr + dobin "${T}"/getconf + dobin "${T}"/getent + dobin "${T}"/iconv + newenvd - "00musl" <<-EOF + # 00musl autogenerated by sys-libs/musl ebuild; DO NOT EDIT. + LDPATH="include ld.so.conf.d/*.conf" + EOF + fi + + if target_is_not_host ; then + into /usr/${CTARGET} + dolib.a libssp_nonshared.a + else + dolib.a libssp_nonshared.a + fi +} + +# Simple test to make sure our new musl isn't completely broken. +# Make sure we don't test with statically built binaries since +# they will fail. Also, skip if this musl is a cross compiler. +# +# If coreutils is built with USE=multicall, some of these files +# will just be wrapper scripts, not actual ELFs we can test. +musl_sanity_check() { + cd / #228809 + + # We enter ${ED} so to avoid trouble if the path contains + # special characters; for instance if the path contains the + # colon character (:), then the linker will try to split it + # and look for the libraries in an unexpected place. This can + # lead to unsafe code execution if the generated prefix is + # within a world-writable directory. + # (e.g. /var/tmp/portage:${HOSTNAME}) + pushd "${ED}"/usr/$(get_libdir) >/dev/null + + # first let's find the actual dynamic linker here + # symlinks may point to the wrong abi + local newldso=$(find . -maxdepth 1 -name 'libc.so' -type f -print -quit) + + einfo Last-minute run tests with ${newldso} in /usr/$(get_libdir) ... + + local x striptest + for x in cal date env free ls true uname uptime ; do + x=$(type -p ${x}) + [[ -z ${x} || ${x} != ${EPREFIX}/* ]] && continue + striptest=$(LC_ALL="C" file -L ${x} 2>/dev/null) || continue + case ${striptest} in + *"statically linked"*) continue;; + *"static-pie linked"*) continue;; + *"ASCII text"*) continue;; + esac + # We need to clear the locale settings as the upgrade might want + # incompatible locale data. This test is not for verifying that. + LC_ALL=C \ + ${newldso} --library-path . ${x} > /dev/null \ + || die "simple run test (${x}) failed" + done + + popd >/dev/null +} + +pkg_preinst() { + # Nothing to do if just installing headers + just_headers && return + + # Prepare /etc/ld.so.conf.d/ for files + mkdir -p "${EROOT}"/etc/ld.so.conf.d + + [[ -n ${ROOT} ]] && return 0 + [[ -d ${ED}/usr/$(get_libdir) ]] || return 0 + target_is_not_host && return 0 + musl_sanity_check +} + +pkg_postinst() { + target_is_not_host && return 0 + + [[ -n "${ROOT}" ]] && return 0 + + ldconfig || die +}