Debian Patches
Status for musl/1.2.5-2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| static-pie.patch | [PATCH] Enable linking to a static position independent executable This also enables address space layout randomization (ASLR). $ cat hello.c int main() { printf("main = 0x%lxd\n", main); return 0; } $ gcc -fPIE -static-pie -o hello hello.c -specs musl-gcc.specs $ ldd hello statically linked $ file hello $ ./hello main = 0x7f858c4e72b9d $ ./hello main = 0x7f0854d312b9d $ ./hello main = 0x7f7179a1d2b9d $ ./hello main = 0x7f37f981b2b9d $ readelf -l hello Elf file type is DYN (Shared object file) Entry point 0x104f There are 7 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000308 0x0000000000000308 R 0x1000 LOAD 0x0000000000001000 0x0000000000001000 0x0000000000001000 0x0000000000003eb7 0x0000000000003eb7 R E 0x1000 LOAD 0x0000000000005000 0x0000000000005000 0x0000000000005000 0x000000000000136c 0x000000000000136c R 0x1000 LOAD 0x0000000000006e50 0x0000000000007e50 0x0000000000007e50 0x00000000000002e0 0x00000000000009a0 RW 0x1000 DYNAMIC 0x0000000000006e70 0x0000000000007e70 0x0000000000007e70 0x0000000000000180 0x0000000000000180 RW 0x8 GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 RW 0x10 GNU_RELRO 0x0000000000006e50 0x0000000000007e50 0x0000000000007e50 0x00000000000001b0 0x00000000000001b0 R 0x1 Section to Segment mapping: Segment Sections... 00 .hash .gnu.hash .dynsym .dynstr .rela.dyn 01 .init .plt .text .fini 02 .rodata .eh_frame 03 .init_array .fini_array .data.rel.ro .dynamic .got .got.plt .data .bss 04 .dynamic 05 06 .init_array .fini_array .data.rel.ro .dynamic .got |
Harald Hoyer <harald@redhat.com> | no | debian | https://www.openwall.com/lists/musl/2020/04/27/2 | 2020-04-27 |
| CVE-2025-26519-0001_iconv_fix_erroneous_input_validation_in_EUC_KR_decod.patch | [PATCH] iconv: fix erroneous input validation in EUC-KR decoder as a result of incorrect bounds checking on the lead byte being decoded, certain invalid inputs which should produce an encoding error, such as "\xc8\x41", instead produced out-of-bounds loads from the ksc table. in a worst case, the loaded value may not be a valid unicode scalar value, in which case, if the output encoding was UTF-8, wctomb would return (size_t)-1, causing an overflow in the output pointer and remaining buffer size which could clobber memory outside of the output buffer. bug report was submitted in private by Nick Wellnhofer on account of potential security implications. |
Rich Felker <dalias@aerifal.cx> | no | debian | 2025-02-09 | |
| CVE-2025-26519-0002_iconv_harden_UTF_8_output_code_path_against_input_de.patch | [PATCH] iconv: harden UTF-8 output code path against input decoder bugs the UTF-8 output code was written assuming an invariant that iconv's decoders only emit valid Unicode Scalar Values which wctomb can encode successfully, thereby always returning a value between 1 and 4. if this invariant is not satisfied, wctomb returns (size_t)-1, and the subsequent adjustments to the output buffer pointer and remaining output byte count overflow, moving the output position backwards, potentially past the beginning of the buffer, without storing any bytes. |
Rich Felker <dalias@aerifal.cx> | no | debian | 2025-02-12 |